Weekly Vulnerabilities Reports > March 30 to April 5, 2020

Overview

260 new vulnerabilities reported during this period, including 27 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 278 products from 113 vendors including Apple, IBM, ABB, Apache, and Debian. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Injection", "Improper Restriction of Operations within the Bounds of a Memory Buffer", and "Improper Privilege Management".

  • 222 reported vulnerabilities are remotely exploitables.
  • 5 reported vulnerabilities have public exploit available.
  • 76 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 201 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 49 reported vulnerabilities.
  • Apple has the most reported critical vulnerabilities, with 12 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

27 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-02 CVE-2020-10515 Starface Uncontrolled Search Path Element vulnerability in Starface Unified Communication & Collaboration Client

STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006.

10.0
2020-04-02 CVE-2020-6852 Cacagoo Improper Authentication vulnerability in Cacagoo Tv-288Zd-2Mp Firmware 3.4.2.0919

CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 has weak authentication of TELNET access, leading to root privileges without any password required.

10.0
2020-04-01 CVE-2020-10948 Alienform2 Project Injection vulnerability in Alienform2 Project Alienform2 2.0.2

Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934.

10.0
2020-04-01 CVE-2020-3847 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved input validation.

10.0
2020-04-01 CVE-2018-11106 Netgear Command Injection vulnerability in Netgear products

NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5; WC7520, running firmware versions prior to 2.5.0.46; WC7600v1, running firmware versions prior to 6.5.3.5; WC7600v2, running firmware versions prior to 6.5.3.5; and WC9500, running firmware versions prior to 6.5.3.5.

10.0
2020-03-31 CVE-2020-5344 Dell Out-Of-Bounds Write vulnerability in Dell Idrac7 Firmware, Idrac8 Firmware and Idrac9 Firmware

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability.

10.0
2020-03-30 CVE-2019-19606 X Plane OS Command Injection vulnerability in X-Plane

X-Plane before 11.41 has multiple improper path validations that could allow reading and writing files from/to arbitrary paths (or a leak of OS credentials to a remote system) via crafted network packets.

10.0
2020-04-01 CVE-2020-9785 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

Multiple memory corruption issues were addressed with improved state management.

9.3
2020-04-01 CVE-2020-9768 Apple USE After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

9.3
2020-04-01 CVE-2020-3919 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory initialization issue was addressed with improved memory handling.

9.3
2020-04-01 CVE-2020-3905 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved input validation.

9.3
2020-04-01 CVE-2020-3904 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

Multiple memory corruption issues were addressed with improved state management.

9.3
2020-04-01 CVE-2020-3903 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved memory handling.

9.3
2020-04-01 CVE-2020-3899 Apple Resource Exhaustion vulnerability in Apple products

A memory consumption issue was addressed with improved memory handling.

9.3
2020-04-01 CVE-2020-3897 Apple Type Confusion vulnerability in Apple products

A type confusion issue was addressed with improved memory handling.

9.3
2020-04-01 CVE-2020-3895 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed with improved memory handling.

9.3
2020-04-01 CVE-2020-3893 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved input validation.

9.3
2020-04-01 CVE-2020-3892 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved input validation.

9.3
2020-03-31 CVE-2020-10696 Buildah Project
Redhat
Path Traversal vulnerability in multiple products

A path traversal flaw was found in Buildah in versions before 1.14.5.

9.3
2020-04-02 CVE-2020-8423 TP Link Classic Buffer Overflow vulnerability in Tp-Link Tl-Wr841N Firmware 3.16.9

A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network.

9.0
2020-04-02 CVE-2020-11490 Zevenet OS Command Injection vulnerability in Zevenet ZEN Load Balancer 3.10.1

Manage::Certificates in Zen Load Balancer 3.10.1 allows remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the index.cgi cert_issuer, cert_division, cert_organization, cert_locality, cert_state, cert_country, or cert_email parameter.

9.0
2020-04-01 CVE-2020-10204 Sonatype Missing Authorization vulnerability in Sonatype Nexus

Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution.

9.0
2020-04-01 CVE-2020-10199 Sonatype Missing Authorization vulnerability in Sonatype Nexus

Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).

9.0
2020-03-31 CVE-2020-4242 IBM OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system.

9.0
2020-03-31 CVE-2020-4241 IBM OS Command Injection vulnerability in IBM Spectrum Protect Plus and Spectrum Scale

IBM Spectrum Scale and IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote authenticated attacker to execute arbitrary commands on the system.

9.0
2020-03-31 CVE-2020-4206 IBM Improper Input Validation vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary commands on the system in the context of root user, caused by improper validation of user-supplied input.

9.0
2020-03-30 CVE-2019-9507 Vertiv OS Command Injection vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to command injection because the application incorrectly neutralizes code syntax before executing.

9.0

53 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-02 CVE-2020-11498 Slack Path Traversal vulnerability in Slack Nebula 1.0.0/1.1.0

Slack Nebula through 1.1.0 contains a relative path vulnerability that allows a low-privileged attacker to execute code in the context of the root user via tun_darwin.go or tun_windows.go.

8.5
2020-03-31 CVE-2020-5291 Projectatomic
Debian
Archlinux
Centos
Improper Privilege Management vulnerability in multiple products

Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable.

8.5
2020-04-01 CVE-2019-3944 Parrot Incorrect Default Permissions vulnerability in Parrot Anafi Firmware

Parrot ANAFI is vulnerable to Wi-Fi deauthentication attack, allowing remote and unauthenticated attackers to disconnect drone from controller during mid-flight.

7.8
2020-04-01 CVE-2020-5548 Yamaha Unspecified vulnerability in Yamaha products

Yamaha LTE VoIP Router(NVR700W firmware Rev.15.00.15 and earlier), Yamaha Gigabit VoIP Router(NVR510 firmware Rev.15.01.14 and earlier), Yamaha Gigabit VPN Router(RTX810 firmware Rev.11.01.33 and earlier, RTX830 firmware Rev.15.02.09 and earlier, RTX1200 firmware Rev.10.01.76 and earlier, RTX1210 firmware Rev.14.01.33 and earlier, RTX3500 firmware Rev.14.00.26 and earlier, and RTX5000 firmware Rev.14.00.26 and earlier), Yamaha Broadband VoIP Router(NVR500 firmware Rev.11.00.38 and earlier), and Yamaha Firewall(FWX120 firmware Rev.11.03.27 and earlier) allow remote attackers to cause a denial of service via unspecified vectors.

7.8
2020-04-05 CVE-2020-11558 Gpac USE After Free vulnerability in Gpac 0.8.0

An issue was discovered in libgpac.a in GPAC 0.8.0, as demonstrated by MP4Box.

7.5
2020-04-05 CVE-2020-11548 Search Meter Project Improper Input Validation vulnerability in Search Meter Project Search Meter

The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula.

7.5
2020-04-04 CVE-2020-11542 3Xlogic Improper Authentication vulnerability in 3Xlogic Infinias Eidc32 Firmware and Infinias Eidc32 web

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring.

7.5
2020-04-04 CVE-2020-11518 Zohocorp Unspecified vulnerability in Zohocorp Manageengine Adselfservice Plus

Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution.

7.5
2020-04-03 CVE-2020-8147 Utils Extend Project Improper Input Validation vulnerability in Utils-Extend Project Utils-Extend

Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.

7.5
2020-04-03 CVE-2020-8638 Testlink SQL Injection vulnerability in Testlink 1.9.20

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in planUrgency.php via the urgency parameter.

7.5
2020-04-03 CVE-2020-8637 Testlink SQL Injection vulnerability in Testlink 1.9.20

A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands in dragdroptreenodes.php via the node_id parameter.

7.5
2020-04-03 CVE-2020-6994 Belden Classic Buffer Overflow vulnerability in Belden Hirschmann Hios and Hirschmann Hisecos

A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS.

7.5
2020-04-03 CVE-2020-10599 Visam Classic Buffer Overflow vulnerability in Visam Vbase Editor and Vbase Web-Remote

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code.

7.5
2020-04-02 CVE-2020-7630 GIT ADD Remote Project Injection vulnerability in Git-Add-Remote Project Git-Add-Remote 1.0.0

git-add-remote through 1.0.0 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7629 Install Package Project Injection vulnerability in Install-Package Project Install-Package

install-package through 0.4.0 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7628 Install Package Project
Umount Project
Injection vulnerability in multiple products

umount through 1.1.6 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7627 Node KEY Sender Project Injection vulnerability in Node-Key-Sender Project Node-Key-Sender

node-key-sender through 1.0.11 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7626 Karma Mojo Project Injection vulnerability in Karma-Mojo Project Karma-Mojo 1.0.0/1.0.1

karma-mojo through 1.0.1 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7625 OP Browser Project Injection vulnerability in Op-Browser Project Op-Browser

op-browser through 1.0.6 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7624 Effect Project Injection vulnerability in Effect Project Effect

effect through 1.0.4 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7623 Jscover Project Injection vulnerability in Jscover Project Jscover

jscover through 1.0.0 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7621 IBM Injection vulnerability in IBM Strongloop Nginx Controller 1.0.0/1.0.1/1.0.2

strong-nginx-controller through 1.0.2 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7620 Netease Injection vulnerability in Netease Pomelo-Monitor 0.3.5/0.3.6/0.3.7

pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params.

7.5
2020-04-02 CVE-2020-7619 GET GIT Data Project Injection vulnerability in Get-Git-Data Project Get-Git-Data

get-git-data through 1.3.1 is vulnerable to Command Injection.

7.5
2020-04-02 CVE-2020-7617 INI Parser Project Improperly Controlled Modification of Dynamically-Determined Object Attributes vulnerability in Ini-Parser Project Ini-Parser 0.0.1/0.0.2

ini-parser through 0.0.2 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of Object.prototype using a '__proto__' payload.

7.5
2020-04-01 CVE-2020-6009 Learndash SQL Injection vulnerability in Learndash

LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection.

7.5
2020-04-01 CVE-2019-9163 Marchnetworks Code Injection vulnerability in Marchnetworks Command Client 2.6.4/2.6.4.1

The connection initiation process in March Networks Command Client before 2.7.2 allows remote attackers to execute arbitrary code via crafted XAML objects.

7.5
2020-04-01 CVE-2020-3850 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved input validation.

7.5
2020-04-01 CVE-2020-3849 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved input validation.

7.5
2020-04-01 CVE-2020-3848 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X

A memory corruption issue was addressed with improved input validation.

7.5
2020-04-01 CVE-2020-9769 Apple Unspecified vulnerability in Apple mac OS X

Multiple issues were addressed by updating to version 8.1.1850.

7.5
2020-04-01 CVE-2020-3911 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow was addressed with improved bounds checking.

7.5
2020-04-01 CVE-2020-3910 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow was addressed with improved size validation.

7.5
2020-04-01 CVE-2020-3909 Apple Classic Buffer Overflow vulnerability in Apple products

A buffer overflow was addressed with improved bounds checking.

7.5
2020-04-01 CVE-2020-10867 Avast Exposure of Resource TO Wrong Sphere vulnerability in Avast Antivirus

An issue was discovered in Avast Antivirus before 20.

7.5
2020-04-01 CVE-2020-7947 Auth0 Injection vulnerability in Auth0 Login BY Auth0

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress.

7.5
2020-03-31 CVE-2020-6008 Lifterlms Unrestricted Upload of File With Dangerous Type vulnerability in Lifterlms

LifterLMS Wordpress plugin version below 3.37.15 is vulnerable to arbitrary file write leading to remote code execution

7.5
2020-03-31 CVE-2020-4208 IBM USE of Hard-Coded Credentials vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

7.5
2020-03-31 CVE-2020-10595 PAM Krb5 Project
Debian
Classic Buffer Overflow vulnerability in multiple products

pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations involving supplemental prompting by a Kerberos library.

7.5
2020-03-30 CVE-2020-7611 Objectcomputing Http Request Smuggling vulnerability in Objectcomputing Micronaut

All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before 1.3.2 are vulnerable to HTTP Request Header Injection due to not validating request headers passed to the client.

7.5
2020-03-30 CVE-2020-11105 USC Release of Invalid Pointer OR Reference vulnerability in USC Cereal

An issue was discovered in USC iLab cereal through 1.3.0.

7.5
2020-03-30 CVE-2020-10374 Paessler Improper Input Validation vulnerability in Paessler Prtg Network Monitor

A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticated remote command execution via a crafted POST request or the what parameter of the screenshot function in the Contact Support form.

7.5
2020-03-30 CVE-2019-19605 X Plane Out-Of-Bounds Write vulnerability in X-Plane

X-Plane before 11.41 allows Arbitrary Memory Write via crafted network packets, which could cause a denial of service or arbitrary code execution.

7.5
2020-03-30 CVE-2016-11024 Odata4J Project SQL Injection vulnerability in Odata4J Project Odata4J 0.7

odata4j 0.7.0 allows ExecuteJPQLQueryCommand.java SQL injection.

7.5
2020-03-30 CVE-2016-11023 Odata4J Project SQL Injection vulnerability in Odata4J Project Odata4J 0.7

odata4j 0.7.0 allows ExecuteCountQueryCommand.java SQL injection.

7.5
2020-03-30 CVE-2020-7610 Mongodb Deserialization of Untrusted Data vulnerability in Mongodb Bson

All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data.

7.5
2020-04-04 CVE-2020-5348 Dell USE After Free vulnerability in Dell Latitude 7202 Firmware

Dell Latitude 7202 Rugged Tablet BIOS versions prior to A28 contain a UAF vulnerability in EFI_BOOT_SERVICES in system management mode.

7.2
2020-04-03 CVE-2020-7004 Visam Incorrect Default Permissions vulnerability in Visam Vbase Editor and Vbase Web-Remote

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissions on the VBASE directory resulting in elevation of privileges or malicious effects on the system the next time a privileged user runs the application.

7.2
2020-04-03 CVE-2018-17954 Suse Improper Privilege Management vulnerability in Suse Openstack Cloud and Openstack Cloud Crowbar

A Least Privilege Violation vulnerability in crowbar of SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 8, SUSE OpenStack Cloud Crowbar 9 allows root users on any crowbar managed node to cause become root on any other node.

7.2
2020-04-02 CVE-2020-8835 Linux
Fedoraproject
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

In the Linux kernel 5.5.0 and newer, the bpf verifier (kernel/bpf/verifier.c) did not properly restrict the register bounds for 32-bit operations, leading to out-of-bounds reads and writes in kernel memory.

7.2
2020-04-02 CVE-2019-14868 KSH Project Injection vulnerability in KSH Project KSH 20120801

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables.

7.2
2020-04-02 CVE-2020-8015 Exim Link Following vulnerability in Exim

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of exim in openSUSE Factory allows local attackers to escalate from user mail to root.

7.2
2020-04-01 CVE-2020-11469 Zoom Improper Privilege Management vulnerability in Zoom Meetings 4.6.8

Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot.

7.2

150 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-03 CVE-2020-4273 IBM Improper Privilege Management vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input.

6.9
2020-04-01 CVE-2020-8146 UI Improper Privilege Management vulnerability in UI Unifi Video

In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM from arbitrary file deletion and DLL hijack vulnerabilities.

6.9
2020-04-02 CVE-2020-11107 Apachefriends Improper Privilege Management vulnerability in Apachefriends Xampp

An issue was discovered in XAMPP before 7.2.29, 7.3.x before 7.3.16 , and 7.4.x before 7.4.4 on Windows.

6.8
2020-04-01 CVE-2020-6096 GNU
Fedoraproject
Integer Underflow (Wrap OR Wraparound) vulnerability in multiple products

An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000.

6.8
2020-04-01 CVE-2019-17564 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

Unsafe deserialization occurs within a Dubbo application which has HTTP remoting enabled.

6.8
2020-04-01 CVE-2020-9783 Apple USE After Free vulnerability in Apple products

A use after free issue was addressed with improved memory management.

6.8
2020-04-01 CVE-2020-3913 Apple Improper Privilege Management vulnerability in Apple products

A permissions issue existed.

6.8
2020-04-01 CVE-2020-3906 Apple Unspecified vulnerability in Apple mac OS X

A logic issue was addressed with improved restrictions.

6.8
2020-04-01 CVE-2020-3901 Apple Type Confusion vulnerability in Apple products

A type confusion issue was addressed with improved memory handling.

6.8
2020-04-01 CVE-2020-3900 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple products

A memory corruption issue was addressed with improved memory handling.

6.8
2020-04-01 CVE-2020-3883 Apple Unspecified vulnerability in Apple products

This issue was addressed with improved checks.

6.8
2020-04-01 CVE-2020-5391 Auth0 Cross-Site Request Forgery (CSRF) vulnerability in Auth0 Wp-Auth0

Cross-site request forgery (CSRF) vulnerabilities exist in the Auth0 plugin before 4.0.0 for WordPress via the domain field.

6.8
2020-04-01 CVE-2020-7065 PHP
Debian
Canonical
Out-Of-Bounds Write vulnerability in multiple products

In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer.

6.8
2020-03-31 CVE-2020-4238 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Impact

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2020-03-31 CVE-2020-4237 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Tivoli Netcool/Impact

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

6.8
2020-03-31 CVE-2020-11113 Fasterxml
Debian
Netapp
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).

6.8
2020-03-31 CVE-2020-11112 Fasterxml
Debian
Netapp
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).

6.8
2020-03-31 CVE-2020-11111 Fasterxml
Debian
Netapp
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).

6.8
2020-04-01 CVE-2020-3912 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved input validation.

6.6
2020-04-01 CVE-2020-3908 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved input validation.

6.6
2020-04-01 CVE-2020-3907 Apple Out-Of-Bounds Read vulnerability in Apple mac OS X

An out-of-bounds read was addressed with improved input validation.

6.6
2020-04-03 CVE-2020-8639 Testlink Unrestricted Upload of File With Dangerous Type vulnerability in Testlink 1.9.20

An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.

6.5
2020-04-02 CVE-2019-19094 ABB SQL Injection vulnerability in ABB Esoms

Lack of input checks for SQL queries in ABB eSOMS versions 3.9 to 6.0.3 might allow an attacker SQL injection attacks against the backend database.

6.5
2020-04-02 CVE-2020-11444 Sonatype Incorrect Default Permissions vulnerability in Sonatype Nexus

Sonatype Nexus Repository Manager 3.x up to and including 3.21.2 has Incorrect Access Control.

6.5
2020-04-02 CVE-2020-11451 Microstrategy Unrestricted Upload of File With Dangerous Type vulnerability in Microstrategy web 10.1/10.4/7

The Upload Visualization plugin in the Microstrategy Web 10.4 admin panel allows an administrator to upload a ZIP archive containing files with arbitrary extensions and data.

6.5
2020-04-02 CVE-2020-11100 Haproxy
Debian
Redhat
Out-Of-Bounds Write vulnerability in multiple products

In hpack_dht_insert in hpack-tbl.c in the HPACK decoder in HAProxy 1.8 through 2.x before 2.1.4, a remote attacker can write arbitrary bytes around a certain location on the heap via a crafted HTTP/2 request, possibly causing remote code execution.

6.5
2020-04-02 CVE-2018-13371 Fortinet Improper Input Validation vulnerability in Fortinet Fortios

An external control of system vulnerability in FortiOS may allow an authenticated, regular user to change the routing settings of the device via connecting to the ZebOS component.

6.5
2020-04-01 CVE-2020-11467 Deskpro Incorrect Permission Assignment for Critical Resource vulnerability in Deskpro

An issue was discovered in Deskpro before 2019.8.0.

6.5
2020-04-01 CVE-2020-11465 Deskpro Improper Privilege Management vulnerability in Deskpro

An issue was discovered in Deskpro before 2019.8.0.

6.5
2020-04-01 CVE-2020-7948 Auth0 Unspecified vulnerability in Auth0 Login BY Auth0

An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress.

6.5
2020-03-31 CVE-2020-7009 Elastic Improper Privilege Management vulnerability in Elastic Elasticsearch

Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys.

6.5
2020-03-31 CVE-2020-5292 Leantime SQL Injection vulnerability in Leantime

Leantime before versions 2.0.15 and 2.1-beta3 has a SQL Injection vulnerability.

6.5
2020-03-30 CVE-2019-7755 Weberp SQL Injection vulnerability in Weberp 4.15

In webERP 4.15, the Import Bank Transactions function fails to sanitize the content of imported MT940 bank statement files, resulting in the execution of arbitrary SQL queries, aka SQL Injection.

6.5
2020-04-02 CVE-2019-19093 ABB Weak Password Requirements vulnerability in ABB Esoms

eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in lower access security due to insecure user passwords.

6.4
2020-04-02 CVE-2019-19000 ABB Information Exposure vulnerability in ABB Esoms

For ABB eSOMS 4.0 to 6.0.3, the Cache-Control and Pragma HTTP header(s) have not been properly configured within the application response.

6.4
2020-04-01 CVE-2020-10861 Avast Improper Input Validation vulnerability in Avast Antivirus

An issue was discovered in Avast Antivirus before 20.

6.4
2020-03-31 CVE-2019-14880 Moodle Unspecified vulnerability in Moodle

A vulnerability was found in Moodle versions 3.7 before 3.7.3, 3.6 before 3.6.7, 3.5 before 3.5.9 and earlier.

6.4
2020-03-31 CVE-2020-4240 IBM Path Traversal vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to traverse directories on the system.

6.4
2020-03-31 CVE-2020-4214 IBM Improper Input Validation vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to arbitrary delete a directory caused by improper validation of user-supplied input.

6.4
2020-03-30 CVE-2019-17560 Apache Improper Certificate Validation vulnerability in Apache Netbeans

The "Apache NetBeans" autoupdate system does not validate SSL certificates and hostnames for https based downloads.

6.4
2020-03-30 CVE-2019-9508 Vertiv Unrestricted Upload of File With Dangerous Type vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to stored XSS.

6.0
2020-04-04 CVE-2020-11529 Getgrav Open Redirect vulnerability in Getgrav Grav

Common/Grav.php in Grav before 1.7 has an Open Redirect.

5.8
2020-04-03 CVE-2020-8143 Revive Adserver Open Redirect vulnerability in Revive-Adserver Revive Adserver

An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by HackerOne user hoangn144.

5.8
2020-04-03 CVE-2020-11501 GNU
Canonical
Debian
Opensuse
Fedoraproject
USE of A Broken OR Risky Cryptographic Algorithm vulnerability in multiple products

GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS.

5.8
2020-04-02 CVE-2020-1927 Apache Open Redirect vulnerability in Apache Http Server

In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL.

5.8
2020-04-01 CVE-2020-7064 PHP
Debian
Canonical
Opensuse
Out-Of-Bounds Read vulnerability in multiple products

In PHP versions 7.2.x below 7.2.9, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while parsing EXIF data with exif_read_data() function, it is possible for malicious data to cause PHP to read one byte of uninitialized memory.

5.8
2020-03-31 CVE-2019-2391 Mongodb Deserialization of Untrusted Data vulnerability in Mongodb Js-Bson

Incorrect parsing of certain JSON input may result in js-bson not correctly serializing BSON.

5.5
2020-03-30 CVE-2020-5275 Sensiolabs Incorrect Authorization vulnerability in Sensiolabs Symfony

In symfony/security-http before versions 4.4.7 and 5.0.7, when a `Firewall` checks access control rule, it iterate overs each rule's attributes and stops as soon as the accessDecisionManager decides to grant access on the attribute, preventing the check of next attributes that should have been take into account in an unanimous strategy.

5.5
2020-03-30 CVE-2020-5274 Sensiolabs Information Exposure Through AN Error Message vulnerability in Sensiolabs Symfony

In Symfony before versions 5.0.5 and 4.4.5, some properties of the Exception were not properly escaped when the `ErrorHandler` rendered it stacktrace.

5.5
2020-03-30 CVE-2020-5551 Toyota Incorrect Default Permissions vulnerability in Toyota Display Control Unit

Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command.

5.4
2020-04-02 CVE-2020-9067 Huawei Classic Buffer Overflow vulnerability in Huawei products

There is a buffer overflow vulnerability in some Huawei products.

5.2
2020-04-01 CVE-2020-8144 UI Path Traversal vulnerability in UI Unifi Video

The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update functionality, under certain circumstances, does not validate firmware download destinations to ensure they are within the intended destination directory tree.

5.2
2020-04-05 CVE-2020-11547 Paessler Information Exposure vulnerability in Paessler Prtg Network Monitor

PRTG Network Monitor before 20.1.57.1745 allows remote unauthenticated attackers to obtain information about probes running or the server itself (CPU usage, memory, Windows version, and internal statistics) via an HTTP request, as demonstrated by type=probes to login.htm or index.htm.

5.0
2020-04-04 CVE-2020-11528 Bit2Spr Project Out-Of-Bounds Write vulnerability in Bit2Spr Project Bit2Spr 19920607

bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file.

5.0
2020-04-04 CVE-2020-11527 Zohocorp Information Exposure vulnerability in Zohocorp Manageengine Opmanager

In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files.

5.0
2020-04-04 CVE-2020-5347 Dell Resource Exhaustion vulnerability in Dell EMC Isilon Onefs

Dell EMC Isilon OneFS versions 8.2.2 and earlier contain a denial of service vulnerability.

5.0
2020-04-03 CVE-2020-7008 Visam Path Traversal vulnerability in Visam Vbase Editor and Vbase Web-Remote

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL that is not properly verified before use, which may allow an attacker to read arbitrary files from local resources.

5.0
2020-04-03 CVE-2020-7000 Visam Insecure Storage of Sensitive Information vulnerability in Visam Vbase Editor and Vbase Web-Remote

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacker to discover the cryptographic key from the web server and gain information about the login and the encryption/decryption mechanism, which may be exploited to bypass authentication of the HTML5 HMI web interface.

5.0
2020-04-03 CVE-2020-10960 Mediawiki Improper Encoding OR Escaping of Output vulnerability in Mediawiki

In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page.

5.0
2020-04-03 CVE-2019-17230 Mageewp Unspecified vulnerability in Mageewp Onetone 3.0.6

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes.

5.0
2020-04-03 CVE-2020-11500 Zoom USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Zoom Meetings 4.6.8

Zoom Client for Meetings through 4.6.9 uses the ECB mode of AES for video and audio encryption.

5.0
2020-04-03 CVE-2019-18904 Opensuse
Suse
Resource Exhaustion vulnerability in Opensuse Rmt-Server 2.5.23.26.1/2.5.23.9.1/2.5.2Lp151.2.9.1

A Uncontrolled Resource Consumption vulnerability in rmt of SUSE Linux Enterprise High Performance Computing 15-ESPOS, SUSE Linux Enterprise High Performance Computing 15-LTSS, SUSE Linux Enterprise Module for Public Cloud 15-SP1, SUSE Linux Enterprise Module for Server Applications 15, SUSE Linux Enterprise Module for Server Applications 15-SP1, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1 allows remote attackers to cause DoS against rmt by requesting migrations.

5.0
2020-04-02 CVE-2020-11453 Microstrategy Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web 10.4

** DISPUTED ** Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/.

5.0
2020-04-02 CVE-2020-9349 Cacagoo Missing Authorization vulnerability in Cacagoo Tv-288Zd-2Mp Firmware 3.4.2.0919

The CACAGOO Cloud Storage Intelligent Camera TV-288ZD-2MP with firmware 3.4.2.0919 allows access to the RTSP service without a password.

5.0
2020-04-02 CVE-2020-11450 Microstrategy Information Exposure vulnerability in Microstrategy web 10.1/10.4/7

Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp.

5.0
2020-04-01 CVE-2020-11463 Deskpro Improper Privilege Management vulnerability in Deskpro

An issue was discovered in Deskpro before 2019.8.0.

5.0
2020-04-01 CVE-2020-1934 Apache USE of Uninitialized Resource vulnerability in Apache Http Server

In Apache HTTP Server 2.4.0 to 2.4.41, mod_proxy_ftp may use uninitialized memory when proxying to a malicious FTP server.

5.0
2020-04-01 CVE-2020-9781 Apple Improper Preservation of Permissions vulnerability in Apple Ipados and Iphone OS

The issue was addressed by clearing website permission prompts after navigation.

5.0
2020-04-01 CVE-2020-9777 Apple Improper Input Validation vulnerability in Apple Ipados and Iphone OS

An issue existed in the selection of video file by Mail.

5.0
2020-04-01 CVE-2020-9775 Apple Improper Initialization vulnerability in Apple Ipados and Iphone OS

An issue existed in the handling of tabs displaying picture in picture video.

5.0
2020-04-01 CVE-2020-3916 Apple Information Exposure vulnerability in Apple Ipados and Iphone OS

An access issue was addressed with additional sandbox restrictions.

5.0
2020-04-01 CVE-2020-3890 Apple Exposure of Resource TO Wrong Sphere vulnerability in Apple Ipad OS and Iphone OS

The issue was addressed with improved deletion.

5.0
2020-04-01 CVE-2020-10868 Avast Incorrect Permission Assignment for Critical Resource vulnerability in Avast Antivirus

An issue was discovered in Avast Antivirus before 20.

5.0
2020-04-01 CVE-2020-10866 Avast Inadequate Encryption Strength vulnerability in Avast Antivirus

An issue was discovered in Avast Antivirus before 20.

5.0
2020-04-01 CVE-2020-10865 Avast Inclusion of Functionality From Untrusted Control Sphere vulnerability in Avast Antivirus

An issue was discovered in Avast Antivirus before 20.

5.0
2020-04-01 CVE-2020-10864 Avast Improper Input Validation vulnerability in Avast Antivirus

An issue was discovered in Avast Antivirus before 20.

5.0
2020-04-01 CVE-2020-10863 Avast Improper Input Validation vulnerability in Avast Antivirus

An issue was discovered in Avast Antivirus before 20.

5.0
2020-04-01 CVE-2020-10860 Avast Out-Of-Bounds Write vulnerability in Avast Antivirus

An issue was discovered in Avast Antivirus before 20.

5.0
2020-04-01 CVE-2019-3945 Parrot Unspecified vulnerability in Parrot Anafi Firmware

Web server running on Parrot ANAFI can be crashed due to the SDK command "Common_CurrentDateTime" being sent to control service with larger than expected date length.

5.0
2020-04-01 CVE-2019-3942 Advantech Insufficiently Protected Credentials vulnerability in Advantech Webaccess 8.3.4

Advantech WebAccess 8.3.4 does not properly restrict an RPC call that allows unauthenticated, remote users to read files.

5.0
2020-04-01 CVE-2020-11455 Limesurvey Path Traversal vulnerability in Limesurvey

LimeSurvey before 4.1.12+200324 contains a path traversal vulnerability in application/controllers/admin/LimeSurveyFileManager.php.

5.0
2020-04-01 CVE-2020-11449 Technicolor Insufficiently Protected Credentials vulnerability in Technicolor Tc7337 Firmware 8.89.17

An issue was discovered on Technicolor TC7337 8.89.17 devices.

5.0
2020-04-01 CVE-2020-10231 TP Link Null Pointer Dereference vulnerability in Tp-Link products

TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Build_180105, NC230 through 1.3.0_Build_171205, NC250 through 1.3.0_Build_171205, NC260 through 1.5.1_Build_190805, and NC450 through 1.5.0_Build_181022 devices allow a remote NULL Pointer Dereference.

5.0
2020-04-01 CVE-2020-11445 TP Link Improper Authentication vulnerability in Tp-Link products

TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855.

5.0
2020-03-31 CVE-2020-4239 IBM Information Exposure vulnerability in IBM Tivoli Netcool/Impact

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

5.0
2020-03-31 CVE-2020-11414 Telerik Path Traversal vulnerability in Telerik UI FOR Silverlight

An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330.

5.0
2020-03-30 CVE-2020-5284 Zeit Path Traversal vulnerability in Zeit Next.Js

Next.js versions before 9.3.2 have a directory traversal vulnerability.

5.0
2020-03-30 CVE-2020-11104 USC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in USC Cereal

An issue was discovered in USC iLab cereal through 1.3.0.

5.0
2020-03-30 CVE-2020-5726 Grandstream SQL Injection vulnerability in Grandstream products

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888.

5.0
2020-03-30 CVE-2020-5724 Grandstream SQL Injection vulnerability in Grandstream products

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint.

5.0
2020-03-30 CVE-2020-5723 Grandstream Cleartext Storage of Sensitive Information vulnerability in Grandstream products

The UCM6200 series 1.0.20.22 and below stores unencrypted user passwords in an SQLite database.

5.0
2020-03-30 CVE-2019-17561 Apache Improper Input Validation vulnerability in Apache Netbeans

The "Apache NetBeans" autoupdate system does not fully validate code signatures.

5.0
2020-03-30 CVE-2020-8509 Zohocorp Information Exposure vulnerability in Zohocorp Manageengine Desktop Central

Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure.

5.0
2020-03-30 CVE-2020-5527 Mitsubishielectric Resource Exhaustion vulnerability in Mitsubishielectric products

When MELSOFT transmission port (UDP/IP) of Mitsubishi Electric MELSEC iQ-R series (all versions), MELSEC iQ-F series (all versions), MELSEC Q series (all versions), MELSEC L series (all versions), and MELSEC F series (all versions) receives massive amount of data via unspecified vectors, resource consumption occurs and the port does not process the data properly.

5.0
2020-04-03 CVE-2020-10689 Eclipse Missing Authorization vulnerability in Eclipse CHE

A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access to workspace pods.

4.9
2020-04-03 CVE-2020-8142 Revive Adserver Incorrect Authorization vulnerability in Revive-Adserver Revive Adserver

A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 by HackerOne user hoangn144.

4.6
2020-04-03 CVE-2020-10601 Visam Inadequate Encryption Strength vulnerability in Visam Vbase Editor and Vbase Web-Remote

VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and insecure permissions which may allow a local attacker to bypass the password-protected mechanism through brute-force attacks, cracking techniques, or overwriting the password hash.

4.6
2020-04-01 CVE-2020-10862 Avast Improper Privilege Management vulnerability in Avast Antivirus

An issue was discovered in Avast Antivirus before 20.

4.6
2020-04-01 CVE-2020-7263 Mcafee Incorrect Permission Assignment FOR Critical Resource vulnerability in Mcafee Endpoint Security

Improper access control vulnerability in ESconfigTool.exe in McAfee Endpoint Security (ENS) for Windows all current versions allows local administrator to alter ENS configuration up to and including disabling all protection offered by ENS via insecurely implemented encryption of configuration for export and import.

4.6
2020-03-31 CVE-2020-1712 Freedesktop
Redhat
USE After Free vulnerability in multiple products

A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages.

4.6
2020-03-31 CVE-2019-14905 Redhat
Fedoraproject
Externally Controlled Reference TO A Resource in Another Sphere vulnerability in multiple products

A vulnerability was found in Ansible Engine versions 2.9.x before 2.9.3, 2.8.x before 2.8.8, 2.7.x before 2.7.16 and earlier, where in Ansible's nxos_file_copy module can be used to copy files to a flash or bootflash on NXOS devices.

4.6
2020-04-02 CVE-2019-19348 Redhat Improper Privilege Management vulnerability in Redhat Openshift

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/apb-base, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4.

4.4
2020-04-02 CVE-2019-19346 Redhat Improper Privilege Management vulnerability in Redhat Openshift

An insecure modification vulnerability in the /etc/passwd file was found in the container openshift/mariadb-apb, affecting versions before the following 4.3.5, 4.2.21, 4.1.37, and 3.11.188-4 .

4.4
2020-04-02 CVE-2020-8016 Opensuse Race Condition vulnerability in Opensuse Texlive-Filesystem 2013.7416.5.1/2017.1359.5.1

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges.

4.4
2020-04-03 CVE-2019-17231 Mageewp Cross-Site Scripting vulnerability in Mageewp Onetone 3.0.6

includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues.

4.3
2020-04-03 CVE-2019-18905 Opensuse
Suse
Insufficient Verification of Data Authenticity vulnerability in Opensuse Autoyast2 4.0.703.20.1/4.1.93.9.1

A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images.

4.3
2020-04-02 CVE-2020-11499 Firmware Analysis AND Comparison Tool Project Cross-Site Scripting vulnerability in Firmware Analysis and Comparison Tool Project Firmware Analysis and Comparison Tool 3.0

Firmware Analysis and Comparison Tool (FACT) 3 has Stored XSS when updating analysis details via a localhost web request, as demonstrated by mishandling of the tags and version fields in helperFunctions/mongo_task_conversion.py.

4.3
2020-04-02 CVE-2019-19097 ABB Inadequate Encryption Strength vulnerability in ABB Esoms

ABB eSOMS versions 4.0 to 6.0.3 accept connections using medium strength ciphers.

4.3
2020-04-02 CVE-2019-19089 ABB Code Injection vulnerability in ABB Esoms

For ABB eSOMS versions 4.0 to 6.0.3, the X-Content-Type-Options Header is missing in the HTTP response, potentially causing the response body to be interpreted and displayed as different content type other than declared.

4.3
2020-04-02 CVE-2019-19003 ABB Cross-Site Scripting vulnerability in ABB Esoms 4.0/6.0/6.0.2

For ABB eSOMS versions 4.0 to 6.0.2, the HTTPOnly flag is not set.

4.3
2020-04-02 CVE-2019-19001 ABB Improper Restriction of Rendered UI Layers OR Frames vulnerability in ABB Esoms 4.0/6.0/6.0.2

For ABB eSOMS versions 4.0 to 6.0.2, the X-Frame-Options header is not configured in HTTP response.

4.3
2020-04-02 CVE-2019-20635 Intland Unsafe Reflection vulnerability in Intland Codebeamer

codeBeamer before 9.5.0-RC3 does not properly restrict the ability to execute custom Java code and access the Java class loader via computed fields.

4.3
2020-04-02 CVE-2020-4304 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting.

4.3
2020-04-02 CVE-2020-4303 IBM Cross-Site Scripting vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server - Liberty 17.0.0.3 through 20.0.0.3 is vulnerable to cross-site scripting.

4.3
2020-04-01 CVE-2020-8966 Tiki Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware

There is an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in php webpages of Tiki-Wiki Groupware.

4.3
2020-04-01 CVE-2020-5290 Ctfd Session Fixation vulnerability in Ctfd Rctf

In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint.

4.3
2020-04-01 CVE-2020-1949 Apache Cross-Site Scripting vulnerability in Apache Sling CMS

Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attacks.

4.3
2020-04-01 CVE-2020-1943 Apache Cross-Site Scripting vulnerability in Apache Ofbiz

Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07.

4.3
2020-04-01 CVE-2020-9784 Apple Unspecified vulnerability in Apple Safari

A logic issue was addressed with improved restrictions.

4.3
2020-04-01 CVE-2020-9776 Apple Information Exposure vulnerability in Apple mac OS X

This issue was addressed with a new entitlement.

4.3
2020-04-01 CVE-2020-9773 Apple Information Exposure vulnerability in Apple products

The issue was addressed with improved handling of icon caches.

4.3
2020-04-01 CVE-2020-3914 Apple Memory Leak vulnerability in Apple products

A memory initialization issue was addressed with improved memory handling.

4.3
2020-04-01 CVE-2020-3902 Apple Cross-Site Scripting vulnerability in Apple products

An input validation issue was addressed with improved input validation.

4.3
2020-04-01 CVE-2020-3888 Apple Unspecified vulnerability in Apple Ipad OS and Iphone OS

A logic issue was addressed with improved restrictions.

4.3
2020-04-01 CVE-2020-3887 Apple Unspecified vulnerability in Apple products

A logic issue was addressed with improved restrictions.

4.3
2020-04-01 CVE-2020-3885 Apple Always-Incorrect Control Flow Implementation vulnerability in Apple products

A logic issue was addressed with improved restrictions.

4.3
2020-04-01 CVE-2020-3884 Apple Injection vulnerability in Apple mac OS X

An injection issue was addressed with improved validation.

4.3
2020-04-01 CVE-2020-11456 Limesurvey Cross-Site Scripting vulnerability in Limesurvey

LimeSurvey before 4.1.12+200324 has stored XSS in application/views/admin/surveysgroups/surveySettings.php and application/models/SurveysGroups.php (aka survey groups).

4.3
2020-04-01 CVE-2020-6753 Auth0 Cross-Site Scripting vulnerability in Auth0 Login BY Auth0

The Login by Auth0 plugin before 4.0.0 for WordPress allows stored XSS on multiple pages, a different issue than CVE-2020-5392.

4.3
2020-04-01 CVE-2020-5392 Auth0 Cross-Site Scripting vulnerability in Auth0 Wp-Auth0

A stored cross-site scripting (XSS) vulnerability exists in the Auth0 plugin before 4.0.0 for WordPress via the settings page.

4.3
2020-04-01 CVE-2020-7066 PHP Unspecified vulnerability in PHP

In PHP versions 7.2.x below 7.2.29, 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using get_headers() with user-supplied URL, if the URL contains zero (\0) character, the URL will be silently truncated at it.

4.3
2020-03-31 CVE-2020-11441 Phpmyadmin Injection vulnerability in PHPmyadmin 5.0.2

** DISPUTED ** phpMyAdmin 5.0.2 allows CRLF injection, as demonstrated by %0D%0Astring%0D%0A inputs to login form fields causing CRLF sequences to be reflected on an error page.

4.3
2020-03-30 CVE-2020-11106 Tecrail Cross-Site Scripting vulnerability in Tecrail Responsive Filemanager

An issue was discovered in Responsive Filemanager through 9.14.0.

4.3
2020-03-30 CVE-2019-20634 Proofpoint Improper Input Validation vulnerability in Proofpoint Email Protection 20190908

An issue was discovered in Proofpoint Email Protection through 2019-09-08.

4.3
2020-03-30 CVE-2020-5725 Grandstream SQL Injection vulnerability in Grandstream products

The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint.

4.3
2020-03-30 CVE-2020-10560 Opensource Socialnetwork USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Opensource-Socialnetwork Open Source Social Network

An issue was discovered in Open Source Social Network (OSSN) through 5.3.

4.3
2020-04-02 CVE-2019-19091 ABB Information Exposure vulnerability in ABB Esoms

For ABB eSOMS versions 4.0 to 6.0.3, HTTPS responses contain comments with sensitive information about the application.

4.0
2020-04-02 CVE-2020-11452 Microstrategy Server-Side Request Forgery (SSRF) vulnerability in Microstrategy web 10.1/10.4/7

Microstrategy Web 10.4 includes functionality to allow users to import files or data from external resources such as URLs or databases.

4.0
2020-04-02 CVE-2020-4325 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM products

The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems.

4.0
2020-04-02 CVE-2020-11491 Zevenet Path Traversal vulnerability in Zevenet ZEN Load Balancer 3.10.1

Monitoring::Logs in Zen Load Balancer 3.10.1 allows remote authenticated admins to conduct absolute path traversal attacks, as demonstrated by a filelog=/etc/shadow request to index.cgi.

4.0
2020-04-02 CVE-2020-11458 Misp Information Exposure vulnerability in Misp

app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP.

4.0
2020-04-01 CVE-2020-8145 UI Improper Privilege Management vulnerability in UI Unifi Video

The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” and “wizard” endpoints does not implement sufficient privilege checks.

4.0
2020-04-01 CVE-2018-11802 Apache Incorrect Authorization vulnerability in Apache Solr

In Apache Solr, the cluster can be partitioned into multiple collections and only a subset of nodes actually host any given collection.

4.0
2020-04-01 CVE-2020-11466 Deskpro Information Exposure vulnerability in Deskpro

An issue was discovered in Deskpro before 2019.8.0.

4.0
2020-04-01 CVE-2020-11464 Deskpro Information Exposure vulnerability in Deskpro

An issue was discovered in Deskpro before 2019.8.0.

4.0
2020-04-01 CVE-2019-11254 Kubernetes Resource Exhaustion vulnerability in Kubernetes

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

4.0
2020-04-01 CVE-2020-9770 Apple Inadequate Encryption Strength vulnerability in Apple Ipados and Iphone OS

A logic issue was addressed with improved state management.

4.0
2020-03-31 CVE-2020-4236 IBM Improper Input Validation vulnerability in IBM Tivoli Netcool/Impact

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module.

4.0
2020-03-30 CVE-2020-5289 Elide Files OR Directories Accessible TO External Parties vulnerability in Elide

In Elide before 4.5.14, it is possible for an adversary to "guess and check" the value of a model field they do not have access to assuming they can read at least one other field in the model.

4.0
2020-03-30 CVE-2020-5255 Sensiolabs Improper Input Validation vulnerability in Sensiolabs Symfony

In Symfony before versions 4.4.7 and 5.0.7, when a `Response` does not contain a `Content-Type` header, affected versions of Symfony can fallback to the format defined in the `Accept` header of the request, leading to a possible mismatch between the response&#39;s content and `Content-Type` header.

4.0

30 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-02 CVE-2019-19096 ABB Insufficiently Protected Credentials vulnerability in ABB Esoms 6.0/6.0.2

The Redis data structure component used in ABB eSOMS versions 6.0 to 6.0.2 stores credentials in clear text.

3.6
2020-04-01 CVE-2020-10598 BD Information Exposure vulnerability in BD products

In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted desktop environment escape vulnerability exists in the kiosk mode functionality of affected devices.

3.6
2020-04-02 CVE-2019-19095 ABB Cross-Site Scripting vulnerability in ABB Esoms 4.0/6.0/6.0.2

Lack of adequate input/output validation for ABB eSOMS versions 4.0 to 6.0.2 might allow an attacker to attack such as stored cross-site scripting by storing malicious content in the database.

3.5
2020-04-02 CVE-2019-19092 ABB Missing Authentication FOR Critical Function vulnerability in ABB Esoms

ABB eSOMS versions 4.0 to 6.0.3 use ASP.NET Viewstate without Message Authentication Code (MAC).

3.5
2020-04-02 CVE-2019-19090 ABB Missing Encryption of Sensitive Data vulnerability in ABB Esoms 4.0/6.0/6.0.2

For ABB eSOMS versions 4.0 to 6.0.2, the Secure Flag is not set in the HTTP response header.

3.5
2020-04-02 CVE-2019-19002 ABB Cross-Site Scripting vulnerability in ABB Esoms 4.0/6.0/6.0.2

For ABB eSOMS versions 4.0 to 6.0.2, the X-XSS-Protection HTTP response header is not set in responses from the web server.

3.5
2020-04-02 CVE-2020-11454 Microstrategy Cross-Site Scripting vulnerability in Microstrategy web 10.4

Microstrategy Web 10.4 is vulnerable to Stored XSS in the HTML Container and Insert Text features in the window, allowing for the creation of a new dashboard.

3.5
2020-04-01 CVE-2020-1958 Apache Information Exposure vulnerability in Apache Druid 0.17.0

When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid.

3.5
2020-04-01 CVE-2020-10203 Sonatype Cross-Site Scripting vulnerability in Sonatype Nexus

Sonatype Nexus Repository before 3.21.2 allows XSS.

3.5
2020-04-01 CVE-2020-11457 Netgate Cross-Site Scripting vulnerability in Netgate Pfsense

pfSense before 2.4.5 has stored XSS in system_usermanager_addprivs.php in the WebGUI via the descr parameter (aka full name) of a user.

3.5
2020-03-31 CVE-2019-13495 Zyxel Cross-Site Scripting vulnerability in Zyxel Xgs2210-52Hp Firmware 4.50

In firmware version 4.50 of Zyxel XGS2210-52HP, multiple stored cross-site scripting (XSS) issues allows remote authenticated users to inject arbitrary web script via an rpSys.html Name or Location field.

3.5
2020-03-31 CVE-2019-10180 Dogtagpki
Redhat
Cross-Site Scripting vulnerability in multiple products

A vulnerability was found in all pki-core 10.x.x version, where the Token Processing Service (TPS) did not properly sanitize several parameters stored for the tokens, possibly resulting in a Stored Cross Site Scripting (XSS) vulnerability.

3.5
2020-03-31 CVE-2020-4235 IBM Cross-Site Scripting vulnerability in IBM Tivoli Netcool/Impact

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 is vulnerable to cross-site scripting.

3.5
2020-03-30 CVE-2020-9055 Versiant Cross-Site Scripting vulnerability in Versiant Lynx Customer Service Portal 3.5.2

Versiant LYNX Customer Service Portal (CSP), version 3.5.2, is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to insert malicious JavaScript that is stored and displayed to the end user.

3.5
2020-03-30 CVE-2019-9509 Vertiv Cross-Site Scripting vulnerability in Vertiv Avocent Umg-4000 Firmware 4.2.1.19

The web interface of the Vertiv Avocent UMG-4000 version 4.2.1.19 is vulnerable to reflected XSS in an HTTP POST parameter.

3.5
2020-03-30 CVE-2019-19913 Intland Cross-Site Scripting vulnerability in Intland Codebeamer Application Lifecycle Management

In Intland codeBeamer ALM 9.5 and earlier, there is stored XSS via the Trackers Title parameter.

3.5
2020-03-30 CVE-2019-19912 Intland Cross-Site Scripting vulnerability in Intland Codebeamer Application Lifecycle Management

In Intland codeBeamer ALM 9.5 and earlier, a cross-site scripting (XSS) vulnerability in the Upload Flash File feature allows authenticated remote attackers to inject arbitrary scripts via an active script embedded in an SWF file.

3.5
2020-04-02 CVE-2020-8017 Opensuse Race Condition vulnerability in Opensuse Texlive-Filesystem 2013.7416.5.1/2017.1359.5.1

A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1.

3.3
2020-03-30 CVE-2020-7599 Gradle Information Exposure Through LOG Files vulnerability in Gradle Plugin Publishing

All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Information into Log File.

3.3
2020-04-01 CVE-2020-1954 Apache
Oracle
Information Exposure vulnerability in multiple products

Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus.

2.9
2020-04-01 CVE-2020-3894 Apple Race Condition vulnerability in Apple products

A race condition was addressed with additional validation.

2.6
2020-04-04 CVE-2020-11533 Ivanti Information Exposure vulnerability in Ivanti Workspace Control

Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material).

2.1
2020-04-03 CVE-2020-5283 Viewvc Cross-Site Scripting vulnerability in Viewvc

ViewVC before versions 1.1.28 and 1.2.1 has a XSS vulnerability in CVS show_subdir_lastmod support.

2.1
2020-04-02 CVE-2020-11494 Linux
Opensuse
Information Exposure vulnerability in multiple products

An issue was discovered in slc_bump in drivers/net/can/slcan.c in the Linux kernel 3.16 through 5.6.2.

2.1
2020-04-01 CVE-2020-11470 Zoom Missing Authorization vulnerability in Zoom Meetings 4.6.8

Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access.

2.1
2020-04-01 CVE-2020-9780 Apple Information Exposure vulnerability in Apple Ipados and Iphone OS

The issue was resolved by clearing application previews when content is deleted.

2.1
2020-04-01 CVE-2020-3917 Apple Exposure of Resource TO Wrong Sphere vulnerability in Apple products

This issue was addressed with a new entitlement.

2.1
2020-04-01 CVE-2020-3891 Apple Missing Authorization vulnerability in Apple Ipad OS and Iphone OS

A logic issue was addressed with improved state management.

2.1
2020-04-01 CVE-2020-3889 Apple Information Exposure vulnerability in Apple mac OS X

A logic issue was addressed with improved state management.

2.1
2020-04-01 CVE-2020-3881 Apple Information Exposure vulnerability in Apple mac OS X

A logic issue was addressed with improved state management.

2.1