Weekly Vulnerabilities Reports > April 6 to 12, 2020

The S.

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.jelly.impl.Embedded (aka commons-jelly).

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port 37777.

snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept.

An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software.

This issue occurs on Juniper Networks Junos OS devices which do not support Advanced Forwarding Interface (AFI) / Advanced Forwarding Toolkit (AFT).

An issue was discovered on Samsung mobile devices with N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software.

NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software.

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with N(7.0) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (AP + CP MDM9x35, or Qualcomm Onechip) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software.

An issue was discovered in ProVide (formerly zFTPServer) through 13.1.

In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash.

Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability.

An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-05-13.

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP.

An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825.

An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin account.

In SQLite through 3.31.1, the ALTER TABLE implementation has a use-after-free, as demonstrated by an ORDER BY clause that belongs to a compound SELECT statement.

An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2.

When an attacker sends a specific crafted Ethernet Operation, Administration, and Maintenance (Ethernet OAM) packet to a target device, it may improperly handle the incoming malformed data and fail to sanitize this incoming data resulting in an overflow condition.

GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software.

An issue was discovered on Samsung mobile devices with N(7.0), O(8.0) (exynos7420 or Exynos 8890/8996 chipsets) software.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) software.

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software.

An issue was discovered on Samsung mobile devices with N(7.x) software.

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software.

An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) (Qualcomm chipsets) software.

An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), and N(7.x) software.

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2.

Honeywell Notifier Web Server (NWS) Version 3.50 is vulnerable to a path traversal attack, which allows an attacker to bypass access to restricted directories.

The ZlibDecoders in Netty 4.1.x before 4.1.46 allow for unbounded memory allocation while decoding a ZlibEncoded byte stream.

perl-Convert-ASN1 (aka the Convert::ASN1 module for Perl) through 0.27 allows remote attackers to cause an infinite loop via unexpected input.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos8890 chipsets) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software.

npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software.

An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK).

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets).

An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets).

An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt.

This affects the package io.jooby:jooby-netty before 1.6.9, from 2.0.0 and before 2.2.1.

adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function.

compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument.

heroku-addonpool through 0.1.15 is vulnerable to Command Injection.

apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument.

node-mpv through 1.4.3 is vulnerable to Command Injection.

diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument.

QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe.

An incorrect privilege assignment vulnerability when writing application-specific files in the Palo Alto Networks Global Protect Agent for Linux on ARM platform allows a local authenticated user to gain root privileges on the system.

An unquoted search path vulnerability in the Windows release of Global Protect Agent allows an authenticated local user with file creation privileges on the root of the OS disk (C:\) or to Program Files directory to gain system privileges.

Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable.

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4.

An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10.

An issue was discovered on Samsung mobile devices with N(7.x), O(8.0) devices (MSM8998 or SDM845 chipsets) software.

Privilege escalation vulnerability in MicroK8s allows a low privilege user with local access to obtain root access to the host by provisioning a privileged container.

GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software.

On Juniper Networks EX and QFX Series, an authentication bypass vulnerability may allow a user connected to the console port to login as root without any password.

An Untrusted Search Path vulnerability in Malwarebytes AdwCleaner 8.0.3 could cause arbitrary code execution with SYSTEM privileges when a malicious DLL library is loaded.

An issue was discovered in ProVide (formerly zFTPServer) through 13.1.

An issue was discovered in ProVide (formerly zFTPServer) through 13.1.

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions.

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28.

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software.

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software.

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software.

An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.x) software.

Amcrest cameras and NVR are vulnerable to a null pointer dereference over port 37777.

Cross-site request forgery (CSRF) vulnerability in EasyBlocks IPv6 Ver.

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2.

An improper authorization vulnerability in FortiADC may allow a remote authenticated user with low privileges to perform certain actions such as rebooting the system.

An issue was discovered in xdLocalStorage through 2.0.5.

An issue was discovered on Samsung mobile devices with M(6,x) and N(7.0) software.

clamscan through 1.2.0 is vulnerable to Command Injection.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (MSM8939, MSM8996, MSM8998, Exynos7580, Exynos8890, or Exynos8895 chipsets) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) software.

hw/net/tulip.c in QEMU 4.2.0 has a buffer overflow during the copying of tx/rx buffers because the frame size is not validated against the r/w data length.

UR+ (Universal Robots+) is a platform of hardware and software component sellers, for Universal Robots robots.

In the Linux kernel before 5.4.12, drivers/input/input.c has out-of-bounds writes via a crafted keycode table, as demonstrated by input_set_keycode, aka CID-cb222aed03d7.

An issue was discovered in ProVide (formerly zFTPServer) through 13.1.

D-Link DSL-GS225 J1 AU_1.0.4 devices allow an admin to execute OS commands by placing shell metacharacters after a supported CLI command, as demonstrated by ping -c1 127.0.0.1; cat/etc/passwd.

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional is vulnerable to a privilege escalation vulnerability when using token-based authentication in an admin request over the SOAP connector.

KVM in the Linux kernel on Power8 processors has a conflicting use of HSTATE_HOST_R1 to store r1 state in kvmppc_hv_entry plus in kvmppc_{save,restore}_tm, leading to a stack corruption.

X.509 certificates generated by the MongoDB Enterprise Kubernetes Operator may allow an attacker with access to the Kubernetes cluster improper access to MongoDB instances.

Some Dahua products have buffer overflow vulnerabilities.

WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.

As of v1.5.0, the default admin password is set to the argocd-server pod name.

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2.

GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credentials.

In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen.

An issue was discovered on Samsung mobile devices with N(7.x) software.

Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

An issue was discovered in Project Worlds Official Car Rental System 1.

The ASG and ProxySG management consoles are susceptible to a session hijacking vulnerability.

An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions prior to 3.0.2) control.

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (incorporating TEEGRIS) software.

An issue was discovered on Samsung mobile devices with N(7.x) software.

MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in.

HCL AppScan Standard is vulnerable to XML External Entity Injection (XXE) attack when processing XML data

An issue was discovered on Samsung mobile devices with KK(4.4.x), L(5.x), M(6.x), and N(7.x) software.

An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets).

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.

The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint.

Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.

An issue was discovered in the Linux kernel through 5.6.2.

An issue was discovered on Samsung mobile devices with KK(4.4) and later software through 2015-06-16.

A vulnerability in Juniper Networks SRX Series device configured as a Junos OS Enforcer device may allow a user to access network resources that are not permitted by a UAC policy.

Session fixation vulnerability in EasyBlocks IPv6 Ver.

An issue was discovered in xdLocalStorage through 2.0.5.

An issue was discovered in xdLocalStorage through 2.0.5.

An issue was discovered in xdLocalStorage through 2.0.5.

An issue was discovered on Samsung mobile devices with M(6.0) software.

CB3 SW Version 3.3 and upwards, e-series SW Version 5.0 and upwards allow authenticated access to the RTDE (Real-Time Data Exchange) interface on port 30004 which allows setting registers, the speed slider fraction as well as digital and analog Outputs.

In the Linux kernel before 5.6.1, drivers/media/usb/gspca/xirlink_cit.c (aka the Xirlink camera USB driver) mishandles invalid descriptors, aka CID-a246b4d54770.

The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information.

GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow any authenticated user to spoof the configuration owner of any other user which disclose sensitive information or allow for unauthorized access.

Multiple form validation endpoints in Jenkins useMango Runner Plugin 1.4 and earlier do not escape values received from the useMango service, resulting in a cross-site scripting (XSS) vulnerability exploitable by users able to control the values returned from the useMango service.

Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.

Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses.

sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution.

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.

confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.

class-transformer before 0.3.1 allow attackers to perform Prototype Pollution.

An issue was discovered in OpenResty before 1.15.8.4.

wolfSSL 4.3.0 has mulmod code in wc_ecc_mulmod_ex in ecc.c that does not properly resist timing side-channel attacks.

cpp-httplib through 0.5.8 does not filter \r\n in parameters passed into the set_redirect and set_header functions, which creates possibilities for CRLF injection and HTTP response splitting in some specific contexts.

An issue was discovered in ProVide (formerly zFTPServer) through 13.1.

In JetBrains PyCharm 2019.2.5 and 2019.3 on Windows, Apple Notarization Service credentials were included.

WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input.

There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28.

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28.

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28.

SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled.

An issue was discovered in iXsystems FreeNAS (and TrueNAS) 11.2 before 11.2-u8 and 11.3 before 11.3-U1.

An issue was discovered in Varnish Cache before 6.0.5 LTS, 6.1.x and 6.2.x before 6.2.2, and 6.3.x before 6.3.1.

As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, account lockouts, or other anti-bruteforce measures.

As of v1.5.0, the Argo web interface authentication system issued immutable tokens.

The FPC (Flexible PIC Concentrator) of Juniper Networks Junos OS and Junos OS Evolved may restart after processing a specific IPv4 packet.

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs.

A vulnerability in Juniper Networks Junos OS on vMX and MX150 devices may allow an attacker to cause a Denial of Service (DoS) by sending specific packets requiring special processing in microcode that the flow cache can't handle, causing the riot forwarding daemon to crash.

A vulnerability in Juniper Networks Junos OS Evolved may allow an attacker to cause a Denial of Service (DoS) by sending a high rate of specific packets to the device, resulting in a pfemand process crash.

Due to insufficient server-side login attempt limit enforcement, a vulnerability in the SSH login service of Juniper Networks Juniper Advanced Threat Prevention (JATP) Series and Virtual JATP (vJATP) devices allows an unauthenticated, remote attacker to perform multiple login attempts in excess of the configured login attempt limit.

A vulnerability in the BGP FlowSpec implementation may cause a Juniper Networks Junos OS device to terminate an established BGP session upon receiving a specific BGP FlowSpec advertisement.

GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API.

GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget.

Fixed in v1.5.1, Argo version v1.5.0 was vulnerable to a user-enumeration vulnerability which allowed attackers to determine the usernames of valid (non-SSO) accounts because /api/v1/session returned 401 for an existing username and 404 otherwise.

An issue was discovered on Samsung mobile devices with L(5.x), M(6.0), N(7.x), and O(8.0) software.

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) software.

An issue was discovered on Samsung mobile devices with N(7.x) (MediaTek chipsets) software.

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software.

An issue was discovered on Samsung mobile devices with O(8.x) software.

An issue was discovered on Samsung mobile devices with O(8.x) software.

An issue was discovered on Samsung mobile devices with N(7.0) software.

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software.

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software.

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.0) (Exynos or Qualcomm chipsets) software.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI.

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software.

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2.

LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CVE-2020-9423 and CVE-2020-10365.

An Uncontrolled Resource Consumption vulnerability in Fortinet FortiSwitch below 3.6.11, 6.0.6 and 6.2.2, FortiAnalyzer below 6.2.3, FortiManager below 6.2.3 and FortiAP-S/W2 below 6.2.2 may allow an attacker to cause admin webUI denial of service (DoS) via handling special crafted HTTP requests/responses in pieces slowly, as demonstrated by Slow HTTP DoS Attacks.

HCL AppScan Standard is vulnerable to excessive authorization attempts

An issue was discovered on Samsung mobile devices with L(5.1), M(6.0), and N(7.0) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software.

An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm chipsets) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) (Exynos7420 or Exynox8890 chipsets) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software.

An issue was discovered on Samsung mobile devices with N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software.

An issue was discovered on Samsung mobile devices with N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0, 7.1) software.

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software.

An issue was discovered on Samsung mobile devices with N(7.x) software.

An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets).

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software.

An issue was discovered on Samsung mobile devices with JBP(4.3), KK(4.4), and L(5.0/5.1) software.

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) software.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401.

A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801.

STMicroelectronics STM32F1 devices have Incorrect Access Control.

Universal Robots control box CB 3.1 across firmware versions (tested on 1.12.1, 1.12, 1.11 and 1.10) does not encrypt or protect in any way the intellectual property artifacts installed from the UR+ platform of hardware and software components (URCaps).

Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login.

An issue was discovered in the stv06xx subsystem in the Linux kernel before 5.6.1.

An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software.

An issue was discovered in the Linux kernel before 5.6.1.

An issue was discovered on Samsung mobile devices with software through 2016-05-27 (Exynos AP chipsets).

Writing to an unprivileged file from a privileged OVRRedir.exe process in Oculus Desktop before 1.44.0.32849 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file.

A privilege escalation vulnerability in Juniper Networks QFX10K Series, EX9200 Series, MX Series, and PTX Series with Next-Generation Routing Engine (NG-RE), allows a local authenticated high privileged user to access the underlying WRL host.

Incorrect Default Permissions on C:\Programdata\Secdo\Logs folder in Secdo allows local authenticated users to overwrite system files and gain escalated privileges.

An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software.

An issue was discovered on Samsung mobile devices with N(7.x) software.

fsa through 0.5.1 is vulnerable to Command Injection.

An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (with Fingerprint support) software.

Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path.

Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.

load_png in loader.c in libsixel.a in libsixel 1.8.6 has an uninitialized pointer leading to an invalid call to free, which can cause a denial of service.

Open Upload through 0.4.3 allows XSS via index.php?action=u and the filename field.

An issue was discovered in ProVide (formerly zFTPServer) through 13.1.

An issue was discovered in ProVide (formerly zFTPServer) through 13.1.

Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability.

There is an improper authentication vulnerability in several smartphones.

A CSRF token disclosure vulnerability allows a remote attacker, with access to an authenticated Management Center (MC) user's web browser history or a network device that intercepts/logs traffic to MC, to obtain CSRF tokens and use them to perform CSRF attacks against MC.

On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core.

A race condition vulnerability on Juniper Network Junos OS devices may cause the routing protocol daemon (RPD) process to crash and restart while processing a BGP NOTIFICATION message.

A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code via a crafted project file.

GreenBrowser before version 1.2 has a vulnerability where apps that rely on URL Parsing to verify that a given URL is pointing to a trust server may be susceptible to many different ways to get URL parsing and verification wrong, which allows an attacker to circumvent the access control.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could disclose sensitive information to an unauthorized user due to insufficient timeout functionality in the Web UI.

A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmware versions prior to 14.1s0).

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2.

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows remote attackers to upload page templates containing arbitrary JavaScript via the c37_wpl_import_template admin-post action (which will execute in an administrator's browser if the template is used to create a page).

An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos5433, Exynos7420, or Exynos7870 chipsets) software.

Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange.

A cross-site scripting (XSS) vulnerability in the index page of the CLink Office 2.0 management console allows remote attackers to inject arbitrary web script or HTML via the lang parameter.

VMware Tanzu Application Service for VMs, 2.6.x versions prior to 2.6.18, 2.7.x versions prior to 2.7.11, and 2.8.x versions prior to 2.8.5, includes a version of PCF Autoscaling that writes database connection properties to its log, including database username and password.

In Argo versions prior to v1.5.0-rc1, it was possible for authenticated Argo users to submit API calls to retrieve secrets and other manifests which were stored within git.

auth0.js (NPM package auth0-js) greater than version 8.0.0 and before version 9.12.3 has a vulnerability.

Some products of Dahua have Denial of Service vulnerabilities.

Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on WebAccess/NMS (versions prior to 3.0.2) to gain access to sensitive information.

GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project.

GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users.

GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could allow an authenticated user to perform unauthorized actions by bypassing illegal character restrictions.

IBM Security Information Queue (ISIQ) 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, and 1.0.5 could expose sensitive information from applicatino errors which could be used in further attacks against the system.

IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to create keywords through the REST API and have them appear as if they were created by another user.

IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 could allow an authenticated user to obtain sensitive information from a stack trace that could aid in further attacks against the system.

An issue was discovered in EJBCA before 6.15.2.6 and 7.x before 7.3.1.2.

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software.

There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module.

An insecure temporary file vulnerability in Palo Alto Networks Traps allows a local authenticated Windows user to escalate privileges or overwrite system files.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software.

eten PSG-6528VM 1.1 devices allow XSS via System Contact or System Location.

Periscope BuySpeed version 14.5 is vulnerable to stored cross-site scripting, which could allow a local, authenticated attacker to store arbitrary JavaScript within the application.

An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28.

IBM DOORS Next Generation (DNG/RRC) 6.0.2.

IBM DOORS Next Generation (DNG/RRC) 6.0.2.

IBM DOORS Next Generation (DNG/RRC) 6.0.2.

IBM DOORS Next Generation (DNG/RRC) 6.0.2.

IBM Quality Manager (RQM) 6.02, 6.06, and 6.0.6.1 is vulnerable to cross-site scripting.

An improper neutralization of input vulnerability in the dashboard of FortiADC may allow an authenticated attacker to perform a cross site scripting attack (XSS) via the name parameter.

An XSS vulnerability in the WP Lead Plus X plugin through 0.98 for WordPress allows logged-in users with minimal permissions to create or replace existing pages with a malicious page containing arbitrary JavaScript via the wp_ajax_core37_lp_save_page (aka core37_lp_save_page) AJAX action.

Stored XSS in the Contact Form 7 Datepicker plugin through 2.6.0 for WordPress allows authenticated attackers with minimal permissions to save arbitrary JavaScript to the plugin's settings via the unprotected wp_ajax_cf7dp_save_settings AJAX action and the ui_theme parameter.

Stored XSS in the IMPress for IDX Broker WordPress plugin before 2.6.2 allows authenticated attackers with minimal (subscriber-level) permissions to save arbitrary JavaScript in the plugin's settings panel via the idx_update_recaptcha_key AJAX action and a crafted idx_recaptcha_site_key parameter, which would then be executed in the browser of any administrator visiting the panel.

An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software.

In Hydra (an OAuth2 Server and OpenID Certified™ OpenID Connect Provider written in Go), before version 1.4.0+oryOS.17, when using client authentication method 'private_key_jwt' [1], OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token.

Due to a new NDP proxy feature for EVPN leaf nodes introduced in Junos OS 17.4, crafted NDPv6 packets could transit a Junos device configured as a Broadband Network Gateway (BNG) and reach the EVPN leaf node, causing a stale MAC address entry.

The kernel memory usage represented as "temp" via 'show system virtual-memory' may constantly increase when Integrated Routing and Bridging (IRB) is configured with multiple underlay physical interfaces, and one interface flaps.

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software.

An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06.

A flaw was discovered in the way that the KVM hypervisor handled instruction emulation for an L2 guest when nested virtualisation is enabled.

There is an insufficient integrity validation vulnerability in several products.

A privilege escalation vulnerability in Juniper Networks Junos OS devices configured with dual Routing Engines (RE), Virtual Chassis (VC) or high-availability cluster may allow a local authenticated low-privileged user with access to the shell to perform unauthorized configuration modification.

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via raw objmon configuration files.

A local, authenticated user with shell can view sensitive configuration information via the ev.ops configuration file.

A local, authenticated user with shell can obtain the hashed values of login passwords and shared secrets via the EvoSharedObjStore.

A local, authenticated user with shell can obtain the hashed values of login passwords via configd traces.

A local, authenticated user with shell can obtain the hashed values of login passwords via configd streamer log.

An information exposure vulnerability in the logging component of Palo Alto Networks Global Protect Agent allows a local authenticated user to read VPN cookie information when the troubleshooting logging level is set to "Dump".

An issue was discovered on Samsung mobile devices with N(7.x) software.

An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software.

An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software.

An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8).

An issue was discovered on Samsung mobile devices with O(8.0) software.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software.

An issue was discovered on Samsung mobile devices with O(8.x) software.

An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software.

An issue was discovered on Samsung mobile devices with O(8.x) software.

An issue was discovered on Samsung mobile devices with O(8.x) software.

An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software.

An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software.

An issue was discovered on Samsung mobile devices with Q(10.0) software.

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software.

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software.

An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software.

An issue was discovered on Samsung mobile devices with N(7.x) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software.

An issue was discovered on Samsung mobile devices with M(6.0) software.

An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL).

An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software.

An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software.

An issue was discovered on Samsung mobile devices with KK(4.4) software.

TechSupport files generated on Palo Alto Networks VM Series firewalls for Microsoft Azure platform configured with high availability (HA) inadvertently collect Azure dashboard service account credentials.