Vulnerability Summary for the Week of June 15, 2020

Released
Jun 22, 2020
Document ID
SB20-174

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adns -- adns
 
An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.2020-06-187.5CVE-2017-9105
MISC
CONFIRM
CONFIRM
adns -- adns
 
An issue was discovered in adns before 1.5.2. It hangs, eating CPU, if a compression pointer loop is encountered.2020-06-187.5CVE-2017-9104
SUSE
MISC
CONFIRM
CONFIRM
adobe -- flash_player
 
Adobe Flash Player versions 32.0.0.371 and earlier, 32.0.0.371 and earlier, and 32.0.0.330 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-1210CVE-2020-9633
CONFIRM
GENTOO
advantech -- webaccess_node
 
WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.2020-06-157.5CVE-2020-12019
MISC
geovision -- door_access_control_devicesGeoVision Door Access Control device family is hardcoded with a root password, which adopting an identical password in all devices.2020-06-1210CVE-2020-3928
MISC
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. This vulnerability is due to an incomplete fix for CVE-2020-4211. IBM X-Force ID: 181724.2020-06-1510CVE-2020-4469
XF
CONFIRM
MISC
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 175066.2020-06-157.5CVE-2020-4216
XF
CONFIRM
MISC
lansweeper -- lansweeper
 
Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features.2020-06-157.5CVE-2020-14011
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings.2020-06-177.5CVE-2020-14402
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. libvncclient/rfbproto.c does not limit TextChat size.2020-06-177.5CVE-2020-14405
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings.2020-06-177.5CVE-2020-14404
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow.2020-06-177.5CVE-2020-14401
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings.2020-06-177.5CVE-2020-14403
MISC
MISC
meetecho -- janus-gateway
 
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server.2020-06-157.5CVE-2020-14033
MISC
MISC
CONFIRM
meetecho -- janus-gateway
 
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet.2020-06-157.5CVE-2020-14034
MISC
MISC
CONFIRM
naviwebs -- navigate_cms
 
The install_from_hash functionality in Navigate CMS 2.9 does not consider the .phtml extension when examining files within a ZIP archive that may contain PHP code, in check_upload in lib/packages/extensions/extension.class.php and lib/packages/themes/theme.class.php.2020-06-157.5CVE-2020-14067
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25.2020-06-187.7CVE-2020-14434
CONFIRM
pcre -- perl_compatible_regular_expression
 
libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.2020-06-157.5CVE-2020-14155
MISC
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system.2020-06-169CVE-2020-7505
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to exploit the component.2020-06-167.5CVE-2020-7512
MISC
schneider_electric -- ecostruxure_operator_terminal_expert
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause arbitrary application execution when the computer starts.2020-06-167.5CVE-2020-7497
MISC
suse -- opensuse_leap
 
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.2020-06-187.5CVE-2017-9103
SUSE
MISC
CONFIRM
CONFIRM
suse -- opensuse_leap
 
An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.2020-06-187.5CVE-2017-9109
SUSE
MISC
CONFIRM
CONFIRM

treck -- transmission_control_protocol_internet_protocol_stack

The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.2020-06-1710CVE-2020-11897
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has an IPv6OverIPv4 tunneling Out-of-bounds Read.2020-06-177.5CVE-2020-11902
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.2020-06-179.3CVE-2020-11901
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.2020-06-177.5CVE-2020-11904
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack 
 
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.2020-06-179.3CVE-2020-11896
MISC
CISCO
MISC
MISC
MISC
trendnet -- tew-827dru_devices
 
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.2020-06-157.5CVE-2020-14080
MISC
MISC
trendnet -- tew-827dru_devices
 
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action send_log_email with the key auth_acname (or auth_passwd), allowing an authenticated user to run arbitrary commands on the device.2020-06-159CVE-2020-14081
MISC
trendnet -- tew-827dru_devices
 
TRENDnet TEW-827DRU devices through 2.06B04 contain multiple command injections in apply.cgi via the action pppoe_connect, ru_pppoe_connect, or dhcp_connect with the key wan_ifname (or wan0_dns), allowing an authenticated user to run arbitrary commands on the device.2020-06-159CVE-2020-14075
MISC
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adns -- adns
 
An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack.2020-06-185CVE-2017-9107
MISC
CONFIRM
CONFIRM
adns -- adns
 
An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type.2020-06-185CVE-2017-9106
MISC
CONFIRM
CONFIRM
adns -- adns
 
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.2020-06-185CVE-2017-9108
MISC
CONFIRM
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (dom-based) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.2020-06-124.3CVE-2020-9647
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.2020-06-124.3CVE-2020-9648
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (reflected) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.2020-06-124.3CVE-2020-9651
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.2020-06-125CVE-2020-9645
CONFIRM
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a server-side request forgery (ssrf) vulnerability. Successful exploitation could lead to sensitive information disclosure.2020-06-125CVE-2020-9643
CONFIRM
adobe -- framemaker
 
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-126.8CVE-2020-9634
CONFIRM
adobe -- framemaker
 
Adobe Framemaker versions 2019.0.5 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-126.8CVE-2020-9635
CONFIRM
adobe -- framemaker
 
Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.2020-06-126.8CVE-2020-9636
CONFIRM
apsis -- pound
 
Pound before 2.8 allows HTTP request smuggling, a related issue to CVE-2016-10711.2020-06-156.4CVE-2018-21245
MISC
cacti -- cactiA SQL injection issue in color.php in Cacti 1.2.12 allows an admin to inject SQL via the filter parameter. This can lead to remote command execution because the product accepts stacked queries.2020-06-176.5CVE-2020-14295
MISC
d-link -- dsl-2750u_devices
 
D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active.2020-06-154.6CVE-2020-13150
MISC
MISC
digdash -- digdash_enterprise
 
An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu.2020-06-154.3CVE-2020-13652
MISC
geovision -- door_access_control_device
 
GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages.2020-06-124.3CVE-2020-3929
MISC
gnu -- bison
 
GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash).2020-06-155CVE-2020-14150
MISC
MISC
huawei -- fusionaccess
 
FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal.2020-06-154CVE-2020-1825
MISC
huawei -- multiple_products
 
Huawei products Secospace USG6300;USG6300E with versions of V500R001C30,V500R001C50,V500R001C60,V500R001C80,V500R005C00,V500R005C10;V600R006C00 have a vulnerability of insufficient input verification. An attacker with limited privilege can exploit this vulnerability to access a specific directory. Successful exploitation of this vulnerability may lead to information leakage.2020-06-154CVE-2020-9075
MISC
huawei -- multiple_smartphones
 
HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL.2020-06-154CVE-2020-9076
MISC
huawei -- p30_smartphones
 
HUAWEI P30 smart phone with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. Due to improper authentication of specific interface, in specific scenario attackers could access specific interface without authentication. Successful exploit could allow the attacker to perform unauthorized operations.2020-06-154.6CVE-2020-1813
MISC
ibm -- mq_and_mq_appliance_devices
 
IBM MQ and MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 C are vulnerable to a denial of service attack due to an error within the Data Conversion logic. IBM X-Force ID: 177081.2020-06-165CVE-2020-4310
XF
CONFIRM
ibm -- spectrum_protect_client
 
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. IBM X-Force ID: 182019.2020-06-155CVE-2020-4494
XF
CONFIRM
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. IBM X-Force ID: 181726.2020-06-156.4CVE-2020-4471
XF
CONFIRM
MISC
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. IBM X-Force ID: 181725.2020-06-156CVE-2020-4470
XF
CONFIRM
MISC
ibm -- spectrum_protect_plus
 
IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. IBM X-Force ID: 181779.2020-06-154CVE-2020-4477
XF
CONFIRM
icinga -- icinga2
 
An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user.2020-06-124.6CVE-2020-14004
CONFIRM
MISC
MISC
MISC
MISC
ijg -- libipeg
 
In IJG JPEG (aka libjpeg) before 9d, jdhuff.c has an out-of-bounds array read for certain table pointers.2020-06-155.8CVE-2020-14153
MISC
MISC
ijg -- libipeg
 
In IJG JPEG (aka libjpeg) before 9d, read_*_pixel() in rdtarga.c in cjpeg mishandles EOF.2020-06-155.8CVE-2020-14151
MISC
MISC
ijg -- libipeg
 
In IJG JPEG (aka libjpeg) before 9d, jpeg_mem_available() in jmemnobs.c in djpeg does not honor the max_memory_to_use setting, possibly causing excessive memory consumption.2020-06-155.8CVE-2020-14152
MISC
MISC
intel -- active_management_technology
 
Insufficiently protected credentials in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.2020-06-155CVE-2020-0540
MISC
intel -- active_management_technology
 
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service via network access.2020-06-155CVE-2020-0538
MISC
intel -- active_management_technology
 
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow a privileged user to potentially enable denial of service via network access.2020-06-154CVE-2020-0537
MISC
libvncserver -- libvncserverAn issue was discovered in LibVNCServer before 0.9.13. An improperly closed TCP connection causes an infinite loop in libvncclient/sockets.c.2020-06-175CVE-2020-14398
MISC
MISC
libvncserver -- libvncserverAn issue was discovered in LibVNCServer before 0.9.13. libvncclient/tls_openssl.c has a NULL pointer dereference.2020-06-175CVE-2020-14396
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c.2020-06-175CVE-2020-14400
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. There is an information leak (of uninitialized memory contents) in the libvncclient/rfbproto.c ConnectToRFBRepeater function.2020-06-175CVE-2018-21247
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/ws_decode.c can lead to a crash because of unaligned accesses in hybiReadAndDecode.2020-06-175CVE-2019-20840
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference.2020-06-175CVE-2020-14397
MISC
MISC
libvncserver -- libvncserver
 
An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c.2020-06-175CVE-2020-14399
MISC
MISC
libvncserver -- libvncserver
 
libvncclient/sockets.c in LibVNCServer before 0.9.13 has a buffer overflow via a long socket filename.2020-06-175CVE-2019-20839
MISC
MISC
lignum_computing -- libemfScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file.2020-06-154.3CVE-2020-13999
MISC
MISC
MISC
MISC
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 5.19.0. Attackers can discover private channels via the "get channel by name" API, aka MMSA-2020-0004.2020-06-195CVE-2020-14458
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005.2020-06-195CVE-2020-14453
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002.2020-06-195CVE-2020-14459
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.22.0. The markdown renderer allows attackers to cause a denial of service (client-side), aka MMSA-2020-0017.2020-06-195CVE-2020-14450
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.23.0. Large webhook requests allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0021.2020-06-195CVE-2020-14447
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel.2020-06-194.3CVE-2019-20844
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014.2020-06-195CVE-2020-14452
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It allows attackers to cause a denial of service (memory consumption) via an outgoing webhook or a slash command integration.2020-06-195CVE-2019-20888
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.20.0. Non-members can receive broadcasted team details via the update_team WebSocket event, aka MMSA-2020-0012.2020-06-195CVE-2020-14457
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.23.0. Automatic direct message replies allow attackers to cause a denial of service (infinite loop), aka MMSA-2020-0020.2020-06-195CVE-2020-14448
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.7.3. It allows attackers to cause a denial of service (application crash) via invalid LaTeX text.2020-06-195CVE-2018-21262
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0. It does not always generate a robots.txt file.2020-06-195CVE-2019-20885
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. It allows attackers to cause a denial of service (memory consumption) via OpenGraph.2020-06-195CVE-2019-20880
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information about whether someone has 2FA enabled.2020-06-195CVE-2019-20877
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.18.0. It allows attackers to cause a denial of service (memory consumption) via a large Slack import.2020-06-195CVE-2019-20845
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There are weak permissions for configuration files.2020-06-195CVE-2019-20843
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. There is SQL injection by admins via SearchAllChannels.2020-06-196.5CVE-2019-20842
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0. It allows attackers to partially attach a file to more than one post.2020-06-195CVE-2019-20884
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.18.0. It has weak permissions for server-local file storage.2020-06-195CVE-2019-20846
CONFIRM
micro_focus -- arcsight_enterprise_security_manager
 
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.2020-06-164.3CVE-2020-9522
MISC
micro_focus -- arcsight_logger
 
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.2020-06-124.3CVE-2020-11839
MISC
micro_focus -- arcsight_management_center
 
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.2020-06-164CVE-2020-11840
MISC
micro_focus -- arcsight_management_center
 
Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure.2020-06-164CVE-2020-11841
MISC
mutt -- mutt
 
Mutt before 1.14.3 allows an IMAP fcc/postpone man-in-the-middle attack via a PREAUTH response.2020-06-154.3CVE-2020-14093
MISC
MISC
DEBIAN
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-185.8CVE-2020-14439
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-185.8CVE-2020-14441
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-185.8CVE-2020-14438
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-185.8CVE-2020-14440
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-185.8CVE-2020-14429
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-185.8CVE-2020-14437
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, and RBS840 before 3.2.15.25.2020-06-185.8CVE-2020-14436
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.2.104, SRS60 before 2.5.2.104, SRR60 before 2.5.2.104, SRK60B03 before 2.5.2.104, SRK60B04 before 2.5.2.104, SRK60B05 before 2.5.2.104, and SRK60B06 before 2.5.2.104.2020-06-185.8CVE-2020-14435
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-185.8CVE-2020-14442
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBK842 before 3.2.15.25, RBR850 before 3.2.15.25, RBS850 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, and RBS750 before 3.2.15.25.2020-06-185.2CVE-2020-14433
CONFIRM
open-xchange -- ox_app_suiteOX App Suite through 7.10.3 has Improper Input Validation.2020-06-165CVE-2020-8543
MISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite through 7.10.3 allows SSRF.2020-06-164CVE-2020-8544
MISC
MISC
open-xchange -- ox_app_suite
 
OX App Suite through 7.10.3 allows XXE attacks.2020-06-164CVE-2020-8541
MISC
MISC
open-xchange -- ox_guard
 
OX Guard 2.10.3 and earlier allows SSRF.2020-06-154CVE-2020-9427
MISC
MISC
MISC
open-xchange -- ox_guard
 
OX Guard 2.10.3 and earlier allows XSS.2020-06-154.3CVE-2020-9426
MISC
MISC
MISC
open_microscopy_environment -- omeroIn OMERO before 5.6.1, group owners can access members' data in other groups.2020-06-175.5CVE-2020-6752
CONFIRM
openstack -- mistralA Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service.2020-06-154CVE-2018-16848
MISC
MISC
red_hat -- openshift_api_server
 
A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by leaking them into the logs when an API Server panic occurred. This flaw allows an attacker with the ability to cause an API Server error to read the logs, and use the leaked OAuthToken to log into the API Server with the leaked token.2020-06-126CVE-2020-10752
CONFIRM
CONFIRM
santize_gem_for_ruby_on_rails -- santize_gem_for_ruby_on_rails
 
In Sanitize (RubyGem sanitize) greater than or equal to 3.0.0 and less than 5.2.1, there is a cross-site scripting vulnerability. When HTML is sanitized using Sanitize's "relaxed" config, or a custom config that allows certain elements, some content in a math or svg element may not be sanitized correctly even if math and svg are not in the allowlist. You are likely to be vulnerable to this issue if you use Sanitize's relaxed config or a custom config that allows one or more of the following HTML elements: iframe, math, noembed, noframes, noscript, plaintext, script, style, svg, xmp. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML through Sanitize, potentially resulting in XSS (cross-site scripting) or other undesired behavior when that HTML is rendered in a browser. This has been fixed in 5.2.1.2020-06-166.8CVE-2020-4054
MISC
MISC
CONFIRM
schneider-electric -- ecostruxure_operator_terminal_expert
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file.2020-06-164.3CVE-2020-7495
MISC
schneider_electric -- easergy_t300_devicesA CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to login multiple times resulting in a denial of service.2020-06-165CVE-2020-7507
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to intercept traffic and read configuration data.2020-06-165CVE-2020-7513
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-538: File and Directory Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to pack or unpack the archive with the firmware for the controller and modules using the usual tar archiver resulting in an information exposure.2020-06-165CVE-2020-7506
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent.2020-06-165CVE-2020-7504
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to elevate their privileges and delete files.2020-06-166.5CVE-2020-7509
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys.2020-06-165CVE-2020-7510
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force.2020-06-165CVE-2020-7508
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to execute malicious commands on behalf of a legitimate user when xsrf-token data is intercepted.2020-06-166.8CVE-2020-7503
MISC
schneider_electric -- easergy_t300_devices
 
A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to acquire a password by brute force.2020-06-165CVE-2020-7511
MISC
schneider_electric -- ecostruxture_operator_terminal_expert
 
A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD)which could cause unauthorized write access when opening the project file.2020-06-166.8CVE-2020-7496
MISC
schneider_electric -- ecostruxture_operator_terminal_expert
 
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.2020-06-166.8CVE-2020-7494
MISC
schneider_electric -- ecostruxture_operator_terminal_expert
 
A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause malicious code execution when opening the project file.2020-06-166.8CVE-2020-7493
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.2020-06-175CVE-2020-11913
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.2020-06-175CVE-2020-11911
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has an Ethernet Link Layer Integer Underflow.2020-06-175.8CVE-2020-11906
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has an IPv6 Out-of-bounds Read.2020-06-174.8CVE-2020-11899
MISC
CISCO
CONFIRM
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has an ICMPv4 Out-of-bounds Read.2020-06-175CVE-2020-11910
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has an IPv4 Integer Underflow.2020-06-175CVE-2020-11909
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 improperly handles a Length Parameter Inconsistency in TCP.2020-06-175.8CVE-2020-11907
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.41 has an IPv4 tunneling Double Free.2020-06-176.4CVE-2020-11900
MISC
CISCO
CONFIRM
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 improperly handles an IPv4/ICMPv4 Length Parameter Inconsistency, which might allow remote attackers to trigger an information leak.2020-06-176.4CVE-2020-11898
MISC
CISCO
MISC
MISC
MISC
trendnet -- tew-827dru_devicesTRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.2020-06-156.5CVE-2020-14078
MISC
MISC
trendnet -- tew-827dru_devices
 
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.2020-06-156.5CVE-2020-14074
MISC
MISC
trendnet -- tew-827dru_devices
 
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key.2020-06-156.5CVE-2020-14076
MISC
MISC
MISC
MISC
trendnet -- tew-827dru_devices
 
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key.2020-06-156.5CVE-2020-14077
MISC
MISC
trendnet -- tew-827dru_devices
 
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.2020-06-156.5CVE-2020-14079
MISC
MISC
MISC
MISC
vmware -- horizon_client_for_windows
 
VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permission configuration and unsafe loading of libraries. A local user on the system where the software is installed may exploit this issue to run commands as any user.2020-06-154.6CVE-2020-3961
MISC
wordpress -- wordpressThe wpForo plugin 1.6.5 for WordPress allows wp-admin/admin.php?page=wpforo-usergroups CSRF.2020-06-156.8CVE-2019-19109
MISC
wordpress -- wordpress
 
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases langid parameter.2020-06-154.3CVE-2019-19111
MISC
wordpress -- wordpress
 
The wpForo plugin 1.6.5 for WordPress allows XSS involving the wpf-dw-td-value class of dashboard.php.2020-06-154.3CVE-2019-19112
MISC
zoho -- manageengine_servicedesk
 
Zoho ManageEngine ServiceDesk Plus before 11.1 build 11115 allows remote unauthenticated attackers to change the installation status of deployed agents.2020-06-125CVE-2020-14048
MISC
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
adobe -- experience_manager
 
Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting (stored) vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser.2020-06-123.5CVE-2020-9644
CONFIRM
caldera -- calderaCALDERA 2.7.0 allows XSS via the Operation Name box.2020-06-193.5CVE-2020-14462
MISC
chownr -- chownrA TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.2020-06-151.9CVE-2017-18869
MISC
MISC
MISC
MISC
geovision -- door_access_control_device
 
GeoVision Door Access Control device family improperly stores and controls access to system logs, any users can read these logs.2020-06-122.1CVE-2020-3930
MISC
huawei -- mate_30_smartphones
 
HUAWEI Mate 30 with versions earlier than 10.1.0.126(C00E125R5P3) have an information disclosure vulnerability. A logic judgment error occurs when the system handling Bluetooth connections, an attacker could craft as an authenticated Bluetooth peer to launch the attack. Successful exploit could cause information disclosure.2020-06-183.3CVE-2020-1835
MISC
huawei -- p30_and_p30_pro_smartphones
 
HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device.2020-06-182.1CVE-2020-1834
MISC
ibm -- api_connect
 
IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489.2020-06-123.5CVE-2020-4251
XF
CONFIRM
ibm -- spectrum_protect_client
 
IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488.2020-06-153.5CVE-2020-4406
XF
CONFIRM
kumbiaphp -- kumbiaphp
 
KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO.2020-06-153.5CVE-2020-14146
MISC
MISC
linux -- linux_kernel
 
A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an attacker with a local account to crash a trivial program and exfiltrate private kernel data.2020-06-123.6CVE-2020-10732
SUSE
CONFIRM
MISC
MISC
MISC
MISC
MISC
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0, when Town Square is set to Read-Only. Users can pin or unpin a post.2020-06-193.5CVE-2019-20883
CONFIRM
micros_focus -- arcsight_management_center
 
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.2020-06-163.5CVE-2020-11838
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-183.3CVE-2020-14428
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-183.3CVE-2020-14427
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-183.3CVE-2020-14430
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11.2020-06-183.3CVE-2020-14426
CONFIRM
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-183.3CVE-2020-14431
CONFIRM
open-xchange -- ox_app_suite
 
OX App Suite through 7.10.3 allows XSS.2020-06-163.5CVE-2020-8542
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.28 has a DHCP Out-of-bounds Read.2020-06-173.3CVE-2020-11903
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 4.7.1.27 mishandles '\0' termination in DHCP.2020-06-173.3CVE-2020-11908
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has a TCP Out-of-bounds Read.2020-06-173.3CVE-2020-11912
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has an ARP Out-of-bounds Read.2020-06-173.3CVE-2020-11914
MISC
CISCO
MISC
MISC
MISC
treck -- transmission_control_protocol_internet_protocol_stack
 
The Treck TCP/IP stack before 6.0.1.66 has a DHCPv6 Out-of-bounds Read.2020-06-173.3CVE-2020-11905
MISC
CISCO
CONFIRM
MISC
MISC
MISC
wordpress -- wordpress
 
The wpForo plugin 1.6.5 for WordPress allows XSS via the wp-admin/admin.php?page=wpforo-phrases s parameter.2020-06-153.5CVE-2019-19110
MISC
wordpress -- wordpress
 
In affected versions of WordPress, when uploading themes, the name of the theme folder can be crafted in a way that could lead to JavaScript execution in /wp-admin on the themes page. This does require an admin to upload the theme, and is low severity self-XSS. This has been patched in version 5.4.2, along with all the previously affected versions via a minor release (5.3.4, 5.2.7, 5.1.6, 5.0.10, 4.9.15, 4.8.14, 4.7.18, 4.6.19, 4.5.22, 4.4.23, 4.3.24, 4.2.28, 4.1.31, 4.0.31, 3.9.32, 3.8.34, 3.7.34).2020-06-123.5CVE-2020-4049
MISC
CONFIRM
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
aapanel -- aapanelaaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via the Script Content box on the Add Cron Job screen.2020-06-18not yet calculatedCVE-2020-14421
MISC
MISC
abus -- secvest_fube50001_deviceThe wireless-communication feature of the ABUS Secvest FUBE50001 device does not encrypt sensitive data such as PIN codes or IDs of used proximity chip keys (RFID tokens). This makes it easier for an attacker to disarm the wireless alarm system.2020-06-17not yet calculatedCVE-2020-14157
MISC
MISC
agentejo -- cockpitAn issue was discovered in Agentejo Cockpit 0.10.2. Insufficient sanitization of the to parameter in the /auth/login route allows for injection of arbitrary JavaScript code into a web page's content, creating a Reflected XSS attack vector.2020-06-17not yet calculatedCVE-2020-14408
MISC
alpine -- alpine
 
Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do.2020-06-19not yet calculatedCVE-2020-14929
MISC
apache -- archiva
 
Apache Archiva login service before 2.2.5 is vulnerable to LDAP injection. A attacker is able to retrieve user attribute data from the connected LDAP server by providing special values to the login form. With certain characters it is possible to modify the LDAP filter used to query the LDAP users. By measuring the response time for the login request, arbitrary attribute data can be retrieved from LDAP user objects.2020-06-19not yet calculatedCVE-2020-9495
MISC
MLIST
MLIST
MLIST
MLIST
MLIST
apache -- karaf
 
In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. At this point the attack fails as "viewer" doesn't have the permission to invoke on the MBean. Still, it could act as a SSRF style attack and also it essentially allows a "viewer" role to pollute the MBean registry, which is a kind of privilege escalation. The vulnerability is low as it's possible to add a ACL to limit access. Users should update to Apache Karaf 4.2.9 or newer.2020-06-12not yet calculatedCVE-2020-11980
MISC
apache -- tomee
 
If Apache TomEE is configured to use the embedded ActiveMQ broker, and the broker URI includes the useJMX=true parameter, a JMX port is opened on TCP port 1099, which does not include authentication. This affects Apache TomEE 8.0.0-M1 - 8.0.1, Apache TomEE 7.1.0 - 7.1.2, Apache TomEE 7.0.0-M1 - 7.0.7, Apache TomEE 1.0.0 - 1.7.5.2020-06-15not yet calculatedCVE-2020-11969
MISC
MLIST
arm -- mbed_osBuffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. The actual input packet length is not verified against the number of bytes read when processing the option extended delta and the option extended length. Moreover, the calculation of the message_left variable, in the case of non-extended option deltas, is incorrect and indicates more data left for processing than provided in the function input. All of these lead to heap-based or stack-based memory location read access that is outside of the intended boundary of the buffer. Depending on the platform-specific memory management mechanisms, it can lead to processing of unintended inputs or system memory access violation errors.2020-06-18not yet calculatedCVE-2020-12883
CONFIRM
MISC
MISC
MISC
arm -- mbed_osAn infinite loop was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options in a while loop. This loop's exit condition is computed using the previously allocated heap memory required for storing the result of parsing multiple options. If the input heap memory calculation results in zero bytes, the loop exit condition is never met and the loop is not terminated. As a result, the packet parsing function never exits, leading to resource consumption.2020-06-18not yet calculatedCVE-2020-12885
CONFIRM
MISC
arm -- mbed_os
 
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. Therefore the check of temp_parsed_uri_query_ptr may be insufficient for safe access to the area pointed to by packet_data_pptr. As a result, access to a memory area outside of the intended boundary of the packet buffer is made.2020-06-18not yet calculatedCVE-2020-12884
CONFIRM
MISC
arm -- mbed_os
 
A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP packet header starting from the message token. The length of the token in the received message is provided in the first byte parsed by the sn_coap_parser_options_parse() function. The length encoded in the message is not validated against the actual input buffer length before accessing the token. As a result, memory access outside of the intended boundary of the buffer may occur.2020-06-18not yet calculatedCVE-2020-12886
CONFIRM
MISC
arm -- mbed_os
 
Memory leaks were discovered in the CoAP library in Arm Mbed OS 5.15.3 when using the Arm mbed-coap library 5.1.5. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses the CoAP option number field of all options present in the input packet. Each option number is calculated as a sum of the previous option number and a delta of the current option. The delta and the previous option number are expressed as unsigned 16-bit integers. Due to lack of overflow detection, it is possible to craft a packet that wraps the option number around and results in the same option number being processed again in a single packet. Certain options allocate memory by calling a memory allocation function. In the cases of COAP_OPTION_URI_QUERY, COAP_OPTION_URI_PATH, COAP_OPTION_LOCATION_QUERY, and COAP_OPTION_ETAG, there is no check on whether memory has already been allocated, which in conjunction with the option number integer overflow may lead to multiple assignments of allocated memory to a single pointer. This has been demonstrated to lead to memory leak by buffer orphaning. As a result, the memory is never freed.2020-06-18not yet calculatedCVE-2020-12887
CONFIRM
MISC
MISC
MISC
beckhoff _automation -- twincat_drivers
 
Beckhoff's TwinCAT RT network driver for Intel 8254x and 8255x is providing EtherCAT functionality. The driver implements real-time features. Except for Ethernet frames sent from real-time functionality, all other Ethernet frames sent through the driver are not padded if their payload is less than the minimum Ethernet frame size. Instead, arbitrary memory content is transmitted within in the padding bytes of the frame. Most likely this memory contains slices from previously transmitted or received frames. By this method, memory content is disclosed, however, an attacker can hardly control which memory content is affected. For example, the disclosure can be provoked with small sized ICMP echo requests sent to the device.2020-06-16not yet calculatedCVE-2020-12494
CONFIRM
bt_ctroms -- terminal_os_port_portal_ct-464
 
An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client.2020-06-19not yet calculatedCVE-2020-14930
MISC
MISC
cisco -- 7800_and_8800_series_ip_phones
 
A vulnerability in the Web Access feature of Cisco IP Phones Series 7800 and Series 8800 could allow an unauthenticated, remote attacker to view sensitive information on an affected device. The vulnerability is due to improper access controls on the web-based management interface of an affected device. An attacker could exploit this vulnerability by sending malicious requests to the device, which could allow the attacker to bypass access restrictions. A successful attack could allow the attacker to view sensitive information, including device call logs that contain names, usernames, and phone numbers of users of the device.2020-06-18not yet calculatedCVE-2020-3360
CISCO
cisco -- amp_for_endpoints_and_clamav
 
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. An attacker with local shell access could exploit this vulnerability by executing a script that could trigger the race condition. A successful exploit could allow the attacker to delete arbitrary files on the system that the attacker would not normally have privileges to delete, producing system instability or causing the endpoint software to stop working.2020-06-18not yet calculatedCVE-2020-3350
CISCO
cisco -- asr_5000_series_aggregation_routers
 
A vulnerability in the Enhanced Charging Service (ECS) functionality of Cisco ASR 5000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to bypass the traffic classification rules on an affected device. The vulnerability is due to insufficient input validation of user traffic going through an affected device. An attacker could exploit this vulnerability by sending a malformed HTTP request to an affected device. A successful exploit could allow the attacker to bypass the traffic classification rules and potentially avoid being charged for traffic consumption.2020-06-18not yet calculatedCVE-2020-3244
CISCO
cisco -- asyncos_and_email_security_appliance
 
A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device. The vulnerability is due to insufficient input validation of URLs. An attacker could exploit this vulnerability by crafting the URL in a particular way. A successful exploit could allow the attacker to bypass the URL reputation filters that are configured for the affected device, which could allow malicious URLs to pass through the device.2020-06-18not yet calculatedCVE-2020-3368
CISCO
cisco -- data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by interacting with the interface in a way that injects malicious content in a log file. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2020-06-18not yet calculatedCVE-2020-3356
CISCO
cisco -- data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device.2020-06-18not yet calculatedCVE-2020-3355
CISCO
cisco -- data_center_network_manager
 
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient input validation by the web-based management interface. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need administrative credentials on the affected device.2020-06-18not yet calculatedCVE-2020-3354
CISCO
cisco -- enterprise_nfv_infrastructure_softwareA vulnerability in the CLI of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an authenticated, local attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files. The attacker would need valid administrative credentials. This vulnerability is due to improper input validation of CLI command arguments. An attacker could exploit this vulnerability by using path traversal techniques when executing a vulnerable command. A successful exploit could allow the attacker to gain root shell access to the underlying operating system and overwrite or read arbitrary files on an affected device.2020-06-18not yet calculatedCVE-2020-3236
CISCO
cisco -- ios_xr
 
A vulnerability in the access control list (ACL) functionality of the standby route processor management interface of Cisco IOS XR Software could allow an unauthenticated, remote attacker to reach the configured IP addresses on the standby route processor management Gigabit Ethernet Management interface. The vulnerability is due to a logic error that was introduced in the Cisco IOS XR Software, which prevents the ACL from working when applied against the standby route processor management interface. An attacker could exploit this vulnerability by attempting to access the device through the standby route processor management interface.2020-06-18not yet calculatedCVE-2020-3364
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3289
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3276
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3277
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3288
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3275
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3278
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3287
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3274
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3286
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3293
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands on an affected device. The vulnerabilities exist because the web-based management interface does not properly validate user-supplied input to scripts. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending malicious requests to an affected device. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3279
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3296
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3290
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory.2020-06-18not yet calculatedCVE-2020-3268
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory.2020-06-18not yet calculatedCVE-2020-3269
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3295
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3294
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3292
CISCO
cisco -- multiple_routers
 
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system.2020-06-18not yet calculatedCVE-2020-3291
CISCO
cisco -- network_services_orchestrator
 
A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only.2020-06-18not yet calculatedCVE-2020-3362
CISCO
cisco -- smart_software_manager_on-prem
 
A vulnerability in the web application of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to create arbitrary user accounts. The vulnerability is due to the lack of authorization controls in the web application. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to add user accounts to the configuration of an affected device. These accounts would not be administrator or operator accounts.2020-06-18not yet calculatedCVE-2020-3245
CISCO

cisco -- telepresence_collaboration_endpoint__and_roomos

A vulnerability in the software upgrade process of Cisco TelePresence Collaboration Endpoint Software and Cisco RoomOS Software could allow an authenticated, remote attacker to modify the filesystem to cause a denial of service (DoS) or gain privileged access to the root filesystem. The vulnerability is due to insufficient input validation. An attacker with administrative privileges could exploit this vulnerability by sending requests with malformed parameters to the system using the console, Secure Shell (SSH), or web API. A successful exploit could allow the attacker to modify the device configuration or cause a DoS.2020-06-18not yet calculatedCVE-2020-3336
CISCO
cisco -- ucs_director
 
A vulnerability in the REST API of Cisco UCS Director could allow an authenticated, remote attacker with administrative privileges to obtain confidential information from an affected device. The vulnerability exists because confidential information is returned as part of an API response. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to obtain the API key of another user, which would allow the attacker to impersonate the account of that user on the affected device. To exploit this vulnerability, the attacker must have administrative privileges on the device.2020-06-18not yet calculatedCVE-2020-3242
CISCO
cisco -- ucs_director
 
A vulnerability in the orchestration tasks of Cisco UCS Director could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient validation of user-supplied input on the web-based management interface. An attacker could exploit this vulnerability by creating a task with specific configuration parameters. A successful exploit could allow the attacker to overwrite arbitrary files in the file system of an affected device.2020-06-18not yet calculatedCVE-2020-3241
CISCO
cisco -- umbrella
 
A vulnerability in the web server of Cisco Umbrella could allow an unauthenticated, remote attacker to redirect a user to an undesired web page. The vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request that could cause the web application to redirect the request to a specified malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious website.2020-06-18not yet calculatedCVE-2020-3337
CISCO

cisco -- webex_meetings_and_webex_meetings_server

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to gain unauthorized access to a vulnerable Webex site. The vulnerability is due to improper handling of authentication tokens by a vulnerable Webex site. An attacker could exploit this vulnerability by sending crafted requests to a vulnerable Cisco Webex Meetings or Cisco Webex Meetings Server site. If successful, the attacker could gain the privileges of another user within the affected Webex site.2020-06-18not yet calculatedCVE-2020-3361
CISCO
cisco -- webex_meetings_desktop_app
 
A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system.2020-06-18not yet calculatedCVE-2020-3263
CISCO
cisco -- webex_meetings_desktop_app_for_mac
 
A vulnerability in the software update feature of Cisco Webex Meetings Desktop App for Mac could allow an unauthenticated, remote attacker to execute arbitrary code on an affected system. The vulnerability is due to improper validation of cryptographic protections on files that are downloaded by the application as part of a software update. An attacker could exploit this vulnerability by persuading a user to go to a website that returns files to the client that are similar to files that are returned from a valid Webex website. The client may fail to properly validate the cryptographic protections of the provided files before executing them as part of an update. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the user.2020-06-18not yet calculatedCVE-2020-3342
CISCO
cisco -- webex_meetings_desktop_app_for_windows
 
A vulnerability in Cisco Webex Meetings Desktop App for Windows could allow an authenticated, local attacker to gain access to sensitive information on an affected system. The vulnerability is due to unsafe usage of shared memory that is used by the affected software. An attacker with permissions to view system memory could exploit this vulnerability by running an application on the local system that is designed to read shared memory. A successful exploit could allow the attacker to retrieve sensitive information from the shared memory, including usernames, meeting information, or authentication tokens that could aid the attacker in future attacks.2020-06-18not yet calculatedCVE-2020-3347
CISCO
cisofy -- lynis
 
CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks.2020-06-18not yet calculatedCVE-2020-13882
CONFIRM
cisofy -- lynis
 
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans.2020-06-18not yet calculatedCVE-2019-13033
CONFIRM
cms_made_simple -- cms_made_simpleCMS Made Simple 2.2.14 allows XSS via a Search Term to the admin/moduleinterface.php?mact=ModuleManager page.2020-06-19not yet calculatedCVE-2020-14926
MISC
connectwise -- automate
 
By using an Automate API in ConnectWise Automate before 2020.5.178, a remote authenticated user could execute commands and/or modifications within an individual Automate instance by triggering an SQL injection vulnerability in /LabTech/agent.aspx. This affects versions before 2019.12.337, 2020 before 2020.1.53, 2020.2 before 2020.2.85, 2020.3 before 2020.3.114, 2020.4 before 2020.4.143, and 2020.5 before 2020.5.178.2020-06-15not yet calculatedCVE-2020-14159
MISC
cypress -- cyw20735_devices
 
On the Cypress CYW20735 evaluation board, any data that exceeds 384 bytes is copied and causes an overflow. This is because the maximum BLOC buffer size for sending and receiving data is set to 384 bytes, but everything else is still configured to the usual size of 1092 (which was used for everything in the previous CYW20719 and later CYW20819 evaluation board). To trigger the overflow, an attacker can either send packets over the air or as unprivileged local user. Over the air, the minimal PoC is sending "l2ping -s 600" to the target address prior to any pairing. Locally, the buffer overflow is immediately triggered by opening an ACL or SCO connection to a headset. This occurs because, in WICED Studio 6.2 and 6.4, BT_ACL_HOST_TO_DEVICE_DEFAULT_SIZE and BT_ACL_DEVICE_TO_HOST_DEFAULT_SIZE are set to 384.2020-06-16not yet calculatedCVE-2019-18614
MISC
dell -- encryption_and_endpoint_security_suiteDell Encryption versions prior to 10.7 and Dell Endpoint Security Suite versions prior to 2.7 contain a privilege escalation vulnerability due to incorrect permissions. A local malicious user with low privileges could potentially exploit this vulnerability to gain elevated privilege on the affected system with the help of a symbolic link.2020-06-15not yet calculatedCVE-2020-5358
MISC
digdash -- digdash_enterpriseAn issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200421, and 2019R2 before p20200430. It allows a user to provide data that will be used to generate the JNLP file used by a client to obtain the right Java application. By providing an attacker-controlled URL, the client will obtain a rogue JNLP file specifying the installation of malicious JAR archives and executed with full privileges on the client computer.2020-06-15not yet calculatedCVE-2020-13651
MISC
digdash -- digdash_enterprise
 
An issue was discovered in DigDash 2018R2 before p20200210 and 2019R1 before p20200210. The login page is vulnerable to Server-Side Request Forgery (SSRF) that allows use of the application as a proxy. Sent to an external server, a forged request discloses application credentials. For a request to an internal component, the request is blind, but through the error message it's possible to determine whether the request targeted a open service.2020-06-15not yet calculatedCVE-2020-13650
MISC
dmitry -- deepmagic_information_gathering_tool
 
A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_format_buff.2020-06-19not yet calculatedCVE-2020-14931
MISC
dojo -- dijitIn Dijit before versions 1.11.11, and greater than or equal to 1.12.0 and less than 1.12.9, and greater than or equal to 1.13.0 and less than 1.13.8, and greater than or equal to 1.14.0 and less than 1.14.7, and greater than or equal to 1.15.0 and less than 1.15.4, and greater than or equal to 1.16.0 and less than 1.16.3, there is a cross-site scripting vulnerability in the Editor's LinkDialog plugin. This has been fixed in 1.11.11, 1.12.9, 1.13.8, 1.14.7, 1.15.4, 1.16.3.2020-06-15not yet calculatedCVE-2020-4051
MISC
CONFIRM
dolibarr -- dolibarrA SQL injection vulnerability in accountancy/customer/card.php in Dolibarr 11.0.3 allows remote authenticated users to execute arbitrary SQL commands via the id parameter.2020-06-18not yet calculatedCVE-2020-14443
CONFIRM
dolibarr -- dolibarr
 
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 11.0.3 allows remote attackers to inject arbitrary web script or HTML into public/notice.php (related to transphrase and transkey).2020-06-19not yet calculatedCVE-2020-14475
MISC
ec-cube -- ec-cube
 
Directory traversal vulnerability in EC-CUBE 3.0.0 to 3.0.18 and 4.0.0 to 4.0.3 allows remote authenticated attackers to delete arbitrary files and/or directories on the server via unspecified vectors.2020-06-19not yet calculatedCVE-2020-5590
MISC
MISC
MISC
fabulatech -- usb_for_remote_desktopftusbbus2.sys in FabulaTech USB for Remote Desktop through 2020-02-19 allows privilege escalation via crafted IoCtl code related to a USB HID device.2020-06-17not yet calculatedCVE-2020-9332
MISC
MISC
fasterxml -- jackson-databindFasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).2020-06-16not yet calculatedCVE-2020-14195
MISC
fasterxml -- jackson-databindFasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).2020-06-14not yet calculatedCVE-2020-14060
MISC
MISC
fasterxml -- jackson-databind
 
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).2020-06-14not yet calculatedCVE-2020-14062
MISC
MISC
fasterxml -- jackson-databind
 
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).2020-06-14not yet calculatedCVE-2020-14061
MISC
MISC
ffmpeg -- ffmpegFFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.2020-06-16not yet calculatedCVE-2020-14212
MISC
MISC
fortiguard -- fortimanagerUse of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.2020-06-16not yet calculatedCVE-2020-9289
MISC
fortiguard -- fortios
 
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.2 and below may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.2020-06-16not yet calculatedCVE-2019-17655
MISC
gitlab -- gitlab
 
A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.12020-06-19not yet calculatedCVE-2020-13274
CONFIRM
MISC

gitlab -- gitlab_community_and_enterprise_editions

Amazon EKS credentials disclosure in GitLab CE/EE 12.6 and later through 13.0.1 allows other administrators to view Amazon EKS credentials via HTML source code2020-06-19not yet calculatedCVE-2020-13261
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

A Denial of Service vulnerability allowed exhausting the system resources in GitLab CE/EE 12.0 and later through 13.0.12020-06-19not yet calculatedCVE-2020-13273
CONFIRM
MISC

gitlab -- gitlab_community_and_enterprise_editions

User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.12020-06-19not yet calculatedCVE-2020-13276
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification2020-06-19not yet calculatedCVE-2020-13265
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

OAuth flow missing verification checks CE/EE 12.3 and later through 13.0.1 allows unverified user to use OAuth authorization code flow2020-06-19not yet calculatedCVE-2020-13272
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.52020-06-19not yet calculatedCVE-2020-13277
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

Kubernetes cluster token disclosure in GitLab CE/EE 10.3 and later through 13.0.1 allows other group maintainers to view Kubernetes cluster token2020-06-19not yet calculatedCVE-2020-13264
CONFIRM
MISC
MISC

gitlab -- gitlab_community_and_enterprise_editions

Client-Side code injection through Mermaid markup in GitLab CE/EE 12.9 and later through 13.0.1 allows a specially crafted Mermaid payload to PUT requests on behalf of other users via clicking on a link2020-06-19not yet calculatedCVE-2020-13262
CONFIRM
MISC
MISC

gitlab -- gitlab_enterprise_edition

An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions.2020-06-19not yet calculatedCVE-2020-13263
CONFIRM
MISC
MISC
gitlab -- gitlab_enterprise_edition
 
A user with an unverified email address could request an access to domain restricted groups in GitLab EE 12.2 and later through 13.0.12020-06-19not yet calculatedCVE-2020-13275
CONFIRM
MISC
MISC
golang -- go
 
Go version v0.3.3 of the x/text package fixes a vulnerability in encoding/unicode that could lead to the UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an infinite loop if the String function on the Decoder is called, or the Decoder is passed to golang.org/x/text/transform.String.2020-06-17not yet calculatedCVE-2020-14040
MISC
google -- android
 
Function abc_pcie_issue_dma_xfer_sync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abc_pcie_dma_user_xfer_clean. If this happens, abc_pcie_start_dma_xfer and abc_pcie_wait_dma_xfer in the original thread will trigger UAF when working with the transfer object.Product: AndroidVersions: Android kernelAndroid ID: A-1514537142020-06-16not yet calculatedCVE-2020-0232
MISC
google -- android
 
In crus_afe_get_param of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-1481892802020-06-16not yet calculatedCVE-2020-0234
MISC
google -- android
 
In crus_sp_shared_ioctl we first copy 4 bytes from userdata into "size" variable, and then use that variable as the size parameter for "copy_from_user", ending up overwriting memory following "crus_sp_hdr". "crus_sp_hdr" is a static variable, of type "struct crus_sp_ioctl_header".Product: AndroidVersions: Android kernelAndroid ID: A-1351294302020-06-16not yet calculatedCVE-2020-0235
MISC
google -- android
 
This is an unbounded write into kernel global memory, via a user-controlled buffer size.Product: AndroidVersions: Android kernelAndroid ID: A-1351304502020-06-16not yet calculatedCVE-2020-0223
MISC
helm -- helmIn Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4.2020-06-16not yet calculatedCVE-2020-4053
MISC
MISC
CONFIRM
huawei -- fusionsphere
 
FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege.2020-06-18not yet calculatedCVE-2020-9225
MISC
i2p -- invisible_internet_projectI2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory.2020-06-16not yet calculatedCVE-2020-13431
MISC
MISC

ibm -- business_automation_workflow_and_business_process_manager

IBM Business Automation Workflow and IBM Business Process Manager (IBM Business Process Manager Express 8.5.5, 8.5.6, 8.5.7, and 8.6) could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182716.2020-06-17not yet calculatedCVE-2020-4532
XF
CONFIRM
ibm -- doors_next_generationIBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176474.2020-06-19not yet calculatedCVE-2020-4297
XF
CONFIRM
ibm -- doors_next_generationIBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176408.2020-06-19not yet calculatedCVE-2020-4295
XF
CONFIRM
ibm -- doors_next_generation
 
IBM DOORS Next Generation (DNG/RRC) 6.0.2, 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176141.2020-06-19not yet calculatedCVE-2020-4281
XF
CONFIRM
ibm -- mq_appliance_and_mq_amqp_channelsIBM MQ Appliance and IBM MQ AMQP Channels 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD do not correctly block or allow clients based on the certificate distinguished name SSLPEER setting. IBM X-Force ID: 177403.2020-06-16not yet calculatedCVE-2020-4320
XF
CONFIRM
intel -- active_management_technology
 
Improper input validation in subsystem for Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.2020-06-15not yet calculatedCVE-2020-0532
MISC
intel -- active_management_technology
 
Improper input validation in Intel(R) AMT versions before 11.8.76, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.2020-06-15not yet calculatedCVE-2020-0535
MISC
intel -- active_management_technology_and_ intel_standard_manageabilityOut-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 14.0.33 may allow an unauthenticated user to potentially enable denial of service via network access.2020-06-15not yet calculatedCVE-2020-0597
MISC
CONFIRM

intel -- active_management_technology_and_ intel_standard_manageability

Use after free in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.2020-06-15not yet calculatedCVE-2020-0595
MISC
CONFIRM
intel -- active_management_technology_and_ intel_standard_manageabilityOut-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access.2020-06-15not yet calculatedCVE-2020-8674
MISC
CONFIRM

intel -- active_management_technology_and_ intel_standard_manageability

Out-of-bounds read in IPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable escalation of privilege via network access.2020-06-15not yet calculatedCVE-2020-0594
MISC
CONFIRM
intel -- active_management_technology_and_ intel_standard_manageabilityImproper input validation in DHCPv6 subsystem in Intel(R) AMT and Intel(R) ISM versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an unauthenticated user to potentially enable information disclosure via network access.2020-06-15not yet calculatedCVE-2020-0596
MISC
CONFIRM
intel -- converged_security_and_manageability_engineImproper input validation in the DAL subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an unauthenticated user to potentially enable denial of service via network access.2020-06-15not yet calculatedCVE-2020-0534
MISC

intel -- converged_security_and_manageability_engine

Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access.2020-06-15not yet calculatedCVE-2020-0541
MISC
intel -- converged_security_and_manageability_engine
 
Reversible one-way hash in Intel(R) CSME versions before 11.8.76, 11.12.77 and 11.22.77 may allow a privileged user to potentially enable escalation of privilege, denial of service or information disclosure via local access.2020-06-15not yet calculatedCVE-2020-0533
MISC

intel -- converged_security_and_manageability_engine_and_trusted_execution_engine

Improper input validation in the DAL subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32,14.0.33 and Intel(R) TXE versions before 3.1.75 and 4.0.25 may allow an unauthenticated user to potentially enable information disclosure via network access.2020-06-15not yet calculatedCVE-2020-0536
MISC

intel -- converged_security_and_manageability_engine_and_trusted_execution_engine

Path traversal in subsystem for Intel(R) DAL software for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64, 13.0.32, 14.0.33 and Intel(R) TXE versions before 3.1.75, 4.0.25 may allow an unprivileged user to potentially enable denial of service via local access.2020-06-15not yet calculatedCVE-2020-0539
MISC

intel -- converged_security_and_manageability_engine_and_trusted_execution_engine

Improper buffer restrictions in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow an authenticated user to potentially enable escalation of privilege, information disclosure or denial of service via local access.2020-06-15not yet calculatedCVE-2020-0542
MISC
intel -- innovation_engineInsufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.2020-06-15not yet calculatedCVE-2020-8675
MISC
intel -- multiple_core_processors
 
Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.2020-06-15not yet calculatedCVE-2020-0528
MISC
intel -- multiple_core_processors
 
Improper initialization in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an unauthenticated user to potentially enable escalation of privilege via local access.2020-06-15not yet calculatedCVE-2020-0529
MISC
intel -- multiple_core_processors
 
Improper input validation in Intel(R) AMT versions before 11.8.77, 11.12.77, 11.22.77 and 12.0.64 may allow an authenticated user to potentially enable information disclosure via network access.2020-06-15not yet calculatedCVE-2020-0531
MISC
intel -- multiple_processorsIncomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.2020-06-15not yet calculatedCVE-2020-0543
SUSE
FEDORA
FEDORA
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
UBUNTU
MISC
intel -- multiple_products
 
Integer overflow in subsystem for Intel(R) CSME versions before 11.8.77, 11.12.77, 11.22.77 and Intel(R) TXE versions before 3.1.75, 4.0.25 and Intel(R) Server Platform Services (SPS) versions before SPS_E5_04.01.04.380.0, SPS_SoC-X_04.00.04.128.0, SPS_SoC-A_04.00.04.211.0, SPS_E3_04.01.04.109.0, SPS_E3_04.08.04.070.0 may allow a privileged user to potentially enable denial of service via local access.2020-06-15not yet calculatedCVE-2020-0545
MISC
intel -- multiple_solid_state_drives
 
Insufficient control flow management in firmware for some Intel(R) Data Center SSDs may allow a privileged user to potentially enable information disclosure via local access.2020-06-15not yet calculatedCVE-2020-0527
MISC
intel -- server_platform_servicesImproper initialization in subsystem for Intel(R) SPS versions before SPS_E3_04.01.04.109.0 and SPS_E3_04.08.04.070.0 may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access.2020-06-15not yet calculatedCVE-2020-0586
MISC

intel -- trusted_execution_engine

Improper Access Control in subsystem for Intel(R) TXE versions before 3.175 and 4.0.25 may allow an unauthenticated user to potentially enable escalation of privilege via physical access.2020-06-15not yet calculatedCVE-2020-0566
MISC
internet_systems_consortium -- berkeley_internet_name_domainAn attacker who is permitted to send zone data to a server via zone transfer can exploit this to intentionally trigger the assertion failure with a specially constructed zone, denying service to clients.2020-06-17not yet calculatedCVE-2020-8618
CONFIRM
internet_systems_consortium -- berkeley_internet_name_domainUnless a nameserver is providing authoritative service for one or more zones and at least one zone contains an empty non-terminal entry containing an asterisk ("*") character, this defect cannot be encountered. A would-be attacker who is allowed to change zone content could theoretically introduce such a record in order to exploit this condition to cause denial of service, though we consider the use of this vector unlikely because any such attack would require a significant privilege level and be easily traceable.2020-06-17not yet calculatedCVE-2020-8619
CONFIRM
jerryscript -- jerryscript
 
An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c.2020-06-15not yet calculatedCVE-2020-14163
MISC
MISC
kuka -- kuka_controller
 
Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs.2020-06-16not yet calculatedCVE-2020-10268
CONFIRM
light_code_labs -- caddy
 
Caddy before 0.10.13 mishandles TLS client authentication, as demonstrated by an authentication bypass caused by the lack of the StrictHostMatching mode.2020-06-15not yet calculatedCVE-2018-21246
MISC
MISC
linux -- linux_kernel
 
In the Linux kernel before 5.4.16, a race condition in tty->disc_data handling in the slip and slcan line discipline could lead to a use-after-free, aka CID-0ace17d56824. This affects drivers/net/slip/slip.c and drivers/net/can/slcan.c.2020-06-18not yet calculatedCVE-2020-14416
MISC
MISC
MISC
linux_foundation -- jaegerSensitive information written to a log file vulnerability was found in jaegertracing/jaeger before version 1.18.1 when the Kafka data store is used. This flaw allows an attacker with access to the container's log file to discover the Kafka credentials.2020-06-19not yet calculatedCVE-2020-10750
CONFIRM
CONFIRM
mailjet -- mjml
 
MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document.2020-06-17not yet calculatedCVE-2020-12827
MISC
FULLDISC
MISC
MISC
MISC
MISC
MISC
mattermost -- mattermost_desktop_app
 
An issue was discovered in Mattermost Desktop App before 4.0.0. It mishandled the Same Origin Policy for setPermissionRequestHandler (e.g., video, audio, and notifications).2020-06-19not yet calculatedCVE-2018-21265
CONFIRM
mattermost -- mattermost_desktop_app
 
An issue was discovered in Mattermost Desktop App before 4.2.2. It allows attackers to execute arbitrary code via a crafted link.2020-06-19not yet calculatedCVE-2019-20861
CONFIRM
mattermost -- mattermost_desktop_app
 
An issue was discovered in Mattermost Desktop App before 4.3.0 on macOS. It allows dylib injection.2020-06-19not yet calculatedCVE-2019-20856
CONFIRM
mattermost -- mattermost_desktop_apps
 
An issue was discovered in Mattermost Server before 5.19.0, 5.18.1, 5.17.3, 5.16.5, and 5.9.8. Creation of a trusted OAuth application does not always require admin privileges, aka MMSA-2020-0001.2020-06-19not yet calculatedCVE-2020-14460
CONFIRM
mattermost -- mattermost_desktop_apps
 
An issue was discovered in Mattermost Desktop App before 4.4.0. The Same Origin Policy is mishandled during access-control decisions for web APIs, aka MMSA-2020-0006.2020-06-19not yet calculatedCVE-2020-14456
CONFIRM
mattermost -- mattermost_desktop_apps
 
An issue was discovered in Mattermost Desktop App before 4.4.0. Prompting for HTTP Basic Authentication is mishandled, allowing phishing, aka MMSA-2020-0007.2020-06-19not yet calculatedCVE-2020-14455
CONFIRM
mattermost -- mattermost_desktop_apps
 
An issue was discovered in Mattermost Desktop App before 4.4.0. Attackers can open web pages in the desktop application because server redirection is mishandled, aka MMSA-2020-0008.2020-06-19not yet calculatedCVE-2020-14454
CONFIRM
mattermost -- mattermost_mobile_appsAn issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies.2020-06-19not yet calculatedCVE-2019-20848
CONFIRM
mattermost -- mattermost_mobile_appsAn issue was discovered in Mattermost Mobile Apps before 1.26.0. A view cache can persist on a device after a logout.2020-06-19not yet calculatedCVE-2019-20850
CONFIRM
mattermost -- mattermost_mobile_apps
 
An issue was discovered in Mattermost Mobile Apps before 1.30.0. Authorization tokens can sometimes be disclosed to third-party servers, aka MMSA-2020-0018.2020-06-19not yet calculatedCVE-2020-14449
CONFIRM
mattermost -- mattermost_mobile_apps
 
An issue was discovered in Mattermost Mobile Apps before 1.29.0. The iOS app allowed Single Sign-On cookies and Local Storage to remain after a logout, aka MMSA-2020-0013.2020-06-19not yet calculatedCVE-2020-14451
CONFIRM
mattermost -- mattermost_mobile_apps
 
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Cookie data can persist on a device after a logout.2020-06-19not yet calculatedCVE-2019-20849
CONFIRM
mattermost -- mattermost_mobile_apps
 
An issue was discovered in Mattermost Mobile Apps before 1.26.0. An attacker can use directory traversal with the Video Preview feature to overwrite arbitrary files on a device.2020-06-19not yet calculatedCVE-2019-20851
CONFIRM
mattermost -- mattermost_mobile_apps
 
An issue was discovered in Mattermost Mobile Apps before 1.26.0. Local logging is not blocked for sensitive information (e.g., server addresses or message content).2020-06-19not yet calculatedCVE-2019-20852
CONFIRM
mattermost -- mattermost_packagesAn issue was discovered in Mattermost Packages before 5.16.3. A Droplet could allow Internet access to a service that has a remote code execution problem.2020-06-19not yet calculatedCVE-2019-20853
CONFIRM
mattermost -- mattermost_plugins
 
An issue was discovered in Mattermost Plugins before 5.13.0. The GitHub plugin allows an attacker to attach his Mattermost account to a different person's GitHub account.2020-06-19not yet calculatedCVE-2019-20864
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 5.1. Non-members of a channel could use the Channel PATCH API to modify that channel.2020-06-19not yet calculatedCVE-2018-21255
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 4.4.3 and 4.3.3. Attackers could reconfigure an OAuth app in some cases where Mattermost is an OAuth 2.0 service provider.2020-06-19not yet calculatedCVE-2017-18872
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data.2020-06-19not yet calculatedCVE-2017-18883
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 5.12.0, 5.11.1, 5.10.2, 5.9.2, and 4.10.10. The login page allows CSRF.2020-06-19not yet calculatedCVE-2019-20865
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 5.4.0. It mishandles possession of superfluous authentication credentials.2020-06-19not yet calculatedCVE-2018-21248
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to add DEBUG lines to the logs via a REST API version 3 logging endpoint.2020-06-19not yet calculatedCVE-2017-18896
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 3.5.1. E-mail address verification can be bypassed.2020-06-19not yet calculatedCVE-2016-11062
CONFIRM
mattermost -- mattermost_serverAn issue was discovered in Mattermost Server before 3.2.0. It mishandles brute-force attempts at password change.2020-06-19not yet calculatedCVE-2016-11069
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows attackers to obtain sensitive information (user statuses) via a REST API version 4 endpoint.2020-06-19not yet calculatedCVE-2017-18895
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API.2020-06-19not yet calculatedCVE-2017-18889
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Desktop App before 3.4.0. Strings could be executed as code via injection.2020-06-19not yet calculatedCVE-2016-11064
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. It mishandles a deny action for a redirection.2020-06-19not yet calculatedCVE-2017-18897
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.9.0 when SAML is used. Encryption and signature verification are not mandatory.2020-06-19not yet calculatedCVE-2017-18909
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows Phishing because an error page can have a link.2020-06-19not yet calculatedCVE-2017-18891
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.2020-06-19not yet calculatedCVE-2017-18892
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. Display names allow XSS.2020-06-19not yet calculatedCVE-2017-18893
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. A password-reset request was sometime sent to an attacker-provided e-mail address.2020-06-19not yet calculatedCVE-2017-18908
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5, when used as an OAuth 2.0 service provider. Sometimes. resource-owner authorization is bypassed, allowing account takeover.2020-06-19not yet calculatedCVE-2017-18894
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. XSS could occur via a channel header.2020-06-19not yet calculatedCVE-2017-18907
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when Single Sign-On OAuth2 is used. An attacker could claim somebody else's account.2020-06-19not yet calculatedCVE-2017-18906
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover a team invite ID by requesting a JSON document.2020-06-19not yet calculatedCVE-2017-18901
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2, when used as an OAuth 2.0 service provider, Session invalidation was mishandled.2020-06-19not yet calculatedCVE-2017-18905
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, 4.3.4, and 4.2.2. It allows attackers to cause a denial of service (application crash) via an @ character before a JavaScript field name.2020-06-19not yet calculatedCVE-2017-18871
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It potentially allows attackers to obtain sensitive information (credential fields within config.json) via the System Console UI.2020-06-19not yet calculatedCVE-2016-11078
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.3.0. An attacker could use the WebSocket feature to send pop-up messages to users or change a post's appearance.2020-06-19not yet calculatedCVE-2016-11065
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It mishandles IP-based rate limiting.2020-06-19not yet calculatedCVE-2017-18899
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows CSV injection via a compliance report.2020-06-19not yet calculatedCVE-2017-18900
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by accessing unintended API endpoints on a user's behalf.2020-06-19not yet calculatedCVE-2017-18885
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.1.0, 4.0.4, and 3.10.3. It allows attackers to discover team invite IDs via team API endpoints.2020-06-19not yet calculatedCVE-2017-18902
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request.2020-06-19not yet calculatedCVE-2017-18890
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview.2020-06-19not yet calculatedCVE-2016-11063
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. CSRF can occur if CORS is enabled.2020-06-19not yet calculatedCVE-2017-18903
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.2.0. It allowed crafted posts that could cause a web browser to hang.2020-06-19not yet calculatedCVE-2016-11067
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.2.0. The initial_load API disclosed unnecessary personal information.2020-06-19not yet calculatedCVE-2016-11066
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post.2020-06-19not yet calculatedCVE-2017-18873
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS attacks could occur against an OAuth 2.0 allow/deny page.2020-06-19not yet calculatedCVE-2017-18877
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can achieve directory traversal.2020-06-19not yet calculatedCVE-2017-18874
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the author_link field of a Slack attachment.2020-06-19not yet calculatedCVE-2017-18879
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. It allows crafted posts that potentially cause a web browser to hang.2020-06-19not yet calculatedCVE-2017-18898
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case.2020-06-19not yet calculatedCVE-2017-18870
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can create arbitrary files.2020-06-19not yet calculatedCVE-2017-18875
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2 when local storage for files is used. A System Admin can test for the existence of an arbitrary file.2020-06-19not yet calculatedCVE-2017-18876
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 2.1.0. It allows XSS via CSRF.2020-06-19not yet calculatedCVE-2016-11084
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window.2020-06-19not yet calculatedCVE-2016-11083
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link.2020-06-19not yet calculatedCVE-2016-11082
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 2.2.0. It allows unintended access to information stored by a web browser.2020-06-19not yet calculatedCVE-2016-11081
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. Knowledge of a session ID allows revoking another user's session.2020-06-19not yet calculatedCVE-2017-18878
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It offers superfluous APIs for a Team Administrator to view account details.2020-06-19not yet calculatedCVE-2016-11080
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL.2020-06-19not yet calculatedCVE-2016-11079
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It has a superfluous API in which the System Admin can change the account name and e-mail address of an LDAP account.2020-06-19not yet calculatedCVE-2016-11077
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.2020-06-19not yet calculatedCVE-2017-18884
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows SQL injection during the fetching of multiple posts.2020-06-19not yet calculatedCVE-2017-18888
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It does not ensure that a cookie is used over SSL.2020-06-19not yet calculatedCVE-2016-11076
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It allows attackers to obtain sensitive information about team URLs via an API.2020-06-19not yet calculatedCVE-2016-11075
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. A password-reset link could be reused.2020-06-19not yet calculatedCVE-2016-11074
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting.2020-06-19not yet calculatedCVE-2016-11073
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.0.2. The purposes of a session ID and a Session Token were mishandled.2020-06-19not yet calculatedCVE-2016-11072
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place.2020-06-19not yet calculatedCVE-2016-11071
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via the title_link field of a Slack attachment.2020-06-19not yet calculatedCVE-2017-18880
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values.2020-06-19not yet calculatedCVE-2016-11070
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS could occur via a goto_location response to a slash command.2020-06-19not yet calculatedCVE-2017-18881
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.2.0. Attackers could read LDAP fields via injection.2020-06-19not yet calculatedCVE-2016-11068
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. XSS can occur via OpenGraph data.2020-06-19not yet calculatedCVE-2017-18882
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It discloses the team creator's e-mail address to members.2020-06-19not yet calculatedCVE-2017-18887
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for group-message channel creation) via the Group message slash command.2020-06-19not yet calculatedCVE-2018-21256
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows a bypass of restrictions on use of slash commands.2020-06-19not yet calculatedCVE-2017-18886
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during a role change.2020-06-19not yet calculatedCVE-2019-20874
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. An e-mail invite accidentally included the team invite_id, which leads to unintended excessive invitation privileges.2020-06-19not yet calculatedCVE-2018-21261
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.13.0. Incoming webhook creation is not properly restricted.2020-06-19not yet calculatedCVE-2019-20863
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows attackers to obtain sensitive information during user activation/deactivation.2020-06-19not yet calculatedCVE-2019-20873
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.1, 5.0.2, and 4.10.2. An attacker could use the invite_people slash command to invite a non-permitted user.2020-06-19not yet calculatedCVE-2018-21253
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.1. An attacker can bypass intended access control (for direct-message channel creation) via the Message slash command.2020-06-19not yet calculatedCVE-2018-21254
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.11.0. An attacker can interfere with a channel's post loading via one crafted post.2020-06-19not yet calculatedCVE-2019-20867
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0. It does not honor the domain requirement when processing a join request for an open team.2020-06-19not yet calculatedCVE-2019-20882
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.1. It allows attackers to bypass intended access restrictions (for setting a channel header) via the Channel header slash command API.2020-06-19not yet calculatedCVE-2018-21257
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.1. It allows attackers to cause a denial of service via the invite_people slash command.2020-06-19not yet calculatedCVE-2018-21258
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel.2020-06-19not yet calculatedCVE-2018-21259
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.8.1, 4.7.4, and 4.6.3. WebSocket events were accidentally sent during certain user-management operations, violating user privacy.2020-06-19not yet calculatedCVE-2018-21260
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.11.0. Invite IDs were improperly generated.2020-06-19not yet calculatedCVE-2019-20868
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.7.0 and 3.6.3. Attackers can use the API for unauthenticated team creation.2020-06-19not yet calculatedCVE-2017-18919
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.10.0. An attacker can bypass the intended appearance of the Edited flag after changing a post's file ID.2020-06-19not yet calculatedCVE-2019-20870
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. The Markdown library allows catastrophic backtracking.2020-06-19not yet calculatedCVE-2019-20871
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. An attacker could authenticate to a different user's account via a crafted SAML response.2020-06-19not yet calculatedCVE-2018-21263
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.2 and 5.1.1. Authorization could be bypassed if the channel name were not the same in the params and the body.2020-06-19not yet calculatedCVE-2018-21251
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response.2020-06-19not yet calculatedCVE-2018-21264
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. CSRF can sometimes occur via a crafted web site for account takeover attacks.2020-06-19not yet calculatedCVE-2019-20841
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.18.0. An attacker can send a user_typing WebSocket event to any channel.2020-06-19not yet calculatedCVE-2019-20847
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. SSRF can attack local services.2020-06-19not yet calculatedCVE-2019-20872
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.7. It allows a bypass of e-mail address discovery restrictions.2020-06-19not yet calculatedCVE-2019-20890
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.7, 5.6.3, 5.5.2, and 4.10.5. It mishandles permissions for user-access token creation.2020-06-19not yet calculatedCVE-2019-20889
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.7.1, 5.6.4, 5.5.3, and 4.10.6. It does not honor flags API permissions when deciding whether a user can receive intra-team posts.2020-06-19not yet calculatedCVE-2019-20887
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.10.0, 5.9.1, 5.8.2, and 4.10.9. A non-member could change the Update/Patch Channel endpoint for a private channel.2020-06-19not yet calculatedCVE-2019-20869
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0. The first user is sometimes inadvertently a system admin.2020-06-19not yet calculatedCVE-2019-20886
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0. It mishandles brute-force attacks against MFA.2020-06-19not yet calculatedCVE-2019-20881
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 4.0.0, 3.10.2, and 3.9.2. It allows XSS via an uploaded file.2020-06-19not yet calculatedCVE-2017-18904
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. After a restart of a server, an attacker might suddenly gain API Endpoint access.2020-06-19not yet calculatedCVE-2017-18915
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 1.2.0. It allows attackers to cause a denial of service (memory consumption) via a small compressed file that has a large size when uncompressed.2020-06-19not yet calculatedCVE-2015-9548
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Changes, within the application, to e-mail addresses are mishandled.2020-06-19not yet calculatedCVE-2019-20878
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. Users can deactivate themselves, bypassing a policy.2020-06-19not yet calculatedCVE-2019-20876
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.9.0, 5.8.1, 5.7.3, and 4.10.8. It allows a password reset to proceed while an e-mail address is being changed.2020-06-19not yet calculatedCVE-2019-20875
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.2, 5.1.1, 5.0.3, and 4.10.3. Attackers could use multiple e-mail addresses to bypass a domain-based policy for signups.2020-06-19not yet calculatedCVE-2018-21252
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.12.0. Use of a Proxy HTTP header, rather than the source address in an IP packet header, for obtaining IP address information was mishandled.2020-06-19not yet calculatedCVE-2019-20866
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.2.2, 5.1.2, and 4.10.4. It allows remote attackers to cause a denial of service (memory consumption) via crafted image dimensions.2020-06-19not yet calculatedCVE-2018-21250
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. The X.509 certificate validation can be skipped for a TLS-based e-mail server.2020-06-19not yet calculatedCVE-2017-18911
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.16.1, 5.15.2, 5.14.5, and 5.9.6. It allows attackers to obtain sensitive information (local files) during legacy attachment migration.2020-06-19not yet calculatedCVE-2019-20855
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.16.0. It allows attackers to cause a denial of service (markdown renderer hang) via many backtick characters.2020-06-19not yet calculatedCVE-2019-20857
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.15.0. It allows attackers to cause a denial of service (CPU consumption) via crafted characters in a SQL LIKE clause to an APIv4 endpoint.2020-06-19not yet calculatedCVE-2019-20858
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input.2020-06-19not yet calculatedCVE-2019-20859
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.14.0, 5.13.3, 5.12.6, and 5.9.4. It allows remote attackers to cause a denial of service (application hang) via a crafted SVG document.2020-06-19not yet calculatedCVE-2019-20860
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.8.0, 5.7.2, 5.6.5, and 4.10.7. Changes to e-mail addresses do not require credential re-entry.2020-06-19not yet calculatedCVE-2019-20879
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. XSS can occur via a link on an error page.2020-06-19not yet calculatedCVE-2017-18913
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. API endpoint access control does not honor an integration permission restriction.2020-06-19not yet calculatedCVE-2017-18916
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.13.0. Non-members may fetch a team's slash commands.2020-06-19not yet calculatedCVE-2019-20862
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. It allows an attacker to specify a full pathname of a log file.2020-06-19not yet calculatedCVE-2017-18912
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. An external link can occur on an error page even if it is not on an allowlist.2020-06-19not yet calculatedCVE-2017-18914
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.6.0 and 3.5.2. XSS can occur via a link on an error page.2020-06-19not yet calculatedCVE-2017-18921
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.3.0. It mishandles timing.2020-06-19not yet calculatedCVE-2018-21249
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.6.2. The WebSocket feature does not follow the Same Origin Policy.2020-06-19not yet calculatedCVE-2017-18920
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.7.3 and 3.6.5. A System Administrator can place a SAML certificate at an arbitrary pathname.2020-06-19not yet calculatedCVE-2017-18918
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. Weak hashing was used for e-mail invitations, OAuth, and e-mail verification tokens.2020-06-19not yet calculatedCVE-2017-18917
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 5.17.0. It allows remote attackers to cause a denial of service (client-side application crash) via a LaTeX message.2020-06-19not yet calculatedCVE-2019-20854
CONFIRM
mattermost -- mattermost_server
 
An issue was discovered in Mattermost Server before 3.8.2, 3.7.5, and 3.6.7. E-mail notifications can have spoofed links.2020-06-19not yet calculatedCVE-2017-18910
CONFIRM
mergeobjects -- mergeobjectsThe mergeObjects utility function is susceptible to Prototype Pollution.2020-06-19not yet calculatedCVE-2020-7679
MISC
MISC
MISC
monitorapp -- aiwaf-ve_and_aiwaf-4000
 
MONITORAPP AIWAF-VE and AIWAF-4000 through 2020-06-16 allow reflected Cross-Site Scripting (XSS) through a crafted URL. This occurs because the Detect URL field displays the original URL.2020-06-16not yet calculatedCVE-2020-14210
MISC
morgan_stanley -- hobbes
 
In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution.2020-06-12not yet calculatedCVE-2020-13656
MISC
mutt -- mutt
 
Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate.2020-06-15not yet calculatedCVE-2020-14154
MISC
MISC
mversion -- mversion
 
In mversion before 2.0.0, there is a command injection vulnerability. This issue may lead to remote code execution if a client of the library calls the vulnerable method with untrusted input. This vulnerability is patched by version 2.0.0. Previous releases are deprecated in npm. As a workaround, make sure to escape git commit messages when using the commitMessage option for the update function.2020-06-18not yet calculatedCVE-2020-4059
MISC
CONFIRM
naviwebs -- navigate_cmsNavigate CMS 2.9 allows XSS via the Alias or Real URL field of the "Web Sites > Create > Aliases > Add" screen.2020-06-19not yet calculatedCVE-2020-14927
MISC
netflix -- conductorNetflix Conductor uses Java Bean Validation (JSR 380) custom constraint validators. When building custom constraint violation error messages, different types of interpolation are supported, including Java EL expressions. If an attacker can inject arbitrary data in the error message template being passed to ConstraintValidatorContext.buildConstraintViolationWithTemplate() argument, they will be able to run arbitrary Java code.2020-06-16not yet calculatedCVE-2020-9296
MISC
netgear -- multiple_devices
 
Certain NETGEAR devices are affected by CSRF. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.2020-06-18not yet calculatedCVE-2020-14432
CONFIRM
ngircd -- ngircd
 
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function.2020-06-15not yet calculatedCVE-2020-14148
MISC
MISC
MISC
MISC
MISC
nordaaker -- convos
 
Convos before 4.20 does not properly generate a random secret in Core/Settings.pm and Util.pm. This leads to a predictable CONVOS_LOCAL_SECRET value, affecting password resets and invitations.2020-06-18not yet calculatedCVE-2020-14423
MISC
MISC
MISC
nut -- nut
 
Missing SSL Certificate Validation in the Nutfind.com application through 3.9.12 for Android allows a man-in-the-middle attacker to sniff and manipulate all API requests, including login credentials and location data.2020-06-12not yet calculatedCVE-2019-16252
MISC
octopus -- deployIn Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password.2020-06-19not yet calculatedCVE-2020-14470
MISC
open_microscopy_environment -- omeroOMERO before 5.6.1 makes the details of each user available to all users.2020-06-17not yet calculatedCVE-2019-16245
CONFIRM
open_microscopy_environment -- omero
 
In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled.2020-06-17not yet calculatedCVE-2019-9943
CONFIRM
open_microscopy_environment -- omero
 
In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames.2020-06-17not yet calculatedCVE-2019-9944
CONFIRM
open_microscopy_environment -- omero
 
OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed.2020-06-17not yet calculatedCVE-2020-7932
CONFIRM
openbmc -- openbmc
 
user_channel/passwd_mgr.cpp in OpenBMC phosphor-host-ipmid before 2020-04-03 does not ensure that /etc/ipmi-pass has strong file permissions.2020-06-15not yet calculatedCVE-2020-14156
CONFIRM
MISC
CONFIRM
pcre -- perl_compatible_regular_expressionslibpcre in PCRE before 8.43 allows a subject buffer over-read in JIT when UTF is disabled, and \X or \R has more than one fixed quantifier, a related issue to CVE-2019-20454.2020-06-15not yet calculatedCVE-2019-20838
MISC
MISC
plex -- media_serverImproper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.2020-06-15not yet calculatedCVE-2020-5742
MISC
pulse_secure -- pulse_secure_client
 
A time-of-check time-of-use vulnerability in PulseSecureService.exe in Pulse Secure Client versions prior to 9.1.6 down to 5.3 R70 for Windows (which runs as NT AUTHORITY/SYSTEM) allows unprivileged users to run a Microsoft Installer executable with elevated privileges.2020-06-16not yet calculatedCVE-2020-13162
MISC
FULLDISC
MISC
CONFIRM
MISC
MISC
MISC
MISC
python -- python
 
Lib/ipaddress.py in Python through 3.8.3 improperly computes hash values in the IPv4Interface and IPv6Interface classes, which might allow a remote attacker to cause a denial of service if an application is affected by the performance of a dictionary containing IPv4Interface or IPv6Interface objects, and this attacker can cause many dictionary entries to be created.2020-06-18not yet calculatedCVE-2020-14422
MISC
MISC
rack -- rackA reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix.2020-06-19not yet calculatedCVE-2020-8184
MISC
MISC
red_hat -- ansible_tower
 
An exposure of sensitive information flaw was found in Ansible Tower before version 3.7.1. sensitive information such as Splunk tokens could be readable in the rsyslog configuration file, which has set the wrong world-readable permissions. The highest threat from this vulnerability is to confidentiality.2020-06-18not yet calculatedCVE-2020-10782
CONFIRM
redislabs -- redisAn integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.2020-06-15not yet calculatedCVE-2020-14147
MISC
MISC
requarks.io -- wiki.jsIn Wiki.js before 2.4.107, there is a stored cross-site scripting through template injection. This vulnerability exists due to an insecure validation mechanism intended to insert v-pre tags into rendered HTML elements which contain curly-braces. By creating a crafted wiki page, a malicious Wiki.js user may stage a stored cross-site scripting attack. This allows the attacker to execute malicious JavaScript when the page is viewed by other users. This has been patched in 2.4.107.2020-06-16not yet calculatedCVE-2020-4052
MISC
CONFIRM
rockwell_automation -- factorytalk_linx_and_rslinxFactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to use specially crafted requests to traverse the file system and expose sensitive data on the local hard drive.2020-06-15not yet calculatedCVE-2020-12003
MISC
rockwell_automation -- factorytalk_linx_and_rslinx
 
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. An exposed API call allows users to provide files to be processed without sanitation. This may allow an attacker to specify a filename to execute unauthorized code and modify files or data.2020-06-15not yet calculatedCVE-2020-11999
MISC
rockwell_automation -- factorytalk_linx_and_rslinx
 
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. The parsing mechanism that processes certain file types does not provide input sanitation. This may allow an attacker to use specially crafted files to traverse the file system and modify or expose sensitive data or execute arbitrary code.2020-06-15not yet calculatedCVE-2020-12001
MISC
rockwell_automation -- factorytalk_linx_and_rslinx
 
FactoryTalk Linx versions 6.00, 6.10, and 6.11, RSLinx Classic v4.11.00 and prior,Connected Components Workbench: Version 12 and prior, ControlFLASH: Version 14 and later, ControlFLASH Plus: Version 1 and later, FactoryTalk Asset Centre: Version 9 and later, FactoryTalk Linx CommDTM: Version 1 and later, Studio 5000 Launcher: Version 31 and later Stud, 5000 Logix Designer software: Version 32 and prior is vulnerable. A vulnerability exists in the communication function that enables users to upload EDS files by FactoryTalk Linx. This may allow an attacker to upload a file with bad compression, consuming all the available CPU resources, leading to a denial-of-service condition.2020-06-15not yet calculatedCVE-2020-12005
MISC
rtslib-fb -- rtslib-fbOpen-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved.2020-06-19not yet calculatedCVE-2020-14019
MISC
ruby_on_rails -- ruby_on_railsA deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which can allow an attacker to supply information can be inadvertently leaked fromStrong Parameters.2020-06-19not yet calculatedCVE-2020-8164
MISC
MISC
MLIST
ruby_on_rails -- ruby_on_railsA client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails < 6.0.3.1 ActiveStorage's S3 adapter that allows the Content-Length of a direct file upload to be modified by an end user bypassing upload limits.2020-06-19not yet calculatedCVE-2020-8162
MISC
MISC
ruby_on_rails -- ruby_on_railsA CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CSRF tokens to wrong domains.2020-06-19not yet calculatedCVE-2020-8167
MISC
MISC
ruby_on_rails -- ruby_on_railsA deserialization of untrusted data vulnernerability exists in rails < 5.2.5, rails < 6.0.4 that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.2020-06-19not yet calculatedCVE-2020-8165
MISC
MISC
MLIST
satoshilabs -- trezor_one_and_trezor_model_tBIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the Trezor One and 2.3.1 for the Trezor Model T.2020-06-16not yet calculatedCVE-2020-14199
MISC
schneider_electric -- modicon_m218_logic_controllerA CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller.2020-06-16not yet calculatedCVE-2020-7502
MISC
schneider_electric -- pro_exA CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which could cause the discovery of the password when the user is entering the password because it is not masqueraded.2020-06-16not yet calculatedCVE-2020-7492
MISC
schneider_electric -- u.motion_servers_and_touch_panelsA CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause arbitrary code to be executed when a malicious command is entered.2020-06-16not yet calculatedCVE-2020-7500
MISC
schneider_electric -- u.motion_servers_and_touch_panels
 
A CWE-284:Improper Access Control vulnerability exists in U.motion Servers and Touch Panels (affected versions listed in the security notification) which could cause unauthorized access when a low privileged user makes unauthorized changes.2020-06-16not yet calculatedCVE-2020-7499
MISC
schneider_electric -- unity_loader_and_os_loader
 
A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Software (all versions). The fixed credentials are used to simplify file transfer. Today the use of fixed credentials is considered a vulnerability, which could cause unauthorized access to the file transfer service provided by the Modicon PLCs. This could result in various unintended results.2020-06-16not yet calculatedCVE-2020-7498
MISC
schneider_electric -- vijeo_designer_basic_and_vijeo_designer
 
A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 16 and prior) and Vijeo Designer (V6.2 SP9 and prior) which could cause unauthorized read and write when downloading and uploading project or firmware into Vijeo Designer Basic and Vijeo Designer.2020-06-16not yet calculatedCVE-2020-7501
MISC
sokkia -- gnr5_vanguard_webSOKKIA GNR5 Vanguard WEB version 1.2 (build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3) and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page.2020-06-15not yet calculatedCVE-2020-14054
MISC
sophos -- sg_firewall
 
A heap-based buffer overflow in the awarrensmtp component of Sophos XG Firewall v17.5 MR11 and older potentially allows an attacker to run arbitrary code remotely.2020-06-18not yet calculatedCVE-2020-11503
CONFIRM
squirrelmail -- squirrelmailcompose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.2020-06-20not yet calculatedCVE-2020-14932
MISC
squirrelmail -- squirrelmailcompose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request.2020-06-20not yet calculatedCVE-2020-14933
MISC
stashcat -- stashcat
 
An issue was discovered in the stashcat app through 3.9.2 for macOS, Windows, Android, iOS, and possibly other platforms. It stores the client_key, the device_id, and the public key for end-to-end encryption in cleartext, enabling an attacker (by copying or having access to the local storage database file) to login to the system from any other computer, and get unlimited access to all data in the users's context.2020-06-17not yet calculatedCVE-2020-13637
MISC
MISC
strapi -- strapi
 
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.2020-06-19not yet calculatedCVE-2020-13961
MISC
CONFIRM
CONFIRM
tp-link -- multiple_devices
 
TP-LINK NC200 devices through 2.1.10 build 200401, NC210 devices through 1.0.10 build 200401, NC220 devices through 1.3.1 build 200401, NC230 devices through 1.3.1 build 200401, NC250 devices through 1.3.1 build 200401, NC260 devices through 1.5.3 build_200401, and NC450 devices through 1.5.4 build 200401 have a Buffer Overflow2020-06-17not yet calculatedCVE-2020-13224
MISC
MISC
troglobit -- uftpdIn uftpd before 2.12, handle_CWD in ftpcmd.c mishandled the path provided by the user, causing a NULL pointer dereference and denial of service, as demonstrated by a CWD /.. command.2020-06-15not yet calculatedCVE-2020-14149
MISC
MISC
MISC
viki_solutions -- vera
 
The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site.2020-06-12not yet calculatedCVE-2019-15123
MISC
MISC
vmware -- tools_for_macos
 
VMware Tools for macOS (11.x.x and prior before 11.1.1) contains a denial-of-service vulnerability in the Host-Guest File System (HGFS) implementation. Successful exploitation of this issue may allow attackers with non-admin privileges on guest macOS virtual machines to create a denial-of-service condition on their own VMs.2020-06-19not yet calculatedCVE-2020-3972
MISC
webroot -- endpoint_agent
 
Webroot endpoint agents prior to version v9.0.28.48 allows remote attackers to trigger a type confusion vulnerability over its listening TCP port, resulting in crashing or reading memory contents of the Webroot endpoint agent.2020-06-15not yet calculatedCVE-2020-5754
MISC
webroot -- endpoint_agent
 
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation.2020-06-15not yet calculatedCVE-2020-5755
MISC
woocommerce -- woocommerceWooCommerce before 3.6.5, when it handles CSV imports of products, has a cross-site request forgery (CSRF) issue with resultant stored cross-site scripting (XSS) via includes/admin/importers/class-wc-product-csv-importer-controller.php.2020-06-19not yet calculatedCVE-2019-20891
MISC
MISC
wordpress -- wordpress
 
A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.)2020-06-18not yet calculatedCVE-2020-13640
MISC
MISC
MISC
MISC
wso2 -- identity_serverAn issue was discovered in WSO2 Identity Server through 5.10.0 and WSO2 IS as Key Manager through 5.10.0. An open redirect exists.2020-06-18not yet calculatedCVE-2020-14446
CONFIRM
wso2 -- identity_serverAn issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Basic Policy Editor user Interface.2020-06-18not yet calculatedCVE-2020-14445
CONFIRM
wso2 -- identity_server
 
An issue was discovered in WSO2 Identity Server through 5.9.0 and WSO2 IS as Key Manager through 5.9.0. A potential Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Management Console Policy Administration user interface.2020-06-18not yet calculatedCVE-2020-14444
CONFIRM
zammad -- zammadIn Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge).2020-06-16not yet calculatedCVE-2020-14213
MISC
MISC
zammad -- zammad
 
Zammad before 3.3.1, when Domain Based Assignment is enabled, relies on a claimed e-mail address for authorization decisions. An attacker can register a new account that will have access to all tickets of an arbitrary Organization.2020-06-16not yet calculatedCVE-2020-14214
MISC
MISC
zte -- ztemarket_apkAll versions up to 10.06 of ZTEMarket APK are impacted by an information leak vulnerability. Due to Activity Component exposure users can exploit this vulnerability to get the private cookie and execute silent installation.2020-06-17not yet calculatedCVE-2020-6869
MISC

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.