This article is contributed. See the original author and article here.
Original release date: December 7, 2020
The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
High Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| 74cms — 74cms | PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. | 2020-12-02 | 7.5 | CVE-2020-29279 MISC MISC |
| bloodx_project — bloodx | SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication. | 2020-12-02 | 7.5 | CVE-2020-29282 MISC MISC MISC |
| br-automation — industrial_automation_aprol | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Arbitrary commands could be injected (using Python scripts) via the AprolCluster script that is invoked via sudo and thus executes with root privileges, a different vulnerability than CVE-2019-16364. | 2020-11-27 | 10 | CVE-2019-19875 MISC |
| br-automation — industrial_automation_aprol | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. The AprolLoader could be used to inject and execute arbitrary unintended commands via an unspecified attack scenario, a different vulnerability than CVE-2019-16364. | 2020-11-27 | 7.5 | CVE-2019-19872 MISC |
| br-automation — industrial_automation_aprol | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An EnMon PHP script was vulnerable to SQL injection, a different vulnerability than CVE-2019-10006. | 2020-11-27 | 7.5 | CVE-2019-19876 MISC |
| br-automation — industrial_automation_aprol | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. Some web scripts in the web interface allowed injection and execution of arbitrary unintended commands on the web server, a different vulnerability than CVE-2019-16364. | 2020-11-27 | 7.5 | CVE-2019-19874 MISC |
| c-blosc2_project — c-blosc2 | blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. | 2020-11-27 | 9.3 | CVE-2020-29367 MISC MISC |
| car_rental_management_system_project — car_rental_management_system | An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php. | 2020-12-02 | 7.5 | CVE-2020-29287 MISC MISC MISC |
| cloudfoundry — capi-release | CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM. | 2020-12-02 | 7.8 | CVE-2020-5423 CONFIRM |
| crux — crux | The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password. | 2020-12-02 | 10 | CVE-2020-29389 MISC |
| edimax — ic-3116w_firmware | A stack-based buffer-overflow exists in Edimax IP-Camera IC-3116W (v3.06) and IC-3140W (v3.07), which allows an unauthenticated, unauthorized attacker to perform remote-code-execution due to a crafted GET-Request. The overflow occurs in binary ipcam_cgi due to a missing type check in function doGetSysteminfo(). This has been fixed in version: IC-3116W v3.08. | 2020-12-01 | 7.5 | CVE-2020-26762 CONFIRM |
| fujitsu — eternus_storage_dx200_s4_firmware | An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After logging into the portal as a root user (using any web browser), the portal can be accessed with root privileges when the URI cgi-bin/csp?cspid={XXXXXXXXXX}&csppage=cgi_PgOverview&csplang=en is visited from a different web browser. | 2020-11-30 | 10 | CVE-2020-29127 MISC MISC MISC MISC |
| gym_management_system_project — gym_management_system | An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter ‘id’ is vulnerable. | 2020-12-02 | 7.5 | CVE-2020-29288 MISC MISC MISC |
| hcltech — domino | HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. | 2020-12-02 | 10 | CVE-2020-14260 MISC |
| hcltech — notes | HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system. | 2020-12-02 | 7.2 | CVE-2020-4102 MISC |
| hp — edgeline_infrastructure_manager | A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary commands, gaining privileged access, causing denial of service, and changing the configuration. | 2020-12-02 | 10 | CVE-2020-7199 MISC |
| huawei — fusioncompute | FusionCompute versions 6.3.0, 6.3.1, 6.5.0, 6.5.1 and 8.0.0 have a privilege escalation vulnerability. Due to improper privilege management, an attacker with common privilege may access some specific files and get the administrator privilege in the affected products. Successful exploit will cause privilege escalation. | 2020-12-01 | 7.2 | CVE-2020-9114 MISC |
| huawei — manageone | ManageOne versions 6.5.1.1.B010, 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, ,6.5.1.1.B050, 8.0.0 and 8.0.1 have a command injection vulnerability. An attacker with high privileges may exploit this vulnerability through some operations on the plug-in component. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject commands to the target device. | 2020-12-01 | 9 | CVE-2020-9115 MISC |
| ibm — cloud_pak_for_security | IBM Cloud Pak for Security 1.3.0.1(CP4S) potentially vulnerable to CVS Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 185367. | 2020-11-30 | 9 | CVE-2020-4627 XF CONFIRM |
| linux — linux_kernel | An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 2020-12-02 | 9 | CVE-2020-14305 MISC MISC MISC |
| mitsubishielectric — r00cpu_firmware | Mitsubishi MELSEC iQ-R Series PLCs with firmware 49 allow an unauthenticated attacker to halt the industrial process by sending a crafted packet over the network. This denial of service attack exposes Improper Input Validation. After halting, physical access to the PLC is required in order to restore production, and the device state is lost. This is related to R04CPU, RJ71GF11-T2, R04CPU, and RJ71GF11-T2. | 2020-11-30 | 7.8 | CVE-2020-16850 MISC MISC |
| moddable — moddable | Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903. | 2020-12-04 | 7.5 | CVE-2020-25462 MISC MISC |
| multi_restaurant_table_reservation_system_project — multi_restaurant_table_reservation_system | The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input validation on the table_id parameter which allows unauthenticated SQL Injection. An attacker can send malicious input in the GET request to /dashboard/view-chair-list.php?table_id= to trigger the vulnerability. | 2020-12-02 | 7.5 | CVE-2020-29284 MISC MISC MISC |
| online_doctor_appointment_booking_system_php_and_mysql_project — online_doctor_appointment_booking_system_php_and_mysql | An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and Mysql via the q parameter to getuser.php. | 2020-12-02 | 7.5 | CVE-2020-29283 MISC MISC |
| pcanalyser — pc_analyser | An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges. | 2020-11-27 | 7.2 | CVE-2020-28922 MISC MISC MISC |
| pcanalyser — pc_analyser | An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. | 2020-11-27 | 7.2 | CVE-2020-28921 MISC MISC MISC |
| point_of_sales_in_php/pdo_project — point_of_sales_in_php/pdo | SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. | 2020-12-02 | 7.5 | CVE-2020-29285 MISC MISC MISC |
| readymedia_project — readymedia | ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. | 2020-11-30 | 7.5 | CVE-2020-28926 MISC MISC |
| synology — safeaccess | SQL injection vulnerability in request.cgi in Synology SafeAccess before 1.2.3-0234 allows remote attackers to execute arbitrary SQL commands via the domain parameter. | 2020-11-30 | 10 | CVE-2020-27660 CONFIRM |
| systeminformation — systeminformation | npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sanitize service parameter strings that are passed to si.inetChecksite(). | 2020-11-27 | 7.5 | CVE-2020-26245 MISC CONFIRM |
| ucms_project — ucms | File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerability to obtain server management permission. | 2020-11-30 | 10 | CVE-2020-25537 MISC MISC |
| valvesoftware — game_networking_sockets | Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. | 2020-12-02 | 7.5 | CVE-2020-6018 MISC |
| victor_cms_project — victor_cms | The Victor CMS v1.0 application is vulnerable to SQL injection via the ‘search’ parameter on the search.php page. | 2020-12-02 | 7.5 | CVE-2020-29280 MISC MISC MISC |
| vsolcn — v1600d_firmware | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in “upload tftp syslog” and “upload tftp configuration” in the CLI via a crafted filename. | 2020-11-29 | 10 | CVE-2020-29381 MISC |
| vsolcn — v1600d_firmware | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password !j@l#y$z%x6x7q8c9z) for the enable command. | 2020-11-29 | 9 | CVE-2020-29378 MISC |
| westerndigital — my_cloud_os_5 | An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie, because of insufficient validation of URI paths. | 2020-12-01 | 7.5 | CVE-2020-28971 MISC CONFIRM |
| westerndigital — my_cloud_os_5 | An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to execute privileged commands on the device via a cookie. (In addition, an upload endpoint could then be used by an authenticated administrator to upload executable PHP scripts.) | 2020-12-01 | 7.5 | CVE-2020-28970 MISC CONFIRM |
| westerndigital — my_cloud_os_5 | On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authentication bypass vulnerability that could allow an unauthenticated user to execute privileged commands on the device. | 2020-12-01 | 7.5 | CVE-2020-28940 MISC CONFIRM |
| zeroshell — zeroshell | Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. | 2020-11-30 | 10 | CVE-2020-29390 MISC |
| zte — zxv10_w908_firmware | A ZXELINK wireless controller has a SQL injection vulnerability. A remote attacker does not need to log in. By sending malicious SQL statements, because the device does not properly filter parameters, successful use can obtain management rights. This affects: ZXV10 W908 all versions before MIPS_A_1022IPV6R3T6P7Y20. | 2020-12-01 | 7.5 | CVE-2020-6880 MISC |
Medium Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| advancedsystemcare — advanced_systemcare | There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD) | 2020-12-03 | 4.9 | CVE-2020-23738 MISC MISC MISC |
| advsys — pngout | An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow. | 2020-11-30 | 4.3 | CVE-2020-29384 MISC MISC MISC |
| amoisoft — anyview | In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). | 2020-12-03 | 4.9 | CVE-2020-23741 MISC MISC MISC |
| antiy — antiy_zhijia_terminal_defense_system | There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD). | 2020-12-03 | 4.9 | CVE-2020-23727 MISC MISC MISC |
| apache — httpclient | Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution. | 2020-12-02 | 5 | CVE-2020-13956 MISC MLIST MLIST |
| atlassian — jira | Affected versions of Automation for Jira – Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15. | 2020-11-30 | 5.5 | CVE-2020-14193 N/A |
| atx — minicmts200a_firmware | A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pico CMTS through 2.0. Successful exploitation of this vulnerability would allow an unauthenticated attacker to retrieve administrator credentials by sending a malicious POST request. | 2020-12-01 | 5 | CVE-2020-28993 MISC MISC |
| bitrix24 — bitrix_framework | An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An “User enumeration and Improper Restriction of Excessive Authentication Attempts” vulnerability exists in the admin login form, allowing a remote user to enumerate users in the administrator group. This also allows brute-force attacks on the passwords of users not in the administrator group. | 2020-12-02 | 4 | CVE-2020-28206 MISC |
| br-automation — industrial_automation_aprol | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358. | 2020-11-27 | 5 | CVE-2019-19878 MISC |
| br-automation — industrial_automation_aprol | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to sensitive information outside the working directory via Directory Traversal attacks against AprolSqlServer, a different vulnerability than CVE-2019-16357. | 2020-11-27 | 5 | CVE-2019-19877 MISC |
| br-automation — industrial_automation_aprol | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get information from the AprolSqlServer DBMS by bypassing authentication, a different vulnerability than CVE-2019-16356 and CVE-2019-9983. | 2020-11-27 | 5 | CVE-2019-19873 MISC |
| br-automation — industrial_automation_aprol | An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. PVs could be changed (unencrypted) by using the IosHttp service and the JSON interface. | 2020-11-27 | 5 | CVE-2019-19869 MISC |
| canon — mf237w_firmware | An issue was discovered on Canon MF237w 06.07 devices. An “Improper Handling of Length Parameter Inconsistency” issue in the IPv4/ICMPv4 component, when handling a packet sent by an unauthenticated network attacker, may expose Sensitive Information. | 2020-11-30 | 5 | CVE-2020-16849 MISC CONFIRM |
| canto — canto | The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/get.php?subdomain=SSRF. | 2020-11-30 | 5 | CVE-2020-28977 MISC MISC MISC MISC MISC |
| canto — canto | The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/tree.php?subdomain=SSRF. | 2020-11-30 | 5 | CVE-2020-28978 MISC MISC MISC MISC MISC |
| canto — canto | The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticated attacker can make a request to any internal and external server via /includes/lib/detail.php?subdomain=SSRF. | 2020-11-30 | 5 | CVE-2020-28976 MISC MISC MISC MISC MISC |
| clmg — clmg | A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overflows in load_pnm() can be triggered by a specially crafted input file processed by CImg, which can lead to an impact to application availability or data integrity. | 2020-12-03 | 5.8 | CVE-2020-25693 MISC |
| coremail_xt_project — coremail_xt | jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter. | 2020-11-27 | 4.3 | CVE-2020-29133 MISC |
| cpanel — cpanel | In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575). | 2020-11-27 | 4 | CVE-2020-29136 MISC MISC |
| cpanel — cpanel | cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577). | 2020-11-27 | 4.3 | CVE-2020-29137 MISC MISC |
| ctolog — thinkadmin | ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an arbitrary web script or HTML. | 2020-12-01 | 4.3 | CVE-2020-29315 MISC |
| dadajiasu — dada_accelerator | There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). | 2020-12-03 | 4.9 | CVE-2020-23736 MISC MISC MISC |
| desknets — neo | Cross-site scripting vulnerability in desknet’s NEO (desknet’s NEO Small License V5.5 R1.5 and earlier, and desknet’s NEO Enterprise License V5.5 R1.5 and earlier) allows remote attackers to inject arbitrary script via unspecified vectors. | 2020-12-03 | 4.3 | CVE-2020-5638 MISC MISC |
| dlt-daemon_project — dlt-daemon | A buffer overflow in the dlt_filter_load function in dlt_common.c in dlt-daemon 2.8.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in a format argument). | 2020-11-30 | 6.8 | CVE-2020-29394 MISC MISC |
| drivergenius — drivergenius | In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. | 2020-12-03 | 4.6 | CVE-2020-23740 MISC MISC MISC MISC |
| ec-cube — ec-cube | Improper restriction of rendered UI layers or frames in EC-CUBE versions from 3.0.0 to 3.0.18 leads to clickjacking attacks. If a user accesses a specially crafted page while logged into the administrative page, unintended operations may be conducted. | 2020-12-03 | 4.3 | CVE-2020-5679 MISC MISC |
| ec-cube — ec-cube | Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. | 2020-12-03 | 5 | CVE-2020-5680 MISC MISC |
| eclipse — jetty | In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. | 2020-11-28 | 4.3 | CVE-2020-27218 CONFIRM CONFIRM MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST |
| elastic — kibana | The elasticsearch-operator does not validate the namespace where kibana logging resource is created and due to that it is possible to replace the original openshift-logging console link (kibana console) to different one, created based on the new CR for the new kibana resource. This could lead to an arbitrary URL redirection or the openshift-logging console link damage. This flaw affects elasticsearch-operator-container versions before 4.7. | 2020-12-02 | 5.8 | CVE-2020-27816 MISC |
| hcltech — domino | HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service. | 2020-12-01 | 5 | CVE-2020-4128 MISC |
| hcltech — hcl_domino | HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. | 2020-12-01 | 5 | CVE-2020-4129 MISC |
| hcltech — hcl_domino | HCL Domino is susceptible to a Login CSRF vulnerability. With a valid credential, an attacker could trick a user into accessing a system under another ID or use an intranet user’s system to access internal systems from the internet. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. | 2020-11-30 | 4.3 | CVE-2020-4127 MISC |
| hcltech — hcl_inotes | HCL iNotes is susceptible to a sensitive cookie exposure vulnerability. This can allow an unauthenticated remote attacker to capture the cookie by intercepting its transmission within an http session. Fixes are available in HCL Domino and iNotes versions 10.0.1 FP6 and 11.0.1 FP2 and later. | 2020-12-01 | 4.3 | CVE-2020-4126 MISC |
| hibernate — hibernate_orm | A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity. | 2020-12-02 | 5.8 | CVE-2020-25638 MISC |
| huawei — fusioncompute | Huawei FusionCompute versions 6.5.1 and 8.0.0 have a command injection vulnerability. An authenticated, remote attacker can craft specific request to exploit this vulnerability. Due to insufficient verification, this could be exploited to cause the attackers to obtain higher privilege. | 2020-12-01 | 6.5 | CVE-2020-9116 MISC |
| huawei — nova_4_firmware | HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. | 2020-12-01 | 4.6 | CVE-2020-9117 MISC |
| ibm — cloud_pak_for_security | IBM Cloud Pak for Security 1.3.0.1(CP4S) does not invalidate session after logout which could allow an authenticated user to obtain sensitive information from the previous session. IBM X-Force ID: 186789. | 2020-11-30 | 4 | CVE-2020-4696 XF CONFIRM |
| ibm — cloud_pak_for_security | IBM Cloud Pak for Security 1.3.0.1 (CP4S) could reveal sensitive information about the internal network to an authenticated user using a specially crafted HTTP request. IBM X-Force ID: 185362. | 2020-11-30 | 4 | CVE-2020-4626 XF CONFIRM |
| ibm — cloud_pak_for_security | IBM Cloud Pak for Security 1.3.0.1 (CP4S) uses weaker than expected cryptographic algorithms during negotiation could allow an attacker to decrypt sensitive information. | 2020-11-30 | 5 | CVE-2020-4624 XF CONFIRM |
| ibm — cloud_pak_for_security | IBM Cloud Pak for Security 1.3.0.1(CP4S) could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. | 2020-11-30 | 5 | CVE-2020-4625 XF CONFIRM |
| jenkins — shelve_project | A cross-site request forgery (CSRF) vulnerability in Jenkins Shelve Project Plugin 3.0 and earlier allows attackers to shelve, unshelve, or delete a project. | 2020-12-03 | 5.8 | CVE-2020-2321 MLIST CONFIRM |
| lenovo — pcmanager | A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. | 2020-11-30 | 4.6 | CVE-2020-8351 CONFIRM |
| libvncserver_project — libvncserver | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | 2020-11-27 | 5 | CVE-2020-25708 MISC |
| libxls_project — libxls | An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. | 2020-12-02 | 6.8 | CVE-2017-2910 MISC |
| linux — linux_kernel | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1. | 2020-11-28 | 6.9 | CVE-2020-29368 MISC MISC MISC |
| linux — linux_kernel | An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe. | 2020-11-28 | 6.9 | CVE-2020-29369 MISC MISC MISC |
| linux — linux_kernel | An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. | 2020-11-28 | 4.7 | CVE-2020-29372 MISC MISC MISC |
| linux — linux_kernel | An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71. | 2020-11-28 | 4.4 | CVE-2020-29370 MISC MISC MISC |
| linux — linux_kernel | An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58. | 2020-11-28 | 6.9 | CVE-2020-29374 MISC MISC MISC |
| lxml — lxml | A XSS vulnerability was discovered in python-lxml’s clean module. The module’s parser didn’t properly imitate browsers, which caused different behaviors between the sanitizer and the user’s page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | 2020-12-03 | 4.3 | CVE-2020-27783 MISC |
| moddable — moddable | Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). | 2020-12-04 | 5 | CVE-2020-25461 MISC MISC |
| moddable — moddable | Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger. | 2020-12-04 | 5 | CVE-2020-25464 MISC |
| moddable — moddable | Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). | 2020-12-04 | 5 | CVE-2020-25465 MISC MISC |
| moddable — moddable | Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). | 2020-12-04 | 5 | CVE-2020-25463 MISC MISC |
| myeventon — eventon | The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. | 2020-11-30 | 4.3 | CVE-2020-29395 MISC MISC MISC |
| nlnetlabs — unbound | An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414. Vulnerable versions of Unbound could still amplify an incoming query into a large number of queries directed to a target, even with a lower amplification ratio compared to versions of Unbound that shipped before the mentioned erratum. This issue is about the incomplete fix for CVE-2020-12662, and it does not affect upstream versions of Unbound. | 2020-11-27 | 5 | CVE-2020-10772 MISC |
| nodejs — node.js | Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream (when using Node.js 4.x). | 2020-12-03 | 6.4 | CVE-2018-21270 MISC MISC MISC |
| online_voting_system_project — online_voting_system | Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload. | 2020-12-02 | 4.3 | CVE-2020-29239 MISC |
| outsystems — outsystems | An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files. | 2020-11-30 | 6.4 | CVE-2020-29441 MISC |
| papermerge — papermerge | Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the rename, tag, upload, or create folder function. The payload can be in a folder, a tag, or a document’s filename. If email consumption is configured in Papermerge, a malicious document can be sent by email and is automatically uploaded into the Papermerge web application. Therefore, no authentication is required to exploit XSS if email consumption is configured. Otherwise authentication is required. | 2020-12-02 | 4.3 | CVE-2020-29456 MISC MISC MISC |
| pbootcms — pbootcms | Cross-site request forgery (CSRF) in PbootCMS 1.3.2 allows attackers to change the password of a user. | 2020-11-30 | 4.3 | CVE-2020-17901 MISC |
| phoenixcontact — btp_2043w_firmware | Uncontrolled Resource Consumption can be exploited to cause the Phoenix Contact HMIs BTP 2043W, BTP 2070W and BTP 2102W in all versions to become unresponsive and not accurately update the display content (Denial of Service). | 2020-12-02 | 5 | CVE-2020-12524 CONFIRM |
| pimcore — pimcore | Pimcore is an open source digital experience platform. In Pimcore before version 6.8.5 it is possible to modify & create website settings without having the appropriate permissions. | 2020-12-03 | 4 | CVE-2020-26246 MISC CONFIRM |
| pixar — openusd | An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in SdfPath Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | 2020-12-02 | 4.3 | CVE-2020-13498 MISC |
| pixar — openusd | A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file. | 2020-12-02 | 4.3 | CVE-2020-13494 MISC |
| pixar — openusd | An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | 2020-12-02 | 4.3 | CVE-2020-13496 MISC |
| pixar — openusd | An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | 2020-12-02 | 4.3 | CVE-2020-13497 MISC |
| pixar — openusd | An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | 2020-12-03 | 4.3 | CVE-2020-13524 MISC |
| pixar — openusd | A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. | 2020-12-02 | 6.8 | CVE-2020-13493 MISC |
| processmaker — processmaker | The sort parameter in the download page /sysworkflow/en/neoclassic/reportTables/reportTables_Ajax is vulnerable to SQL injection in ProcessMaker 3.4.11. A specially crafted HTTP request can cause an SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2020-12-03 | 6.5 | CVE-2020-13525 MISC |
| qemu — qemu | hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host controller driver. | 2020-11-30 | 6.4 | CVE-2020-25624 MISC |
| quickheal — total_security | Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. | 2020-11-30 | 4.3 | CVE-2020-27586 MISC |
| redhat — cloudforms | This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth. | 2020-12-02 | 6.8 | CVE-2020-14369 MISC |
| sagemcom — f@st_3486_router_firmware | Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running. | 2020-11-27 | 5 | CVE-2020-29138 MISC |
| saibo — cyber_game_accelerator | In Saibo Cyber Game Accelerator 3.7.9 there is a local privilege escalation vulnerability. Attackers can use the constructed program to increase user privileges | 2020-12-03 | 4.6 | CVE-2020-23735 MISC MISC |
| samba — samba | A flaw was found in samba’s DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not. | 2020-12-02 | 4 | CVE-2020-14383 MISC MISC |
| samba — samba | A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker. | 2020-12-03 | 4 | CVE-2020-14318 MISC MISC |
| schedmd — slurm | Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | 2020-11-27 | 6.8 | CVE-2020-27745 MISC |
| schedmd — slurm | Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem. | 2020-11-27 | 4.3 | CVE-2020-27746 MISC |
| schneider-electric — ecostruxure_energy_expert | A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow a user the ability to perform actions via the web interface at a higher privilege level. | 2020-12-01 | 6.5 | CVE-2020-7547 MISC |
| schneider-electric — ecostruxure_energy_expert | A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow for arbitrary code execution on the server when an authorized user access an affected webpage. | 2020-12-01 | 6.5 | CVE-2020-7545 MISC |
| softwaremill — akka-http-session | This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11. For older versions, endpoints protected by randomTokenCsrfProtection could be bypassed with an empty X-XSRF-TOKEN header and an empty XSRF-TOKEN cookie. | 2020-11-27 | 6.8 | CVE-2020-7780 MISC MISC MISC MISC MISC MISC |
| textpattern — textpattern | Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem. | 2020-12-02 | 6.8 | CVE-2020-29458 MISC |
| trendmicro — apex_one | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information. | 2020-12-01 | 5 | CVE-2020-28576 MISC MISC MISC |
| trendmicro — apex_one | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. | 2020-12-01 | 5 | CVE-2020-28573 MISC MISC MISC |
| trendmicro — apex_one | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. | 2020-12-01 | 5 | CVE-2020-28577 MISC MISC MISC |
| trendmicro — apex_one | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents. | 2020-12-01 | 5 | CVE-2020-28582 MISC MISC MISC |
| trendmicro — apex_one | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information. | 2020-12-01 | 5 | CVE-2020-28583 MISC MISC MISC |
| trendmicro — serverprotect | A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. | 2020-12-01 | 4.6 | CVE-2020-28575 MISC MISC |
| umbraco — umbraco_cms | Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint even if they lack Applications.Settings access. | 2020-12-02 | 4 | CVE-2020-29454 MISC |
| vsolcn — v1600d_firmware | An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared to the password provided by the the remote attacker. If it matches, access is provided. | 2020-11-29 | 5 | CVE-2020-29377 MISC |
| vsolcn — v1600d_firmware | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. TELNET is offered by default but SSH is not always available. An attacker can intercept passwords sent in cleartext and conduct a man-in-the-middle attack on the management of the appliance. | 2020-11-29 | 4.3 | CVE-2020-29380 MISC |
| vsolcn — v1600d_firmware | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user. | 2020-11-29 | 4 | CVE-2020-29375 MISC |
| vsolcn — v1600d_firmware | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. There is an !j@l#y$z%x6x7q8c9z) password for the admin account to authenticate to the TELNET service. | 2020-11-29 | 5 | CVE-2020-29376 MISC |
| we-con — plc_editor | WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution. | 2020-12-01 | 6.8 | CVE-2020-25177 MISC |
| we-con — plc_editor | WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution. | 2020-12-01 | 6.8 | CVE-2020-25181 MISC |
| weseek — growi | Reflected cross-site scripting vulnerability in GROWI v4.0.0 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | 2020-12-03 | 4.3 | CVE-2020-5677 MISC MISC MISC |
| weseek — growi | Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. | 2020-12-03 | 4.3 | CVE-2020-5678 MISC MISC MISC |
| weseek — growi | GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors. | 2020-12-03 | 5 | CVE-2020-5676 MISC MISC MISC |
| wisecleaner — wise_care_365 | There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD). | 2020-12-03 | 4.9 | CVE-2020-23726 MISC MISC MISC MISC |
Low Vulnerabilities
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| apache — cordova | We have resolved a security issue in the camera plugin that could have affected certain Cordova (Android) applications. An attacker who could install (or lead the victim to install) a specially crafted (or malicious) Android application would be able to access pictures taken with the app externally. | 2020-12-01 | 2.1 | CVE-2020-11990 JVN MISC |
| audacityteam — audacity | Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there. | 2020-11-30 | 2.1 | CVE-2020-11867 MISC MISC |
| cpanel — cpanel | cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567). | 2020-11-27 | 3.5 | CVE-2020-29135 MISC MISC |
| cyberark — endpoint_privilege_manager | CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database. | 2020-11-27 | 1.9 | CVE-2020-25738 MISC MISC |
| ericsson — bscs_ix_r18_billing_&_rating_admx | In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework. | 2020-11-27 | 3.5 | CVE-2020-29144 MISC |
| ericsson — bscs_ix_r18_billing_&_rating_admx | In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group. In most test cases, session hijacking was also possible by utilizing the XSS vulnerability. This potentially allows for full account takeover, or exploiting admins’ browsers by using the beef framework. | 2020-11-27 | 3.5 | CVE-2020-29145 MISC |
| ibm — business_automation_workflow | IBM Business Automation Workflow 19.0.0.3 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 190991. | 2020-11-30 | 2.1 | CVE-2020-4900 XF CONFIRM |
| intelbras — tip200_firmware | Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. | 2020-11-27 | 3.5 | CVE-2020-12262 MISC MISC |
| lepton-cms — leptoncms | Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered. | 2020-12-02 | 3.5 | CVE-2020-29240 MISC MISC |
| linux — linux_kernel | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem was using ioctls KDGKBSENT and KDSKBSENT. A local user could use this flaw to get read memory access out of bounds. The highest threat from this vulnerability is to data confidentiality. | 2020-12-02 | 1.9 | CVE-2020-25656 MISC MISC MISC |
| linux — linux_kernel | An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the root directory during path lookups, and thus a process inside a mount namespace can escape to unintended filesystem locations, aka CID-ff002b30181d. | 2020-11-28 | 2.1 | CVE-2020-29373 MISC MISC MISC |
| linux — linux_kernel | An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. | 2020-11-28 | 2.1 | CVE-2020-29371 MISC MISC MISC MISC |
| linux — linux_kernel | An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c. | 2020-11-28 | 1.9 | CVE-2019-20934 MISC MISC MISC |
| lock_password_manager_safe_app_project — lock_password_manager_safe_app | The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by the user. | 2020-11-30 | 2.1 | CVE-2020-29392 MISC |
| netartmedia — news_lister | In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inject codes in news titles. | 2020-11-30 | 3.5 | CVE-2020-29364 MISC MISC |
| openclinic_project — openclinic | OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows users of the application to force actions on behalf of other users. | 2020-12-03 | 3.5 | CVE-2020-28938 MISC |
| qemu — qemu | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer address. | 2020-12-04 | 2.1 | CVE-2020-28916 CONFIRM MISC |
| quickheal — total_security | Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. | 2020-11-30 | 2.1 | CVE-2020-27585 MISC |
| quickheal — total_security | Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. | 2020-11-30 | 2.1 | CVE-2020-27587 MISC |
| sap — adaptive_server_enterprise | In certain situations, an attacker with regular user credentials and local access to an ASE cockpit installation can access sensitive information which appears in the installation log files. This information although sensitive is of limited utility and cannot be used to further access, modify or render unavailable any other information in the cockpit or system. This affects SAP Adaptive Server Enterprise, Versions – 15.7, 16.0. | 2020-11-30 | 2.7 | CVE-2020-6317 MISC MISC |
| schneider-electric — ecostruxure_energy_expert | A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStruxureª and SmartStruxureª Power Monitoring and SCADA Software (see security notification for version information) that could allow an attacker to perform actions on behalf of the authorized user when accessing an affected webpage. | 2020-12-01 | 3.5 | CVE-2020-7546 MISC |
| solarwinds — help_desk | Cross-site Scripting (XSS) vulnerability in SolarWinds Web Help Desk 12.7.0 allows attacker to inject arbitrary web script or HTML via Location Name. | 2020-12-01 | 3.5 | CVE-2019-16958 MISC MISC |
| synology — safeaccess | Multiple cross-site scripting (XSS) vulnerabilities in Synology SafeAccess before 1.2.3-0234 allow remote attackers to inject arbitrary web script or HTML via the (1) domain or (2) profile parameter. | 2020-11-30 | 3.5 | CVE-2020-27659 CONFIRM |
| tesla — model_x_firmware | Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.) | 2020-11-30 | 2.1 | CVE-2020-29439 MISC |
| tesla — model_x_firmware | Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob. | 2020-11-30 | 2.1 | CVE-2020-29440 MISC |
| tesla — model_x_firmware | Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip. | 2020-11-30 | 3.3 | CVE-2020-29438 MISC |
| vsolcn — v1600d4l_firmware | An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the process of updating the firmware, the update script starts a telnetd -l /bin/sh process that does not require authentication for TELNET access. | 2020-11-29 | 2.1 | CVE-2020-29379 MISC |
| vsolcn — v1600d4l_firmware | An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images. | 2020-11-29 | 2.1 | CVE-2020-29383 MISC |
| vsolcn — v1600d_firmware | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images. | 2020-11-29 | 2.1 | CVE-2020-29382 MISC |
Severity Not Yet Assigned
| Primary Vendor — Product |
Description | Published | CVSS Score | Source & Patch Info |
|---|---|---|---|---|
| alfredo_milani_comparetti — speedfan |
There is a local privilege escalation vulnerabiliy in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges | 2020-12-03 | not yet calculated | CVE-2020-28175 MISC MISC MISC |
| allen-bradley — micrologix_1100_progammable_logic_controller_systems_series |
An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN 11.000 and Series B FRN 10.000. A specially crafted packet can cause a major error, resulting in a denial of service. An attacker can send a malicious packet to trigger this vulnerability. | 2020-12-03 | not yet calculated | CVE-2020-6111 MISC |
| apache — tomcat |
While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests. | 2020-12-03 | not yet calculated | CVE-2020-17527 MLIST MLIST MLIST MLIST MLIST MISC MLIST MLIST MLIST |
| appimage — appimaged |
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it. | 2020-12-02 | not yet calculated | CVE-2020-25266 MISC |
| appimage — libappimage |
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. | 2020-12-02 | not yet calculated | CVE-2020-25265 MISC |
| arachnys — cabot |
Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address column. | 2020-12-04 | not yet calculated | CVE-2020-25449 MISC MISC MISC MISC |
| check_point — endpoint_security_client |
Check Point Endpoint Security Client for Windows before version E84.20 allows write access to the directory from which the installation repair takes place. Since the MS Installer allows regular users to run the repair, an attacker can initiate the installation repair and place a specially crafted DLL in the repair folder which will run with the Endpoint client’s privileges. | 2020-12-03 | not yet calculated | CVE-2020-6021 MISC |
| cisco — ibevm |
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send malicious smart contract to trigger this vulnerability. | 2020-12-02 | not yet calculated | CVE-2017-14451 MISC |
| fasterxml — jackson-databind | A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | 2020-12-03 | not yet calculated | CVE-2020-25649 MISC MISC MLIST |
| gni_c_library — glibc |
The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text containing an irreversible character, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service. | 2020-12-04 | not yet calculated | CVE-2020-29562 MISC |
| gorilla — websocket |
An integer overflow vulnerability exists with the length of websocket frames received via a websocket connection. An attacker would use this flaw to cause a denial of service attack on an HTTP Server allowing websocket connections. | 2020-12-02 | not yet calculated | CVE-2020-27813 MISC MISC |
| hashicorp — go-slug |
HashiCorp go-slug before 0.5.0 does not address attempts at directory traversal involving ../ and symlinks. | 2020-12-03 | not yet calculated | CVE-2020-29529 MISC MISC |
| imagemagik — imagemagik | A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned long. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | 2020-12-04 | not yet calculated | CVE-2020-27776 MISC |
| imagemagik — imagemagik | A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | 2020-12-04 | not yet calculated | CVE-2020-27775 MISC |
| imagemagik — imagemagik | A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of types `float` and `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | 2020-12-04 | not yet calculated | CVE-2020-27767 MISC |
| imagemagik — imagemagik |
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned long`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-69. | 2020-12-04 | not yet calculated | CVE-2020-27766 MISC |
| imagemagik — imagemagik |
A flaw was found in ImageMagick in MagickCore/segment.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | 2020-12-04 | not yet calculated | CVE-2020-27765 MISC |
| imagemagik — imagemagik |
In /MagickCore/statistic.c, there are several areas in ApplyEvaluateOperator() where a size_t cast should have been a ssize_t cast, which causes out-of-range values under some circumstances when a crafted input file is processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 6.9.10-69. | 2020-12-03 | not yet calculated | CVE-2020-27764 MISC MISC |
| imagemagik — imagemagik |
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | 2020-12-04 | not yet calculated | CVE-2020-27772 MISC |
| imagemagik — imagemagik |
In RestoreMSCWarning() of /coders/pdf.c there are several areas where calls to GetPixelIndex() could result in values outside the range of representable for the unsigned char type. The patch casts the return value of GetPixelIndex() to ssize_t type to avoid this bug. This undefined behavior could be triggered when ImageMagick processes a crafted pdf file. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was demonstrated in this case. This flaw affects ImageMagick versions prior to 7.0.9-0. | 2020-12-04 | not yet calculated | CVE-2020-27771 MISC |
| imagemagik — imagemagik |
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | 2020-12-04 | not yet calculated | CVE-2020-27773 MISC |
| imagemagik — imagemagik |
A flaw was found in ImageMagick in MagickCore/resize.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of math division by zero. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.8-68. | 2020-12-03 | not yet calculated | CVE-2020-27763 MISC |
| imagemagik — imagemagik |
In IntensityCompare() of /MagickCore/quantize.c, a double value was being casted to int and returned, which in some cases caused a value outside the range of type `int` to be returned. The flaw could be triggered by a crafted input file under certain conditions when processed by ImageMagick. Red Hat Product Security marked this as Low severity because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to 7.0.8-68. | 2020-12-03 | not yet calculated | CVE-2020-27759 MISC |
| imagemagik — imagemagik |
In `GammaImage()` of /MagickCore/enhance.c, depending on the `gamma` value, it’s possible to trigger a divide-by-zero condition when a crafted input file is processed by ImageMagick. This could lead to an impact to application availability. The patch uses the `PerceptibleReciprocal()` to prevent the divide-by-zero from occurring. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. | 2020-12-03 | not yet calculated | CVE-2020-27760 MISC |
| imagemagik — imagemagik |
WritePALMImage() in /coders/palm.c used size_t casts in several areas of a calculation which could lead to values outside the range of representable type `unsigned long` undefined behavior when a crafted input file was processed by ImageMagick. The patch casts to `ssize_t` instead to avoid this issue. Red Hat Product Security marked the Severity as Low because although it could potentially lead to an impact to application availability, no specific impact was shown in this case. This flaw affects ImageMagick versions prior to ImageMagick 7.0.9-0. | 2020-12-03 | not yet calculated | CVE-2020-27761 MISC |
| imagemagik — imagemagik |
A flaw was found in ImageMagick in coders/hdr.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to ImageMagick 7.0.8-68. | 2020-12-03 | not yet calculated | CVE-2020-27762 MISC |
| imagemagik — imagemagik |
Due to a missing check for 0 value of `replace_extent`, it is possible for offset `p` to overflow in SubstituteString(), causing potential impact to application availability. This could be triggered by a crafted input file that is processed by ImageMagick. This flaw affects ImageMagick versions prior to 7.0.8-68. | 2020-12-04 | not yet calculated | CVE-2020-27770 MISC |
|
imagemagik — imagemagik
|
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but could potentially cause other problems related to undefined behavior. This flaw affects ImageMagick versions prior to 7.0.9-0. | 2020-12-04 | not yet calculated | CVE-2020-27774 MISC |
| infinispan — infinispan | A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while performing some server management operations. When authz is enabled, any user with authentication can perform operations like shutting down the server without the ADMIN role. | 2020-12-03 | not yet calculated | CVE-2020-25711 MISC |
| jenkins — jenkins |
Jenkins Chaos Monkey Plugin 0.4 and earlier does not perform permission checks in an HTTP endpoint, allowing attackers with Overall/Read permission to access the Chaos Monkey page and to see the history of actions. | 2020-12-03 | not yet calculated | CVE-2020-2323 MLIST CONFIRM |
| jenkins — jenkins |
Jenkins Chaos Monkey Plugin 0.3 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to generate load and to generate memory leaks. | 2020-12-03 | not yet calculated | CVE-2020-2322 MLIST CONFIRM |
| jenkins — jenkins |
Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | 2020-12-03 | not yet calculated | CVE-2020-2324 MLIST CONFIRM |
| jenkins — jenkins |
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. | 2020-12-03 | not yet calculated | CVE-2020-2320 MLIST CONFIRM |
| jupyterhub — oauthenticator |
OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated (in jupyterhub 1.2) configuration `Authenticator.whitelist`, which should be transparently mapped to `Authenticator.allowed_users` with a warning, is instead ignored by OAuthenticator classes, resulting in the same behavior as if this configuration has not been set. If this is the only mechanism of authorization restriction (i.e. no group or team restrictions in configuration) then all authenticated users will be allowed. Provider-based restrictions, including deprecated values such as `GitHubOAuthenticator.org_whitelist` are **not** affected. All users of OAuthenticator 0.12.0 and 0.12.1 with JupyterHub 1.2 (JupyterHub Helm chart 0.10.0-0.10.5) who use the `admin.whitelist.users` configuration in the jupyterhub helm chart or the `c.Authenticator.whitelist` configuration directly. Users of other deprecated configuration, e.g. `c.GitHubOAuthenticator.team_whitelist` are **not** affected. If you see a log line like this and expect a specific list of allowed usernames: “[I 2020-11-27 16:51:54.528 JupyterHub app:1717] Not using allowed_users. Any authenticated user will be allowed.” you are likely affected. Updating oauthenticator to 0.12.2 is recommended. A workaround is to replace the deprecated `c.Authenticator.whitelist = …` with `c.Authenticator.allowed_users = …`. If any users have been authorized during this time who should not have been, they must be deleted via the API or admin interface, per the referenced documentation. | 2020-12-01 | not yet calculated | CVE-2020-26250 MISC MISC CONFIRM MISC |
| kaspersky — anti-ransomware_tool |
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process. | 2020-12-04 | not yet calculated | CVE-2020-28950 MISC |
| kia_motors — head_unit |
Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle. | 2020-12-01 | not yet calculated | CVE-2020-8539 MISC MISC |
| lightbend — play_framework |
An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent as a form field lead to Data Amplification. This affects users migrating from a Play version prior to 2.8.0 that used the Play Java API to serialize classes with protected or private fields to JSON. | 2020-12-03 | not yet calculated | CVE-2020-28923 MISC CONFIRM |
| linux — linux_kernel |
A flaw was found in the Linux kernel’s futex implementation. This flaw allows a local attacker to corrupt system memory or escalate their privileges when creating a futex on a filesystem that is about to be unmounted. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 2020-12-03 | not yet calculated | CVE-2020-14381 MISC MISC |
| linux — linux_kernel |
An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. | 2020-12-03 | not yet calculated | CVE-2020-29534 MISC MISC MISC |
| linux — linux_kernel |
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | 2020-12-03 | not yet calculated | CVE-2020-14351 MISC |
| linux — linux_kernel |
A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if using PERF_EVENT_IOC_SET_FILTER. A local user could use this flaw to starve the resources causing denial of service. | 2020-12-02 | not yet calculated | CVE-2020-25704 MISC MISC MISC |
| logicaldoc — logicaldoc |
A local privilege elevation vulnerability exists in the file system permissions of LogicalDoc 8.5.1 installation. Depending on the vector chosen, an attacker can either replace the service binary or replace DLL files loaded by the service, both which get executed by a service thus executing arbitrary commands with System privileges. | 2020-12-03 | not yet calculated | CVE-2020-13542 MISC |
| mcafee — total_protection |
Privilege Escalation vulnerability in Microsoft Windows client McAfee Total Protection (MTP) prior to 16.0.29 allows local users to gain elevated privileges via careful manipulation of a folder by creating a junction link. This exploits a lack of protection through a timing issue and is only exploitable in a small time window. | 2020-12-01 | not yet calculated | CVE-2020-7335 CONFIRM MISC |
| mitsubishi_electric_corporation — multiple_products |
Out-of-bounds read issue in GT21 model of GOT2000 series (GT2107-WTBD all versions, GT2107-WTSD all versions, GT2104-RTBD all versions, GT2104-PMBD all versions, and GT2103-PMBD all versions), GS21 model of GOT series (GS2110-WTBD all versions and GS2107-WTBD all versions), and Tension Controller LE7-40GU-L all versions allows a remote attacker to cause a denial-of-service (DoS) condition by sending a specially crafted packet. As a result, deterioration of communication performance or a denial-of-service (DoS) condition of the TCP communication functions of the products may occur. | 2020-12-04 | not yet calculated | CVE-2020-5675 MISC MISC MISC |
| netscout — airmagnet_enterprise |
NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise. | 2020-12-03 | not yet calculated | CVE-2020-28251 MISC CONFIRM |
| openclinic — openclinic |
OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient’s medical test results, possibly resulting in disclosure of Protected Health Information (PHI) stored in the application, via a direct request for the /tests/ URI. | 2020-12-03 | not yet calculated | CVE-2020-28937 MISC |
| openclinic — openclinic |
OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. This vulnerability allows authenticated users (with substantial privileges) to upload malicious files, such as PHP web shells, which can lead to arbitrary code execution on the application server. | 2020-12-03 | not yet calculated | CVE-2020-28939 MISC |
| opensis — community_edition |
OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. | 2020-12-04 | not yet calculated | CVE-2020-27408 MISC MISC |
| opensis — community_edition |
OpenSIS Community Edition before 7.5 is affected by a cross-site scripting (XSS) vulnerability in SideForStudent.php via the modname parameter. | 2020-12-04 | not yet calculated | CVE-2020-27409 MISC MISC MISC |
| openstack — horizon |
An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before 18.3.3, 18.4.x, and 18.5.x. There is a lack of validation of the “next” parameter, which would allow someone to supply a malicious URL in Horizon that can cause an automatic redirect to the provided malicious URL. | 2020-12-04 | not yet calculated | CVE-2020-29565 MISC MISC MISC |
| pixar — openusd |
A use-after-free vulnerability exists in a way Pixar OpenUSD 20.08 processes reference paths textual USD files. A specially crafted file can trigger the reuse of a freed memory which can result in further memory corruption and arbitrary code execution. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file. | 2020-12-03 | not yet calculated | CVE-2020-13531 MISC |
| poppler — poppler |
A flaw was found in Poppler in the way certain PDF files were converted into HTML. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by the ‘pdftohtml’ program, would crash the application causing a denial of service. | 2020-12-03 | not yet calculated | CVE-2020-27778 MISC |
| prestashop — prestashop |
In the PrestaShop module “productcomments” before version 4.2.1, an attacker can use a Blind SQL injection to retrieve data or stop the MySQL service. The problem is fixed in 4.2.1 of the module. | 2020-12-03 | not yet calculated | CVE-2020-26248 MISC MISC CONFIRM MISC |
| python — openid_connect |
Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issues are: 1) The IdToken signature algorithm was not checked automatically, but only if the expected algorithm was passed in as a kwarg. 2) JWA `none` algorithm was allowed in all flows. 3) oic.consumer.Consumer.parse_authz returns an unverified IdToken. The verification of the token was left to the discretion of the implementator. 4) iat claim was not checked for sanity (i.e. it could be in the future). These issues are patched in version 1.2.1. | 2020-12-02 | not yet calculated | CVE-2020-26244 MISC MISC CONFIRM MISC |
| qemu — qemu |
A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. | 2020-12-02 | not yet calculated | CVE-2020-25723 MISC |
| qemu — qemu |
A flaw was found in libvirt, where it leaked a file descriptor for `/dev/mapper/control` into the QEMU process. This file descriptor allows for privileged operations to happen against the device-mapper on the host. This flaw allows a malicious guest user or process to perform operations outside of their standard permissions, potentially causing serious damage to the host operating system. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 2020-12-03 | not yet calculated | CVE-2020-14339 MISC |
| rumkin — keyget |
Prototype pollution vulnerability in ‘keyget’ versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. | 2020-12-02 | not yet calculated | CVE-2020-28272 MISC CONFIRM |
| rumkin — set-in |
Prototype pollution vulnerability in ‘set-in’ versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | 2020-12-02 | not yet calculated | CVE-2020-28273 MISC MISC MISC |
| schneider_electric — multiple_products |
A CWE-330 – Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login. | 2020-12-01 | not yet calculated | CVE-2020-7548 MISC |
| schneider_electric — multiple_products |
A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantum and ModiconPremium Legacy offers and their Communication Modules (see security notification for version information) which could cause the execution of commands on the webserver without authentication when sending specially crafted HTTP requests. | 2020-12-01 | not yet calculated | CVE-2020-7533 MISC |
| sonicboom — sonicboom |
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reservation in the case where a load translates successfully but still generates an exception. | 2020-12-04 | not yet calculated | CVE-2020-29561 MISC |
| trac_software — webkitgtk |
An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | 2020-12-03 | not yet calculated | CVE-2020-13584 FEDORA MISC |
| trac_software — webkitgtk |
A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code execution. An attacker can get a user to visit a webpage to trigger this vulnerability. | 2020-12-03 | not yet calculated | CVE-2020-13543 MISC |
| ubuntu — containerd |
containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim’s API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the “host” network namespace, for example with docker run –net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container’s privilege, regardless of what container runtime is used for running that container. | 2020-12-01 | not yet calculated | CVE-2020-15257 MISC MISC CONFIRM |
| ubuntu — pulseaudio |
An Ubuntu-specific patch in PulseAudio created a race condition where the snap policy module would fail to identify a client connection from a snap as coming from a snap if SCM_CREDENTIALS were missing, allowing the snap to connect to PulseAudio without proper confinement. This could be exploited by an attacker to expose sensitive information. Fixed in 1:13.99.3-1ubuntu2, 1:13.99.2-1ubuntu2.1, 1:13.99.1-1ubuntu3.8, 1:11.1-1ubuntu7.11, and 1:8.0-0ubuntu3.15. | 2020-12-04 | not yet calculated | CVE-2020-16123 UBUNTU UBUNTU |
| ubuntu — snapcraft |
In some conditions, a snap package built by snapcraft includes the current directory in LD_LIBRARY_PATH, allowing a malicious snap to gain code execution within the context of another snap if both plug the home interface or similar. This issue affects snapcraft versions prior to 4.4.4, prior to 2.43.1+16.04.1, and prior to 2.43.1+18.04.1. | 2020-12-04 | not yet calculated | CVE-2020-27348 MISC MISC MISC |
| ubuntu — ubuntu |
software-properties was vulnerable to a person-in-the-middle attack due to incorrect TLS certificate validation in softwareproperties/ppa.py. software-properties didn’t check TLS certificates under python2 and only checked certificates under python3 if a valid certificate bundle was provided. Fixed in software-properties version 0.92. | 2020-12-02 | not yet calculated | CVE-2012-0955 UBUNTU UBUNTU |
| valve — game_networking_sockets |
Valve’s Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. | 2020-12-03 | not yet calculated | CVE-2020-6017 MISC |
This product is provided subject to this Notification and this Privacy & Use policy.
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments