Weekly Vulnerabilities Reports > February 24 to March 1, 2020

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

A vulnerability in the Cisco Discovery Protocol feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code as root or cause a denial of service (DoS) condition on an affected device.

Kylin has some restful apis which will concatenate SQLs with the user input string, a user is likely to be able to run malicious database queries.

DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).

compile-sass prior to 1.0.5 allows execution of arbritary commands.

In the GD Graphics Library (aka LibGD) through 2.2.5, there is a heap-based buffer over-read in tiffWriter in gd_tiff.c.

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds read vulnerability.

A denial of service issue was addressed with improved input validation.

A vulnerability in the resource handling system of Cisco NX-OS Software for Cisco MDS 9000 Series Multilayer Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

A vulnerability in the CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS).

Hash collision attack vulnerability in Jenkins before 1.447, Jenkins LTS before 1.424.2, and Jenkins Enterprise by CloudBees 1.424.x before 1.424.2.1 and 1.400.x before 1.400.0.11 could allow remote attackers to cause a considerable CPU load, aka "the Hash DoS attack."

In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no-PRIVILEGED option.

A race condition was addressed with improved locking.

serial-number through 1.3.0 allows execution of arbritary commands.

push-dir through 0.4.1 allows execution of arbritary commands.

giting version prior to 0.0.8 allows execution of arbritary commands.

enpeem through 2.2.0 allows execution of arbitrary commands.

An issue was discovered in EyesOfNetwork eonweb 5.1 through 5.3 before 5.3-3.

Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.

In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e.

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory.

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash.

In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash.

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash.

OnCommand Cloud Manager versions prior to 3.8.0 are susceptible to arbitrary code execution by remote attackers.

An issue was discovered in Pure-FTPd 1.0.49.

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2-20151119.0 and 6-6.x before 6-6.7-20151117.0 as packaged in Red Hat Enterprise Virtualization before 3.5.6 when VSDM is run with -spice disable-ticketing and a VM is suspended and then restored, allows remote attackers to log in without authentication via unspecified vectors.

Kunena before 5.0.4 does not restrict avatar file extensions to gif, jpeg, jpg, and png.

On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature.

Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters.

A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49.

An issue was discovered in Pure-FTPd 1.0.49.

OpenVPN Connect 3.1.0.361 on Windows has Insecure Permissions for %PROGRAMDATA%\OpenVPN Connect\drivers\tap\amd64\win10, which allows local users to gain privileges by copying a malicious drvstore.dll there.

A memory corruption issue was addressed with improved input validation.

A memory corruption issue was addressed with improved memory handling.

NetApp FAS 8300/8700 and AFF A400 Baseboard Management Controller (BMC) firmware versions 13.x prior to 13.1P1 were shipped with a default account enabled that could allow unauthorized arbitrary command execution via local access.

A vulnerability in the local management (local-mgmt) CLI of Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) on an affected device.

A vulnerability in the local management (local-mgmt) CLI of Cisco FXOS Software and Cisco UCS Manager Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system (OS) of an affected device.

Improper neutralization of directives in dynamically evaluated code in Druva inSync Mac OS Client 6.5.0 allows a local, authenticated attacker to execute arbitrary Python expressions with root privileges.

Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.

Honor V10 smartphones with versions earlier than BKL-AL20 10.0.0.156(C00E156R2P4) and versions earlier than BKL-L09 10.0.0.146(C432E4R1P4) have an out of bounds write vulnerability.

A vulnerability in the Secure Login Enhancements capability of Cisco Nexus 1000V Switch for VMware vSphere could allow an unauthenticated, remote attacker to cause an affected Nexus 1000V Virtual Supervisor Module (VSM) to become inaccessible to users through the CLI.

An issue was discovered in the Linux kernel 3.16 through 5.5.6.

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race.

On the QFX3500 and QFX3600 platforms, the number of bytes collected from the RANDOM_INTERRUPT entropy source when the device boots up is insufficient, possibly leading to weak or duplicate SSH keys or self-signed SSL/TLS certificates.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read was addressed with improved input validation.

Multiple memory corruption issues were addressed with improved memory handling.

A buffer overflow was addressed with improved size validation.

An off by one issue existed in the handling of racoon configuration files.

An out-of-bounds read was addressed with improved input validation.

Multiple memory corruption issues were addressed with improved memory handling.

In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers.

Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks.

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress.

An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301.

Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection.

rpi through 0.0.3 allows execution of arbritary commands.

The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive.

The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive.

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, a malicious website visited by an authenticated admin user or a malicious mail is allowed to make arbitrary changes in the "admin panel" because there is no CSRF protection.

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying Linux operating system with a privilege level of root on an affected device.

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to read or write arbitrary files on the underlying operating system (OS).

Background For regular, unencrypted FTP traffic, the FTP ALG can inspect the unencrypted control channel and open related sessions for the FTP data channel.

An insecure random number generation vulnerability in BlaB! AX, BlaB! AX Pro, BlaB! WS (client), and BlaB! WS Pro (client) version 19.11 allows an attacker (with a guest or user session cookie) to escalate privileges by retrieving the cookie salt value and creating a valid session cookie for an arbitrary user or admin.

An administrative application user of or application user with write access to Aruba Airwave VisualRF is able to obtain code execution on the AMP platform.

There are command injection vulnerabilities present in the AirWave application.

IBM Business Process Manager 8.5.7.0 through 8.5.7.0 2017.06, 8.6.0.0 through 8.6.0.0 CF2018.03, and IBM Business Automation Workflow 18.0.0.1 through 19.0.0.3 is vulnerable to SQL injection.

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection.

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection.

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29.

An exploitable authentication bypass vulnerability exists in the hostname processing of the Moxa AWK-3131A firmware version 1.13.

An exploitable remote code execution vulnerability exists in the iw_webs configuration parsing functionality of the Moxa AWK-3131A firmware version 1.13.

An exploitable format string vulnerability exists in the iw_console conio_writestr functionality of the Moxa AWK-3131A firmware version 1.13.

An exploitable command injection vulnerability exists in the iw_webs functionality of the Moxa AWK-3131A firmware version 1.13.

An exploitable command injection vulnerability exists in the iwwebs functionality of the Moxa AWK-3131A firmware version 1.13.

DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.

An issue was discovered in Centreon Web through 19.04.3.

openssl_x509_check_ip_asc in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.

openssl_x509_check_email in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.

openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer.

includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress allows unauthenticated options changes.

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request.

There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.

IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.

Remote Code Execution vulnerability in the web interface in McAfee Web Advisor (WA) 8.0.34745 and earlier allows remote unauthenticated attacker to execute arbitrary code via a cross site scripting attack.

BigFix Self-Service Application (SSA) is vulnerable to arbitrary code execution if Javascript code is included in Running Message or Post Message HTML.

LiteCart through 2.2.1 allows CSV injection via a customer's profile.

An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in.

The Export Users to CSV plugin through 1.4.2 for WordPress allows CSV Injection.

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

Incorrect Access Control in Hunesion i-oneNet 3.0.6042.1200 allows the local user to access other user's information which is unauthorized via brute force.

An issue was discovered in the Linux kernel 5.4 and 5.5 through 5.5.6 on the AArch64 architecture.

An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce.

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2.

An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki.

A stored XSS vulnerability exists in the Envira Photo Gallery plugin through 1.7.6 for WordPress.

DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later.

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later.

IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.

Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install a malicious package.

A directory traversal vulnerability has been found in the Avaya Equinox Management(iView)versions R9.1.9.0 and earlier.

valib through 2.0.0 allows Internal Property Tampering.

In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages.

The HTTP service in quickweb.exe in Pablo Quick 'n Easy Web Server 3.3.8 allows Remote Unauthenticated Heap Memory Corruption via a large host or domain parameter.

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have have a resource management error vulnerability.

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an out-of-bounds write vulnerability.

NIP6800;Secospace USG6600;USG9500 products with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an access control bypass vulnerability.

hostapd before 2.6, in EAP mode, makes calls to the rand() and random() standard library functions without any preceding srand() or srandom() call, which results in inappropriate use of deterministic values.

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions.

An out-of-bounds read was addressed with improved input validation.

An issued existed in the naming of screenshots.

An issue existed in the handling of the local user's self-view.

Cloud Foundry Routing Release, versions prior to 0.197.0, contains GoRouter, which allows malicious clients to send invalid headers, causing caching layers to reject subsequent legitimate clients trying to access the app.

Synchronet BBS 3.16c for Windows allows remote attackers to cause a denial of service (service crash) via a long string in the HTTP Referer header.

In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Version 2.3.0 or lower, sensitive information is stored in configuration files without encryption, which may allow an attacker to access an administrative account.

IBM WebSphere Service Registry and Repository 8.5 could allow a user to obtain sensitive version information that could be used in further attacks against the system.

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29.

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29.

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29.

LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.

An exploitable denial-of-service vulnerability exists in ServiceAgent functionality of the Moxa AWK-3131A, firmware version 1.13.

The usage of hard-coded cryptographic keys within the ServiceAgent binary allows for the decryption of captured traffic across the network from or to the Moxa AWK-3131A firmware version 1.13.

IBM QRadar Advisor 1.1 through 2.5 could allow an unauthorized attacker to obtain sensitive information from specially crafted HTTP requests that could aid in further attacks against the system.

IBM Qradar Advisor 1.1 through 2.5 with Watson uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

A NULL Pointer Dereference exists in libzint in Zint 2.7.1 because multiple + characters are mishandled in add_on in upcean.c, when called from eanx in upcean.c during EAN barcode generation.

controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI.

In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed.

rdf-graph-array through 0.3.0-rc6 manipulation of JavaScript objects resutling in Prototype Pollution.

In MIELE XGW 3000 ZigBee Gateway before 2.4.0, the Password Change Function does not require knowledge of the old password.

add_password in pam_radius_auth.c in pam_radius 1.4.0 does not correctly check the length of the input password, and is vulnerable to a stack-based buffer overflow during memcpy().

NIP6800;Secospace USG6600;USG9500 with versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability.

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have a invalid pointer access vulnerability.

In Apache Tomcat 9.0.0.M1 to 9.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 the HTTP header parsing code used an approach to end-of-line parsing that allowed some invalid HTTP headers to be parsed as valid.

The refactoring present in Apache Tomcat 9.0.28 to 9.0.30, 8.5.48 to 8.5.50 and 7.0.98 to 7.0.99 introduced a regression.

OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions) because of a combination of an untrusted search path in makemap.c and race conditions in the offline functionality in smtpd.c.

PCManager with versions earlier than 10.0.5.51 have a privilege escalation vulnerability in Huawei PCManager products.

A reflected XSS vulnerability exists within the gateway, allowing an attacker to craft a specialized URL which could steal the user's authentication token.

Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.

There is an XSS (cross-site scripting) vulnerability in GwtUpload 1.0.3 in the file upload functionality.

The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive.

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

A validation issue was addressed with improved input sanitization.

A memory initialization issue was addressed with improved memory handling.

A logic issue was addressed with improved state management.

This was addressed with additional checks by Gatekeeper on files mounted through a network share.

The issue was addressed with improved UI handling.

An inconsistent user interface issue was addressed with improved state management.

Apache Struts before 2.3.20 has a cross-site scripting (XSS) vulnerability.

A vulnerability in the NX-API feature of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause an NX-API system process to unexpectedly restart.

A vulnerability in the implementation of Border Gateway Protocol (BGP) Message Digest 5 (MD5) authentication in Cisco NX-OS Software could allow an unauthenticated, remote attacker to bypass MD5 authentication and establish a BGP connection with the device.

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeOut parameter.

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29.

The Hero Maps Premium plugin 2.2.1 and prior for WordPress is prone to unauthenticated XSS via the views/dashboard/index.php p parameter because it fails to sufficiently sanitize user-supplied input.

An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress.

The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description.

includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues.

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device.

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, an attacker may execute stored XSS attacks against this device by supplying a malicious X-Forwarded-For header while performing an incorrect login attempt.

Cloud Foundry Cloud Controller (CAPI), versions prior to 1.91.0, logs properties of background jobs when they are run, which may include sensitive information such as credentials if provided to the job.

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29.

In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request.

The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information.

In TOTOLINK A3002RU 1.0.8, the router provides a page that allows the user to change their account name and password.

IBM Maximo Asset Management 7.6.1.0 could allow a remote attacker to disclose sensitive information to an authenticated user due to disclosing path information in the URL.

The issue was addressed with improved permissions logic.

A validation issue existed in the handling of symlinks.

A validation issue existed in the handling of symlinks.

An exploitable use of hard-coded credentials vulnerability exists in multiple iw_* utilities of the Moxa AWK-3131A firmware version 1.13.

Multiple Stored Cross-site scripting (XSS) vulnerabilities in the Webnus Modern Events Calendar Lite plugin through 5.1.6 for WordPress allows remote authenticated users (with minimal permissions) to inject arbitrary JavaScript, HTML, or CSS via Ajax actions.

Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destination field of the Configuration Manager (Configuration Parameter Translation) page.

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting.

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29.

An issue was discovered in Selesta Visual Access Manager (VAM) 4.15.0 through 4.29.

Stored Cross-site scripting (XSS) vulnerability in Blackboard Learn/PeopleTool v9.1 allows users to inject arbitrary web script via the Tile widget in the People Tool profile editor.

Multiple stored XSS vulnerabilities exist in the 10Web Photo Gallery plugin before 1.5.46 WordPress.

SolarWinds Orion Platform 2018.4 HF3 (NPM 12.4, NetPath 1.1.4) allows Stored HTML Injection by administrators via the Web Console Settings screen.

ZTE E8820V3 router product is impacted by an information leak vulnerability.

ZTE E8820V3 router product is impacted by a permission and access control vulnerability.

A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries.

IBM Spectrum Protect Plus 10.1.0 and 10.5.0, when protecting Microsoft SQL or Microsoft Exchange, could allow an attacker with intimate knowledge of the system to obtain highly sensitive information.

NIP6800;Secospace USG6600;USG9500 products versions of V500R001C30; V500R001C60SPC500; V500R005C00SPC100 have an invalid pointer access vulnerability.

CloudEngine 12800 with versions of V200R001C00SPC600,V200R001C00SPC700,V200R002C01,V200R002C50SPC800,V200R002C50SPC800PWE,V200R003C00SPC810,V200R003C00SPC810PWE,V200R005C00SPC600,V200R005C00SPC800,V200R005C00SPC800PWE,V200R005C10,V200R005C10SPC300 have an information leakage vulnerability in some Huawei products.

This issue was addressed with improved setting propagation.

An inconsistent user interface issue was addressed with improved state management.

This issue was addressed with improved checks.

A validation issue was addressed with improved input sanitization.

An access issue was addressed with improved memory management.

A lock screen issue allowed access to contacts on a locked device.