tigervnc — tigervnc In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. 2020-09-27 not yet calculated CVE-2020-26117
MISC
MISC
MISC
MISC
MISC
MISC anixis — password_reset_client
  The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing. When the client is configured to use HTTP, it does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. 2020-09-30 not yet calculated CVE-2018-5354
MISC
MISC apache — ant
  As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process. 2020-10-01 not yet calculated CVE-2020-11979
MISC apache — hadoop
  In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled. 2020-09-30 not yet calculated CVE-2018-11765
MISC apache — nifi In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens, preventing legitimate users from requesting download tokens. 2020-10-01 not yet calculated CVE-2020-9487
MISC apache — nifi
  In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values. When a flow was triggered, the flow definition configuration JSON was printed, potentially containing sensitive values in plaintext. 2020-10-01 not yet calculated CVE-2020-9486
MISC apache — nifi
  In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE). 2020-10-01 not yet calculated CVE-2020-13940
MISC apache — nifi
  In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc. However intracluster communication such as cluster request replication, Site-to-Site, and load balanced queues continued to support TLS v1.0 or v1.1. 2020-10-01 not yet calculated CVE-2020-9491
MISC apache — openmeetings
  Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. 2020-09-30 not yet calculated CVE-2020-13951
MISC apache — superset
  In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object for the Presto or Hive connection, allowing the user to bypass security controls internal to Superset. This vulnerability is present in every Apache Superset version < 0.37.2. 2020-09-30 not yet calculated CVE-2020-13952
MISC apache — tapestry
  In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run. 2020-09-30 not yet calculated CVE-2020-13953
MISC artica — pandora_fms
  Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter. 2020-10-02 not yet calculated CVE-2020-26518
MISC artifex — mupdf
  fitz/pixmap.c in Artifex MuPDF 1.17.0 has an overflow during pixmap size calculation. 2020-10-02 not yet calculated CVE-2020-26519
MISC
MISC atheros — multiple_devices
  A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. 2020-09-30 not yet calculated CVE-2019-18991
MISC atlassian — atlaskit/editor-core
  The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets. 2020-10-01 not yet calculated CVE-2019-20903
MISC
MISC
MISC atlassian — crowd
  Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP. The affected versions are from before version 3.4.6 and from 3.5.0 before 3.5.1. 2020-10-01 not yet calculated CVE-2019-20902
MISC august — connect_wi-fi_bridge_app
  Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials. This issue affects: August Connect Wi-Fi Bridge App version v10.11.0 and prior versions on Android. August Connect Firmware version 2.2.12 and prior versions. 2020-09-30 not yet calculated CVE-2019-17098
CONFIRM bigbluebutton — greenlight
  BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. 2020-09-30 not yet calculated CVE-2020-26163
MISC
MISC
MISC bitdefender — bitdefender_engines
  An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name. This issue affects: Bitdefender Engines versions prior to 7.85448. 2020-09-30 not yet calculated CVE-2020-15731
CONFIRM bitdefender — engines
  A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions. 2020-10-01 not yet calculated CVE-2020-8109
CONFIRM bitdefender — engines
  A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions. 2020-10-02 not yet calculated CVE-2020-8110
MISC bludit — bludit
  Bludit v3.8.1 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /admin/ajax/upload-profile-picture. 2020-10-02 not yet calculated CVE-2020-18190
MISC bootstrap-select — bootstrap-select
  bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim’s browser. 2020-09-30 not yet calculated CVE-2019-20921
MISC
MISC
MISC
MISC bosh — system_metrics_server
  BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details). 2020-10-02 not yet calculated CVE-2020-5422
CONFIRM cloudflared — cloudflared
  `cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems. When run on a Windows system, `cloudflared` searches for configuration files which could be abused by a malicious entity to execute commands as a privileged user. Version 2020.8.1 fixes this issue. 2020-10-02 not yet calculated CVE-2020-24356
CONFIRM cmsmadesimple — cms_made_simple
  CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website. 2020-10-01 not yet calculated CVE-2020-24860
MISC
MISC
MISC
MISC codelathe — firecloud
  CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. 2020-10-02 not yet calculated CVE-2020-26524
MISC
MISC damstra — smart_asset
  Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter. This allows forcing the database and server to initiate remote connections to third party DNS servers. 2020-10-02 not yet calculated CVE-2020-26525
MISC
MISC
MISC damstra — smart_asset
  An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary ‘Origin: example.com’ header and responding with 200 OK and a wildcard ‘Access-Control-Allow-Origin: *’ header. 2020-10-02 not yet calculated CVE-2020-26527
MISC
MISC
MISC damstra — smart_asset
  An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid (“Unable to find an APIDomain” versus “Wrong email or password”). 2020-10-02 not yet calculated CVE-2020-26526
MISC
MISC
MISC dell — xps_13_9370_bios
  Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. 2020-10-01 not yet calculated CVE-2020-5387
CONFIRM django — rest_framework
  A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the browseable API viewer, Django REST Framework fails to properly escape certain strings that can come from user input. This allows a user who can control those strings to inject malicious <script> tags, leading to a cross-site-scripting (XSS) vulnerability. 2020-09-30 not yet calculated CVE-2020-25626
MISC

dpdk — dpdk

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-30 not yet calculated CVE-2020-14376
SUSE
SUSE
MISC
UBUNTU
MISC

dpdk — dpdk

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. Virtio ring descriptors, and the data they describe are in a region of memory accessible by from both the virtual machine and the host. An attacker in a VM can change the contents of the memory after vhost_crypto has validated it. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-30 not yet calculated CVE-2020-14375
SUSE
SUSE
MISC
UBUNTU
MISC

dpdk — dpdk

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability. 2020-09-30 not yet calculated CVE-2020-14377
SUSE
SUSE
MISC
UBUNTU
MISC dpdk — dpdk
  A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. 2020-09-30 not yet calculated CVE-2020-14374
SUSE
SUSE
MISC
MISC eaton — 9000x_programming_and_configuration_software
  A DLL Hijacking vulnerability in Eaton’s 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL. 2020-09-30 not yet calculated CVE-2020-6654
CONFIRM envoy_proxy — envoy
  Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. 2020-10-01 not yet calculated CVE-2020-25018
MISC
MISC envoy_proxy — envoy
  Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header. 2020-10-01 not yet calculated CVE-2020-25017
MISC
MISC erlang — otp
  Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can send a crafted HTTP request to read arbitrary files, if httpd in the inets application is used. 2020-10-02 not yet calculated CVE-2020-25623
CONFIRM
CONFIRM
MISC fatek_automation — plc_winproladder
  In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code. 2020-09-30 not yet calculated CVE-2020-16234
MISC foxit — reader_and_phantompdf
  An issue was discovered in Foxit Reader and PhantomPDF before 10.1. It allows attackers to execute arbitrary code via a Trojan horse taskkill.exe in the current working directory. 2020-10-02 not yet calculated CVE-2020-26538
MISC frontaccounting — frontaccounting
  An issue was discovered in FrontAccounting 2.4.7. There is a Directory Traversal vulnerability that can empty folder via admin/inst_lang.php. 2020-09-30 not yet calculated CVE-2020-21244
MISC fusionauth — fusionauth-samlv2
  FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a “Signature exclusion attack”. 2020-10-02 not yet calculated CVE-2020-12676
MISC
FULLDISC
MISC
MISC
MISC getsimple — getsimple_cms GetSimpleCMS-3.3.15 is affected by directory traversal. Remote attackers are able to delete arbitrary files via /GetSimpleCMS-3.3.15/admin/log.php 2020-10-02 not yet calculated CVE-2020-18191
MISC getsimple — getsimple_cms
  GetSimple CMS 3.3.16 allows in parameter ‘permalink’ on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page 2020-10-01 not yet calculated CVE-2020-24861
MISC
MISC
MISC github — actions/core
  In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format. Workflows that log untrusted data to stdout may invoke these commands, resulting in the path or environment variables being modified without the intention of the workflow or action author. The runner will release an update that disables the `set-env` and `add-path` workflow commands in the near future. For now, users should upgrade to `@actions/core v1.2.6` or later, and replace any instance of the `set-env` or `add-path` commands in their workflows with the new Environment File Syntax. Workflows and actions using the old commands or older versions of the toolkit will start to warn, then error out during workflow execution. 2020-10-01 not yet calculated CVE-2020-15228
CONFIRM gitlab — gitlab
  An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references. 2020-10-02 not yet calculated CVE-2020-13338
CONFIRM
MISC gitlab — gitlab
  An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name. 2020-10-02 not yet calculated CVE-2020-13337
CONFIRM
MISC gitlab — gitlab
  An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature. 2020-09-30 not yet calculated CVE-2020-13336
CONFIRM
MISC google — apple_encounter_notification
  An issue was discovered in the GAEN (aka Google Apple Encounter Notification) protocol through 2020-08-27, as used in Corona applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or dis-proving an encounter notification. 2020-09-30 not yet calculated CVE-2020-24721
MISC
MISC
MISC
FULLDISC goxmldsig — goxmldsig
  In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one. A patch is available, all users of goxmldsig should upgrade to at least revision f6188febf0c29d7ffe26a0436212b19cb9615e64 or version 1.1.0 2020-09-29 not yet calculated CVE-2020-15216
MISC
CONFIRM
MISC halo — halo An issue was discovered in halo V1.1.3. A Zip Slip Directory Traversal Vulnerability in the backend,the attacker can overwrite some files, such as ftl files, .bashrc files in the user directory, and finally get the permissions of the operating system. 2020-09-30 not yet calculated CVE-2020-21522
MISC halo — halo
  An Arbitrary file writing vulnerability in halo v1.1.3. In an interface to write files in the background, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. 2020-09-30 not yet calculated CVE-2020-21526
MISC halo — halo
  Halo V1.1.3 is affected by: Arbitrary File reading. In an interface that reads files in halo v1.1.3, a directory traversal check is performed on the input path parameter, but the startsWith function can be used to bypass it. 2020-09-30 not yet calculated CVE-2020-21525
MISC halo — halo
  There is an Arbitrary file deletion vulnerability in halo v1.1.3. A backup function in the background allows a user, when deleting their backup files, to delete any files on the system through directory traversal. 2020-09-30 not yet calculated CVE-2020-21527
MISC halo — halo
  There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423 2020-09-30 not yet calculated CVE-2020-21524
MISC halo — halo
  A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test=”freemarker.template.utility.Execute”?new()> ${test(“touch /tmp/freemarkerPwned”)} 2020-09-30 not yet calculated CVE-2020-21523
MISC handlebars — handlebars
  Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching. The parser may be forced into an endless loop while processing crafted templates. This may allow attackers to exhaust system resources. 2020-09-30 not yet calculated CVE-2019-20922
MISC
MISC
MISC handlebars — handlebars
  Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution. The lookup helper fails to properly validate templates, allowing attackers to submit templates that execute arbitrary JavaScript. This can be used to run arbitrary code on a server processing Handlebars templates or in a victim’s browser (effectively serving as XSS). 2020-09-30 not yet calculated CVE-2019-20920
MISC
MISC
MISC harbor — harbor
  Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. 2020-09-30 not yet calculated CVE-2020-13794
MISC
MISC
MISC hashicorp — vault_and_vault_enterprise
  HashiCorp Vault and Vault Enterprise 1.0 before 1.5.4 have Incorrect Access Control. 2020-09-30 not yet calculated CVE-2020-25816
CONFIRM
MISC hcl — digital_experience
  HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS). The vulnerability could be employed in a reflected or non-persistent XSS attack. 2020-10-01 not yet calculated CVE-2020-14223
MISC hewlett_packard_enterprise — ip_console_switches
  A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. 2020-10-02 not yet calculated CVE-2020-24628
MISC hewlett_packard_enterprise — ip_console_switches
  A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3. 2020-10-02 not yet calculated CVE-2020-24627
MISC hfish — hfish
  An issue was discovered in HFish 0.5.1. When a payload is inserted where the password is entered, XSS code is triggered when the administrator views the information. 2020-09-30 not yet calculated CVE-2020-22481
MISC ibm — websphere_application_server
  IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects. IBM X-Force ID: 184428. 2020-10-01 not yet calculated CVE-2020-4576
XF
CONFIRM istio — istio
  In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g. *-some-suffix) for source principals or namespace fields, callers will never be denied access, bypassing the intended policy. 2020-10-01 not yet calculated CVE-2020-16844
MISC
CONFIRM jwt-go — jwt-go
  jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m[“aud”] (which is allowed by the specification). Because the type assertion fails, “” is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. 2020-09-30 not yet calculated CVE-2020-26160
MISC
MISC lansweeper — lansweeper
  In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application. 2020-09-30 not yet calculated CVE-2020-13658
MISC
MISC leanote — desktop
  Leanote Desktop through 2.6.2 allows XSS because a note’s title is mishandled when the batch feature is triggered. This leads to remote code execution because of Node integration. 2020-09-30 not yet calculated CVE-2020-26158
MISC leanote — desktop
  Leanote Desktop through 2.6.2 allows XSS because a note’s title is mishandled during syncing. This leads to remote code execution because of Node integration. 2020-09-30 not yet calculated CVE-2020-26157
MISC libproxy — libproxy
  url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. 2020-09-30 not yet calculated CVE-2020-26154
MISC
MISC
FEDORA live_helper_chat– live_helper_chat
  Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode. 2020-10-02 not yet calculated CVE-2020-26134
MISC
MISC
MISC live_helper_chat– live_helper_chat
  Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. 2020-10-02 not yet calculated CVE-2020-26135
MISC
MISC
MISC logaritmo — aware_callmanager_2012
  info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function. 2020-09-30 not yet calculated CVE-2020-26150
MISC mantisbt — mantisbt
  An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field’s name allows an attacker to inject HTML and, if CSP settings permit, achieve execution of arbitrary JavaScript when attempting to update said custom field via bug_actiongroup_page.php. 2020-09-30 not yet calculated CVE-2020-25830
MISC
MISC mantisbt — mantisbt
  An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom Field with a crafted Regular Expression property is used, improper escaping of the corresponding form input’s pattern attribute allows HTML injection and, if CSP settings permit, execution of arbitrary JavaScript. 2020-09-30 not yet calculated CVE-2020-25288
MISC
MISC mantisbt — mantisbt
  An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly. 2020-09-30 not yet calculated CVE-2020-25781
MISC
MISC
MISC mapfish — mapfish-print

 

In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style. 2020-10-02 not yet calculated CVE-2020-15232
MISC
CONFIRM mapfish — mapfish-print
  In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting. 2020-10-02 not yet calculated CVE-20https://nvd.nist.gov/nvd.cfm?cvename=CVE-2020-1523120-15231
MISC
CONFIRM mb_connect_line — mymbconnect24_and_mbconnect24
  An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the knximport component via an advanced attack vector, allowing logged in attackers to discover arbitrary information. 2020-09-30 not yet calculated CVE-2020-24569
CONFIRM mb_connect_line — mymbconnect24_and_mbconnect24
  An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a blind SQL injection in the lancompenent component, allowing logged-in attackers to discover arbitrary information. 2020-10-02 not yet calculated CVE-2020-24568
CONFIRM mb_connect_line — mymbconnect24_and_mbconnect24
  An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a CSRF issue (with resultant SSRF) in the com_mb24proxy module, allowing attackers to steal session information from logged-in users with a crafted link. 2020-09-30 not yet calculated CVE-2020-24570
CONFIRM md4c — md4c
  md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document. 2020-09-30 not yet calculated CVE-2020-26148
MISC mediatek — mt7620n_devices
  A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. 2020-09-30 not yet calculated CVE-2019-18989
MISC mediawiki — mediawiki
  An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki. 2020-09-27 not yet calculated CVE-2020-25869
CONFIRM
MISC
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn’t escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.) 2020-09-27 not yet calculated CVE-2020-25828
MISC
CONFIRM
MISC mediawiki — mediawiki
  An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against “page creation” and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title. 2020-09-27 not yet calculated CVE-2020-26121
MISC
MISC
MISC mediawiki — mediawiki
  XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery’s parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM. 2020-09-27 not yet calculated CVE-2020-26120
MISC
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text(). 2020-09-27 not yet calculated CVE-2020-25815
MISC
CONFIRM
MISC mediawiki — mediawiki
  In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. 2020-09-27 not yet calculated CVE-2020-25813
CONFIRM
MISC
MISC mediawiki — mediawiki
  In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it’s empty, etc.). The actual result is that the object contains an <a href =”https://us-cert.cisa.gov/ncas/bulletins/javascript… that executes when clicked. 2020-09-27 not yet calculated CVE-2020-25814
CONFIRM
MISC
MISC mediawiki — mediawiki
  An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML. 2020-09-27 not yet calculated CVE-2020-25812
MISC
CONFIRM
MISC mediawiki — mediawiki
  An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently. 2020-09-27 not yet calculated CVE-2020-25827
CONFIRM
MISC
MISC mozilla — firefox
  When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message. This level of information leakage is inconsistent with the standardized onerror/onsuccess disclosure and can lead to inferring login status to services or device discovery on a local network among other attacks. This vulnerability affects Firefox < 80 and Firefox for Android < 80. 2020-10-01 not yet calculated CVE-2020-15666
MISC
MISC
MISC mozilla — firefox
  When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. 2020-10-01 not yet calculated CVE-2020-15667
MISC
MISC mozilla — firefox
  Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page. This could have resulted in an incorrect URL being shown when used in conjunction with other unexpected browser behaviors. This vulnerability affects Firefox < 80. 2020-10-01 not yet calculated CVE-2020-15665
MISC
MISC mozilla — multiple_products By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension. Combined with user confusion, this could result in an unintended or malicious extension being installed. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, Firefox ESR < 78.2, and Firefox for Android < 80. 2020-10-01 not yet calculated CVE-2020-15664
MISC
MISC
MISC
MISC
MISC
MISC
MISC mozilla — multiple_products
  If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges. Although the Mozilla Maintenance Service does ensure that updater.exe is signed by Mozilla, the version could have been rolled back to a previous version which would have allowed exploitation of an older bug and arbitrary code execution with System Privileges. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 80, Thunderbird < 78.2, Thunderbird < 68.12, Firefox ESR < 68.12, and Firefox ESR < 78.2. 2020-10-01 not yet calculated CVE-2020-15663
MISC
MISC
MISC
MISC
MISC
MISC msi — ambientlink_mslo64_driver
  The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054). 2020-10-02 not yet calculated CVE-2020-17382
MISC
MISC
MISC nacos — nacos
  Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284) 2020-09-30 not yet calculated CVE-2020-19676
MISC nats — nats.js
  NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server. 2020-09-30 not yet calculated CVE-2020-26149
CONFIRM
MISC
MISC nette — nette
  Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE. Nette is a PHP/Composer MVC Framework. 2020-10-01 not yet calculated CVE-2020-15227
CONFIRM
MISC
MISC niushop — b2b2c_multi-business_basic_edition
  Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell. 2020-09-30 not yet calculated CVE-2020-19672
MISC niushop — b2b2c_multi-business_basic_edition
  In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords. 2020-09-30 not yet calculated CVE-2020-19670
MISC nvidia — virtual_gpu_manager NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5989
CONFIRM nvidia — virtual_gpu_manager
  NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5983
CONFIRM nvidia — virtual_gpu_manager
  NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5984
CONFIRM nvidia — virtual_gpu_manager
  NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5986
CONFIRM nvidia — virtual_gpu_manager
  NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5987
CONFIRM nvidia — virtual_gpu_manager
  NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5988
CONFIRM nvidia — virtual_gpu_manager
  NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. 2020-10-02 not yet calculated CVE-2020-5985
CONFIRM nvidia — windows_gpu_display_Driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service. 2020-10-02 not yet calculated CVE-2020-5980
CONFIRM nvidia — windows_gpu_display_driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution. 2020-10-02 not yet calculated CVE-2020-5981
CONFIRM nvidia — windows_gpu_display_driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service. 2020-10-02 not yet calculated CVE-2020-5982
CONFIRM nvidia — windows_gpu_display_driver
  NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges. 2020-10-02 not yet calculated CVE-2020-5979
CONFIRM oniguruma — oniguruma
  In Oniguruma 6.9.5_rev1, an attacker able to supply a regular expression for compilation may be able to overflow a buffer by one byte in concat_opt_exact_str in src/regcomp.c . 2020-09-30 not yet calculated CVE-2020-26159
MLIST
MISC
MISC openmediavault — openmediavault
  openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc. Successful exploitation allows arbitrary command execution on the underlying operating system as root. 2020-10-02 not yet calculated CVE-2020-26124
MISC
CONFIRM ory — fosite
  ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite from version 0.30.2 and before version 0.34.1, there is an issue in which an an attacker can override the registered redirect URL by performing an OAuth flow and requesting a redirect URL that is to the loopback adapter. Attackers can provide both custom URL query parameters to their loopback redirect URL, as well as actually overriding the host of the registered redirect URL. These attacks are only applicable in scenarios where the attacker has access over the loopback interface. This vulnerability has been patched in ORY Fosite v0.34.1. 2020-10-02 not yet calculated CVE-2020-15233
MISC
CONFIRM ory — fosite
  ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go. In Fosite before version 0.34.1, the OAuth 2.0 Client’s registered redirect URLs and the redirect URL provided at the OAuth2 Authorization Endpoint where compared using strings.ToLower while they should have been compared with a simple string match. This allows an attacker to register a client with allowed redirect URL https://example.com/callback. Then perform an OAuth2 flow and requesting redirect URL https://example.com/CALLBACK. Instead of an error (invalid redirect URL), the browser is redirected to https://example.com/CALLBACK with a potentially successful OAuth2 response, depending on the state of the overall OAuth2 flow (the user might still deny the request for example). This vulnerability has been patched in ORY Fosite v0.34.1. 2020-10-02 not yet calculated CVE-2020-15234
MISC
CONFIRM ozeki — ng_sms_gateway
  An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution. 2020-09-30 not yet calculated CVE-2020-14030
MISC
MISC php — php
  In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded. This may lead to cookies with prefixes like __Host confused with cookies that decode to such prefix, thus leading to an attacker being able to forge cookie which is supposed to be secure. See also CVE-2020-8184 for more information. 2020-10-02 not yet calculated CVE-2020-7070
MISC
MISC
MISC
FEDORA php — php
  In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data. 2020-10-02 not yet calculated CVE-2020-7069
MISC
FEDORA pluck — cms
  An issue was discovered in Pluck CMS v4.7.11. There is a file upload vulnerability that can cause a remote command execution via admin.php?action=files. 2020-09-30 not yet calculated CVE-2020-21564
MISC pluxxml — pluxxml
  In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template. 2020-10-02 not yet calculated CVE-2020-18184
MISC pluxxml — pluxxml
  class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment. 2020-10-02 not yet calculated CVE-2020-18185
MISC powerdns — authoritative
  An issue was discovered in PowerDNS Authoritative through 4.3.0 when –enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. 2020-10-02 not yet calculated CVE-2020-24696
MISC powerdns — authoritative
  An issue was discovered in PowerDNS Authoritative through 4.3.0 when –enable-experimental-gss-tsig is used. A remote, unauthenticated attacker might be able to cause a double-free, leading to a crash or possibly arbitrary code execution. by sending crafted queries with a GSS-TSIG signature. 2020-10-02 not yet calculated CVE-2020-24698
CONFIRM powerdns — authoritative
  An issue was discovered in PowerDNS Authoritative through 4.3.0 when –enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. 2020-10-02 not yet calculated CVE-2020-24697
CONFIRM powerdns — authoritative_server
  An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory. 2020-10-02 not yet calculated CVE-2020-17482
CONFIRM
MISC pritunl — pritnul
  Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts. Initially, the server will return error 401. However, if the username is valid, then after 20 login attempts, the server will start responding with error 400. Invalid usernames will receive error 401 indefinitely. 2020-10-01 not yet calculated CVE-2020-25200
MISC
MISC
MISC projectworlds — visitor_management_system
  Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc. 2020-09-30 not yet calculated CVE-2020-25761
MISC
FULLDISC
MISC projectworlds — visitor_management_system
  Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the ‘rid’ parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. 2020-09-30 not yet calculated CVE-2020-25760
MISC
FULLDISC
MISC pulse_secure — pulse_connect_secure A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS). 2020-09-30 not yet calculated CVE-2020-8238
MISC pulse_secure — pulse_connect_secure
  A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability. 2020-09-30 not yet calculated CVE-2020-8256
MISC pulse_secure — pulse_connect_secure
  A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution. 2020-09-30 not yet calculated CVE-2020-8243
MISC python — python
  http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. 2020-09-27 not yet calculated CVE-2020-26116
MISC
MISC qemu — qemu
  fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive. 2020-10-02 not yet calculated CVE-2020-25741
CONFIRM
MISC
MISC re:desk — re:desk Re:Desk 2.3 allows insecure file upload. 2020-09-30 not yet calculated CVE-2020-15488
MISC
MISC re:desk — re:desk Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method. A malicious actor with access to an administrative account could abuse this vulnerability to recover sensitive data from the application’s database, allowing for authorization bypass and taking over additional accounts by means of modifying password-reset tokens stored in the database. Remote command execution is also possible by leveraging this to abuse the Yii framework’s bizRule functionality, allowing for arbitrary PHP code to be executed by the application. Remote command execution is also possible by using this together with a separate insecure file upload vulnerability (CVE-2020-15488). 2020-09-30 not yet calculated CVE-2020-15849
MISC
MISC re:desk — re:desk
  Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file. By modifying the folder GET parameter, it is possible to execute arbitrary SQL statements via a crafted URL. Unauthenticated remote command execution is possible by using this SQL injection to update certain database values, which are then executed by a bizRule eval() function in the yii/framework/web/auth/CAuthManager.php file. Resultant authorization bypass is also possible, by recovering or modifying password hashes and password reset tokens, allowing for administrative privileges to be obtained. 2020-09-30 not yet calculated CVE-2020-15487
MISC
MISC realtek — multiple_devices
  A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices. The vulnerability allows sending an unencrypted data frame to a WPA2-protected WLAN router where the packet is routed through the network. If successful, a response is sent back as an encrypted frame, which would allow an attacker to discern information or potentially modify data. 2020-09-30 not yet calculated CVE-2019-18990
MISC reddoxx — maildepot_2032_sp2
  REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout. 2020-10-02 not yet calculated CVE-2019-19199
MISC
MISC
MISC
MISC rittal — cmc_pu_iii_devices
  The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page. This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts) as the content is always displayed after and before login. Persistent XSS allows an attacker to modify displayed content or to change the victim’s information. Successful exploitation requires access to the web management interface, either with valid credentials or a hijacked session. 2020-10-01 not yet calculated CVE-2019-19393
MISC
MISC secudos — domos
  conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface). 2020-10-02 not yet calculated CVE-2020-14293
MISC
MISC
MISC
MISC
MISC secudos — qiata_fta
  An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board. 2020-10-02 not yet calculated CVE-2020-14294
MISC
MISC
MISC
MISC
MISC snyk — bmoor
  The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function. 2020-10-02 not yet calculated CVE-2020-7736
MISC
MISC snyk — safetydance
  All versions of package safetydance are vulnerable to Prototype Pollution via the set function. 2020-10-02 not yet calculated CVE-2020-7737
MISC snyk — shiba
  All versions of package shiba are vulnerable to Arbitrary Code Execution due to the default usage of the function load() of the package js-yaml instead of its secure replacement , safeLoad(). 2020-10-02 not yet calculated CVE-2020-7738
CONFIRM sonicwall — ssl-vpn_products
  SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. 2020-09-30 not yet calculated CVE-2020-5132
CONFIRM sourcecodester — seat_reservation_system
  An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does not perform input validation on the username and password parameters. An attacker can send malicious input in the post request to /admin/ajax.php?action=login and bypass authentication, extract sensitive information etc. 2020-09-30 not yet calculated CVE-2020-25762
MISC
FULLDISC
MISC sourcecodester — seat_reservation_system
  Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files. 2020-09-30 not yet calculated CVE-2020-25763
MISC
FULLDISC
MISC sysaid — sysaid
  SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. 2020-10-02 not yet calculated CVE-2020-13168
MISC
MISC trend_micro — antivirus_for_mac_2020
  Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. 2020-10-02 not yet calculated CVE-2020-25776
N/A
N/A trend_micro — apex_one
  A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit this vulnerability. 2020-09-29 not yet calculated CVE-2020-24563
N/A
N/A trend_micro — apex_one_servermigration_tool
  A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 2020-09-29 not yet calculated CVE-2020-25774
N/A
N/A trend_micro — office_scan_xg_sp1
  A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. This CVE is similar, but not identical to CVE-2020-24556. 2020-09-29 not yet calculated CVE-2020-24562
N/A
N/A trend_micro — security_2020
  The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product’s secure erase feature to delete files with a higher set of privileges. 2020-09-29 not yet calculated CVE-2020-25775
N/A
N/A unisys — stealth
  Unisys Stealth(core) before 4.0.132 stores Passwords in a Recoverable Format. 2020-10-01 not yet calculated CVE-2020-24620
CONFIRM
MISC urllib3 — urllib3
  urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. 2020-09-30 not yet calculated CVE-2020-26137
MISC
MISC
MISC vapor — vapor
  Vapor is a web framework for Swift. In Vapor before version 4.29.4, Attackers can access data at arbitrary filesystem paths on the same host as an application. Only applications using FileMiddleware are affected. This is fixed in version 4.29.4. 2020-10-02 not yet calculated CVE-2020-15230
MISC
MISC
CONFIRM wago — multiple_products Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362 version FW03 and prior versions. WAGO 750-363 version FW03 and prior versions. WAGO 750-823 version FW03 and prior versions. WAGO 750-832/xxx-xxx version FW03 and prior versions. WAGO 750-862 version FW03 and prior versions. WAGO 750-891 version FW03 and prior versions. WAGO 750-890/xxx-xxx version FW03 and prior versions. 2020-09-30 not yet calculated CVE-2020-12506
CONFIRM wago — multiple_products
  Improper Authentication vulnerability in WAGO 750-8XX series with FW version <= FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852 version FW07 and prior versions. WAGO 750-880/xxx-xxx version FW07 and prior versions. WAGO 750-881 version FW07 and prior versions. WAGO 750-831/xxx-xxx version FW07 and prior versions. WAGO 750-882 version FW07 and prior versions. WAGO 750-885/xxx-xxx version FW07 and prior versions. WAGO 750-889 version FW07 and prior versions. 2020-09-30 not yet calculated CVE-2020-12505
CONFIRM wavlink — wn530h4_router A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication. 2020-10-02 not yet calculated CVE-2020-12125
MISC
MISC wavlink — wn530h4_router
  A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication. 2020-10-02 not yet calculated CVE-2020-12124
MISC
MISC wavlink — wn530h4_router
  CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work. 2020-10-02 not yet calculated CVE-2020-12123
MISC
MISC wavlink — wn530h4_router
  Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint. 2020-10-02 not yet calculated CVE-2020-12126
MISC
MISC wavlink — wn530h4_router
  An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. 2020-10-02 not yet calculated CVE-2020-12127
MISC
MISC websitebaker — websitebaker
  WebsiteBaker 2.12.2 allows SQL Injection via parameter ‘display_name’ in /websitebaker/admin/preferences/save.php. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 2020-10-01 not yet calculated CVE-2020-25990
MISC
MISC wordpress — wordpress
  The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token. 2020-10-02 not yet calculated CVE-2020-26511
MISC
MISC
MISC zoho — application_control_plus
  An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element Configuration feature (to configure elements included in the scope of elements managed by the product) allows an attacker to retrieve the entire list of the IP ranges and subnets configured in the product and consequently obtain information about the cartography of the internal networks to which the product has access. 2020-09-30 not yet calculated CVE-2020-15595
MISC zoho — application_control_plus
  An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511. The mail gateway configuration feature allows an attacker to perform a scan in order to discover open ports on a machine as well as available machines on the network segment on which the instance of the product is deployed. 2020-09-30 not yet calculated CVE-2020-15594
MISC zoho — manageengie_desktop_central
  An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. 2020-10-02 not yet calculated CVE-2020-24397
MISC
CONFIRM zoho — manageengine_adselfservice_plus
  The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing. It does not authenticate the intended server before opening a browser window. An unauthenticated attacker capable of conducting a spoofing attack can redirect the browser to gain execution in the context of the WinLogon.exe process. If Network Level Authentication is not enforced, the vulnerability can be exploited via RDP. Additionally, if the web server has a misconfigured certificate then no spoofing attack is required 2020-09-30 not yet calculated CVE-2018-5353
MISC
MISC
MISC zoho — manageengine_application_manager
  In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack. 2020-10-01 not yet calculated CVE-2020-15533
MISC
CONFIRM
CONFIRM zoho — manageengine_desktop_central
  A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W. By exploiting this issue, an attacker-controlled server can force the client to skip TLS certificate validation, leading to a man-in-the-middle attack against HTTPS and unauthenticated remote code execution. 2020-10-02 not yet calculated CVE-2020-15589
MISC
CONFIRM

Source link

Author: Editor
Editor represents multiple online news sites, including STL.News, RSSNews.Press and more. As a media company offering website hosting, design and SEO we create the news sites in part to illustrate our "search engine friendly" web hosting and design services. In addition, we believe that our "direct source news" concept helps provide accurate information to the public without bias.