Vulnerability Summary for the Week of December 21, 2020

Posted by:

|

On:

|

Original release date: December 28, 2020

The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — symphony_plus_historian The affected versions of S+ Operations (version 2.1 SP1 and earlier) used an approach for user authentication which relies on validation at the client node (client-side authentication). This is not as secure as having the server validate a client application before allowing a connection. Therefore, if the network communication or endpoints for these applications are not protected, unauthorized actors can bypass authentication and make unauthorized connections to the server application. 2020-12-22 7.5 CVE-2020-24683
MISC
abb — symphony_plus_historian In S+ Operations and S+ History, it is possible that an unauthenticated user could inject values to the Operations History server (or standalone S+ History server) and ultimately write values to the controlled process. 2020-12-22 7.5 CVE-2020-24675
MISC
MISC
abb — symphony_plus_historian In S+ Operations and S+ Historian, a successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system. This can lead to a loss of confidentiality and data integrity or even affect the product behavior and its availability. 2020-12-22 7.5 CVE-2020-24673
MISC
MISC
abb — symphony_plus_historian A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. 2020-12-22 10 CVE-2020-24679
MISC
MISC
abb — symphony_plus_historian In S+ Operations and S+ Historian, not all client commands correctly check user permission as expected. Authenticated but Unauthorized remote users could execute a Denial-of-Service (DoS) attack, execute arbitrary code, or obtain more privilege than intended on the machines. 2020-12-22 9 CVE-2020-24674
MISC
MISC
alumni_management_system_project — alumni_management_system SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote code execution from GET input in view_event.php via the ‘id’ parameter. 2020-12-23 7.5 CVE-2020-28070
MISC
apache — dolphinscheduler In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. 2020-12-18 7.5 CVE-2020-11974
MISC
bilanc — bilanc An issue was discovered in Programi 014 31.01.2020. It has multiple SQL injection vulnerabilities. 2020-12-21 7.5 CVE-2020-11717
MISC
MISC
FULLDISC
bilanc — bilanc An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. During the installation, it sets up administrative access by default with the account admin and password 0000. After the installation, users/admins are not prompted to change this password. 2020-12-23 7.5 CVE-2020-11720
MISC
FULLDISC
bouncycastle — legion-of-the-bouncy-castle-java-crytography-api An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. 2020-12-18 7.5 CVE-2020-28052
MISC
MISC
MISC
crk — business_platform CRK Business Platform <= 2019.1 allows can inject SQL statements against the DB on any path using the ‘strSessao’ parameter. 2020-12-23 7.5 CVE-2020-13968
MISC
MISC
d-link — dsl2888a_firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands. 2020-12-22 7.7 CVE-2020-24581
MISC
CONFIRM
dolibarr — dolibarr Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. 2020-12-23 9 CVE-2020-35136
MISC
MISC
MISC
MISC
egavilanmedia — ecm_address_book EgavilanMedia ECM Address Book 1.0 is affected by SQL injection. An attacker can bypass the Admin Login panel through SQLi and get Admin access and add or remove any user. 2020-12-21 7.5 CVE-2020-35276
MISC
MISC
MISC
gohugo — hugo Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go’s `os/exec` for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system `%PATH%` on Windows. In Hugo before version 0.79.1, if a malicious file with the same name (`exe` or `bat`) is found in the current working directory at the time of running `hugo`, the malicious command will be invoked instead of the system one. Windows users who run `hugo` inside untrusted Hugo sites are affected. Users should upgrade to Hugo v0.79.1. Other than avoiding untrusted Hugo sites, there is no workaround. 2020-12-21 8.5 CVE-2020-26284
CONFIRM
MISC
grafana — grafana A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. 2020-12-21 10 CVE-2020-27846
MISC
MISC
MISC
MISC
hcltech — notes A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user. 2020-12-18 10 CVE-2020-14224
MISC
hcltech — notes A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. 2020-12-18 9 CVE-2020-14232
MISC
hp — ilo_amplifier_pack A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution. 2020-12-18 7.5 CVE-2020-7203
MISC
hp — systems_insight_manager A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6. The vulnerability could be exploited to allow remote code execution. 2020-12-18 7.5 CVE-2020-7200
MISC
ibm — loopback Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706. 2020-12-21 7.5 CVE-2020-4988
XF
kepware — linkmaster A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. 2020-12-18 7.2 CVE-2020-13535
MISC
kitty_project — kitty The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message. 2020-12-21 7.5 CVE-2020-35605
MISC
MISC
DEBIAN
kronos — web_time_and_attendance An XXE attack can occur in Kronos WebTA 5.0.4 when SAML is used. 2020-12-21 9.3 CVE-2020-35604
MISC
library_management_system_project — library_management_system SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to bypass the user authentication and impersonate any user on the system. 2020-12-23 7.5 CVE-2020-28073
MISC
MISC
linux-pam — linux-pam A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users. When the user doesn’t exist PAM try to authenticate with root and in the case of an empty password it successfully authenticate. 2020-12-18 10 CVE-2020-27780
MISC
marvell — qconvergeconsole Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. 2020-12-18 8.5 CVE-2020-5803
MISC
microsoft — azure_sphere A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure Sphere 20.07. A specially crafted AF_PACKET socket can cause a process to create an executable memory mapping with controllable content. An attacker can execute a shellcode that uses the PACKET_MMAP functionality to trigger this vulnerability. 2020-12-22 7.2 CVE-2020-35608
MISC
MISC
multi-ini_project — multi-ini This affects the package multi-ini before 2.1.1. It is possible to pollute an object’s prototype by specifying the proto object as part of an array. 2020-12-22 7.5 CVE-2020-28448
CONFIRM
CONFIRM
multi-ini_project — multi-ini This affects the package multi-ini before 2.1.2. It is possible to pollute an object’s prototype by specifying the constructor.proto object as part of an array. This is a bypass of CVE-2020-28448. 2020-12-22 7.5 CVE-2020-28460
CONFIRM
CONFIRM
nzxt — cam A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. 2020-12-18 7.2 CVE-2020-13512
MISC
nzxt — cam A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. 2020-12-18 7.2 CVE-2020-13514
MISC
nzxt — cam A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. 2020-12-18 7.2 CVE-2020-13515
MISC
nzxt — cam A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. 2020-12-18 7.2 CVE-2020-13519
MISC
nzxt — cam A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. 2020-12-18 7.2 CVE-2020-13513
MISC
odoo — odoo Improper input validation in database creation logic in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to initialize an empty database on which they can connect with default credentials. 2020-12-22 8.5 CVE-2018-15632
MISC
online_health_care_system_project — online_health_care_system SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential attacker to bypass the authentication system and become an admin. 2020-12-23 7.5 CVE-2020-28074
MISC
MISC
pengutronix — rauc The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check Time-of-Use vulnerability, where signature verification on an update file takes place before the file is reopened for installation. An attacker who can modify the update file just before it is reopened can install arbitrary code on the device. 2020-12-21 7.1 CVE-2020-25860
MISC
MISC
raysync — raysync A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as “admin”, then to modify specific shell file to achieve remote code execution(RCE) on the hosting server. 2020-12-23 9.3 CVE-2020-35370
MISC
seacms — seacms SQL injection vulnerability in SeaCMS 10.1 (2020.02.08) via the id parameter in an edit action to admin_members_group.php. 2020-12-21 7.5 CVE-2020-21378
MISC
supremocontrol — supremo Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager can be used to rename Supremo.exe and then upload a Trojan horse with the Supremo.exe filename. 2020-12-22 9.3 CVE-2020-25106
MISC
FULLDISC
MISC
terra-master — terramaster_operating_system An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. 2020-12-23 10 CVE-2020-35665
MISC
treck — ipv6 An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the IPv6 component allows an unauthenticated remote attacker to cause an Out of Bounds Write, and possibly a Denial of Service via network access. 2020-12-22 7.5 CVE-2020-27337
CONFIRM
treck — tcp/ip A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code. 2020-12-22 7.5 CVE-2020-25066
CONFIRM
troglobit — uftpd There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c’s compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. 2020-12-18 7.5 CVE-2020-20277
MISC
MISC
troglobit — uftpd An unauthenticated stack-based buffer overflow vulnerability in common.c’s handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution. 2020-12-18 7.5 CVE-2020-20276
MISC
MISC
urve — urve An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php, _internal/pc/wake.php, _internal/error_u201409.txt, _internal/runcmd.php, _internal/getConfiguration.php, ews/autoload.php, ews/del.php, ews/mod.php, ews/sync.php, utils/backup/backup_server.php, utils/backup/restore_server.php, MyScreens/timeline.config, kreator.html5/test.php, and addedlogs.txt. 2020-12-23 8.5 CVE-2020-29551
FULLDISC
MISC
MISC
urve — urve An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+” substring, it is possible to execute a Powershell command and redirect its output to a file under the web root. 2020-12-23 10 CVE-2020-29552
FULLDISC
MISC
MISC
webmin — webmin Arbitrary command execution can occur in Webmin through 1.962. Any user authorized for the Package Updates module can execute arbitrary commands with root privileges via vectors involving %0A and %0C. NOTE: this issue exists because of an incomplete fix for CVE-2019-12840. 2020-12-21 9 CVE-2020-35606
MISC
MISC
MISC
weiphp — weiphp SQL injection vulnerability in the wp_where function in WeiPHP 5.0. 2020-12-18 7.5 CVE-2020-20300
MISC
xinuos — openserver Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook. 2020-12-18 7.5 CVE-2020-25494
MISC
MISC
yunyecms — yunyecms SQL injection vulnerability in yunyecms V2.0.1 via the selcart parameter. 2020-12-21 7.5 CVE-2020-21377
MISC
zzzcms — zzzphp Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands. 2020-12-18 7.5 CVE-2020-20298
MISC

Back to top

 

Medium Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
abb — symphony_+_historian In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as. 2020-12-22 4.6 CVE-2020-24676
MISC
MISC
abb — symphony_plus_historian Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data. 2020-12-22 6.5 CVE-2020-24677
MISC
MISC
abb — symphony_plus_historian An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges. 2020-12-22 6.5 CVE-2020-24678
MISC
MISC
abb — symphony_plus_historian In S+ Operations and S+ Historian, the passwords of internal users (not Windows Users) are encrypted but improperly stored in a database. 2020-12-22 4.6 CVE-2020-24680
MISC
MISC
advanced_comment_system_project — advanced_comment_system ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. 2020-12-23 5 CVE-2020-35598
MISC
apache — pulsar_manager In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager’s admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API. 2020-12-18 4 CVE-2020-17520
MISC
apache — tomee If Apache TomEE 8.0.0-M1 – 8.0.3, 7.1.0 – 7.1.3, 7.0.0-M1 – 7.0.8, 1.0.0 – 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case. 2020-12-18 6.8 CVE-2020-13931
MLIST
MLIST
MISC
atlassian — crucible Affected versions of Atlassian Crucible allow remote attackers to impact the application’s availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5. 2020-12-21 4 CVE-2020-29447
MISC
bilanc — bilanc An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and possibly below. It relies on broken encryption with a weak and guessable static encryption key. 2020-12-23 5 CVE-2020-11719
MISC
FULLDISC
bilanc — bilanc An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP. 2020-12-23 5.8 CVE-2020-11718
MISC
FULLDISC
bilanc — bilanc Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded credentials to different servers that allow remote attackers to gain access to the complete infrastructure including the website, update server, and external issue tracking tools. 2020-12-21 5 CVE-2020-8995
FULLDISC
MISC
bitcoinsv — bitcoin_sv Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving sendheaders messages. 2020-12-23 5 CVE-2018-1000892
MISC
bitcoinsv — bitcoin_sv Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when receiving messages with invalid checksums. 2020-12-23 5 CVE-2018-1000891
MISC
bitcoinsv — bitcoin_sv Bitcoin SV before 0.1.1 allows uncontrolled resource consumption when deserializing transactions. 2020-12-23 5 CVE-2018-1000893
MISC
crk — business_platform CRK Business Platform <= 2019.1 allows reflected XSS via erro.aspx on ‘CRK’, ‘IDContratante’, ‘Erro’, or ‘Mod’ parameter. This is path-independent. 2020-12-23 4.3 CVE-2020-13969
MISC
d-link — dsl2888a_firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. 2020-12-22 5.4 CVE-2020-24580
MISC
CONFIRM
d-link — dsl2888a_firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. 2020-12-22 5.8 CVE-2020-24579
MISC
CONFIRM
dbdeployer — dbdeployer DBdeployer is a tool that deploys MySQL database servers easily. In DBdeployer before version 1.58.2, users unpacking a tarball may use a maliciously packaged tarball that contains symlinks to files external to the target. In such scenario, an attacker could induce dbdeployer to write into a system file, thus altering the computer defenses. For the attack to succeed, the following factors need to contribute: 1) The user is logged in as root. While dbdeployer is usable as root, it was designed to run as unprivileged user. 2) The user has taken a tarball from a non secure source, without testing the checksum. When the tarball is retrieved through dbdeployer, the checksum is compared before attempting to unpack. This has been fixed in version 1.58.2. 2020-12-21 4 CVE-2020-26277
MISC
CONFIRM
egavilanmedia — user_registration_&_login_system_with_admin_panel EgavilanMedia User Registration & Login System with Admin Panel 1.0 is affected by Cross Site Request Forgery (CSRF) to remotely gain privileges in the User Profile panel. An attacker can update any user’s account. 2020-12-21 6 CVE-2020-35273
MISC
MISC
egavilanmedia — user_registration_and_login_system_with_admin_panel Cross Site Scripting (XSS) vulnerability via the ‘Full Name’ parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0. 2020-12-23 4.3 CVE-2020-35252
MISC
emerson — x-stream_enhanced_xegp_firmware Emerson Rosemount X-STREAM Gas AnalyzerX-STREAM enhanced XEGP, XEGK, XEFD, XEXF – all revisions, The affected products are vulnerable to improper authentication for accessing log and backup data, which could allow an attacker with a specially crafted URL to obtain access to sensitive information. 2020-12-21 5 CVE-2020-27254
MISC
foxitsoftware — foxit_reader A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 2020-12-22 6.8 CVE-2020-13570
MISC
foxitsoftware — foxit_reader A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 2020-12-22 6.8 CVE-2020-13547
MISC
foxitsoftware — foxit_reader A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 2020-12-22 6.8 CVE-2020-13560
MISC
foxitsoftware — foxit_reader A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. 2020-12-22 6.8 CVE-2020-13557
MISC
google — android An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020). 2020-12-18 4.6 CVE-2020-35554
MISC
google — android An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020). 2020-12-18 4.4 CVE-2020-35555
MISC
hcltech — domino HCL Domino v9, v10, v11 is susceptible to an Information Disclosure vulnerability in XPages due to improper error handling of user input. An unauthenticated attacker could exploit this vulnerability to obtain information about the XPages software running on the Domino server. 2020-12-22 5 CVE-2020-14270
MISC
hcltech — domino HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim’s web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials. 2020-12-18 4.3 CVE-2020-4080
MISC
hcltech — hcl_inotes HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack. 2020-12-21 4.3 CVE-2020-14225
MISC
hcltech — hcl_inotes HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content. An unauthenticated remote attacker could exploit this vulnerability using specially-crafted markup to execute script in a victim’s web browser within the security context of the hosting Web site and/or steal the victim’s cookie-based authentication credentials. 2020-12-18 4.3 CVE-2020-14271
MISC
hcltechsw — hcl_client_application_access A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. 2020-12-22 6.5 CVE-2020-14231
MISC
hp — storeever_msl2024_firmware A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders. The vulnerability could be remotely exploited to allow Cross-site Request Forgery (CSRF). 2020-12-18 6.8 CVE-2020-7201
MISC
ibm — automation_workstream_services IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.6 could allow an authenticated user to obtain sensitive information or cuase a denial of service due to iimproper authorization checking. IBM X-Force ID: 189445. 2020-12-21 5.5 CVE-2020-4794
XF
CONFIRM
ibm — financial_transaction_manager IBM Financial Transaction Manager 3.0.6 and 3.1.0 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 183328. 2020-12-21 5.5 CVE-2020-4555
XF
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
ibm — mq IBM MQ 9.2 CD and LTS are vulnerable to a denial of service attack caused by an error processing connecting applications. IBM X-Force ID: 190833. 2020-12-21 5 CVE-2020-4870
XF
CONFIRM
CONFIRM
ibm — planning_analytics IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 188898. 2020-12-18 4.3 CVE-2020-4764
XF
CONFIRM
ibm — security_secret_server IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 190045. 2020-12-21 4.3 CVE-2020-4841
XF
CONFIRM
ibm — security_secret_server IBM Security Secret Server 10.6 stores potentially sensitive information in config files that could be read by an authenticated user. IBM X-Force ID: 190048. 2020-12-21 4 CVE-2020-4843
XF
CONFIRM
ibm — security_secret_server IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046. 2020-12-21 4 CVE-2020-4842
XF
CONFIRM
ibm — security_secret_server IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044. 2020-12-21 5.8 CVE-2020-4840
XF
CONFIRM
jaws_project — jaws Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of admin.php?reqGadget=Components&reqAction=InstallGadget&comp=FileBrowser and admin.php?reqGadget=FileBrowser&reqAction=Files to upload a .php file. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product. 2020-12-23 6.5 CVE-2020-35656
MISC
MISC
jaws_project — jaws Jaws through 1.8.0 allows remote authenticated administrators to execute arbitrary code via crafted use of UploadTheme to upload a theme ZIP archive containing a .php file that is able to execute OS commands. NOTE: this is unrelated to the JAWS (aka Job Access With Speech) product. 2020-12-23 6.5 CVE-2020-35657
MISC
MISC
jupyter — jupyter_server The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may *appear* safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. This is fixed in jupyter_server 1.1.1. If upgrade is not available, a workaround can be to run your server on a url prefix: “jupyter server –ServerApp.base_url=/jupyter/”. 2020-12-21 5.8 CVE-2020-26275
MISC
CONFIRM
MISC
lantronix — xport_edge_firmware An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause information disclosure. An attacker can sniff the network to trigger this vulnerability. 2020-12-18 4.3 CVE-2020-13528
MISC
lantronix — xport_edge_firmware An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7. A specially crafted HTTP request can cause increased privileges. An attacker can send an HTTP request to trigger this vulnerability. 2020-12-18 4 CVE-2020-13527
MISC
limitloginattempts — limit_login_attempts_reloaded LimitLoginAttempts.php in the limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows a bypass of (per IP address) rate limits because the X-Forwarded-For header can be forged. When the plugin is configured to accept an arbitrary header for the client source IP address, a malicious user is not limited to perform a brute force attack, because the client IP header accepts any arbitrary string. When randomizing the header input, the login count does not ever reach the maximum allowed retries. 2020-12-21 5 CVE-2020-35590
MISC
MISC
malwarebytes — endpoint_protection In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by exploiting the local quarantine system. 2020-12-22 6.6 CVE-2020-28641
CONFIRM
CONFIRM
MISC
mediawiki — mediawiki An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded. 2020-12-21 5 CVE-2020-35624
MISC
MISC
mediawiki — mediawiki An issue was discovered in the CasAuth extension for MediaWiki through 1.35.1. Due to improper username validation, it allowed user impersonation with trivial manipulations of certain characters within a given username. An ordinary user may be able to login as a “bureaucrat user” who has a similar username, as demonstrated by usernames that differ only in (1) bidirectional override symbols or (2) blank space. 2020-12-21 5 CVE-2020-35623
MISC
MISC
mediawiki — mediawiki In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.) 2020-12-18 5 CVE-2020-35475
FEDORA
MISC
MISC
DEBIAN
mediawiki — mediawiki An issue was discovered in the PushToWatch extension for MediaWiki through 1.35.1. The primary form did not implement an anti-CSRF token and therefore was completely vulnerable to CSRF attacks against onSkinAddFooterLinks in PushToWatch.php. 2020-12-21 6.8 CVE-2020-35626
MISC
MISC
mediawiki — mediawiki In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML. 2020-12-18 4.3 CVE-2020-35474
FEDORA
MISC
MISC
mediawiki — mediawiki An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don’t exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths. 2020-12-18 5 CVE-2020-35480
MLIST
FEDORA
MISC
MISC
DEBIAN
mediawiki — mediawiki MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the “Change visibility of selected log entries” checkbox (or a tags checkbox) next to it, there is a redirection to the main page’s action=historysubmit (instead of the desired behavior in which a revision-deletion form appears). 2020-12-18 5 CVE-2020-35477
MLIST
FEDORA
MISC
MISC
DEBIAN
mediawiki — mediawiki MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. Language::translateBlockExpiry itself does not escape in all code paths. For example, the return of Language::userTimeAndDate is is always unsafe for HTML in a month value. This affects MediaWiki 1.12.0 and later. 2020-12-18 4.3 CVE-2020-35479
MLIST
FEDORA
MISC
MISC
DEBIAN
mediawiki — mediawiki MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki 1.33.0 and later. 2020-12-18 4.3 CVE-2020-35478
FEDORA
MISC
MISC
mediawiki — mediawiki An issue was discovered in the GlobalUsage extension for MediaWiki through 1.35.1. SpecialGlobalUsage.php calls WikiMap::makeForeignLink unsafely. The $page variable within the formatItem function was not being properly escaped, allowing for XSS under certain conditions. 2020-12-21 4.3 CVE-2020-35622
MISC
MISC
mediawiki — mediawiki An issue was discovered in the Widgets extension for MediaWiki through 1.35.1. Any user with the ability to edit pages within the Widgets namespace could call any static function within any class (defined within PHP or MediaWiki) via a crafted HTML comment, related to a Smarty template. For example, a person in the Widget Editors group could use MediaWikiShellShell::command within a comment. 2020-12-21 6.5 CVE-2020-35625
MISC
MISC
mersive — solstice_firmware ** DISPUTED ** In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is directly associated with a negative impact, or instead only facilitates an attack technique. 2020-12-23 5 CVE-2020-35587
MISC
MISC
MISC
MISC
mersive — solstice_pod_firmware In Solstice Pod before 3.0.3, the web services allow users to connect to them over unencrypted channels via the Browser Look-in feature. An attacker suitably positioned to view a legitimate user’s network traffic could record and monitor their interactions with the web services and obtain any information the user supplies, including Administrator passwords and screen keys. 2020-12-23 4.3 CVE-2020-35584
MISC
MISC
MISC
mersive — solstice_pod_firmware In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities. 2020-12-23 5 CVE-2020-35585
MISC
MISC
MISC
mersive — solstice_pod_firmware In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there is no complexity requirement (e.g., it might be all digits or all lowercase letters). 2020-12-23 5 CVE-2020-35586
MISC
MISC
MISC
miniweb_http_server_project — miniweb_http_server MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request. 2020-12-21 5 CVE-2020-29596
MISC
MISC
MISC
MISC
mitel — 6873i_sip_firmware The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. 2020-12-18 4.8 CVE-2020-27639
MISC
mitel — businesscti_enterprise The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user information and application data. 2020-12-18 6.5 CVE-2020-27154
MISC
mitel — micollab The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control. 2020-12-18 5.8 CVE-2020-27340
MISC
mitel — mivoice_6940_firmware The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. 2020-12-18 4.8 CVE-2020-27640
MISC
moxa — nport_iaw5000a-i/o_firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has incorrectly implemented protections from session fixation, which may allow an attacker to gain access to a session and hijack it by stealing the user’s cookies. 2020-12-23 6.8 CVE-2020-25198
MISC
moxa — nport_iaw5000a-i/o_firmware The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not require users to have strong passwords. 2020-12-23 5 CVE-2020-25153
MISC
moxa — nport_iaw5000a-i/o_firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower stores and transmits the credentials of third-party services in cleartext. 2020-12-23 5 CVE-2020-25190
MISC
moxa — nport_iaw5000a-i/o_firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows sensitive information to be displayed without proper authorization. 2020-12-23 5 CVE-2020-25192
MISC
moxa — nport_iaw5000a-i/o_firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower allows SSH/Telnet sessions, which may be vulnerable to brute force attacks to bypass authentication. 2020-12-23 5 CVE-2020-25196
MISC
moxa — nport_iaw5000a-i/o_firmware The built-in WEB server for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower has improper privilege management, which may allow an attacker with user privileges to perform requests with administrative privileges. 2020-12-23 6.5 CVE-2020-25194
MISC
nagios — nagios_core There is a Cross Site Request Forgery (CSRF) vulnerability in Nagios Core 4.2.4. 2020-12-23 6.8 CVE-2020-35269
MISC
niftypm — nifty-pm Nifty-PM CPE 2.3 is affected by stored HTML injection. The impact is remote arbitrary code execution. 2020-12-21 4.3 CVE-2020-26049
MISC
odoo — odoo Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to modify translated terms, which may lead to arbitrary content modification on translatable elements. 2020-12-22 4 CVE-2019-11786
MISC
odoo — odoo Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote authenticated users to obtain access to messages posted on business records there were not given access to, and subscribe to receive future messages. 2020-12-22 4 CVE-2019-11785
MISC
odoo — odoo Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier allows remote authenticated users to create arbitrary records via crafted payloads, which may allow privilege escalation. 2020-12-22 4 CVE-2018-15645
MISC
odoo — odoo Improper access control in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users with access to contact management to modify user accounts, leading to privilege escalation. 2020-12-22 4 CVE-2019-11782
MISC
odoo — odoo Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to. 2020-12-22 4 CVE-2019-11784
MISC
odoo — odoo Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to subscribe to arbitrary mail channels uninvited. 2020-12-22 4 CVE-2019-11783
MISC
odoo — odoo Improper input validation in portal component in Odoo Community 12.0 and earlier and Odoo Enterprise 12.0 and earlier, allows remote attackers to trick victims into modifying their account via crafted links, leading to privilege escalation. 2020-12-22 6.8 CVE-2019-11781
MISC
odoo — odoo Cross-site scripting (XSS) issue in attachment management in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via a crafted link. 2020-12-22 4.3 CVE-2018-15634
MISC
odoo — odoo Cross-site scripting (XSS) issue in “document” module in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted attachment filenames. 2020-12-22 4.3 CVE-2018-15633
MISC
odoo — odoo A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. 2020-12-22 6.5 CVE-2020-29396
MISC
online_marriage_registration_system_project — online_marriage_registration_system The Online Marriage Registration System 1.0 post parameter “searchdata” in the user/search.php request is vulnerable to Time Based Sql Injection. 2020-12-21 6.5 CVE-2020-35151
MISC
MISC
onstove — stove A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. This issue affects: Smilegate STOVE Client 0.0.4.72. 2020-12-18 6.8 CVE-2020-7838
MISC
openzaak — open_zaak Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management. In Open Zaak before version 1.3.3 the Cross-Origin-Resource-Sharing policy in Open Zaak is currently wide open – every client is allowed. This allows evil.com to run scripts that perform AJAX calls to known Open Zaak installations, and the browser will not block these. This was intended to only apply to development machines running on localhost/127.0.0.1. Open Zaak 1.3.3 disables CORS by default, while it can be opted-in through environment variables. The vulnerability does not actually seem exploitable because: a) The session cookie has a `Same-Site: Lax` policy which prevents it from being sent along in Cross-Origin requests. b) All pages that give access to (production) data are login-protected c) `Access-Control-Allow-Credentials` is set to `false` d) CSRF checks probably block the remote origin, since they’re not explicitly added to the trusted allowlist. 2020-12-18 4.3 CVE-2020-26251
MISC
MISC
CONFIRM
opera — opera URLs using “javascript:” have the protocol removed when pasted into the address bar to protect users from cross-site scripting (XSS) attacks, but in certain circumstances this removal was not performed. This could allow users to be socially engineered to run an XSS attack against themselves. This vulnerability affects Opera for Android versions below 61.0.3076.56532. 2020-12-23 4.3 CVE-2020-6159
MISC
oracle — cloud_infrastructure_identity_and_access_management Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Cloud Infrastructure Identity and Access Management accessible data as well as unauthorized read access to a subset of Oracle Cloud Infrastructure Identity and Access Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Cloud Infrastructure Identity and Access Management. All affected customers were notified of CVE-2020-14874 by Oracle. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L). 2020-12-22 6.5 CVE-2020-14874
MISC
ovirt — ovirt-engine A flaw was found in ovirt-engine 4.4.3 and earlier allowing an authenticated user to read other users’ personal information, including name, email and public SSH key. 2020-12-21 4 CVE-2020-35497
MISC
philips — hue_firmware Philips Hue is vulnerable to a Denial of Service attack. Sending a SYN flood on port tcp/80 will freeze Philips Hue’s hub and it will stop responding. The “hub” will stop operating and be frozen until the flood stops. During the flood, the user won’t be able to turn on/off the lights, and all of the hub’s functionality will be unresponsive. The cloud service also won’t work with the hub. 2020-12-21 5 CVE-2018-7580
FULLDISC
MISC
postsrsd_prject — postsrsd srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address. 2020-12-20 5 CVE-2020-35573
MISC
MLIST
projectworlds — online_matrimonial_project Marital – Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file. 2020-12-23 6.5 CVE-2020-27397
MISC
rust-lang — async-h1 async-h1 is an asynchronous HTTP/1.1 parser for Rust (crates.io). There is a request smuggling vulnerability in async-h1 before version 2.3.0. This vulnerability affects any webserver that uses async-h1 behind a reverse proxy, including all such Tide applications. If the server does not read the body of a request which is longer than some buffer length, async-h1 will attempt to read a subsequent request from the body content starting at that offset into the body. One way to exploit this vulnerability would be for an adversary to craft a request such that the body contains a request that would not be noticed by a reverse proxy, allowing it to forge forwarded/x-forwarded headers. If an application trusted the authenticity of these headers, it could be misled by the smuggled request. Another potential concern with this vulnerability is that if a reverse proxy is sending multiple http clients’ requests along the same keep-alive connection, it would be possible for the smuggled request to specify a long content and capture another user’s request in its body. This content could be captured in a post request to an endpoint that allows the content to be subsequently retrieved by the adversary. This has been addressed in async-h1 2.3.0 and previous versions have been yanked. 2020-12-21 5.8 CVE-2020-26281
MISC
CONFIRM
solarwinds — webhelpdesk SolarWinds Web Help Desk 12.7.0 allows CSV Injection, also known as Formula Injection, via a file attached to a ticket. 2020-12-21 4 CVE-2019-16959
MISC
MISC
MISC
spamtitan — spamtitan SpamTitan before 7.09 allows attackers to tamper with backups, because backups are not encrypted. 2020-12-23 5 CVE-2020-35658
MISC
MISC
spiceworks — spiceworks Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages. 2020-12-18 5.8 CVE-2020-25901
MISC
MISC
steedos — steedos Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoDB operator attacks such as an X-User-Id[$ne]=1 value. 2020-12-23 6.5 CVE-2020-35666
MISC
subconverter_project — subconverter tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint. Thus, a request loop and a denial of service may occur. 2020-12-20 5 CVE-2020-35579
MISC
tangro — business_workflow tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list. However, this restriction is enforced in the browser (client-side) and can be circumvented. This allows an attacker to upload any file as an attachment to a workitem. 2020-12-18 6.5 CVE-2020-26174
MISC
MISC
tangro — business_workflow In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users. 2020-12-18 4 CVE-2020-26175
MISC
MISC
tangro — business_workflow Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active. The JWT token does not contain an expiration timestamp. 2020-12-18 6.4 CVE-2020-26172
MISC
MISC
tangro — business_workflow In tangro Business Workflow before 1.18.1, a user’s profile contains some items that are greyed out and thus are not intended to be edited by regular users. However, this restriction is only applied client-side. Manipulating any of the greyed-out values in requests to /api/profile is not prohibited server-side. 2020-12-18 4 CVE-2020-26177
MISC
MISC
tangro — business_workflow An issue was discovered in tangro Business Workflow before 1.18.1. No (or broken) access control checks exist on the /api/document/<DocumentID>/attachments API endpoint. Knowing a document ID, an attacker can list all the attachments of a workitem, including their respective IDs. This allows the attacker to gather valid attachment IDs for workitems that do not belong to them. 2020-12-18 4 CVE-2020-26176
MISC
MISC
tangro — business_workflow In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated. 2020-12-18 5 CVE-2020-26178
MISC
MISC
tangro — business_workflow In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated. By doing this, users can add attachments to workitems that do not belong to them. 2020-12-18 4 CVE-2020-26171
MISC
MISC
tangro — business_workflow An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token. No further authentication is required. 2020-12-18 4 CVE-2020-26173
MISC
MISC
tenable — tenable.sc In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user’s defined scan zone without a particular zone being specified within the Automatic Distribution configuration. 2020-12-21 5 CVE-2020-5808
MISC
thingsboard — thingsboard ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen. 2020-12-18 6.8 CVE-2020-27687
MISC
MISC
tlslite-ng_project — tlslite-ng tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code has multiple ways in which it leaks information about the decrypted ciphertext. It aborts as soon as the plaintext doesn’t start with 0x00, 0x02. All TLS servers that enable RSA key exchange as well as applications that use the RSA decryption API directly are vulnerable. This is patched in versions 0.7.6 and 0.8.0-alpha39. Note: the patches depend on Python processing the individual bytes in side-channel free manner, this is known to not the case (see reference). As such, users that require side-channel resistance are recommended to use different TLS implementations, as stated in the security policy of tlslite-ng. 2020-12-21 5 CVE-2020-26263
MISC
MISC
MISC
CONFIRM
MISC
MISC
treck — ipv6 An issue was discovered in Treck IPv6 before 6.0.1.68. Improper Input Validation in the DHCPv6 client component allows an unauthenticated remote attacker to cause an Out of Bounds Read, and possibly a Denial of Service via adjacent network access. 2020-12-22 4.8 CVE-2020-27338
CONFIRM
treck — ipv6 An issue was discovered in Treck IPv6 before 6.0.1.68. Improper input validation in the IPv6 component when handling a packet sent by an unauthenticated remote attacker could result in an out-of-bounds read of up to three bytes via network access. 2020-12-22 5 CVE-2020-27336
CONFIRM
uncannyowl — tin_canny_reporting_for_learndash Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Owl Tin Canny LearnDash Reporting before 3.4.4 allows authenticated remote attackers to inject arbitrary web script or HTML via the search_key GET Parameter in TinCan_Content_List_Table.php, message GET Parameter in licensing.php, tc_filter_group parameter in reporting-admin-menu.php, tc_filter_user parameter in reporting-admin-menu.php, tc_filter_course parameter in reporting-admin-menu.php, tc_filter_lesson parameter in reporting-admin-menu.php, tc_filter_module parameter in reporting-admin-menu.php, tc_filter_action parameter in reporting-admin-menu.php, tc_filter_data_range parameter in reporting-admin-menu.php, or tc_filter_data_range_last parameter in reporting-admin-menu.php. 2020-12-23 4.3 CVE-2020-9439
MISC
MISC
uncannyowl — uncanny_groups_for_learndash Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem POST Parameter in user-code-redemption.php, the ulgm_user_first POST Parameter in user-registration-form.php, the ulgm_user_last POST Parameter in user-registration-form.php, the ulgm_user_email POST Parameter in user-registration-form.php, the ulgm_code_registration POST Parameter in user-registration-form.php, the ulgm_terms_conditions POST Parameter in user-registration-form.php, the _ulgm_total_seats POST Parameter in frontend-uo_groups_buy_courses.php, the uncanny_group_signup_user_first POST Parameter in group-registration-form.php, the uncanny_group_signup_user_last POST Parameter in group-registration-form.php, the uncanny_group_signup_user_login POST Parameter in group-registration-form.php, the uncanny_group_signup_user_email POST Parameter in group-registration-form.php, the success-invited GET Parameter in frontend-uo_groups.php, the bulk-errors GET Parameter in frontend-uo_groups.php, or the message GET Parameter in frontend-uo_groups.php. 2020-12-23 4.3 CVE-2020-35650
MISC
MISC
urve — urve An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext: Profiles/urve/files/sql_db.backup, Server/data/pg_wal/000000010000000A000000DD, Server/data/base/16384/18617, and Server/data/base/17202/8708746. This causes the password to be displayed as cleartext in the HTML code as roomsreservationimport_password in /urve/roomsreservationimport/roomsreservationimport/update-HTML5. 2020-12-23 5 CVE-2020-29550
FULLDISC
MISC
MISC
weiphp — weiphp WeiPHP 5.0 does not properly restrict access to pages, related to using POST. 2020-12-18 5 CVE-2020-20299
MISC
wireshark — wireshark Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file 2020-12-21 5 CVE-2020-26422
CONFIRM
MISC
MISC
xinuos — openserver A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter ‘section’. 2020-12-18 4.3 CVE-2020-25495
MISC
MISC
zte — zxhn_e8810_firmware ZTE E8810/E8820/E8822 series routers have an MQTT DoS vulnerability, which is caused by the failure of the device to verify the validity of abnormal messages. A remote attacker could connect to the MQTT server and send an MQTT exception message to the specified device, which will cause the device to deny service. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13> 2020-12-21 5 CVE-2020-6881
MISC
zte — zxhn_e8810_firmware ZTE E8810/E8820/E8822 series routers have an information leak vulnerability, which is caused by hard-coded MQTT service access credentials on the device. The remote attacker could use this credential to connect to the MQTT server, so as to obtain information about other devices by sending specific topics. This affects:<ZXHN E8810, ZXHN E8820, ZXHN E8822><E8810 V1.0.26, E8810 V2.0.1, E8820 V1.1.3L, E8820 V2.0.13, E8822 V2.0.13> 2020-12-21 5 CVE-2020-6882
MISC

Back to top

 

Low Vulnerabilities

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
alumni_management_system_project — alumni_management_system SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gallery.php. After the admin authentication an attacker can upload an image in the gallery using a XSS payload in the description textarea called ‘about’ and reach a stored XSS. 2020-12-23 3.5 CVE-2020-28071
MISC
apache — airflow Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config. 2020-12-21 3.5 CVE-2020-17526
MLIST
MISC
coastercms — coastercms Coastercms v5.8.18 is affected by cross-site Scripting (XSS). A user can steal a cookie and make the user redirect to any malicious website because it is trigged on the main home page of the product/application. 2020-12-21 3.5 CVE-2020-35275
MISC
MISC
MISC
MISC
MISC
d-link — dsl2888a_firmware An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It has a misconfigured FTP service that allows a malicious network user to access system folders and download sensitive files (such as the password hash file). 2020-12-22 3.3 CVE-2020-24578
MISC
CONFIRM
dotcms — dotcms DotCMS Add Template with admin panel 20.11 is affected by cross-site Scripting (XSS) to gain remote privileges. An attacker could compromise the security of a website or web application through a stored XSS attack and stealing cookies using XSS. 2020-12-21 3.5 CVE-2020-35274
MISC
MISC
google — android An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). 2020-12-18 2.1 CVE-2020-35549
MISC
google — android An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020). 2020-12-18 2.1 CVE-2020-35548
MISC
ibm — content_navigator IBM FileNet Content Manager and IBM Content Navigator 3.0.CD is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188600. 2020-12-21 3.5 CVE-2020-4757
XF
CONFIRM
ibm — db2 IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow local attacker to cause a denial of service inside the “DB2 Management Service”. 2020-12-23 2.1 CVE-2020-4642
XF
CONFIRM
limitloginattempts — limit_login_attempts_reloaded The limit-login-attempts-reloaded plugin before 2.17.4 for WordPress allows wp-admin/options-general.php?page=limit-login-attempts&tab= XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. 2020-12-21 3.5 CVE-2020-35589
MISC
MISC
microsoft — azure_sphere A denial-of-service vulnerability exists in the asynchronous ioctl functionality of Microsoft Azure Sphere 20.05. A sequence of specially crafted ioctl calls can cause a denial of service. An attacker can write shellcode to trigger this vulnerability. 2020-12-22 2.1 CVE-2020-35609
MISC
MISC
odoo — odoo Cross-site scripting (XSS) issue in mail module in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim via crafted channel names. 2020-12-22 3.5 CVE-2018-15638
MISC
odoo — odoo Cross-site scripting (XSS) issue in web module in Odoo Community 11.0 through 14.0 and Odoo Enterprise 11.0 through 14.0, allows remote authenticated internal users to inject arbitrary web script in the browser of a victim via crafted calendar event attributes. 2020-12-22 3.5 CVE-2018-15641
MISC
openslides — openslides OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies. OpenSlides version 3.2, due to unsufficient user input validation and escaping, it is vulnerable to persistant cross-site scripting (XSS). In the web applications users can enter rich text in various places, e.g. for personal notes or in motions. These fields can be used to store arbitrary JavaScript Code that will be executed when other users read the respective text. An attacker could utilize this vulnerability be used to manipulate votes of other users, hijack the moderators session or simply disturb the meeting. The vulnerability was introduced with 6eae497abeab234418dfbd9d299e831eff86ed45 on 16.04.2020, which is first included in the 3.2 release. It has been patched in version 3.3 ( in commit f3809fc8a97ee305d721662a75f788f9e9d21938, merged in master on 20.11.2020). 2020-12-18 3.5 CVE-2020-26280
MISC
MISC
MISC
CONFIRM
MISC
redhat — ceph User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface drivers. Then, all users of the requesting OpenStack project can view the access key. This enables the attacker to target any resource that the user has access to. This can be done to even “admin” users, compromising the ceph administrator. This flaw affects Ceph versions prior to 16.2.0. 2020-12-18 3.6 CVE-2020-27781
MISC
vmware — workstation VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine’s vmx process leading to a denial of service condition. 2020-12-21 2.1 CVE-2020-3999
MISC
zyxel — usg20-vpn_firmware Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges. 2020-12-22 2.1 CVE-2020-29583
CONFIRM
MISC
MISC
MISC
CONFIRM
MISC
zzcms — zzcms There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php 2020-12-18 3.5 CVE-2020-20285
MISC

Back to top

 

Severity Not Yet Assigned

Primary
Vendor — Product
Description Published CVSS Score Source & Patch Info
arc-swap_crate — arc-swap_crate An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map. 2020-12-25 not yet calculated CVE-2020-35711
MISC
MISC
arm — compiler
 
Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to (above) any vulnerable arrays in the stack. The guard value is checked for corruption on function return; corruption leads to an error-handler call. In certain circumstances, the reference value that is compared against the guard value is itself also written to the stack (after any vulnerable arrays). The reference value is written to the stack when the function runs out of registers to use for other temporary data. If both the reference value and the guard value are written to the stack, then the stack protection will fail to spot corruption when both values are overwritten with the same value. For both the reference value and the guard value to be corrupted, there would need to be both a buffer overflow and a buffer underflow in the vulnerable arrays (or some other vulnerability that causes two separated stack entries to be corrupted). 2020-12-24 not yet calculated CVE-2020-24658
CONFIRM
beijing_huorong_network_technology — beijing_huorong_internet_security
 
Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot. 2020-12-26 not yet calculated CVE-2020-35364
MISC
MISC
belkin — linksys_re6500_devices Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. 2020-12-26 not yet calculated CVE-2020-35713
MISC
MISC
MISC
belkin — linksys_re6500_devices
 
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. 2020-12-26 not yet calculated CVE-2020-35716
MISC
MISC
MISC
belkin — linksys_re6500_devices
 
Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. 2020-12-26 not yet calculated CVE-2020-35714
MISC
MISC
MISC
belkin — linksys_re6500_devices
 
Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. 2020-12-26 not yet calculated CVE-2020-35715
MISC
MISC
MISC

bigprof_software — online_invoicing_system

BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload that will execute upon the application’s administrator browsing the registered users’ list. Once the arbitrary Javascript is executed in the context of the admin, this will cause the attacker to gain administrative privileges, effectively leading into an application takeover. This affects app/membership_signup.php and app/admin/pageViewMembers.php. 2020-12-24 not yet calculated CVE-2020-35676
MISC
MISC
bigprof_software — online_invoicing_system
 
BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. The caveat here is that an attacker would need administrative privileges in order to create the payload. One might think this completely mitigates the privilege-escalation impact as there is only one high-privileged role. However, it was discovered that the endpoint responsible for creating the group lacks CSRF protection. 2020-12-24 not yet calculated CVE-2020-35677
MISC
bloofoxcms — bloofoxcms
 
bloofoxCMS 0.5.2.1 allows admins to upload arbitrary .php files (with “Content-Type: application/octet-stream”) to ../media/images/ via the admin/index.php?mode=tools&page=upload URI, aka directory traversal. 2020-12-25 not yet calculated CVE-2020-35709
MISC
browserup — proxy BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. This has been patched in version 2.1.2. 2020-12-24 not yet calculated CVE-2020-26282
MISC
MISC
CONFIRM
MISC
cxuucms — cxuucms
 
CXUUCMS V3 3.1 has a CSRF vulnerability that can add an administrator account via admin.php?c=adminuser&a=add. 2020-12-26 not yet calculated CVE-2020-35347
MISC
cxuucms — cxuucms
 
CXUUCMS V3 3.1 is affected by a reflected XSS vulnerability that allows remote attackers to inject arbitrary web script or HTML via the imgurl parameter of admin.php?c=content&a=add. 2020-12-26 not yet calculated CVE-2020-35346
MISC
dart — dart
 
An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it’s possible to achieve CRLF injection in an HTTP request. 2020-12-24 not yet calculated CVE-2020-35669
MISC
daybydaycrm — daybydaycrm
 
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Project screen. 2020-12-25 not yet calculated CVE-2020-35706
MISC
MISC
daybydaycrm — daybydaycrm
 
Daybyday 2.1.0 allows stored XSS via the Title parameter to the New Lead screen. 2020-12-25 not yet calculated CVE-2020-35704
MISC
MISC
daybydaycrm — daybydaycrm
 
Daybyday 2.1.0 allows stored XSS via the Company Name parameter to the New Client screen. 2020-12-25 not yet calculated CVE-2020-35707
MISC
MISC
daybydaycrm — daybydaycrm
 
Daybyday 2.1.0 allows stored XSS via the Name parameter to the New User screen. 2020-12-25 not yet calculated CVE-2020-35705
MISC
MISC
dext5upload — dext5upload DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). 2020-12-26 not yet calculated CVE-2020-35362
MISC
egavilan_media — egm_address_book EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. 2020-12-24 not yet calculated CVE-2020-29474
MISC
egavilan_media — under_construction_page_with_cpanel EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An attacker can gain Admin Panel access using malicious SQL injection queries to perform remote arbitrary code execution. 2020-12-24 not yet calculated CVE-2020-29472
MISC

epson — epsonnet_setupmanager_and_offirio_synergyware_printdirector

Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. 2020-12-24 not yet calculated CVE-2020-5681
MISC
MISC
esri — arcgis_server
 
Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. 2020-12-26 not yet calculated CVE-2020-35712
MISC
MISC
f5 — big-ip
 
On BIG-IP 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, a cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. 2020-12-24 not yet calculated CVE-2020-27719
MISC
f5 — big-ip
 
On BIG-IP 15.1.0-15.1.0.5 and 14.1.0-14.1.3, crafted TLS request to the BIG-IP management interface via port 443 can cause high (~100%) CPU utilization by the httpd daemon. 2020-12-24 not yet calculated CVE-2020-27715
MISC
f5 — big-ip
 
On BIG-IP version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, when an authenticated administrative user installs RPMs using the iAppsLX REST installer, the BIG-IP system does not sufficiently validate user input, allowing the user read access to the filesystem. 2020-12-24 not yet calculated CVE-2020-27727
MISC
f5 — big-ip_afm
 
On the BIG-IP AFM version 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when a Protocol Inspection Profile is attached to a FastL4 virtual server with the protocol field configured to either Other or All Protocols, the TMM may experience a restart if the profile processes non-TCP traffic. 2020-12-24 not yet calculated CVE-2020-27714
MISC
f5 — big-ip_apm In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, an undisclosed link on the BIG-IP APM virtual server allows a malicious user to build an open redirect URI. 2020-12-24 not yet calculated CVE-2020-27729
MISC
f5 — big-ip_apm
 
On versions 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, when a BIG-IP APM virtual server processes traffic of an undisclosed nature, the Traffic Management Microkernel (TMM) stops responding and restarts. 2020-12-24 not yet calculated CVE-2020-27716
MISC
f5 — big-ip_apm
 
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. 2020-12-24 not yet calculated CVE-2020-27726
MISC
f5 — big-ip_apm
 
In BIG-IP APM versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.4, 15.0.0-15.0.1.3, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, on systems running more than one TMM instance, authenticated VPN users may consume excessive resources by sending specially-crafted malicious traffic over the tunnel. 2020-12-24 not yet calculated CVE-2020-27724
MISC
f5 — big-ip_apm
 
In versions 14.1.0-14.1.3 and 13.1.0-13.1.3.4, a BIG-IP APM virtual server processing PingAccess requests may lead to a restart of the Traffic Management Microkernel (TMM) process. 2020-12-24 not yet calculated CVE-2020-27723
MISC
f5 — big-ip_apm
 
In BIG-IP APM versions 15.0.0-15.0.1.3, 14.1.0-14.1.3, and 13.1.0-13.1.3.4, under certain conditions, the VDI plugin does not observe plugin flow-control protocol causing excessive resource consumption. 2020-12-24 not yet calculated CVE-2020-27722
MISC
f5 — big-ip_asm
 
When a BIG-IP ASM or Advanced WAF system running version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, or 11.6.1-11.6.5.2 processes requests with JSON payload, an unusually large number of parameters can cause excessive CPU usage in the BIG-IP ASM bd process. 2020-12-24 not yet calculated CVE-2020-27718
MISC
f5 — big-ip_asm_and_advanced_waf
 
On BIG-IP ASM & Advanced WAF versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.3, under certain conditions, Analytics, Visibility, and Reporting daemon (AVRD) may generate a core file and restart on the BIG-IP system when processing requests sent from mobile devices. 2020-12-24 not yet calculated CVE-2020-27728
MISC
f5 — big-ip_dns
 
On BIG-IP DNS 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.2, undisclosed series of DNS requests may cause TMM to restart and generate a core file. 2020-12-24 not yet calculated CVE-2020-27717
MISC
f5 — big-ip_dns_and_gtm_and_link_controller
 
In version 15.1.0-15.1.0.5, 14.1.0-14.1.3, 13.1.0-13.1.3.4, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 of BIG-IP DNS, GTM, and Link Controller, zxfrd leaks memory when listing DNS zones. Zones can be listed via TMSH, iControl or SNMP; only users with access to those services can trigger this vulnerability. 2020-12-24 not yet calculated CVE-2020-27725
MISC
f5 — big-ip_dns_and_ltm_gslb
 
In versions 16.0.0-16.0.0.1, 15.1.0-15.1.1, 14.1.0-14.1.3, 13.1.0-13.1.3.5, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, in a BIG-IP DNS / BIG-IP LTM GSLB deployment, under certain circumstances, the BIG-IP DNS system may stop using a BIG-IP LTM virtual server for DNS response. 2020-12-24 not yet calculated CVE-2020-27721
MISC
f5 — big-ip_ltm/cgnat
 
On BIG-IP LTM/CGNAT version 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, 14.1.0-14.1.3, and 13.1.0-13.1.3.5, when processing NAT66 traffic with Port Block Allocation (PBA) mode and SP-DAG enabled, and dag-ipv6-prefix-len configured with a value less than the default of 128, an undisclosed traffic pattern may cause the Traffic Management Microkernel (TMM) to restart. 2020-12-24 not yet calculated CVE-2020-27720
MISC
flamingo — flamingo Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addGroup. 2020-12-26 not yet calculated CVE-2020-35244
MISC
flamingo — flamingo Flamingo (aka FlamingoIM) through 2020-09-29 allows ../ directory traversal because the only ostensibly unpredictable part of a file-transfer request is an MD5 computation; however, this computation occurs on the client side, and the computation details can be easily determined because the product’s source code is available. 2020-12-26 not yet calculated CVE-2020-35284
MISC
flamingo — flamingo Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::addUser. 2020-12-26 not yet calculated CVE-2020-35245
MISC
flamingo — flamingo Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserInfoInDb. 2020-12-26 not yet calculated CVE-2020-35243
MISC
flamingo — flamingo Flamingo (aka FlamingoIM) through 2020-09-29 has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory. 2020-12-26 not yet calculated CVE-2020-35242
MISC
fluent — fluentd
 
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITYSYSTEM. 2020-12-24 not yet calculated CVE-2020-28169
MISC
CONFIRM
CONFIRM
MISC
MISC
gnome — gdk-pixbuf
 
GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. 2020-12-26 not yet calculated CVE-2020-29385
CONFIRM
MISC
CONFIRM
MISC
CONFIRM
gobby — gobby
 
Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. 2020-12-26 not yet calculated CVE-2020-35450
MISC
huawei — cloudengine
 
CloudEngine 1800V versions V100R019C10SPC500 has a resource management error vulnerability. Remote unauthorized attackers could send specific types of messages to the device, resulting in the message received by the system can’t be forwarded normally. 2020-12-24 not yet calculated CVE-2020-9120
MISC
huawei — cloudengine
 
There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. 2020-12-24 not yet calculated CVE-2020-9137
MISC
huawei — imanager_neteco_6000
 
There has a CSV injection vulnerability in iManager NetEco 6000 versions V600R021C00. An attacker with common privilege may exploit this vulnerability through some operations to inject the CSV files. Due to insufficient input validation of some parameters, the attacker can exploit this vulnerability to inject CSV files to the target device. 2020-12-24 not yet calculated CVE-2020-9200
MISC
huawei — multiple_products
 
There is an out-of-bounds read vulnerability in some versions of NIP6800, Secospace USG6600 and USG9500. The software reads data past the end of the intended buffer when parsing DHCP messages including crafted parameter. Successful exploit could cause certain service abnormal. 2020-12-24 not yet calculated CVE-2020-9201
MISC
huawei — multiple_smartphones There is a privilege escalation vulnerability on some Huawei smart phones due to design defects. The attacker needs to physically contact the mobile phone and obtain higher privileges, and execute relevant commands, resulting in the user’s privilege promotion. 2020-12-24 not yet calculated CVE-2020-9119
MISC
huawei — te_mobile_software
 
There is an information disclosure vulnerability in TE Mobile software versions V600R006C10,V600R006C10SPC100. Due to the improper storage of some information in certain specific scenario, the attacker can gain information in the victim’s device to launch the attack, successful exploit could cause information disclosure. 2020-12-24 not yet calculated CVE-2020-9202
MISC
hyperledger — indy_node
 
Hyperledger Indy Node is the server portion of a distributed ledger purpose-built for decentralized identity. In Hyperledger Indy before version 1.12.4, there is lack of signature verification on a specific transaction which enables an attacker to make certain unauthorized alterations to the ledger. Updating a DID with a nym transaction will be written to the ledger if neither ROLE or VERKEY are being changed, regardless of sender. A malicious DID with no particular role can ask an update for another DID (but cannot modify its verkey or role). This is bad because 1) Any DID can write a nym transaction to the ledger (i.e., any DID can spam the ledger with nym transactions), 2) Any DID can change any other DID’s alias, 3) The update transaction modifies the ledger metadata associated with a DID. 2020-12-24 not yet calculated CVE-2020-11093
MISC
MISC
MISC
CONFIRM
intelliants — subrion_cms Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI. 2020-12-26 not yet calculated CVE-2020-35437
MISC
mariadb — mariadb_server
 
With MariaDB running on Windows, when local clients connect to the server over named pipes, it’s possible for an unprivileged user with an ability to run code on the server machine to intercept the named pipe connection and act as a man-in-the-middle, gaining access to all the data passed between the client and the server, and getting the ability to run SQL commands on behalf of the connected user. This occurs because of an incorrect security descriptor. This affects MariaDB Server before 10.1.48, 10.2.x before 10.2.35, 10.3.x before 10.3.26, 10.4.x before 10.4.16, and 10.5.x before 10.5.7. NOTE: this issue exists because certain details of the MariaDB CVE-2019-2503 fix did not comprehensively address attack variants against MariaDB. This situation is specific to MariaDB, and thus CVE-2020-28912 does NOT apply to other vendors that were originally affected by CVE-2019-2503. 2020-12-24 not yet calculated CVE-2020-28912
MISC
MISC
nec — storage_manager_and_storage_manager_express
 
iSM client versions from V5.1 prior to V12.1 running on NEC Storage Manager or NEC Storage Manager Express does not verify a server certificate properly, which allows a man-in-the-middle attacker to eavesdrop on an encrypted communication or alter the communication via a crafted certificate. 2020-12-24 not yet calculated CVE-2020-5684
MISC
MISC
opensmtpd — opensmtpd
 
smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a “very significant” memory leak via messages to an instance that performs many regex lookups. 2020-12-24 not yet calculated CVE-2020-35679
MISC
MISC
MISC
opensmtpd — opensmtpd
 
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer. 2020-12-24 not yet calculated CVE-2020-35680
MISC
MISC
MISC
parallels — remote_application_server
 
Parallels Remote Application Server (RAS) 18 allows remote attackers to discover an intranet IP address because submission of the login form (even with blank credentials) provides this address to the attacker’s client for use as a “host” value. In other words, after an attacker’s web browser sent a request to the login form, it would automatically send a second request to a RASHTML5Gateway/socket.io URI with something like “host”:”192.168.###.###” in the POST data. 2020-12-25 not yet calculated CVE-2020-35710
MISC
MISC

phpgurukul — user_registration_and_login_and_user_management_system

A Cross Site Request Forgery (CSRF) vulnerability exists in the loginsystem page in PHPGurukul User Registration & Login and User Management System With Admin Panel 2.1. 2020-12-26 not yet calculated CVE-2020-26766
MISC
phplist — phplist
 
phpList 3.5.9 allows SQL injection by admins who provide a crafted fourth line of a file to the “Config – Import Administrators” page. 2020-12-25 not yet calculated CVE-2020-35708
MISC
MISC
pi-hole — pi-hole
 
The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to execute when the Pi-hole administrator visits the Query Log or Long-term data Query Log page. 2020-12-24 not yet calculated CVE-2020-35659
MISC
CONFIRM
MISC
pure-ftpd — pure-ftpd Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit. 2020-12-26 not yet calculated CVE-2020-35359
MISC
qnap — qes If exploited, this absolute path traversal vulnerability could allow attackers to traverse files in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. 2020-12-24 not yet calculated CVE-2020-2504
MISC
qnap — qes
 
If exploited, this vulnerability could allow attackers to gain sensitive information via generation of error messages. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. 2020-12-24 not yet calculated CVE-2020-2505
MISC
qnap — qes
 
A hard-coded password vulnerability has been reported to affect earlier versions of QES. If exploited, this vulnerability could allow attackers to log in with a hard-coded password. QNAP has already fixed the issue in QES 2.1.1 Build 20200515 and later. 2020-12-24 not yet calculated CVE-2020-2499
MISC
qnap — qes
 
If exploited, this stored cross-site scripting vulnerability could allow remote attackers to inject malicious code in File Station. QNAP has already fixed these issues in QES 2.1.1 Build 20201006 and later. 2020-12-24 not yet calculated CVE-2020-2503
MISC
rainrocka_xinhu — rainrocka_xinhu rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. 2020-12-26 not yet calculated CVE-2020-35388
MISC
redisgraph — redisgraph
 
RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced. 2020-12-23 not yet calculated CVE-2020-35668
MISC
MISC
samsung — multiple_phones
 
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device’s Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia’s COVIDSafe app, Singapore’s TraceTogether app, or France’s TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5. 2020-12-24 not yet calculated CVE-2020-35693
MISC
savsoft — quiz Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page). 2020-12-26 not yet calculated CVE-2020-35349
MISC
savsoft — quiz
 
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field. 2020-12-26 not yet calculated CVE-2020-27515
MISC
MISC
MISC
stepmania — stepmania lib/codebook.c in libvorbis before 1.3.6, as used in StepMania 5.0.12 and other products, has insufficient array bounds checking via a crafted OGG file. 2020-12-26 not yet calculated CVE-2020-20412
MISC
stragodesk — notouch_center
 
Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged user on the platform, for example a user with “helpdesk” privileges, can perform privileged operations including adding a new administrator to the platform via the easyadmin/user/submitCreateTCUser.do page. 2020-12-26 not yet calculated CVE-2020-25917
MISC
struct2json — struct2json
 
struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT. 2020-12-26 not yet calculated CVE-2020-29203
MISC
terra-master — terramaster_operating_system Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated attackers to read, edit or delete any file within the filesystem via the (1) filename parameter to /tos/index.php?editor/fileGet, Event parameter to /include/ajax/logtable.php, or opt parameter to /include/core/index.php. 2020-12-24 not yet calculated CVE-2020-28187
MISC
MISC
terra-master — terramaster_operating_system User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. 2020-12-24 not yet calculated CVE-2020-28185
MISC
MISC
terra-master — terramaster_operating_system Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover. 2020-12-24 not yet calculated CVE-2020-28186
MISC
MISC
terra-master — terramaster_operating_system
 
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php. 2020-12-24 not yet calculated CVE-2020-28184
MISC
MISC
terra-master — terramaster_operating_system
 
TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates. 2020-12-24 not yet calculated CVE-2020-28190
MISC
MISC
terra-master — terramaster_operating_system
 
Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS 2020-12-24 not yet calculated CVE-2020-29189
MISC
MISC
terra-master — terramaster_operating_system
 
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter. 2020-12-24 not yet calculated CVE-2020-28188
MISC
MISC
tp-link — multiple_devices
 
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. 2020-12-26 not yet calculated CVE-2020-35575
MISC
MISC
MISC
wondercms — wondercms
 
WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject the XSS payload in Page keywords and each time any user will visit the website, the XSS triggers, and the attacker can able to steal the cookie according to the crafted payload. 2020-12-24 not yet calculated CVE-2020-29247
MISC
MISC
wordpress — wordpress
 
A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress can be exploited via the Server IP setting. 2020-12-26 not yet calculated CVE-2020-29172
CONFIRM
MISC
xpdf — xpdf
 
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. 2020-12-26 not yet calculated CVE-2020-35376
MISC

Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Posted by

in