apple — ios_and_ipados
  The issue was addressed with improved validation when an iCloud Link is created. This issue is fixed in iOS 13.3 and iPadOS 13.3. Live Photo audio and video data may be shared via iCloud links even if Live Photo is disabled in the Share Sheet carousel. 2020-10-27 not yet calculated CVE-2019-8857
MISC apple — macos A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A Mac may not lock immediately upon wake. 2020-10-27 not yet calculated CVE-2019-8851
MISC apple — macos A logic issue was addressed with improved validation. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra. A sandboxed process may be able to circumvent sandbox restrictions. 2020-10-27 not yet calculated CVE-2019-8640
MISC

apple — macos

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges. 2020-10-27 not yet calculated CVE-2019-8569
MISC
MISC apple — macos An issue existed in the handling of S-MIME certificates. This issue was addressed with improved validation of S-MIME certificates. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. Processing a maliciously crafted mail message may lead to S/MIME signature spoofing. 2020-10-27 not yet calculated CVE-2019-8642
MISC apple — macos
  A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra. A remote attacker may be able to overwrite existing files. 2020-10-27 not yet calculated CVE-2020-9782
MISC apple — macos
  An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail. 2020-10-27 not yet calculated CVE-2019-8645
MISC apple — macos
  A use after free issue was addressed with improved memory management. This issue is fixed in macOS Catalina 10.15.4, Security Update 2020-002 Mojave, Security Update 2020-002 High Sierra, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. An application may be able to gain elevated privileges. 2020-10-27 not yet calculated CVE-2020-3851
MISC
MISC apple — macos
  This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper. 2020-10-27 not yet calculated CVE-2019-8656
MISC apple — macos
  This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. 2020-10-27 not yet calculated CVE-2018-4296
MISC apple — macos_catalina
  A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing. 2020-10-27 not yet calculated CVE-2019-8858
MISC apple — multiple_products
  A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution. 2020-10-27 not yet calculated CVE-2020-9932
MISC
MISC
MISC apple — safari
  A logic issue was addressed with improved validation. This issue is fixed in Safari 13.0.5. A URL scheme may be incorrectly ignored when determining multimedia permission for a website. 2020-10-27 not yet calculated CVE-2020-3852
MISC apple — swift_for_ubuntu
  This issue was addresses by updating incorrect URLSession file descriptors management logic to match Swift 5.0. This issue is fixed in Swift 5.1.1 for Ubuntu. Incorrect management of file descriptors in URLSession could lead to inadvertent data disclosure. 2020-10-27 not yet calculated CVE-2019-8790
MISC apple — xcode
  An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 11.3. Compiling with untrusted sources may lead to arbitrary code execution with user privileges. 2020-10-27 not yet calculated CVE-2019-8840
MISC arista — cloudvision_exchange_server
  Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet. 2020-10-26 not yet calculated CVE-2020-13100
CONFIRM arista — eos
  Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router. 2020-10-26 not yet calculated CVE-2020-15897
CONFIRM basercms — basercms
  baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. The issue affects the following components: Edit feed settings, Edit widget area, Sub site new registration, New category registration. Arbitrary JavaScript may be executed by entering specific characters in the account that can access the file upload function category list, subsite setting list, widget area edit, and feed list on the management screen. The issue was introduced in version 4.0.0. It is fixed in version 4.4.1. 2020-10-30 not yet calculated CVE-2020-15273
MISC
CONFIRM
MISC basercms — basercms
  baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. Arbitrary JavaScript may be executed by entering a crafted nickname in blog comments. The issue affects the blog comment component. It is fixed in version 4.4.1. 2020-10-30 not yet calculated CVE-2020-15276
MISC
MISC
CONFIRM basercms — basercms
  baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). Code may be executed by logging in as a system administrator and uploading an executable script file such as a PHP file. The Edit template component is vulnerable. The issue is fixed in version 4.4.1. 2020-10-30 not yet calculated CVE-2020-15277
MISC
MISC
CONFIRM broadleaf_commerce — broadleaf_framework
  Broadleaf Commerce 5.1.14-GA is affected by cross-site scripting (XSS) due to a slow HTTP post vulnerability. 2020-10-29 not yet calculated CVE-2020-21266
MISC canonical — ubuntu
  There is no input validation on the Locale property in an apt transaction. An unprivileged user can supply a full path to a writable directory, which lets aptd read a file as root. Having a symlink in place results in an error message if the file exists, and no error otherwise. This way an unprivileged user can check for the existence of any files on the system as root. 2020-10-31 not yet calculated CVE-2020-15703
CONFIRM
MISC chart.js — chart.js
  This affects the package chart.js before 2.9.4. The options parameter is not properly sanitized when it is processed. When the options are processed, the existing options (or the defaults options) are deeply merged with provided options. However, during this operation, the keys of the object being set are not checked, leading to a prototype pollution. 2020-10-29 not yet calculated CVE-2020-7746
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM citadel — webcit
  Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived “Multiple Security Vulnerabilities in WebCit 926” thread. 2020-10-28 not yet calculated CVE-2020-27740
MISC
MISC citadel — webcit
  Multiple cross-site scripting (XSS) vulnerabilities in Citadel WebCit through 926 allow remote attackers to inject arbitrary web script or HTML via multiple pages and parameters. NOTE: this was reported to the vendor in a publicly archived “Multiple Security Vulnerabilities in WebCit 926” thread. 2020-10-28 not yet calculated CVE-2020-27741
MISC
MISC citadel — webcit
  An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows authenticated remote attackers to read someone else’s emails via the msg_confirm_move template. NOTE: this was reported to the vendor in a publicly archived “Multiple Security Vulnerabilities in WebCit 926” thread. 2020-10-28 not yet calculated CVE-2020-27742
MISC
MISC citadel — webcit
  A Weak Session Management vulnerability in Citadel WebCit through 926 allows unauthenticated remote attackers to hijack recently logged-in users’ sessions. NOTE: this was reported to the vendor in a publicly archived “Multiple Security Vulnerabilities in WebCit 926” thread. 2020-10-28 not yet calculated CVE-2020-27739
MISC
MISC click_studios — passwordstate
  An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account. 2020-10-29 not yet calculated CVE-2020-27747
MISC
MISC codemirror — codemirror
  This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)* 2020-10-30 not yet calculated CVE-2020-7760
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM commscope — ruckus
  Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py. 2020-10-26 not yet calculated CVE-2020-26878
MISC
MISC
MISC
CONFIRM
MISC
MISC commscope — rukus_vriot
  Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header. 2020-10-26 not yet calculated CVE-2020-26879
MISC
MISC
MISC
CONFIRM
MISC
MISC commvault — commcell
  In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder. 2020-10-29 not yet calculated CVE-2020-25780
MISC cyberark — privileged_session_manager
  CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. 2020-10-28 not yet calculated CVE-2020-25374
MISC
MISC dat.gui — dat.gui
  All versions of package dat.gui are vulnerable to Regular Expression Denial of Service (ReDoS) via specifically crafted rgb and rgba values. 2020-10-27 not yet calculated CVE-2020-7755
MISC
MISC debian — blueman
  Blueman is a GTK+ Bluetooth Manager. In Blueman before 2.1.4, the DhcpClient method of the D-Bus interface to blueman-mechanism is prone to an argument injection vulnerability. The impact highly depends on the system configuration. If Polkit-1 is disabled and for versions lower than 2.0.6, any local user can possibly exploit this. If Polkit-1 is enabled for version 2.0.6 and later, a possible attacker needs to be allowed to use the `org.blueman.dhcp.client` action. That is limited to users in the wheel group in the shipped rules file that do have the privileges anyway. On systems with ISC DHCP client (dhclient), attackers can pass arguments to `ip link` with the interface name that can e.g. be used to bring down an interface or add an arbitrary XDP/BPF program. On systems with dhcpcd and without ISC DHCP client, attackers can even run arbitrary scripts by passing `-c/path/to/script` as an interface name. Patches are included in 2.1.4 and master that change the DhcpClient D-Bus method(s) to accept BlueZ network object paths instead of network interface names. A backport to 2.0(.8) is also available. As a workaround, make sure that Polkit-1-support is enabled and limit privileges for the `org.blueman.dhcp.client` action to users that are able to run arbitrary commands as root anyway in /usr/share/polkit-1/rules.d/blueman.rules. 2020-10-27 not yet calculated CVE-2020-15238
MISC
MISC
MISC
CONFIRM
DEBIAN eyesofnetwork — eonweb
  An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php). 2020-10-29 not yet calculated CVE-2020-27886
MISC
MISC
MISC eyesofnetwork — eonweb
  An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php. 2020-10-29 not yet calculated CVE-2020-27887
MISC
MISC
MISC f5 — big-ip On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile. 2020-10-29 not yet calculated CVE-2020-5936
MISC f5 — big-ip
  On BIG-IP 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when negotiating IPSec tunnels with configured, authenticated peers, the peer may negotiate a different key length than the BIG-IP configuration would otherwise allow. 2020-10-29 not yet calculated CVE-2020-5938
MISC f5 — big-ip
  On BIG-IP AFM 15.1.0-15.1.0.5, the Traffic Management Microkernel (TMM) may produce a core file while processing layer 4 (L4) behavioral denial-of-service (DoS) traffic. 2020-10-29 not yet calculated CVE-2020-5937
MISC f5 — big-ip
  On BIG-IP 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, Virtual servers with a OneConnect profile may incorrectly handle WebSockets related HTTP response headers, causing TMM to restart. 2020-10-29 not yet calculated CVE-2020-5931
MISC f5 — big-ip
  On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting (XSS) vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed when preview is opened. 2020-10-29 not yet calculated CVE-2020-5932
MISC f5 — big-ip
  On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted. 2020-10-29 not yet calculated CVE-2020-5934
MISC f5 — big-ip
  On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file. 2020-10-29 not yet calculated CVE-2020-5935
MISC f5 — big-ip
  On versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, when a BIG-IP system that has a virtual server configured with an HTTP compression profile processes compressed HTTP message payloads that require deflation, a Slowloris-style attack can trigger an out-of-memory condition on the BIG-IP system. 2020-10-29 not yet calculated CVE-2020-5933
MISC facebook — hermes
  An out-of-bounds read in the JavaScript Interpreter in Facebook Hermes prior to commit 8cb935cd3b2321c46aa6b7ed8454d95c75a7fca0 allows attackers to cause a denial of service attack or possible further memory corruption via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. 2020-10-26 not yet calculated CVE-2020-1915
CONFIRM
CONFIRM fastreport — fastreport
  An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. 2020-10-29 not yet calculated CVE-2020-27998
MISC
MISC
MISC firefly_iii — firefly_iii
  An XSS vulnerability in the auto-complete function of the description field (for new or edited transactions) in Firefly III before 5.4.5 allows the user to execute JavaScript via suggested transaction titles. NOTE: this is exploitable only in a non-default configuration where Content Security Policy headers are disabled. 2020-10-28 not yet calculated CVE-2020-27981
MISC
MISC genexis — platnium-4410-v2-1.28_devices
  Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users. 2020-10-28 not yet calculated CVE-2020-27980
MISC
MISC god_kings — god_kings
  The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the application does not enforce any authorization schema on the broadcast receiver, allowing any application to send fully customizable in-game push notifications. 2020-10-28 not yet calculated CVE-2020-25204
MISC hewlett_packard — storeserv_management_console
  SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3.7.0.0 is an off node multiarray manager web application and remains isolated from data on the managed arrays. HPE has provided an update to HPE StoreServ Management Console (SSMC) software 3.7.0.0* Upgrade to HPE 3PAR StoreServ Management Console 3.7.1.1 or later. 2020-10-26 not yet calculated CVE-2020-7197
MISC hrsale — hrsale
  Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. 2020-10-29 not yet calculated CVE-2020-27993
MISC lookatme — lookatme
  In lookatme (python/pypi package) versions prior to 2.3.0, the package automatically loaded the built-in “terminal” and “file_loader” extensions. Users that use lookatme to render untrusted markdown may have malicious shell commands automatically run on their system. This is fixed in version 2.3.0. As a workaround, the `lookatme/contrib/terminal.py` and `lookatme/contrib/file_loader.py` files may be manually deleted. Additionally, it is always recommended to be aware of what is being rendered with lookatme. 2020-10-26 not yet calculated CVE-2020-15271
MISC
MISC
MISC
CONFIRM
MISC mediawiki — mediawiki 
  The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension. 2020-10-28 not yet calculated CVE-2020-27957
MISC
MISC micro_focus — multiple_products
  Code execution with escalated privileges vulnerability in Micro Focus products Operation Bridge Manager and Operation Bridge (containerized). The vulneravility affects: 1.) Operation Bridge Manager versions: 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) versions: 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. The vulnerability could allow local attackers to execute code with escalated privileges. 2020-10-27 not yet calculated CVE-2020-11858
MISC
MISC
MISC micro_focus — multiple_products
  Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution. 2020-10-27 not yet calculated CVE-2020-11854
MISC
MISC
MISC
MISC mozilla — firefox
  When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. 2020-10-28 not yet calculated CVE-2020-6829
MISC
MISC
MISC nvida — dgx_servers NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which software allows an attacker to upload or transfer files that can be automatically processed within the product’s environment, which may lead to remote code execution. 2020-10-29 not yet calculated CVE-2020-11486
CONFIRM nvida — dgx_servers
  NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which the Pseudo-Random Number Generator (PRNG) algorithm used in the JSOL package that implements the IPMI protocol is not cryptographically strong, which may lead to information disclosure. 2020-10-29 not yet calculated CVE-2020-11616
CONFIRM nvida — dgx_servers
  NVIDIA DGX servers, DGX-1 with BMC firmware versions prior to 3.38.30. DGX-2 with BMC firmware versions prior to 1.06.06 and all DGX A100 Servers with all BMC firmware versions, contains a vulnerability in the AMI BMC firmware in which the use of a hard-coded RSA 1024 key with weak ciphers may lead to information disclosure. 2020-10-29 not yet calculated CVE-2020-11487
CONFIRM nvida — dgx_servers
  NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure. 2020-10-29 not yet calculated CVE-2020-11484
CONFIRM nvida — dgx_servers
  NVIDIA DGX servers, all BMC firmware versions prior to 3.38.30, contain a vulnerability in the AMI BMC firmware in which it uses a hard-coded RC4 cipher key, which may lead to information disclosure. 2020-10-29 not yet calculated CVE-2020-11615
CONFIRM nvida — dgx_servers
  NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contain a vulnerability in the AMI BMC firmware in which default SNMP community strings are used, which may lead to information disclosure. 2020-10-29 not yet calculated CVE-2020-11489
CONFIRM nvida — dgx_servers
  NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a Cross-Site Request Forgery (CSRF) vulnerability in the AMI BMC firmware in which the web application does not sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request, which can lead to information disclosure or code execution. 2020-10-29 not yet calculated CVE-2020-11485
CONFIRM nvida — dgx_servers
  NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which software does not validate the RSA 1024 public key used to verify the firmware signature, which may lead to information disclosure or code execution. 2020-10-29 not yet calculated CVE-2020-11488
CONFIRM nvida — dgx_servers
  NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30 and all DGX-2 with BMC firmware versions prior to 1.06.06, contains a vulnerability in the AMI BMC firmware in which the firmware includes hard-coded credentials, which may lead to elevation of privileges or information disclosure. 2020-10-29 not yet calculated CVE-2020-11483
CONFIRM nvidia — cuda_toolkit
  NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure. 2020-10-30 not yet calculated CVE-2020-5991
CONFIRM openrc — openrc
  checkpath in OpenRC through 0.42.1 might allow local users to take ownership of arbitrary files because a non-terminal path component can be a symlink. 2020-10-27 not yet calculated CVE-2018-21269
MISC pam_tacplus — libtac
  libtac in pam_tacplus through 1.5.1 lacks a check for a failure of RAND_bytes()/RAND_pseudo_bytes(). This could lead to use of a non-random/predictable session_id. 2020-10-26 not yet calculated CVE-2020-27743
MISC
MISC pathval — pathval This affects all versions of package pathval. 2020-10-26 not yet calculated CVE-2020-7751
MISC
MISC pimcore — pimcore
  The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{“keyId”%3a”””,”groupId”%3a”‘asd’))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,”,11,12,”,14+from+users)+–+”}] 2020-10-30 not yet calculated CVE-2020-7759
CONFIRM
CONFIRM pulse_secure — desktop_client
  A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server. 2020-10-28 not yet calculated CVE-2020-8241
MISC pulse_secure — desktop_client
  A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint machine can use system-level privileges if the Embedded Browser is configured with Credential Provider. This vulnerability only affects Windows PDC if the Embedded Browser is configured with the Credential Provider. 2020-10-28 not yet calculated CVE-2020-8240
MISC pulse_secure — desktop_client
  A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry privilege escalation attack. This fix also requires Server Side Upgrade due to Standalone Host Checker Client (Windows) and Windows PDC. 2020-10-28 not yet calculated CVE-2020-8239
MISC pulse_secure — desktop_client
  A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. 2020-10-28 not yet calculated CVE-2020-8249
MISC pulse_secure — desktop_client
  A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC. 2020-10-28 not yet calculated CVE-2020-8254
MISC pulse_secure — pulse_connect_secure_and_pulse_policy_secure
  An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. 2020-10-27 not yet calculated CVE-2020-15352
MISC pulse_secure — pulse_connect_secure_and_pulse_policy_secure
  A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. 2020-10-28 not yet calculated CVE-2020-8261
MISC pulse_secure — pulse_connect_secure_and_pulse_policy_secure
  A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface. 2020-10-28 not yet calculated CVE-2020-8262
MISC qnap — qts If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109. 2020-10-28 not yet calculated CVE-2018-19953
CONFIRM qnap — qts
  If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code. QNAP has already fixed these issues in the following QTS versions. QTS 4.4.2.1270 build 20200410 and later QTS 4.4.1.1261 build 20200330 and later QTS 4.3.6.1263 build 20200330 and later QTS 4.3.4.1282 build 20200408 and later QTS 4.3.3.1252 build 20200409 and later QTS 4.2.6 build 20200421 and later 2020-10-28 not yet calculated CVE-2018-19943
CONFIRM qnap — qts
  If exploited, this command injection vulnerability could allow remote attackers to run arbitrary commands. QNAP has already fixed the issue in the following QTS versions. QTS 4.4.2.1231 on build 20200302; QTS 4.4.1.1201 on build 20200130; QTS 4.3.6.1218 on build 20200214; QTS 4.3.4.1190 on build 20200107; QTS 4.3.3.1161 on build 20200109; QTS 4.2.6 on build 20200109. 2020-10-28 not yet calculated CVE-2018-19949
CONFIRM qsc — q-sys_core_manager
  An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. 2020-10-28 not yet calculated CVE-2020-24990
MISC
MISC
MISC rapid7 — metasploit
  Rapid7’s Metasploit msfvenom framework handles APK files in a way that allows for a malicious user to craft and publish a file that would execute arbitrary commands on a victim’s machine. 2020-10-29 not yet calculated CVE-2020-7384
MISC red_discord_bot — mod_module
  Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user’s control. By abusing this exploit, it is possible to perform destructive actions within the guild the user has high privileges in. This exploit has been fixed in version 3.4.1. As a workaround, unloading the Mod module with unload mod or, disabling the massban command with command disable global massban can render this exploit not accessible. We still highly recommend updating to 3.4.1 to completely patch this issue. 2020-10-28 not yet calculated CVE-2020-15278
MISC
MISC
CONFIRM red_hat — ansible
  A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality 2020-10-29 not yet calculated CVE-2020-25646
MISC sal — sal
  Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view. 2020-10-29 not yet calculated CVE-2020-26205
MISC
CONFIRM samba — winbind
  A null pointer dereference flaw was found in samba’s Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service. 2020-10-29 not yet calculated CVE-2020-14323
MISC
MISC sec_consult — publixone
  konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. 2020-10-27 not yet calculated CVE-2020-27179
MISC
MISC sectona — spectra
  Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information about the configured assets without proper authentication. This could be used by unauthorized parties to get configured login credentials of the assets via a modified pAccountID value. 2020-10-28 not yet calculated CVE-2020-25966
MISC
MISC shibboleth — identity_provider
  Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session. 2020-10-28 not yet calculated CVE-2020-27978
MISC smartstorenet — smartstorenet
  An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations. 2020-10-29 not yet calculated CVE-2020-27996
MISC
MISC sonicwall — global_vpn
  SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability. 2020-10-28 not yet calculated CVE-2020-5144
CONFIRM sourcecodester — car_rental_management_system
  An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). 2020-10-28 not yet calculated CVE-2020-27956
MISC
MISC sourceforge — dual_dhcp_dns_server
  An issue was discovered in Dual DHCP DNS Server 7.40. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the DualServer.exe binary. 2020-10-28 not yet calculated CVE-2020-26133
MISC
MISC sourceforge — home_dns_server
  An issue was discovered in Home DNS Server 0.10. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the HomeDNSServer.exe binary. 2020-10-28 not yet calculated CVE-2020-26132
MISC
MISC sourceforge — open_dhcp_server
  Issues were discovered in Open DHCP Server (Regular) 1.75 and Open DHCP Server (LDAP Based) 0.1Beta. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenDHCPServer.exe (Regular) or the OpenDHCPLdap.exe (LDAP Based) binary. 2020-10-28 not yet calculated CVE-2020-26131
MISC
MISC sourceforge — open_tftp_server
  Issues were discovered in Open TFTP Server multithreaded 1.66 and Open TFTP Server single port 1.66. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the OpenTFTPServerMT.exe or the OpenTFTPServerSP.exe binary. 2020-10-28 not yet calculated CVE-2020-26130
MISC
MISC sourceforge — snap7
  The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed. 2020-10-28 not yet calculated CVE-2020-22552
MISC
MISC
MISC synology — diskstation_manager

 

Cleartext transmission of sensitive information vulnerability in DDNS in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. 2020-10-29 not yet calculated CVE-2020-27656
CONFIRM synology — diskstation_manager
  Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. 2020-10-29 not yet calculated CVE-2020-27650
CONFIRM synology — diskstation_manager
  Algorithm downgrade vulnerability in QuickConnect in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. 2020-10-29 not yet calculated CVE-2020-27652
CONFIRM
MISC synology — diskstation_manager
  Improper certificate validation vulnerability in OpenVPN client in Synology DiskStation Manager (DSM) before 6.2.3-25426-2 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2020-10-29 not yet calculated CVE-2020-27648
CONFIRM
MISC synology — router_manager Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. 2020-10-29 not yet calculated CVE-2020-27658
CONFIRM
MISC synology — router_manager Cleartext transmission of sensitive information vulnerability in DDNS in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to eavesdrop authentication information of DNSExit via unspecified vectors. 2020-10-29 not yet calculated CVE-2020-27657
CONFIRM synology — router_manager
  Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. 2020-10-29 not yet calculated CVE-2020-27649
CONFIRM
MISC synology — router_manager
  Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. 2020-10-29 not yet calculated CVE-2020-27654
CONFIRM
MISC
MISC synology — router_manager
  Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. 2020-10-29 not yet calculated CVE-2020-27651
CONFIRM
MISC synology — router_manager
  Algorithm downgrade vulnerability in QuickConnect in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via unspecified vectors. 2020-10-29 not yet calculated CVE-2020-27653
CONFIRM
MISC synology — router_manager
  Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. 2020-10-29 not yet calculated CVE-2020-27655
CONFIRM texas_instruments — cc2538_devices

 

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Read Reporting Configuration Response message. It crashes in zclHandleExternal(). 2020-10-27 not yet calculated CVE-2020-27891
MISC
MISC texas_instruments — cc2538_devices

 

The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Discover Commands Received Response message or a ZCL Discover Commands Generated Response message. It crashes in zclParseInDiscCmdsRspCmd(). 2020-10-27 not yet calculated CVE-2020-27892
MISC
MISC texas_instruments — cc2538_devices
  The Zigbee protocol implementation on Texas Instruments CC2538 devices with Z-Stack 3.0.1 does not properly process a ZCL Write Attributes No Response message. It crashes in zclParseInWriteCmd() and does not update the specific attribute’s value. 2020-10-27 not yet calculated CVE-2020-27890
MISC
MISC trend_micro — antivirus_for_mac
  Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. 2020-10-30 not yet calculated CVE-2020-27015
N/A
N/A trend_micro — antivirus_for_mac
  Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. 2020-10-30 not yet calculated CVE-2020-27014
N/A
N/A

ubiquiti — unifi_meshing_access_point_unifi_controller_devices

An issue was discovered on Ubiquiti UniFi Meshing Access Point UAP-AC-M 4.3.21.11325 and UniFi Controller 6.0.28 devices. Cached credentials are not erased from an access point returning wirelessly from a disconnected state. This may provide unintended network access. 2020-10-27 not yet calculated CVE-2020-27888
MISC vbulletin — vbulletin
  vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability. 2020-10-30 not yet calculated CVE-2020-7373
MISC
MISC
MISC
MISC vmware — tanzu
  Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn’t appear with LDAP because of chained authentication. 2020-10-31 not yet calculated CVE-2020-5425
CONFIRM western_digital — my_cloud_devices
  Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114. 2020-10-27 not yet calculated CVE-2020-12830
MISC
CONFIRM western_digital — my_cloud_devices
  Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of user input.in Western Digital My Cloud Devices prior to 5.4.1140. 2020-10-27 not yet calculated CVE-2020-25765
MISC
CONFIRM western_digital — my_cloud_nas_devices
  Addressed remote code execution vulnerability in DsdkProxy.php due to insufficient sanitization and insufficient validation of user input in Western Digital My Cloud NAS devices prior to 5.04.114 2020-10-27 not yet calculated CVE-2020-27159
MISC
CONFIRM western_digital — my_cloud_nas_devices
  Addressed remote code execution vulnerability in AvailableApps.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114 (issue 3 of 3). 2020-10-27 not yet calculated CVE-2020-27160
MISC
CONFIRM western_digital — my_cloud_nas_devices
  Addressed remote code execution vulnerability in cgi_api.php that allowed escalation of privileges in Western Digital My Cloud NAS devices prior to 5.04.114. 2020-10-27 not yet calculated CVE-2020-27158
MISC
CONFIRM western_digital — my_cloud_nas_devices
  An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges. 2020-10-29 not yet calculated CVE-2020-27744
MISC winston_privacy — winston_privacy Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation. 2020-10-28 not yet calculated CVE-2020-16260
MISC
MISC winston_privacy — winston_privacy Winston 1.5.4 devices allow a U-Boot interrupt, resulting in local root access. 2020-10-28 not yet calculated CVE-2020-16261
MISC
MISC winston_privacy — winston_privacy Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation. 2020-10-28 not yet calculated CVE-2020-16262
MISC
MISC winston_privacy — winston_privacy
  Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is undocumented in device documents and is not announced to the user. 2020-10-28 not yet calculated CVE-2020-16259
MISC
MISC winston_privacy — winston_privacy
  Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. 2020-10-28 not yet calculated CVE-2020-16258
MISC
MISC winston_privacy — winston_privacy
  Winston 1.5.4 devices are vulnerable to command injection via the API. 2020-10-28 not yet calculated CVE-2020-16257
MISC
MISC winston_privacy — winston_privacy
  The API on Winston 1.5.4 devices is vulnerable to CSRF. 2020-10-28 not yet calculated CVE-2020-16256
MISC
MISC winston_privacy — winston_privacy
  Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins. 2020-10-28 not yet calculated CVE-2020-16263
MISC
MISC wire — wire
  Wire before 2020-10-16 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a format string. This affects Wire AVS (Audio, Video, and Signaling) 5.3 through 6.x before 6.4, the Wire Secure Messenger application before 3.49.918 for Android, and the Wire Secure Messenger application before 3.61 for iOS. This occurs via the value parameter to sdp_media_set_lattr in peerflow/sdp.c. 2020-10-27 not yet calculated CVE-2020-27853
MISC wso2 — api_manager
  Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access. 2020-10-29 not yet calculated CVE-2020-27885
MISC
MISC wso2 — enterprise_integrator
  WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerability in BPMN explorer tasks. 2020-10-29 not yet calculated CVE-2020-25516
MISC
MISC zohocorp — manageengine_applications_manager SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. 2020-10-29 not yet calculated CVE-2020-27995
MISC



Source link

Author: Editor
Editor represents multiple online news sites, including STL.News, RSSNews.Press and more. As a media company offering website hosting, design and SEO we create the news sites in part to illustrate our "search engine friendly" web hosting and design services. In addition, we believe that our "direct source news" concept helps provide accurate information to the public without bias.