Weekly Vulnerabilities Reports > April 27 to May 3, 2020

Overview

333 new vulnerabilities reported during this period, including 48 critical vulnerabilities and 152 high severity vulnerabilities. This weekly summary report vulnerabilities in 680 products from 130 vendors including Netgear, Debian, F5, ABB, and Huawei. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "Classic Buffer Overflow", "OS Command Injection", and "Path Traversal".

  • 199 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 98 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 182 reported vulnerabilities are exploitable by an anonymous user.
  • Netgear has the most reported vulnerabilities, with 95 reported vulnerabilities.
  • Debian has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

48 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-02 CVE-2020-7645 Google OS Command Injection vulnerability in Google Chrome-Launcher

All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME environment variable in Linux operating systems.

9.8
2020-05-01 CVE-2020-10683 Dom4J Project
Oracle
Opensuse
Netapp
Canonical
XXE vulnerability in multiple products

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks.

9.8
2020-04-30 CVE-2020-7136 HPE Unspecified vulnerability in HPE Smart Update Manager

A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote unauthorized access.

9.8
2020-04-30 CVE-2020-11651 Saltstack
Opensuse
Debian
Canonical
Vmware
An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.
9.8
2020-04-29 CVE-2019-5623 Accellion OS Command Injection vulnerability in Accellion File Transfer Appliance 80540

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection').

9.8
2020-04-29 CVE-2019-5622 Accellion Use of Hard-coded Credentials vulnerability in Accellion File Transfer Appliance 80540

Accellion File Transfer Appliance version FTA_8_0_540 suffers from an instance of CWE-798: Use of Hard-coded Credentials.

9.8
2020-04-29 CVE-2019-5620 Hitachienergy Missing Authentication for Critical Function vulnerability in Hitachienergy Microscada PRO Sys600 9.3

ABB MicroSCADA Pro SYS600 version 9.3 suffers from an instance of CWE-306: Missing Authentication for Critical Function.

9.8
2020-04-29 CVE-2019-5619 Aasync Out-of-bounds Write vulnerability in Aasync 2.2.1.0

AASync.com AASync version 2.2.1.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.

9.8
2020-04-29 CVE-2020-11942 Opmantek SQL Injection vulnerability in Opmantek Open-Audit 3.2.2

An issue was discovered in Open-AudIT 3.2.2.

9.8
2020-04-29 CVE-2016-11061 Xerox OS Command Injection vulnerability in Xerox products

Xerox WorkCentre 3655, 3655i, 58XX, 58XXi, 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi, 78XX, 78XXi, 7970, and 7970i devices before 073.xxx.086.15410 do not properly escape parameters in the support/remoteUI/configrui.php script, which can allow an unauthenticated attacker to execute OS commands on the device.

9.8
2020-04-29 CVE-2020-12471 Mono Deserialization of Untrusted Data vulnerability in Mono Monox 5.1.40.5152

MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler.

9.8
2020-04-29 CVE-2020-11020 Faye Project Improper Authentication vulnerability in Faye Project Faye

Faye (NPM, RubyGem) versions greater than 0.5.0 and before 1.0.4, 1.1.3 and 1.2.5, has the potential for authentication bypass in the extension system.

9.8
2020-04-29 CVE-2020-8481 ABB Insecure Storage of Sensitive Information vulnerability in ABB 800Xa System 5.1

For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file.

9.8
2020-04-29 CVE-2020-8479 ABB XML Injection (aka Blind XPath Injection) vulnerability in ABB 800Xa System, Compact HMI and Control Builder Safe

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5.

9.8
2020-04-29 CVE-2020-12443 Bigbluebutton Path Traversal vulnerability in Bigbluebutton

BigBlueButton before 2.2.6 allows remote attackers to read arbitrary files because the presfilename (lowercase) value can be a .pdf filename while the presFilename (mixed case) value has a ../ sequence.

9.8
2020-04-29 CVE-2019-5614 Freebsd
Netapp
Improper Input Validation vulnerability in multiple products

In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in accessing out-of-bounds memory leading to a kernel panic or other unpredictable results.

9.8
2020-04-29 CVE-2019-15874 Freebsd
Netapp
Use After Free vulnerability in multiple products

In FreeBSD 12.1-STABLE before r356035, 12.1-RELEASE before 12.1-RELEASE-p4, 11.3-STABLE before r356036, and 11.3-RELEASE before 11.3-RELEASE-p8, incomplete packet data validation may result in memory access after it has been freed leading to a kernel panic or other unpredictable results.

9.8
2020-04-28 CVE-2020-12442 Ivanti SQL Injection vulnerability in Ivanti Avalanche 6.3

Ivanti Avalanche 6.3 allows a SQL injection that is vaguely associated with the Apache HTTP Server, aka Bug 683250.

9.8
2020-04-28 CVE-2020-12429 Phpgurukul SQL Injection vulnerability in PHPgurukul Online Course Registration 2.0

Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.

9.8
2020-04-28 CVE-2019-20791 Google Out-of-bounds Write vulnerability in Google Openthread

OpenThread before 2019-12-13 has a stack-based buffer overflow in MeshCoP::Commissioner::GeneratePskc.

9.8
2020-04-28 CVE-2017-18858 Netgear OS Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command execution.

9.8
2020-04-28 CVE-2017-18857 Netgear Weak Password Requirements vulnerability in Netgear Insight

The NETGEAR Insight application before 2.42 for Android and iOS is affected by password mismanagement.

9.8
2020-04-28 CVE-2020-1745 Redhat Unspecified vulnerability in Redhat Undertow

A file inclusion vulnerability was found in the AJP connector enabled with a default AJP configuration port of 8009 in Undertow version 2.0.29.Final and before and was fixed in 2.0.30.Final.

9.8
2020-04-28 CVE-2020-12284 Ffmpeg
Canonical
Debian
Out-of-bounds Write vulnerability in multiple products

cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check.

9.8
2020-04-27 CVE-2020-7640 Pixlcore OS Command Injection vulnerability in Pixlcore Pixl-Class 1.0.0/1.0.1/1.0.2

pixl-class prior to 1.0.3 allows execution of arbitrary commands.

9.8
2020-04-27 CVE-2020-7609 Node Rules Project Code Injection vulnerability in Node-Rules Project Node-Rules 3.0.0/4.0.2

node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands.

9.8
2020-04-27 CVE-2018-21153 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

9.8
2020-04-27 CVE-2020-9294 Fortinet Improper Authentication vulnerability in Fortinet Fortimail

An improper authentication vulnerability in FortiMail 5.4.10, 6.0.7, 6.2.2 and earlier and FortiVoiceEntreprise 6.0.0 and 6.0.1 may allow a remote unauthenticated attacker to access the system as a legitimate user by requesting a password change via the user interface.

9.8
2020-04-27 CVE-2020-1952 Apache Improper Certificate Validation vulnerability in Apache Iotdb

An issue was found in Apache IoTDB .9.0 to 0.9.1 and 0.8.0 to 0.8.2.

9.8
2020-04-27 CVE-2020-12279 Libgit2
Debian
Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0.

9.8
2020-04-27 CVE-2020-12278 Libgit2
Debian
Use of Incorrectly-Resolved Name or Reference vulnerability in multiple products

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0.

9.8
2020-04-27 CVE-2020-9068 Huawei Improper Authentication vulnerability in Huawei Ar3200 Firmware

Huawei AR3200 products with versions of V200R007C00SPC900, V200R007C00SPCa00, V200R007C00SPCb00, V200R007C00SPCc00, V200R009C00SPC500 have an improper authentication vulnerability.

9.8
2020-04-27 CVE-2018-21097 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

9.8
2020-04-27 CVE-2020-12133 Farukawa Deserialization of Untrusted Data vulnerability in Farukawa Electric Consciousmap

The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization.

9.8
2020-04-27 CVE-2020-11817 Rukovoditel Unrestricted Upload of File with Dangerous Type vulnerability in Rukovoditel 2.5.2

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value.

9.8
2020-04-27 CVE-2019-18823 Wisc
Fedoraproject
Debian
Improper Authentication vulnerability in multiple products

HTCondor up to and including stable series 8.8.6 and development series 8.9.4 has Incorrect Access Control.

9.8
2020-04-27 CVE-2019-20790 Trusteddomain
Pypolicyd SPF Project
Fedoraproject
Authentication Bypass by Spoofing vulnerability in multiple products

OpenDMARC through 1.3.2 and 1.4.x, when used with pypolicyd-spf 2.0.2, allows attacks that bypass SPF and DMARC authentication in situations where the HELO field is inconsistent with the MAIL FROM field.

9.8
2020-04-27 CVE-2020-12274 Testlink Unspecified vulnerability in Testlink 1.9.20

In TestLink 1.9.20, the lib/cfields/cfieldsExport.php goback_url parameter causes a security risk because it depends on client input and is not constrained to lib/cfields/cfieldsView.php at the web site associated with the session.

9.8
2020-04-27 CVE-2020-12271 Sophos SQL Injection vulnerability in Sophos Sfos

A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in April 2020.

9.8
2020-04-27 CVE-2020-12268 Artifex
Debian
Opensuse
Out-of-bounds Write vulnerability in multiple products

jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow.

9.8
2020-04-27 CVE-2020-12267 QT Use After Free vulnerability in QT 5.14.1

setMarkdown in Qt before 5.14.2 has a use-after-free related to QTextMarkdownImporter::insertBlock.

9.8
2020-04-29 CVE-2020-3955 Vmware Cross-site Scripting vulnerability in VMWare Esxi 6.5/6.7

ESXi 6.5 without patch ESXi650-201912104-SG and ESXi 6.7 without patch ESXi670-202004103-SG do not properly neutralize script-related HTML when viewing virtual machines attributes.

9.3
2020-04-30 CVE-2020-5887 F5 Exposure of Resource to Wrong Sphere vulnerability in F5 products

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings.

9.1
2020-04-30 CVE-2020-5886 F5 Cleartext Transmission of Sensitive Information vulnerability in F5 products

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems setup for connection mirroring in a High Availability (HA) pair transfers sensitive cryptographic objects over an insecure communications channel.

9.1
2020-04-30 CVE-2020-5885 F5 Cleartext Transmission of Sensitive Information vulnerability in F5 products

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1, BIG-IP systems set up for connection mirroring in a high availability (HA) pair transfer sensitive cryptographic objects over an insecure communications channel.

9.1
2020-04-30 CVE-2020-5884 F5 Unspecified vulnerability in F5 products

On versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.4, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the default deployment mode for BIG-IP high availability (HA) pair mirroring is insecure.

9.1
2020-04-30 CVE-2020-11015 Thinx Device API Project Unspecified vulnerability in Thinx-Device-Api Project Thinx-Device-Api

A vulnerability has been disclosed in thinx-device-api IoT Device Management Server before version 2.5.0.

9.1
2020-04-29 CVE-2020-7452 Freebsd Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Freebsd 11.3/12.1

In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r357489, and 11.3-RELEASE before 11.3-RELEASE-p7, incorrect use of a user-controlled pointer in the epair virtual network module allowed vnet jailed privileged users to panic the host system and potentially execute arbitrary code in the kernel.

9.1

152 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-29 CVE-2020-8775 Pega Cross-site Scripting vulnerability in Pega Platform

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.

8.9
2020-04-29 CVE-2020-8773 Pega Cross-site Scripting vulnerability in Pega Platform

The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.

8.9
2020-05-01 CVE-2020-7351 Netfortris OS Command Injection vulnerability in Netfortris Trixbox 1.2.0/2.8.0.4

An OS Command Injection vulnerability in the endpoint_devicemap.php component of Fonality Trixbox Community Edition allows an attacker to execute commands on the underlying operating system as the "asterisk" user.

8.8
2020-04-30 CVE-2020-11016 Intelmq Manager Project OS Command Injection vulnerability in Intelmq Manager Project Intelmq Manager 1.1.0/2.0.0/2.1.0

IntelMQ Manager from version 1.1.0 and before version 2.1.1 has a vulnerability where the backend incorrectly handled messages given by user-input in the "send" functionality of the Inspect-tool of the Monitor component.

8.8
2020-04-30 CVE-2019-0235 Apache Cross-Site Request Forgery (CSRF) vulnerability in Apache Ofbiz 17.12.01

Apache OFBiz 17.12.01 is vulnerable to some CSRF attacks.

8.8
2020-04-30 CVE-2020-6010 Thimpress SQL Injection vulnerability in Thimpress Learnpress

LearnPress Wordpress plugin version prior and including 3.2.6.7 is vulnerable to SQL Injection

8.8
2020-04-30 CVE-2019-19220 Bmcsoftware OS Command Injection vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection (issue 2 of 2).

8.8
2020-04-30 CVE-2019-19217 Bmcsoftware OS Command Injection vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000

BMC Control-M/Agent 7.0.00.000 allows OS Command Injection.

8.8
2020-04-30 CVE-2019-19216 Bmcsoftware Improper Privilege Management vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000

BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy.

8.8
2020-04-30 CVE-2019-19215 Bmcsoftware Classic Buffer Overflow vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000

A buffer overflow vulnerability in BMC Control-M/Agent 7.0.00.000 when the On-Do action destination is Mail and the Control-M/Agent is configured to send the email, allows remote attackers to have unspecified impact via vectors related to the configured IP address or SMTP server.

8.8
2020-04-29 CVE-2020-12479 Teampass Path Traversal vulnerability in Teampass 2.1.27.36

TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal.

8.8
2020-04-29 CVE-2020-11943 Opmantek Unrestricted Upload of File with Dangerous Type vulnerability in Opmantek Open-Audit 3.2.2

An issue was discovered in Open-AudIT 3.2.2.

8.8
2020-04-29 CVE-2020-12461 PHP Fusion SQL Injection vulnerability in PHP-Fusion 9.03.50

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism.

8.8
2020-04-29 CVE-2020-8774 Pega Cross-site Scripting vulnerability in Pega Platform

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.

8.8
2020-04-29 CVE-2020-11677 Cerner Classic Buffer Overflow vulnerability in Cerner Medico 26.00

Cerner medico 26.00 has a Local Buffer Overflow (issue 3 of 3).

8.8
2020-04-29 CVE-2020-11676 Cerner Classic Buffer Overflow vulnerability in Cerner Medico 26.00

Cerner medico 26.00 has a Local Buffer Overflow (issue 2 of 3).

8.8
2020-04-29 CVE-2020-11675 Cerner Classic Buffer Overflow vulnerability in Cerner Medico 26.00

Cerner medico 26.00 has a Local Buffer Overflow (issue 1 of 3).

8.8
2020-04-29 CVE-2020-11674 Cerner Unspecified vulnerability in Cerner Medico 26.00

Cerner medico 26.00 allows variable reuse, possibly causing data corruption.

8.8
2020-04-29 CVE-2019-16653 Geniusbytes Unspecified vulnerability in Geniusbytes Genius Server 3.2.2

An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges.

8.8
2020-04-29 CVE-2017-18855 Netgear Injection vulnerability in Netgear Wnr854T Firmware

NETGEAR WNR854T devices before 1.5.2 are affected by command execution.

8.8
2020-04-29 CVE-2020-12246 Beeline OS Command Injection vulnerability in Beeline Smart BOX Firmware 2.0.38

Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter.

8.8
2020-04-28 CVE-2018-21226 Netgear Improper Privilege Management vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

8.8
2020-04-28 CVE-2018-21224 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21223 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21222 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21221 Netgear Classic Buffer Overflow vulnerability in Netgear D3600 Firmware, D6000 Firmware and R9000 Firmware

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21220 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21219 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21218 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21217 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21216 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21215 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21214 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21213 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21212 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21211 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21210 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21208 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21207 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21206 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21205 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21204 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21203 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2018-21202 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2016-11056 Netgear Unspecified vulnerability in Netgear Readynas Surveillance 1.1.1/1.1.13/1.4.13

Certain NETGEAR devices are affected by anonymous root access.

8.8
2020-04-28 CVE-2020-12078 Opmantek OS Command Injection vulnerability in Opmantek Open-Audit 3.3.1

An issue was discovered in Open-AudIT 3.3.1.

8.8
2020-04-27 CVE-2018-21170 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

8.8
2020-04-27 CVE-2018-21169 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

8.8
2020-04-27 CVE-2018-21158 Netgear Unspecified vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.46 are affected by incorrect configuration of security settings.

8.8
2020-04-27 CVE-2020-11941 Opmantek OS Command Injection vulnerability in Opmantek Open-Audit 3.2.2

An issue was discovered in Open-AudIT 3.2.2.

8.8
2020-04-27 CVE-2020-12138 AMD Missing Authorization vulnerability in AMD Atillk64 5.11.9.0

AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process.

8.8
2020-04-27 CVE-2018-21093 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker.

8.8
2020-04-28 CVE-2020-11014 Simpleledger Unspecified vulnerability in Simpleledger Electron-Cash-Slp

Electron-Cash-SLP before version 3.6.2 has a vulnerability.

8.6
2020-04-27 CVE-2020-1762 Kiali
Redhat
Session Fixation vulnerability in multiple products

An insufficient JWT validation vulnerability was found in Kiali versions 0.4.0 to 1.15.0 and was fixed in Kiali version 1.15.1, wherein a remote attacker could abuse this flaw by stealing a valid JWT cookie and using that to spoof a user session, possibly gaining privileges to view and alter the Istio configuration.

8.6
2020-04-29 CVE-2020-11024 Moonlight Stream Information Exposure vulnerability in Moonlight-Stream Moonlight

In Moonlight iOS/tvOS before 4.0.1, the pairing process is vulnerable to a man-in-the-middle attack.

8.2
2020-04-30 CVE-2020-11027 Debian
Wordpress
In affected versions of WordPress, a password reset link emailed to a user does not expire upon changing the user password.
8.1
2020-04-30 CVE-2020-5888 F5 Unspecified vulnerability in F5 products

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for adjacent network (layer 2) attackers to access local daemons and bypass port lockdown settings.

8.1
2020-04-30 CVE-2020-5876 F5 Cleartext Transmission of Sensitive Information vulnerability in F5 products

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer.

8.1
2020-04-28 CVE-2020-7644 FUN MAP Project Unspecified vulnerability in Fun-Map Project Fun-Map

fun-map through 3.3.1 is vulnerable to Prototype Pollution.

8.1
2020-04-27 CVE-2020-10996 Percona Inappropriate Encoding for Output Context vulnerability in Percona Xtradb Cluster

An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2.

8.1
2020-04-28 CVE-2017-18861 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear Readynas Surveillance 1.1.45/1.4.315

Certain NETGEAR devices are affected by CSRF.

8.0
2020-04-27 CVE-2018-21100 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

8.0
2020-04-27 CVE-2018-21099 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

8.0
2020-04-30 CVE-2020-1817 Huawei Unspecified vulnerability in Huawei Pcmanager 9.0.1.50/9.1.3.1

Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability.

7.8
2020-04-29 CVE-2019-5621 Abbs Software Audio Media Player Project Out-of-bounds Write vulnerability in Abbs Software Audio Media Player Project Abbs Software Audio Media Player 3.1

ABBS Software Audio Media Player version 3.1 suffers from an instance of CWE-121: Stack-based Buffer Overflow.

7.8
2020-04-29 CVE-2019-5618 A PDF Out-of-bounds Write vulnerability in A-Pdf WAV to MP3 1.0.0

A-PDF WAV to MP3 version 1.0.0 suffers from an instance of CWE-121: Stack-based Buffer Overflow.

7.8
2020-04-29 CVE-2020-12468 Intelliants Unspecified vulnerability in Intelliants Subrion 4.2.1

Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language.

7.8
2020-04-29 CVE-2019-16011 Cisco Improper Input Validation vulnerability in Cisco IOS XE

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

7.8
2020-04-29 CVE-2020-12446 Gskill Unspecified vulnerability in Gskill Trident Z Lighting Control

The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users.

7.8
2020-04-29 CVE-2020-11446 Eset Link Following vulnerability in Eset products

ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation.

7.8
2020-04-29 CVE-2019-20781 LG Uncontrolled Search Path Element vulnerability in LG Bridge

An issue was discovered in LG Bridge before April 2019 on Windows.

7.8
2020-04-29 CVE-2020-8489 ABB Unspecified vulnerability in ABB 800Xa Information Management

Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable.

7.8
2020-04-29 CVE-2020-8488 ABB Unspecified vulnerability in ABB 800Xa Batch Management

Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities.

7.8
2020-04-29 CVE-2020-8487 ABB Unspecified vulnerability in ABB 800Xa Base System

Insufficient protection of the inter-process communication functions in ABB System 800xA Base (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.

7.8
2020-04-29 CVE-2020-8486 ABB Unspecified vulnerability in ABB 800Xa Rnrp

Insufficient protection of the inter-process communication functions in ABB System 800xA RNRP (all published versions) enables an attacker authenticated on the local system to inject data, affect node redundancy handling.

7.8
2020-04-29 CVE-2020-8485 ABB Unspecified vulnerability in ABB 800Xa

Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.

7.8
2020-04-29 CVE-2020-8484 ABB Unspecified vulnerability in ABB 800Xa

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash.

7.8
2020-04-29 CVE-2020-8471 ABB Incorrect Default Permissions vulnerability in ABB 800Xa System, Compact HMI and Control Builder Safe

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, weak file permissions allow an authenticated attacker to block the license handling, escalate his/her privileges and execute arbitrary code.

7.8
2020-04-29 CVE-2020-8473 ABB Incorrect Permission Assignment for Critical Resource vulnerability in ABB 800Xa Base System

Insufficient folder permissions used by system functions in ABB System 800xA Base (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files.

7.8
2020-04-29 CVE-2020-8472 ABB Incorrect Permission Assignment for Critical Resource vulnerability in ABB products

Insufficient folder permissions used by system functions in ABB System 800xA products OPCServer for AC800M (versions 6.0 and earlier) and Control Builder M Professional, MMSServer for AC800M, Base Software for SoftControl (version 6.1 and earlier) allow low privileged users to read, modify, add and delete system and application files.

7.8
2020-04-27 CVE-2020-7135 HP Unspecified vulnerability in HP Service Pack for Proliant

A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux.

7.8
2020-04-27 CVE-2020-12242 Valvesoftware OS Command Injection vulnerability in Valvesoftware Source

Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account.

7.8
2020-04-27 CVE-2019-20002 Solarwinds Improper Neutralization of Formula Elements in a CSV File vulnerability in Solarwinds Webhelpdesk 12.7.1

Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user.

7.8
2020-04-29 CVE-2017-18860 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by debugging command execution.

7.7
2020-04-28 CVE-2020-12103 Tiny File Manager Project Path Traversal vulnerability in Tiny File Manager Project Tiny File Manager 2.4.1

In Tiny File Manager 2.4.1 there is a vulnerability in the ajax file backup copy functionality which allows authenticated users to create backup copies of files (with .bak extension) outside the scope in the same directory in which they are stored.

7.7
2020-04-28 CVE-2020-12102 Tiny File Manager Project Path Traversal vulnerability in Tiny File Manager Project Tiny File Manager 2.4.1

In Tiny File Manager 2.4.1, there is a Path Traversal vulnerability in the ajax recursive directory listing functionality.

7.7
2020-04-30 CVE-2020-11028 Wordpress
Debian
Missing Authentication for Critical Function vulnerability in multiple products

In affected versions of WordPress, some private posts, which were previously public, can result in unauthenticated disclosure under a specific set of conditions.

7.5
2020-04-30 CVE-2020-9098 Huawei Release of Invalid Pointer or Reference vulnerability in Huawei Oceanstor 5310 Firmware V500R007C60Spc100

Huawei OceanStor 5310 product with version of V500R007C60SPC100 has an invalid pointer access vulnerability.

7.5
2020-04-30 CVE-2020-5891 F5 Unspecified vulnerability in F5 products

On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile.

7.5
2020-04-30 CVE-2020-5883 F5 Memory Leak vulnerability in F5 products

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak.

7.5
2020-04-30 CVE-2020-5882 F5 Unspecified vulnerability in F5 products

On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5, and 11.6.1-11.6.5.1, under certain conditions, the Intel QuickAssist Technology (QAT) cryptography driver may produce a Traffic Management Microkernel (TMM) core file.

7.5
2020-04-30 CVE-2020-5881 F5 Unspecified vulnerability in F5 products

On versions 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when the BIG-IP Virtual Edition (VE) is configured with VLAN groups and there are devices configured with OSPF connected to it, the Network Device Abstraction Layer (NDAL) Interfaces can lock up and in turn disrupting the communication between the mcpd and tmm processes.

7.5
2020-04-30 CVE-2020-5879 F5 Cleartext Transmission of Sensitive Information vulnerability in F5 Big-Ip Application Security Manager

On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied.

7.5
2020-04-30 CVE-2020-5878 F5 Unspecified vulnerability in F5 products

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.3, Traffic Management Microkernel (TMM) may restart on BIG-IP Virtual Edition (VE) while processing unusual IP traffic.

7.5
2020-04-30 CVE-2020-5877 F5 Unspecified vulnerability in F5 products

On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service.

7.5
2020-04-30 CVE-2020-5875 F5 Unspecified vulnerability in F5 products

On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy.

7.5
2020-04-30 CVE-2020-5874 F5 Unspecified vulnerability in F5 Big-Ip Access Policy Manager

On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microkernel(TMM).

7.5
2020-04-30 CVE-2020-5872 F5 Unspecified vulnerability in F5 products

On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.4.1, when processing TLS traffic with hardware cryptographic acceleration enabled on platforms with Intel QAT hardware, the Traffic Management Microkernel (TMM) may stop responding and cause a failover event.

7.5
2020-04-30 CVE-2020-5871 F5 Unspecified vulnerability in F5 products

On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers.

7.5
2020-04-30 CVE-2019-12425 Apache Injection vulnerability in Apache Ofbiz 17.12.01

Apache OFBiz 17.12.01 is vulnerable to Host header injection by accepting arbitrary host

7.5
2020-04-30 CVE-2019-19219 Bmcsoftware Unspecified vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000

BMC Control-M/Agent 7.0.00.000 allows Arbitrary File Download.

7.5
2020-04-30 CVE-2019-19218 Bmcsoftware Incorrect Permission Assignment for Critical Resource vulnerability in Bmcsoftware Control-M/Agent 7.0.00.000

BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage.

7.5
2020-04-29 CVE-2020-12478 Teampass Missing Authentication for Critical Function vulnerability in Teampass 2.1.27.36

TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root.

7.5
2020-04-29 CVE-2020-12477 Teampass Incorrect Authorization vulnerability in Teampass 2.1.27.36

The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function.

7.5
2020-04-29 CVE-2020-11021 Http Client Project Unspecified vulnerability in Http-Client Project Http-Client 0.0.1/1.0.0

Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios.

7.5
2020-04-29 CVE-2020-2575 Oracle Use of Uninitialized Resource vulnerability in Oracle VM Virtualbox

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.5
2020-04-29 CVE-2020-12447 Onkyo Path Traversal vulnerability in Onkyo Tx-Nr585 Firmware 1000000000000080000

A Local File Inclusion (LFI) issue on Onkyo TX-NR585 1000-0000-000-0008-0000 devices allows remote unauthenticated users on the network to read sensitive files via %2e%2e%2f directory traversal, as demonstrated by reading /etc/shadow.

7.5
2020-04-29 CVE-2019-19102 BR Automation Path Traversal vulnerability in Br-Automation Automation Studio

A directory traversal vulnerability in SharpZipLib used in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x and 4.2.x allow unauthenticated users to write to certain local directories.

7.5
2020-04-29 CVE-2020-8476 ABB Improper Input Validation vulnerability in ABB 800Xa System, Compact HMI and Control Builder Safe

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to alter licenses assigned to the system nodes by sending specially crafted messages to the CLS web service.

7.5
2020-04-29 CVE-2020-8475 ABB Improper Input Validation vulnerability in ABB 800Xa System, Compact HMI and Control Builder Safe

For the Central Licensing Server component used in ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, ABB AbilityTM SCADAvantage versions 5.1 to 5.6.5, a weakness in validation of input exists that allows an attacker to block license handling by sending specially crafted messages to the CLS web service.

7.5
2020-04-28 CVE-2020-10663 Json Project
Fedoraproject
Opensuse
Debian
Apple
Improper Input Validation vulnerability in multiple products

The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 through 2.6.5, has an Unsafe Object Creation Vulnerability.

7.5
2020-04-28 CVE-2020-12243 Openldap
Debian
Opensuse
Canonical
Netapp
Broadcom
Apple
Oracle
Uncontrolled Recursion vulnerability in multiple products

In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash).

7.5
2020-04-28 CVE-2020-10641 Inductiveautomation Missing Authentication for Critical Function vulnerability in Inductiveautomation Ignition Gateway

An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication.

7.5
2020-04-28 CVE-2017-18859 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by slowdown/stoppage.

7.5
2020-04-28 CVE-2016-11060 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by insecure renegotiation.

7.5
2020-04-28 CVE-2016-11059 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by password exposure.

7.5
2020-04-28 CVE-2016-11058 Netgear Insufficient Session Expiration vulnerability in Netgear Genie

The NETGEAR genie application before 2.4.34 for Android is affected by mishandling of hard-coded API keys and session IDs.

7.5
2020-04-28 CVE-2016-11057 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by mishandling of repeated URL calls.

7.5
2020-04-28 CVE-2020-5567 Cybozu Improper Authentication vulnerability in Cybozu Garoon

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.

7.5
2020-04-27 CVE-2020-9481 Apache
Debian
Resource Exhaustion vulnerability in multiple products

Apache ATS 6.0.0 to 6.2.3, 7.0.0 to 7.1.9, and 8.0.0 to 8.0.6 is vulnerable to a HTTP/2 slow read attack.

7.5
2020-04-27 CVE-2020-7067 PHP
Tenable
Oracle
Debian
Out-of-bounds Read vulnerability in multiple products

In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.

7.5
2020-04-27 CVE-2018-21168 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of sensitive information.

7.5
2020-04-27 CVE-2019-15234 Ushareit Allocation of Resources Without Limits or Throttling vulnerability in Ushareit Shareit 4.0.5.171/4.0.5.177/4.0.6.177

SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data).

7.5
2020-04-27 CVE-2019-14941 Ushareit Allocation of Resources Without Limits or Throttling vulnerability in Ushareit Shareit 4.0.5.171/4.0.5.177/4.0.6.177

SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data).

7.5
2020-04-27 CVE-2020-12266 Wavlink Missing Authentication for Critical Function vulnerability in Wavlink products

An issue was discovered where there are multiple externally accessible pages that do not require any sort of authentication, and store system information for internal usage.

7.5
2020-04-27 CVE-2020-12120 Prestashop Incorrect Permission Assignment for Critical Resource vulnerability in Prestashop Correos Express 1.6/1.6.0.4/1.7

The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP.

7.5
2020-04-27 CVE-2020-12273 Testlink Insufficiently Protected Credentials vulnerability in Testlink 1.9.20

In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials.

7.5
2020-04-27 CVE-2020-10664 Windriver NULL Pointer Dereference vulnerability in Windriver Vxworks 6.8.3

The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference.

7.5
2020-04-27 CVE-2018-21096 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

7.4
2020-04-27 CVE-2018-21094 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

7.3
2020-04-30 CVE-2020-5873 F5 Unspecified vulnerability in F5 products

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.

7.2
2020-04-29 CVE-2020-12470 Mono Files or Directories Accessible to External Parties vulnerability in Mono Monox 5.1.40.5152

MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template.

7.2
2020-04-29 CVE-2020-12473 Mono Unspecified vulnerability in Mono Monox 5.1.40.5152

MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program.

7.2
2020-04-29 CVE-2019-19165 Inogard Download of Code Without Integrity Check vulnerability in Inogard Activex

AxECM.cab(ActiveX Control) in Inogard Ebiz4u contains a vulnerability that could allow remote files to be downloaded and executed by setting arguments to the activeX method.

7.2
2020-04-29 CVE-2020-7804 Handysoft OS Command Injection vulnerability in Handysoft Groupware 1.7.3.1

ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker to execute arbitrary command via the ShellExec method.

7.2
2020-04-29 CVE-2019-16652 Geniusbytes Unspecified vulnerability in Geniusbytes Genius Server 3.2.2

The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands.

7.2
2020-04-28 CVE-2016-11054 Netgear OS Command Injection vulnerability in Netgear Dgn2200 Firmware

NETGEAR DGN2200v4 devices before 2017-01-06 are affected by command execution and an FTP insecure root directory.

7.2
2020-04-28 CVE-2018-21181 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

7.2
2020-04-27 CVE-2018-21177 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

7.2
2020-04-27 CVE-2018-21176 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

7.2
2020-04-27 CVE-2018-21175 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

7.2
2020-04-27 CVE-2018-21174 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

7.2
2020-04-27 CVE-2018-21156 Netgear Classic Buffer Overflow vulnerability in Netgear products

Certain NETGEAR devices are affected by a buffer overflow by an authenticated user.

7.2
2020-04-30 CVE-2020-5880 F5 Unrestricted Upload of File with Dangerous Type vulnerability in F5 products

Om BIG-IP 15.0.0-15.0.1.3 and 14.1.0-14.1.2.3, the restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system.

7.1
2020-04-29 CVE-2019-19100 BR Automation Unspecified vulnerability in Br-Automation Automation Studio

A privilege escalation vulnerability in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.4SP, <.

7.1
2020-04-28 CVE-2017-18863 Netgear Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command execution via a PHP form.

7.1
2020-04-27 CVE-2020-1806 Huawei Out-of-bounds Read vulnerability in Huawei Honor V10 Firmware

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities.

7.1
2020-04-27 CVE-2020-1805 Huawei Out-of-bounds Read vulnerability in Huawei Honor V10 Firmware

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities.

7.1
2020-04-27 CVE-2020-1804 Huawei Out-of-bounds Read vulnerability in Huawei Honor V10 Firmware

Huawei Honor V10 smartphones with versions earlier than 10.0.0.156(C00E156R2P4) has three out of bounds vulnerabilities.

7.1
2020-04-30 CVE-2020-1752 GNU
Canonical
Netapp
Debian
A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out.
7.0
2020-04-30 CVE-2020-12050 Fedoraproject
Opensuse
Sqliteodbc Project
Race Condition vulnerability in multiple products

SQLiteODBC 0.9996, as packaged for certain Linux distributions as 0.9996-4, has a race condition leading to root privilege escalation because any user can replace a /tmp/sqliteodbc$$ file with new contents that cause loading of an arbitrary library.

7.0
2020-04-29 CVE-2020-11884 Linux
Canonical
Debian
Fedoraproject
Netapp
Race Condition vulnerability in multiple products

In the Linux kernel 4.19 through 5.6.7 on the s390 platform, code execution may occur because of a race condition, as demonstrated by code in enable_sacf_uaccess in arch/s390/lib/uaccess.c that fails to protect against a concurrent page table upgrade, aka CID-3f777e19d171.

7.0

125 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-02 CVE-2020-8157 UI Unspecified vulnerability in UI products

UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerability that allows unrestricted root access through the serial interface (UART).

6.8
2020-04-29 CVE-2019-20792 Opensc Project Double Free vulnerability in Opensc Project Opensc

OpenSC before 0.20.0 has a double free in coolkey_free_private_data because coolkey_add_object in libopensc/card-coolkey.c lacks a uniqueness check.

6.8
2020-04-28 CVE-2018-21225 Netgear OS Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.8
2020-04-28 CVE-2018-21201 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21200 Netgear Out-of-bounds Write vulnerability in Netgear R7800 Firmware and R9000 Firmware

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21199 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21198 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21197 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21196 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21195 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21194 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21193 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21192 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21191 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21190 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21189 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21188 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21187 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21186 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21185 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21184 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21183 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-28 CVE-2018-21182 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-27 CVE-2018-21180 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-27 CVE-2018-21179 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-27 CVE-2018-21178 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-27 CVE-2018-21173 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-27 CVE-2018-21172 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-27 CVE-2018-21171 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-27 CVE-2018-21157 Netgear OS Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.8
2020-04-27 CVE-2018-21154 Netgear OS Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.8
2020-04-27 CVE-2018-21152 Netgear OS Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

6.8
2020-04-27 CVE-2018-21149 Netgear Out-of-bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

6.8
2020-04-27 CVE-2018-21098 Netgear OS Command Injection vulnerability in Netgear R7800 Firmware

NETGEAR R7800 devices before 1.0.2.60 are affected by command injection by an authenticated user.

6.8
2020-04-30 CVE-2020-5892 F5 Unspecified vulnerability in F5 Big-Ip Access Policy Manager

In versions 7.1.5-7.1.8, the BIG-IP Edge Client components in BIG-IP APM, Edge Gateway, and FirePass legacy allow attackers to obtain the full session ID from process memory.

6.7
2020-04-29 CVE-2020-12465 Linux
Netapp
Classic Buffer Overflow vulnerability in multiple products

An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf.

6.7
2020-04-29 CVE-2020-12464 Linux
Netapp
Use After Free vulnerability in multiple products

usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925.

6.7
2020-04-29 CVE-2017-18856 Netgear Injection vulnerability in Netgear Readynas OS Firmware

NETGEAR ReadyNAS devices before 6.6.1 are affected by command injection.

6.7
2020-04-29 CVE-2017-18854 Netgear Injection vulnerability in Netgear Readynas OS Firmware

NETGEAR ReadyNAS 6.6.1 and earlier is affected by command injection.

6.7
2020-04-27 CVE-2020-9072 Huawei Unspecified vulnerability in Huawei OSD Firmware

Huawei OSD product with versions earlier than OSD_uwp_9.0.32.0 have a local privilege escalation vulnerability.

6.7
2020-04-27 CVE-2020-1845 Huawei Unspecified vulnerability in Huawei Pcmanager

Huawei PCManager product with versions earlier than 10.0.5.53 have a local privilege escalation vulnerability.

6.7
2020-05-03 CVE-2020-12624 Theleague Incomplete Cleanup vulnerability in Theleague the League

The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions.

6.5
2020-05-01 CVE-2020-12474 Telegram Unspecified vulnerability in Telegram and Telegram Desktop

Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.

6.5
2020-04-30 CVE-2020-6865 ZTE Information Exposure vulnerability in ZTE Oscp 16.19.10/16.19.20

ZTE SDN controller platform is impacted by an information leakage vulnerability.

6.5
2020-04-30 CVE-2020-11652 Saltstack
Opensuse
Debian
Canonical
Blackberry
Vmware
Path Traversal vulnerability in multiple products

An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2.

6.5
2020-04-29 CVE-2020-12469 Intelliants Deserialization of Untrusted Data vulnerability in Intelliants Subrion

admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit.

6.5
2020-04-29 CVE-2020-12467 Intelliants Session Fixation vulnerability in Intelliants Subrion 4.2.1

Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie.

6.5
2020-04-29 CVE-2020-11009 Pagerduty Authorization Bypass Through User-Controlled Key vulnerability in Pagerduty Rundeck

In Rundeck before version 3.2.6, authenticated users can craft a request that reveals Execution data and logs and Job details that they are not authorized to see.

6.5
2020-04-29 CVE-2017-18853 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by password recovery and file access.

6.5
2020-04-28 CVE-2020-12430 Redhat Memory Leak vulnerability in Redhat Enterprise Linux and Libvirt

An issue was discovered in qemuDomainGetStatsIOThread in qemu/qemu_driver.c in libvirt 4.10.0 though 6.x before 6.1.0.

6.5
2020-04-28 CVE-2020-9482 Apache Insufficient Session Expiration vulnerability in Apache Nifi Registry 0.1.0/0.5.0

If NiFi Registry 0.1.0 to 0.5.0 uses an authentication mechanism other than PKI, when the user clicks Log Out, NiFi Registry invalidates the authentication token on the client side but not on the server side.

6.5
2020-04-28 CVE-2017-18862 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

6.5
2020-04-27 CVE-2020-11420 ABB
Generex
Path Traversal vulnerability in multiple products

UPS Adapter CS141 before 1.90 allows Directory Traversal.

6.5
2020-04-27 CVE-2020-10997 Percona Information Exposure vulnerability in Percona Xtrabackup

Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output.

6.5
2020-04-27 CVE-2020-12270 Bluezone Use of Insufficiently Random Values vulnerability in Bluezone 1.0.0

React Native Bluetooth Scan in Bluezone 1.0.0 uses six-character alphanumeric IDs, which might make it easier for remote attackers to interfere with COVID-19 contact tracing by using many IDs.

6.5
2020-04-29 CVE-2020-12252 Gigamon Unrestricted Upload of File with Dangerous Type vulnerability in Gigamon Gigavue

An issue was discovered in Gigamon GigaVUE 5.5.01.11.

6.2
2020-05-01 CVE-2019-4209 Hcltech Open Redirect vulnerability in Hcltech Connections 5.5/6.0/6.5

HCL Connections v5.5, v6.0, and v6.5 contains an open redirect vulnerability which could be exploited by an attacker to conduct phishing attacks.

6.1
2020-04-30 CVE-2020-11029 Debian
Wordpress
Cross-site Scripting vulnerability in multiple products

In affected versions of WordPress, a vulnerability in the stats() method of class-wp-object-cache.php can be exploited to execute cross-site scripting (XSS) attacks.

6.1
2020-04-30 CVE-2020-6579 Mailbeez Cross-site Scripting vulnerability in Mailbeez

Cross-site scripting (XSS) vulnerability in mailhive/cloudbeez/cloudloader.php and mailhive/cloudbeez/cloudloader_core.php in the MailBeez plugin for ZenCart before 3.9.22 allows remote attackers to inject arbitrary web script or HTML via the cloudloader_mode parameter.

6.1
2020-04-30 CVE-2020-12283 Sourcegraph Open Redirect vulnerability in Sourcegraph

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.

6.1
2020-04-29 CVE-2020-11022 Jquery
Drupal
Debian
Fedoraproject
Oracle
Netapp
Opensuse
Tenable
In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e.
6.1
2020-04-29 CVE-2020-11023 Jquery
Debian
Fedoraproject
Drupal
Oracle
Netapp
Tenable
In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e.
6.1
2020-04-29 CVE-2020-12462 Ninjaforms Cross-Site Request Forgery (CSRF) vulnerability in Ninjaforms Ninja Forms

The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS.

6.1
2020-04-29 CVE-2020-10797 Netgate Cross-site Scripting vulnerability in Netgate Pfsense

An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version.

6.1
2020-04-28 CVE-2020-5568 Cybozu Cross-site Scripting vulnerability in Cybozu Garoon

Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.

6.1
2020-04-28 CVE-2020-5564 Cybozu Cross-site Scripting vulnerability in Cybozu Garoon

Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.

6.1
2020-04-27 CVE-2018-21155 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

6.1
2020-04-27 CVE-2020-11822 Rukovoditel Cross-site Scripting vulnerability in Rukovoditel 2.5.2

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure --> user access groups page.

6.1
2020-04-27 CVE-2020-12052 Grafana Cross-site Scripting vulnerability in Grafana

Grafana version < 6.7.3 is vulnerable for annotation popup XSS.

6.1
2020-04-29 CVE-2020-7453 Freebsd Improper Check for Unusual or Exceptional Conditions vulnerability in Freebsd 11.3/12.1

In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r359020, and 11.3-RELEASE before 11.3-RELEASE-p7, a missing null termination check in the jail_set configuration option "osrelease" may return more bytes with a subsequent jail_get system call allowing a malicious jail superuser with permission to create nested jails to read kernel memory.

6.0
2020-04-29 CVE-2019-19101 BR Automation Improper Certificate Validation vulnerability in Br-Automation Automation Studio

A missing secure communication definition and an incomplete TLS validation in the upgrade service in B&R Automation Studio versions 4.0.x, 4.1.x, 4.2.x, < 4.3.11SP, < 4.4.9SP, < 4.5.5SP, < 4.6.4 and < 4.7.2 enable unauthenticated users to perform MITM attacks via the B&R upgrade server.

5.9
2020-04-30 CVE-2020-6867 ZTE Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in ZTE Zenic ONE R22B 16.19.10P02Sp002/6.19.10P02Sp005

ZTE's SDON controller is impacted by the resource management error vulnerability.

5.5
2020-04-30 CVE-2020-5890 F5 Information Exposure vulnerability in F5 products

On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace.

5.5
2020-04-29 CVE-2020-12459 Grafana
Fedoraproject
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.

5.5
2020-04-29 CVE-2020-12458 Grafana
Redhat
Fedoraproject
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

An information-disclosure flaw was found in Grafana through 6.7.3.

5.5
2020-04-29 CVE-2018-21232 Re2C Uncontrolled Recursion vulnerability in Re2C 1.3

re2c before 2.0 has uncontrolled recursion that causes stack consumption in find_fixed_tags.

5.5
2020-04-28 CVE-2019-15877 Freebsd Missing Authorization vulnerability in Freebsd 12.1

In FreeBSD 12.1-STABLE before r356606 and 12.1-RELEASE before 12.1-RELEASE-p3, driver specific ioctl command handlers in the ixl network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to trigger updates to the device's non-volatile memory.

5.5
2020-04-28 CVE-2019-15876 Freebsd Missing Authorization vulnerability in Freebsd 11.3/12.1

In FreeBSD 12.1-STABLE before r356089, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r356090, and 11.3-RELEASE before 11.3-RELEASE-p7, driver specific ioctl command handlers in the oce network driver failed to check whether the caller has sufficient privileges allowing unprivileged users to send passthrough commands to the device firmware.

5.5
2020-04-27 CVE-2018-21167 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

5.5
2020-04-27 CVE-2020-1880 Huawei Improper Input Validation vulnerability in Huawei Lion-Al00C Firmware

Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability.

5.5
2020-04-27 CVE-2020-9489 Apache
Oracle
Infinite Loop vulnerability in multiple products

A carefully crafted or corrupt file may trigger a System.exit in Tika's OneNote Parser.

5.5
2020-04-30 CVE-2020-11030 Wordpress
Debian
Cross-site Scripting vulnerability in multiple products

In affected versions of WordPress, a special payload can be crafted that can lead to scripts getting executed within the search block of the block editor.

5.4
2020-04-30 CVE-2020-11026 Wordpress
Debian
Cross-site Scripting vulnerability in multiple products

In affected versions of WordPress, files with a specially crafted name when uploaded to the Media section can lead to script execution upon accessing the file.

5.4
2020-04-30 CVE-2020-11025 Wordpress
Debian
Cross-site Scripting vulnerability in multiple products

In affected versions of WordPress, a cross-site scripting (XSS) vulnerability in the navigation section of Customizer allows JavaScript code to be executed.

5.4
2020-04-30 CVE-2020-5889 F5 Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager

On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, in BIG-IP APM portal access, a specially crafted HTTP request can lead to reflected XSS after the BIG-IP APM system rewrites the HTTP response from the untrusted backend server and sends it to the client.

5.4
2020-04-29 CVE-2020-12472 Mono Cross-site Scripting vulnerability in Mono Monox 5.1.40.5152

MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.

5.4
2020-04-29 CVE-2019-7634 Ifrn Cross-site Scripting vulnerability in Ifrn Sistema Unificado DE Administracao Publica 2.0

SUAP V2 allows XSS during the update of user information.

5.4
2020-04-28 CVE-2020-12261 Opmantek Cross-site Scripting vulnerability in Opmantek Open-Audit 3.3.0

Open-AudIT 3.3.0 allows an XSS attack after login.

5.4
2020-04-28 CVE-2020-12438 PHP Fusion Cross-site Scripting vulnerability in PHP-Fusion 9.03.50

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50.

5.4
2020-04-28 CVE-2020-10944 Hashicorp Cross-site Scripting vulnerability in Hashicorp Nomad

HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI.

5.4
2020-04-28 CVE-2020-10094 Lexmark Cross-site Scripting vulnerability in Lexmark products

A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74.VY2.P273; CS51x before LW74.VY4.P273; CX310 before LW74.GM2.P273; CX410 & XC2130 before LW74.GM4.P273; CX510 & XC2132 before LW74.GM7.P273; MS310, MS312, MS317 before LW74.PRL.P273; MS410, M1140 before LW74.PRL.P273; MS315, MS415, MS417 before LW74.TL2.P273; MS51x, MS610dn, MS617 before LW74.PR2.P273; M1145, M3150dn before LW74.PR2.P273; MS610de, M3150 before LW74.PR4.P273; MS71x,M5163dn before LW74.DN2.P273; MS810, MS811, MS812, MS817, MS818 before LW74.DN2.P273; MS810de, M5155, M5163 before LW74.DN4.P273; MS812de, M5170 before LW74.DN7.P273; MS91x before LW74.SA.P273; MX31x, XM1135 before LW74.SB2.P273; MX410, MX510 & MX511 before LW74.SB4.P273; XM1140, XM1145 before LW74.SB4.P273; MX610 & MX611 before LW74.SB7.P273; XM3150 before LW74.SB7.P273; MX71x, MX81x before LW74.TU.P273; XM51xx & XM71xx before LW74.TU.P273; MX91x & XM91x before LW74.MG.P273; MX6500e before LW74.JD.P273; C746 before LHS60.CM2.P738; C748, CS748 before LHS60.CM4.P738; C792, CS796 before LHS60.HC.P738; C925 before LHS60.HV.P738; C950 before LHS60.TP.P738; X548 & XS548 before LHS60.VK.P738; X74x & XS748 before LHS60.NY.P738; X792 & XS79x before LHS60.MR.P738; X925 & XS925 before LHS60.HK.P738; X95x & XS95x before LHS60.TQ.P738; 6500e before LHS60.JR.P738;C734 LR.SK.P824 and earlier; C736 LR.SKE.P824 and earlier; E46x LR.LBH.P824 and earlier; T65x LR.JP.P824 and earlier; X46x LR.BS.P824 and earlier; X65x LR.MN.P824 and earlier; X73x LR.FL.P824 and earlier; W850 LP.JB.P823 and earlier; and X86x LP.SP.P823 and earlier.

5.4
2020-04-28 CVE-2020-10093 Lexmark Cross-site Scripting vulnerability in Lexmark products

A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued products.

5.4
2020-04-28 CVE-2020-5570 NI Consul Cross-site Scripting vulnerability in Ni-Consul Sales Force Assistant 11.2.48

Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

5.4
2020-04-27 CVE-2019-18223 Eleveo Cross-site Scripting vulnerability in Eleveo Call Recording 6.3.1

ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the (1) User Edit or (2) User Add form, (3) name field in the Role Add form, (4) name or number field in the Edit Group form, (5) tagKey or tagValue field in the Recording Rules Configuration, or (6) txt_69735:/VemailAddress/value or txt_75767:/VemailFrom/value field in callrec/config.

5.4
2020-05-01 CVE-2020-12117 Moxa Missing Authentication for Critical Function vulnerability in Moxa Nport 5100A Firmware 1.5

Moxa Service in Moxa NPort 5150A firmware version 1.5 and earlier allows attackers to obtain sensitive configuration values via a crafted packet to UDP port 4800.

5.3
2020-04-29 CVE-2020-12277 Gitlab Incorrect Default Permissions vulnerability in Gitlab

GitLab 10.8 through 12.9 has a vulnerability that allows someone to mirror a repository even if the feature is not activated.

5.3
2020-04-29 CVE-2020-12275 Gitlab Unspecified vulnerability in Gitlab

GitLab 12.6 through 12.9 is vulnerable to a privilege escalation that allows an external user to create a personal snippet through the API.

5.3
2020-04-28 CVE-2020-7451 Freebsd Use of Uninitialized Resource vulnerability in Freebsd 11.3/12.1

In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r358740, and 11.3-RELEASE before 11.3-RELEASE-p7, a TCP SYN-ACK or challenge TCP-ACK segment over IPv6 that is transmitted or retransmitted does not properly initialize the Traffic Class field disclosing one byte of kernel memory over the network.

5.3
2020-04-28 CVE-2020-5563 Cybozu Improper Authentication vulnerability in Cybozu Garoon

Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.

5.3
2020-04-27 CVE-2020-1722 Freeipa
Redhat
A flaw was found in all ipa versions 4.x.x through 4.8.0.
5.3
2020-04-27 CVE-2019-5303 Huawei Improper Input Validation vulnerability in Huawei products

There are two denial of service vulnerabilities on some Huawei smartphones.

5.3
2020-04-27 CVE-2019-5302 Huawei Improper Input Validation vulnerability in Huawei products

There are two denial of service vulnerabilities on some Huawei smartphones.

5.3
2020-04-27 CVE-2020-11821 Rukovoditel Insufficiently Protected Credentials vulnerability in Rukovoditel 2.5.2

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing.

5.3
2020-04-27 CVE-2020-12272 Trusteddomain
Fedoraproject
Authentication Bypass by Spoofing vulnerability in multiple products

OpenDMARC through 1.3.2 and 1.4.x allows attacks that inject authentication results to provide false information about the domain that originated an e-mail message.

5.3
2020-04-30 CVE-2020-10691 Redhat Path Traversal vulnerability in Redhat Ansible Engine and Ansible Tower

An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when running ansible-galaxy collection install.

5.2
2020-04-30 CVE-2020-6866 ZTE Unspecified vulnerability in ZTE Zxctn 6500 Firmware 2.10.00R3B87

A ZTE product is impacted by a resource management error vulnerability.

4.9
2020-04-28 CVE-2020-1774 Otrs
Debian
When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys.
4.9
2020-04-28 CVE-2020-5562 Cybozu Server-Side Request Forgery (SSRF) vulnerability in Cybozu Garoon

Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.

4.9
2020-04-27 CVE-2018-21159 Netgear Unspecified vulnerability in Netgear Readynas OS

NETGEAR ReadyNAS devices before 6.9.3 are affected by incorrect configuration of security settings.

4.9
2020-04-27 CVE-2020-11415 Sonatype Cleartext Storage of Sensitive Information vulnerability in Sonatype Nexus Repository Manager

An issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.17 and 3.x before 3.22.1.

4.9
2020-04-29 CVE-2020-12276 Gitlab Cross-site Scripting vulnerability in Gitlab

GitLab 9.5.9 through 12.9 is vulnerable to stored XSS in an admin notification feature.

4.8
2020-04-28 CVE-2018-21209 Netgear Cross-site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by reflected XSS.

4.8
2020-04-30 CVE-2020-11037 Torchbox Race Condition vulnerability in Torchbox Wagtail 2.8/2.8.1

In Wagtail before versions 2.7.3 and 2.8.2, a potential timing attack exists on pages or documents that have been protected with a shared password through Wagtail's "Privacy" controls.

4.7
2020-05-02 CVE-2020-5727 Simplisafe Improper Authentication vulnerability in Simplisafe SS3 Firmware 1.0/1.3

Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.

4.6
2020-04-30 CVE-2020-12101 XT Commerce Incorrect Default Permissions vulnerability in Xt-Commerce

The address-management feature in xt:Commerce 5.1 to 6.2.2 allows remote authenticated users to zero out other user's stored addresses by manipulating an id field in the POST request for altering an address.

4.3
2020-04-30 CVE-2020-9387 Mahara Information Exposure vulnerability in Mahara

In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on.

4.3
2020-04-29 CVE-2019-4288 IBM Unspecified vulnerability in IBM Maximo Anywhere

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device.

4.3
2020-04-29 CVE-2019-4286 IBM Information Exposure Through Log Files vulnerability in IBM Maximo Anywhere

IBM Maximo Anywhere 7.6.2.0, 7.6.2.1, 7.6.3.0, and 7.6.3.1 could disclose highly senstiive user information to an authenticated user with physical access to the device.

4.3
2020-04-28 CVE-2016-11055 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

4.3
2020-04-28 CVE-2020-4329 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0 and Liberty 17.0.0.3 through 20.0.0.4 could allow a remote, authenticated attacker to obtain sensitive information, caused by improper parameter checking.

4.3
2020-04-28 CVE-2020-12286 Octopus Unspecified vulnerability in Octopus Deploy

In Octopus Deploy before 2019.12.9 and 2020 before 2020.1.12, the TaskView permission is not scoped to any dimension.

4.3
2020-04-28 CVE-2020-5566 Cybozu Unspecified vulnerability in Cybozu Garoon

Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.

4.3
2020-04-28 CVE-2020-5565 Cybozu Improper Input Validation vulnerability in Cybozu Garoon

Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.

4.3
2020-04-27 CVE-2018-21095 Netgear Cross-site Scripting vulnerability in Netgear Srr60 Firmware and Srs60 Firmware

Certain NETGEAR devices are affected by stored XSS.

4.3
2020-04-27 CVE-2019-4729 IBM
Netapp
Information Exposure Through an Error Message vulnerability in multiple products

IBM Cognos Analytics 11.0 and 11.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.3

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-04-30 CVE-2020-5893 F5 Cleartext Transmission of Sensitive Information vulnerability in F5 Big-Ip Access Policy Manager

In versions 7.1.5-7.1.8, when a user connects to a VPN using BIG-IP Edge Client over an unsecure network, BIG-IP Edge Client responds to authentication requests over HTTP while sending probes for captive portal detection.

3.7
2020-04-27 CVE-2020-9488 Apache
Oracle
Debian
QOS
Improper Certificate Validation vulnerability in multiple products

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender.

3.7
2020-04-27 CVE-2020-11810 Openvpn
Debian
Fedoraproject
Race Condition vulnerability in multiple products

An issue was discovered in OpenVPN 2.4.x before 2.4.9.

3.7
2020-04-27 CVE-2020-1807 Huawei Unspecified vulnerability in Huawei Mate 20 Firmware

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.188(C00E74R3P8) have an improper authorization vulnerability.

3.5
2020-04-29 CVE-2020-8478 ABB Injection vulnerability in ABB Base Software, MMS Server and OPC Server

Insufficient protection of the inter-process communication functions in ABB System 800xA products OPC Server for AC 800M, MMS Server for AC 800M and Base Software for SoftControl (all published versions) enables an attacker authenticated on the local system to inject data, affecting the online view of runtime data shown in Control Builder.

3.3
2020-04-28 CVE-2019-15790 Apport Project
Canonical
Improper Privilege Management vulnerability in multiple products

Apport reads and writes information on a crashed process to /proc/pid with elevated privileges.

3.3
2020-04-27 CVE-2020-11869 Qemu Integer Overflow or Wraparound vulnerability in Qemu

An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation.

3.3
2020-04-29 CVE-2020-12251 Gigamon Path Traversal vulnerability in Gigamon Gigavue

An issue was discovered in Gigamon GigaVUE 5.5.01.11.

2.2