Weekly Vulnerabilities Reports > May 11 to 17, 2020

Overview

264 new vulnerabilities reported during this period, including 38 critical vulnerabilities and 115 high severity vulnerabilities. This weekly summary report vulnerabilities in 403 products from 93 vendors including Google, IBM, Paloaltonetworks, SAP, and Debian. Vulnerabilities are notably categorized as "Out-of-bounds Write", "Cross-site Scripting", "Missing Authorization", "Improper Input Validation", and "Out-of-bounds Read".

  • 173 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 60 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 140 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 32 reported vulnerabilities.
  • Google has the most reported critical vulnerabilities, with 5 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

38 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-14 CVE-2020-11066 Typo3 Unspecified vulnerability in Typo3

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object attributes and result in triggering deletion of an arbitrary directory in the file system, if it is writable for the web server.

10.0
2020-05-17 CVE-2020-13126 Elementor Unrestricted Upload of File with Dangerous Type vulnerability in Elementor Page Builder

An issue was discovered in the Elementor Pro plugin before 2.9.4 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13125.

9.9
2020-05-16 CVE-2020-13118 Mikrotik Router Monitoring System Project SQL Injection vulnerability in Mikrotik-Router-Monitoring-System Project Mikrotik-Router-Monitoring-System 20181022

An issue was discovered in Mikrotik-Router-Monitoring-System through 2018-10-22.

9.8
2020-05-16 CVE-2020-13109 Seta Out-of-bounds Write vulnerability in Seta Morita Shogi 64 20200502

Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow.

9.8
2020-05-15 CVE-2020-8149 Logkitty Project Code Injection vulnerability in Logkitty Project Logkitty

Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty npm package before version 0.7.1.

9.8
2020-05-15 CVE-2020-13092 Scikit Learn Deserialization of Untrusted Data vulnerability in Scikit-Learn

scikit-learn (aka sklearn) through 0.23.0 can unserialize and execute commands from an untrusted file that is passed to the joblib.load() function, if __reduce__ makes an os.system call.

9.8
2020-05-15 CVE-2020-13091 Numfocus Deserialization of Untrusted Data vulnerability in Numfocus Pandas

pandas through 1.0.3 can unserialize and execute commands from an untrusted file that is passed to the read_pickle() function, if __reduce__ makes an os.system call.

9.8
2020-05-15 CVE-2020-12889 Misp Unspecified vulnerability in Misp Misp-Maltego 1.4.4

MISP MISP-maltego 1.4.4 incorrectly shares a MISP connection across users in a remote-transform use case.

9.8
2020-05-15 CVE-2020-12651 Vandyke Integer Overflow or Wraparound vulnerability in Vandyke Securecrt

SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX.

9.8
2020-05-15 CVE-2019-18666 Dlink Missing Authentication for Critical Function vulnerability in Dlink Dap-1360 Revision F Firmware 6.12B01

An issue was discovered on D-Link DAP-1360 revision F devices.

9.8
2020-05-15 CVE-2020-12834 EQ 3 Incorrect Default Permissions vulnerability in Eq-3 Ccu3 Firmware and Homematic Ccu2 Firmware

eQ-3 Homematic Central Control Unit (CCU)2 through 2.51.6 and CCU3 through 3.51.6 allow Remote Code Execution in the JSON API Method ReGa.runScript, by unauthenticated attackers with access to the web interface, due to the default auto-login feature being enabled during first-time setup (or factory reset).

9.8
2020-05-14 CVE-2020-10620 Opto22 Missing Authorization vulnerability in Opto22 Softpac Project 9.6

Opto 22 SoftPAC Project Version 9.6 and prior.

9.8
2020-05-14 CVE-2020-0221 Google Incorrect Calculation vulnerability in Google Android

Airbrush FW's scratch memory allocator is susceptible to numeric overflow.

9.8
2020-05-14 CVE-2020-0103 Google Release of Invalid Pointer or Reference vulnerability in Google Android 10.0/9.0

In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption.

9.8
2020-05-14 CVE-2020-12874 Veritas Improper Authentication vulnerability in Veritas Aptare

Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server.

9.8
2020-05-14 CVE-2020-11973 Apache
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

Apache Camel Netty enables Java deserialization by default.

9.8
2020-05-14 CVE-2020-11972 Apache
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

Apache Camel RabbitMQ enables Java deserialization by default.

9.8
2020-05-14 CVE-2019-17562 Apache Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Apache Cloudstack

A buffer overflow vulnerability has been found in the baremetal component of Apache CloudStack.

9.8
2020-05-14 CVE-2019-13022 Jetstream Use of a Broken or Risky Cryptographic Algorithm vulnerability in Jetstream Jetselect

Bond JetSelect (all versions) has an issue in the Java class (ENCtool.jar) and corresponding password generation algorithm (used to set initial passwords upon first installation).

9.8
2020-05-13 CVE-2020-2001 Paloaltonetworks Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os

An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges.

9.8
2020-05-13 CVE-2020-12832 Simplefilelist Path Traversal vulnerability in Simplefilelist Simple-File-List

WordPress Plugin Simple File List before 4.2.8 is prone to a vulnerability that lets attackers delete arbitrary files because the application fails to properly verify user-supplied input.

9.8
2020-05-13 CVE-2020-9502 Dahuasecurity Use of Insufficiently Random Values vulnerability in Dahuasecurity products

Some Dahua products with Build time before December 2019 have Session ID predictable vulnerabilities.

9.8
2020-05-13 CVE-2020-7454 Freebsd Out-of-bounds Write vulnerability in Freebsd 11.3/11.4/12.1

In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module.

9.8
2020-05-13 CVE-2019-15880 Freebsd Improper Input Validation vulnerability in Freebsd 12.1

In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic.

9.8
2020-05-13 CVE-2020-12763 Trendnet Out-of-bounds Write vulnerability in Trendnet Tv-Ip512Wn Firmware 1.0.4

TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets.

9.8
2020-05-13 CVE-2020-10654 Pingidentity Out-of-bounds Write vulnerability in Pingidentity Pingid SSH Integration

Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers.

9.8
2020-05-12 CVE-2020-6242 SAP Missing Authentication for Critical Function vulnerability in SAP Businessobjects Business Intelligence Platform

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.

9.8
2020-05-12 CVE-2020-12823 Infradead
Fedoraproject
Debian
Opensuse
Classic Buffer Overflow vulnerability in multiple products

OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c.

9.8
2020-05-12 CVE-2020-1939 Apache NULL Pointer Dereference vulnerability in Apache Nuttx

The Apache NuttX (Incubating) project provides an optional separate "apps" repository which contains various optional components and example programs.

9.8
2020-05-12 CVE-2020-8159 Rubyonrails
Debian
Path Traversal vulnerability in multiple products

There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view.

9.8
2020-05-11 CVE-2020-10022 Zephyrproject Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0

A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS.

9.8
2020-05-11 CVE-2018-1285 Apache
Fedoraproject
Oracle
Netapp
XXE vulnerability in multiple products

Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files.

9.8
2020-05-11 CVE-2020-12753 Google Out-of-bounds Write vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software.

9.8
2020-05-11 CVE-2020-12747 Google Out-of-bounds Write vulnerability in Google Android 10.0

An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software.

9.8
2020-05-11 CVE-2020-12746 Google Out-of-bounds Write vulnerability in Google Android

An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software.

9.8
2020-05-11 CVE-2020-12743 Gazie Project Files or Directories Accessible to External Parties vulnerability in Gazie Project Gazie

An issue was discovered in Gazie 7.32.

9.8
2020-05-14 CVE-2020-10612 Opto22 Missing Authorization vulnerability in Opto22 Softpac Project 9.6

Opto 22 SoftPAC Project Version 9.6 and prior.

9.1
2020-05-13 CVE-2020-2018 Paloaltonetworks Improper Authentication vulnerability in Paloaltonetworks Pan-Os

An authentication bypass vulnerability in the Panorama context switching feature allows an attacker with network access to a Panorama's management interface to gain privileged access to managed firewalls.

9.0

115 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-14 CVE-2020-10616 Opto22 Uncontrolled Search Path Element vulnerability in Opto22 Softpac Project 9.6

Opto 22 SoftPAC Project Version 9.6 and prior.

8.8
2020-05-14 CVE-2020-5577 Sixapart Unrestricted Upload of File with Dangerous Type vulnerability in Sixapart Movable Type

Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allow remote authenticated attackers to upload arbitrary files and execute a php script via unspecified vectors.

8.8
2020-05-14 CVE-2020-5576 Sixapart Cross-Site Request Forgery (CSRF) vulnerability in Sixapart Movable Type

Cross-site request forgery (CSRF) vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to hijack the authentication of administrators via unspecified vectors.

8.8
2020-05-14 CVE-2020-11069 Typo3 Unspecified vulnerability in Typo3

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that the backend user interface and install tool are vulnerable to a same-site request forgery.

8.8
2020-05-14 CVE-2020-11067 Typo3 Deserialization of Untrusted Data vulnerability in Typo3

In TYPO3 CMS 9.0.0 through 9.5.16 and 10.0.0 through 10.4.1, it has been discovered that backend user settings (in $BE_USER->uc) are vulnerable to insecure deserialization.

8.8
2020-05-13 CVE-2020-2015 Paloaltonetworks Classic Buffer Overflow vulnerability in Paloaltonetworks Pan-Os

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges.

8.8
2020-05-13 CVE-2020-2014 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges.

8.8
2020-05-13 CVE-2020-2013 Paloaltonetworks Cleartext Transmission of Sensitive Information vulnerability in Paloaltonetworks Pan-Os

A cleartext transmission of sensitive information vulnerability in Palo Alto Networks PAN-OS Panorama that discloses an authenticated PAN-OS administrator's PAN-OS session cookie.

8.8
2020-05-13 CVE-2020-2006 Paloaltonetworks Out-of-bounds Write vulnerability in Paloaltonetworks Pan-Os

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges.

8.8
2020-05-13 CVE-2020-1998 Paloaltonetworks Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os

An improper authorization vulnerability in PAN-OS that mistakenly uses the permissions of local linux users instead of the intended SAML permissions of the account when the username is shared for the purposes of SSO authentication.

8.8
2020-05-13 CVE-2020-1714 Redhat
Quarkus
Improper Input Validation vulnerability in multiple products

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks.

8.8
2020-05-13 CVE-2020-5407 Pivotal Software Improper Verification of Cryptographic Signature vulnerability in Pivotal Software Spring Security

Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation.

8.8
2020-05-13 CVE-2020-12427 Westerndigital Cross-Site Request Forgery (CSRF) vulnerability in Westerndigital WD Discovery 2.12.127

The Western Digital WD Discovery application before 3.8.229 for MyCloud Home on Windows and macOS is vulnerable to CSRF, with impacts such as stealing data, modifying disk contents, or exhausting disk space.

8.8
2020-05-13 CVE-2019-16112 Tylertech Deserialization of Untrusted Data vulnerability in Tylertech Eagle 2018.3.11

TylerTech Eagle 2018.3.11 deserializes untrusted user input, resulting in remote code execution via a crafted Java object to the recorder/ServiceManager?service=tyler.empire.settings.SettingManager URI.

8.8
2020-05-12 CVE-2020-1718 Redhat Improper Authentication vulnerability in Redhat Keycloak

A flaw was found in the reset credential flow in all Keycloak versions before 8.0.0.

8.8
2020-05-12 CVE-2020-11057 Xwiki Code Injection vulnerability in Xwiki

In XWiki Platform 7.2 through 11.10.2, registered users without scripting/programming permissions are able to execute python/groovy scripts while editing personal dashboards.

8.8
2020-05-12 CVE-2020-12772 Igniterealtime Information Exposure vulnerability in Igniterealtime Spark 2.8.3

An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows.

8.8
2020-05-12 CVE-2020-11060 Glpi Project Cross-Site Request Forgery (CSRF) vulnerability in Glpi-Project Glpi

In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality.

8.8
2020-05-12 CVE-2020-6262 SAP Code Injection vulnerability in SAP Application Server

Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed by the application.

8.8
2020-05-12 CVE-2020-6249 SAP SQL Injection vulnerability in SAP products

The use of an admin backend report within SAP Master Data Governance, versions - S4CORE 101, S4FND 102, 103, 104, SAP_BS_FND 748; allows an attacker to execute crafted database queries, exposing the backend database, leading to SQL Injection.

8.8
2020-05-12 CVE-2020-6243 SAP Code Injection vulnerability in SAP Adaptive Server Enterprise 15.7/16.0

Under certain conditions, SAP Adaptive Server Enterprise (XP Server on Windows Platform), versions 15.7, 16.0, does not perform the necessary checks for an authenticated user while executing the extended stored procedure, allowing an attacker to read, modify, delete restricted data on connected servers, leading to Code Injection.

8.8
2020-05-12 CVE-2020-6241 SAP SQL Injection vulnerability in SAP Adaptive Server Enterprise 16.0

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated user to execute crafted database queries to elevate privileges of users in the system, leading to SQL Injection.

8.8
2020-05-12 CVE-2020-5897 F5 Use After Free vulnerability in F5 Big-Ip Access Policy Manager

In versions 7.1.5-7.1.9, there is use-after-free memory vulnerability in the BIG-IP Edge Client Windows ActiveX component.

8.8
2020-05-11 CVE-2020-12760 Opennms Deserialization of Untrusted Data vulnerability in Opennms Horizon and Opennms Meridian

An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7.

8.8
2020-05-11 CVE-2020-11108 PI Hole Unrestricted Upload of File with Dangerous Type vulnerability in Pi-Hole

The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files.

8.8
2020-05-12 CVE-2020-11072 Simpleledger Incorrect Comparison vulnerability in Simpleledger Slp-Validate 1.0.0

In SLP Validate (npm package slp-validate) before version 1.2.1, users could experience false-negative validation outcomes for MINT transaction operations.

8.6
2020-05-12 CVE-2020-11071 Simpleledger Incorrect Comparison vulnerability in Simpleledger Slpjs

SLPJS (npm package slpjs) before version 0.27.2, has a vulnerability where users could experience false-negative validation outcomes for MINT transaction operations.

8.6
2020-05-15 CVE-2019-20390 Intelliants Cross-Site Request Forgery (CSRF) vulnerability in Intelliants Subrion 4.2.1

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in Subrion CMS 4.2.1 that allows a remote attacker to remove files on the server without a victim's knowledge, by enticing an authenticated user to visit an attacker's web page.

8.1
2020-05-13 CVE-2020-2002 Paloaltonetworks Authentication Bypass by Spoofing vulnerability in Paloaltonetworks Pan-Os

An authentication bypass by spoofing vulnerability exists in the authentication daemon and User-ID components of Palo Alto Networks PAN-OS by failing to verify the integrity of the Kerberos key distribution center (KDC) before authenticating users.

8.1
2020-05-13 CVE-2019-9682 Dahuasecurity Incorrect Default Permissions vulnerability in Dahuasecurity products

Dahua devices with Build time before December 2019 use strong security login mode by default, but in order to be compatible with the normal login of early devices, some devices retain the weak security login mode that users can control.

8.1
2020-05-12 CVE-2020-8153 Nextcloud
Fedoraproject
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when renaming an accessible item to the same name.

8.1
2020-05-11 CVE-2020-12785 Cpanel Unspecified vulnerability in Cpanel

cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540).

8.1
2020-05-12 CVE-2020-6252 SAP Unspecified vulnerability in SAP Adaptive Server Enterprise Cockpit 16.0

Under certain conditions SAP Adaptive Server Enterprise (Cockpit), version 16.0, allows an attacker with access to local network, to get sensitive and confidential information, leading to Information Disclosure.

8.0
2020-05-16 CVE-2020-13110 Kerberos Project Uncontrolled Search Path Element vulnerability in Kerberos Project Kerberos

The kerberos package before 1.0.0 for Node.js allows arbitrary code execution and privilege escalation via injection of malicious DLLs through use of the kerberos_sspi LoadLibrary() method, because of a DLL path search.

7.8
2020-05-15 CVE-2020-12798 SUN Denshi Improper Privilege Management vulnerability in Sun-Denshi Universal Forensic Extraction Device Firmware 5.0/7.5.0.845

Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen.

7.8
2020-05-15 CVE-2019-19721 Videolan Off-by-one Error vulnerability in Videolan VLC Media Player

An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file.

7.8
2020-05-15 CVE-2018-10756 Transmissionbt
Debian
Fedoraproject
Use After Free vulnerability in multiple products

Use-after-free in libtransmission/variant.c in Transmission before 3.00 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted torrent file.

7.8
2020-05-14 CVE-2020-0110 Google
Intel
Out-of-bounds Write vulnerability in multiple products

In psi_write of psi.c, there is a possible out of bounds write due to a missing bounds check.

7.8
2020-05-14 CVE-2020-0109 Google Missing Authorization vulnerability in Google Android 10.0/9.0

In simulatePackageSuspendBroadcast of NotificationManagerService.java, there is a missing permission check.

7.8
2020-05-14 CVE-2020-0105 Google Missing Authorization vulnerability in Google Android 10.0/9.0

In onKeyguardVisibilityChanged of key_store_service.cpp, there is a missing permission check.

7.8
2020-05-14 CVE-2020-0102 Google Out-of-bounds Write vulnerability in Google Android

In GattServer::SendResponse of gatt_server.cc, there is a possible out of bounds write due to an incorrect bounds check.

7.8
2020-05-14 CVE-2020-0098 Google Unspecified vulnerability in Google Android

In navigateUpToLocked of ActivityStack.java, there is a possible permission bypass due to a confused deputy.

7.8
2020-05-14 CVE-2020-0097 Google Incorrect Authorization vulnerability in Google Android 10.0/9.0

In various methods of PackageManagerService.java, there is a possible permission bypass due to a missing condition for system apps.

7.8
2020-05-14 CVE-2020-0096 Google Unspecified vulnerability in Google Android 8.0/8.1/9.0

In startActivities of ActivityStartController.java, there is a possible escalation of privilege due to a confused deputy.

7.8
2020-05-14 CVE-2020-0094 Google Out-of-bounds Write vulnerability in Google Android 10.0/9.0

In setImageHeight and setImageWidth of ExifUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check.

7.8
2020-05-14 CVE-2020-0024 Google Incorrect Default Permissions vulnerability in Google Android

In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass.

7.8
2020-05-14 CVE-2020-4468 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption.

7.8
2020-05-14 CVE-2020-4467 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption.

7.8
2020-05-14 CVE-2020-4422 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8
2020-05-14 CVE-2020-4343 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8
2020-05-14 CVE-2020-4288 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error.

7.8
2020-05-14 CVE-2020-4287 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error.

7.8
2020-05-14 CVE-2020-4285 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error.

7.8
2020-05-14 CVE-2020-4266 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8
2020-05-14 CVE-2020-4264 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8
2020-05-14 CVE-2020-4263 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8
2020-05-14 CVE-2020-4262 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8
2020-05-14 CVE-2020-4261 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8
2020-05-14 CVE-2020-4258 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8
2020-05-14 CVE-2020-4257 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.8
2020-05-14 CVE-2020-10626 Fazecast
Schneider Electric
Uncontrolled Search Path Element vulnerability in multiple products

In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability could allow a malicious DLL file with the same name of any resident DLLs inside the software installation to execute arbitrary code.

7.8
2020-05-13 CVE-2020-11073 Autoswitch Python Virtualenv Project Path Traversal vulnerability in Autoswitch Python Virtualenv Project Autoswitch Python Virtualenv

In Autoswitch Python Virtualenv before version 0.16.0, a user who enters a directory with a malicious `.venv` file could run arbitrary code without any user interaction.

7.8
2020-05-13 CVE-2019-15878 Freebsd Use After Free vulnerability in Freebsd 11.3/12.1

In FreeBSD 12.1-STABLE before r352509, 11.3-STABLE before r352509, and 11.3-RELEASE before p9, an unprivileged local user can trigger a use-after-free situation due to improper checking in SCTP when an application tries to update an SCTP-AUTH shared key.

7.8
2020-05-12 CVE-2020-6244 SAP Uncontrolled Search Path Element vulnerability in SAP Business Client 7.0

SAP Business Client, version 7.0, allows an attacker after a successful social engineering attack to inject malicious code as a DLL file in untrusted directories that can be executed by the application, due to uncontrolled search path element.

7.8
2020-05-12 CVE-2020-5896 F5 Incorrect Default Permissions vulnerability in F5 Big-Ip Access Policy Manager

On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions.

7.8
2020-05-11 CVE-2020-10067 Zephyrproject Integer Overflow or Wraparound vulnerability in Zephyrproject Zephyr 1.14.1/2.1.0

A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers.

7.8
2020-05-11 CVE-2020-10058 Zephyrproject Improper Input Validation vulnerability in Zephyrproject Zephyr 2.1.0

Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges.

7.8
2020-05-11 CVE-2020-10028 Zephyrproject Improper Input Validation vulnerability in Zephyrproject Zephyr 1.14.0/2.1.0

Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions.

7.8
2020-05-11 CVE-2020-10027 Zephyrproject Incorrect Comparison vulnerability in Zephyrproject Zephyr 1.14.0/2.1.0

An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel.

7.8
2020-05-11 CVE-2020-10024 Zephyrproject Incorrect Comparison vulnerability in Zephyrproject Zephyr 1.14.2/2.1.0

The arm platform-specific code uses a signed integer comparison when validating system call numbers.

7.8
2020-05-11 CVE-2020-10021 Zephyrproject Out-of-bounds Write vulnerability in Zephyrproject Zephyr

Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions.

7.8
2020-05-11 CVE-2020-10019 Zephyrproject Classic Buffer Overflow vulnerability in Zephyrproject Zephyr

USB DFU has a potential buffer overflow where the requested length (wLength) is not checked against the buffer size.

7.8
2020-05-11 CVE-2020-5837 Symantec Link Following vulnerability in Symantec Endpoint Protection

Symantec Endpoint Protection, prior to 14.3, may not respect file permissions when writing to log files that are replaced by symbolic links, which can lead to a potential elevation of privilege.

7.8
2020-05-11 CVE-2020-5836 Symantec Unspecified vulnerability in Symantec Endpoint Protection

Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.

7.8
2020-05-11 CVE-2019-19162 Tobesoft Use After Free vulnerability in Tobesoft Xplatform

A use-after-free vulnerability in the TOBESOFT XPLATFORM versions 9.1 to 9.2.2 may lead to code execution on a system running it.

7.8
2020-05-11 CVE-2020-12754 Google Unspecified vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software.

7.8
2020-05-11 CVE-2020-12751 Google Out-of-bounds Write vulnerability in Google Android

An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software.

7.8
2020-05-11 CVE-2020-12749 Google Classic Buffer Overflow vulnerability in Google Android 9.0

An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software.

7.8
2020-05-11 CVE-2020-11866 Libemf Project
Opensuse
Fedoraproject
Use After Free vulnerability in multiple products

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free.

7.8
2020-05-11 CVE-2020-11865 Libemf Project
Opensuse
Fedoraproject
Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products

libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access.

7.8
2020-05-11 CVE-2020-5538 Jalinfotec Unspecified vulnerability in Jalinfotec Pallet Control 6.2/6.3

Improper Access Control in PALLET CONTROL Ver.

7.8
2020-05-12 CVE-2020-8154 Nextcloud Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server

An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to remote wipe devices of other users when sending a malicious request directly to the endpoint.

7.7
2020-05-16 CVE-2020-13111 Naviserver Project Out-of-bounds Write vulnerability in Naviserver Project Naviserver

NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk.

7.5
2020-05-15 CVE-2020-8100 Bitdefender Improper Input Validation vulnerability in Bitdefender Engines

Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample.

7.5
2020-05-14 CVE-2020-12877 Veritas Missing Authentication for Critical Function vulnerability in Veritas Aptare

Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication.

7.5
2020-05-14 CVE-2020-12876 Veritas Incorrect Authorization vulnerability in Veritas Aptare

Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server.

7.5
2020-05-14 CVE-2020-11971 Apache
Oracle
Apache Camel's JMX is vulnerable to Rebind Flaw.
7.5
2020-05-13 CVE-2020-2012 Paloaltonetworks XXE vulnerability in Paloaltonetworks Pan-Os

Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system.

7.5
2020-05-13 CVE-2020-2011 Paloaltonetworks Improper Input Validation vulnerability in Paloaltonetworks Pan-Os

An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash.

7.5
2020-05-13 CVE-2020-3341 Cisco
Canonical
Fedoraproject
Debian
Improper Input Validation vulnerability in multiple products

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

7.5
2020-05-13 CVE-2020-3327 Cisco
Debian
Fedoraproject
Canonical
Improper Input Validation vulnerability in multiple products

A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.

7.5
2020-05-12 CVE-2020-6247 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service.

7.5
2020-05-12 CVE-2020-6240 SAP Unspecified vulnerability in SAP Netweaver Application Server Abap

SAP NetWeaver AS ABAP (Web Dynpro ABAP), versions (SAP_UI 750, 752, 753, 754 and SAP_BASIS 700, 710, 730, 731, 804) allows an unauthenticated attacker to prevent legitimate users from accessing a service, either by crashing or flooding the service leading to Denial of Service

7.5
2020-05-12 CVE-2020-1763 Libreswan Unspecified vulnerability in Libreswan

An out-of-bounds buffer read flaw was found in the pluto daemon of libreswan from versions 3.27 till 3.31 where, an unauthenticated attacker could use this flaw to crash libreswan by sending specially-crafted IKEv1 Informational Exchange packets.

7.5
2020-05-12 CVE-2020-8151 Rubyonrails
Fedoraproject
Incorrect Authorization vulnerability in multiple products

There is a possible information disclosure issue in Active Resource <v5.1.1 that could allow an attacker to create specially crafted requests to access data in an unexpected way and possibly leak information.

7.5
2020-05-11 CVE-2020-9840 Apple Unspecified vulnerability in Apple Nioextras

In SwiftNIO Extras before 1.4.1, a logic issue was addressed with improved restrictions.

7.5
2020-05-11 CVE-2020-12790 Nystudio107 Injection vulnerability in Nystudio107 Seomatic

In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL.

7.5
2020-05-11 CVE-2019-5500 Netapp Unspecified vulnerability in Netapp products

Certain versions of the NetApp Service Processor and Baseboard Management Controller firmware allow a remote unauthenticated attacker to cause a Denial of Service (DoS).

7.5
2020-05-11 CVE-2020-12752 Google Improper Restriction of Excessive Authentication Attempts vulnerability in Google Android 10.0/9.0

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software.

7.5
2020-05-11 CVE-2020-12750 Google Unspecified vulnerability in Google Android 10.0

An issue was discovered on Samsung mobile devices with Q(10.0) software.

7.5
2020-05-11 CVE-2020-12745 Google Missing Authorization vulnerability in Google Android 10.0

An issue was discovered on Samsung mobile devices with Q(10.0) software.

7.5
2020-05-11 CVE-2020-12783 Exim
Fedoraproject
Debian
Canonical
Out-of-bounds Read vulnerability in multiple products

Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c.

7.5
2020-05-13 CVE-2019-15879 Freebsd Missing Release of Resource after Effective Lifetime vulnerability in Freebsd 11.3/12.1

In FreeBSD 12.1-STABLE before r356908, 12.1-RELEASE before p5, 11.3-STABLE before r356908, and 11.3-RELEASE before p9, a race condition in the cryptodev module permitted a data structure in the kernel to be used after it was freed, allowing an unprivileged process can overwrite arbitrary kernel memory.

7.4
2020-05-14 CVE-2020-4265 IBM Out-of-bounds Write vulnerability in IBM I2 Analysts Notebook 9.2.1

IBM i2 Intelligent Analyis Platform 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption.

7.3
2020-05-13 CVE-2020-2010 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges.

7.2
2020-05-13 CVE-2020-2009 Paloaltonetworks Externally Controlled Reference to a Resource in Another Sphere vulnerability in Paloaltonetworks Pan-Os

An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama.

7.2
2020-05-13 CVE-2020-2008 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition.

7.2
2020-05-13 CVE-2020-2007 Paloaltonetworks OS Command Injection vulnerability in Paloaltonetworks Pan-Os

An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges.

7.2
2020-05-12 CVE-2020-6253 SAP SQL Injection vulnerability in SAP Adaptive Server Enterprise 15.7/16.0

Under certain conditions, SAP Adaptive Server Enterprise (Web Services), versions 15.7, 16.0, allows an authenticated user to execute crafted database queries to elevate their privileges, modify database objects, or execute commands they are not otherwise authorized to execute, leading to SQL Injection.

7.2
2020-05-12 CVE-2020-6248 SAP Improper Input Validation vulnerability in SAP Adaptive Server Enterprise Backup Server 16.0

SAP Adaptive Server Enterprise (Backup Server), version 16.0, does not perform the necessary validation checks for an authenticated user while executing DUMP or LOAD command allowing arbitrary code execution or Code Injection.

7.2
2020-05-15 CVE-2020-1808 Huawei Out-of-bounds Read vulnerability in Huawei products

Honor 20;HONOR 20 PRO;Honor Magic2;HUAWEI Mate 20 X;HUAWEI P30;HUAWEI P30 Pro;Honor View 20 smartphones with versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.187(C00E60R4P11); versions earlier than 10.0.0.176(C00E60R2P11);9.1.0.135(C00E133R2P1); versions earlier than 10.1.0.123(C431E22R3P5), versions earlier than 10.1.0.126(C636E5R3P4), versions earlier than 10.1.0.160(C00E160R2P11); versions earlier than 10.1.0.126(C185E8R5P1), versions earlier than 10.1.0.126(C636E9R2P4), versions earlier than 10.1.0.160(C00E160R2P8); versions earlier than 10.0.0.179(C636E3R4P3), versions earlier than 10.0.0.180(C185E3R3P3), versions earlier than 10.0.0.180(C432E10R3P4), versions earlier than 10.0.0.181(C675E5R1P2) have an out of bound read vulnerability.

7.1
2020-05-12 CVE-2020-12825 Gnome Uncontrolled Recursion vulnerability in Gnome Libcroco

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

7.1
2020-05-13 CVE-2020-2016 Paloaltonetworks Race Condition vulnerability in Paloaltonetworks Pan-Os

A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account.

7.0
2020-05-12 CVE-2020-8156 Nextcloud
Fedoraproject
Improper Certificate Validation vulnerability in multiple products

A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.

7.0
2020-05-11 CVE-2020-5835 Symantec Race Condition vulnerability in Symantec Endpoint Protection Manager

Symantec Endpoint Protection Manager, prior to 14.3, has a race condition in client remote deployment which may result in an elevation of privilege on the remote machine.

7.0

102 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-12 CVE-2020-6250 SAP Unspecified vulnerability in SAP Adaptive Server Enterprise 16.0

SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure.

6.8
2020-05-11 CVE-2020-10023 Zephyrproject Classic Buffer Overflow vulnerability in Zephyrproject Zephyr 1.14.1/2.1.0

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel.

6.8
2020-05-14 CVE-2020-0220 Google Out-of-bounds Write vulnerability in Google Android

In crus_afe_callback of msm-cirrus-playback.c, there is a possible out of bounds write due to a missing bounds check.

6.7
2020-05-12 CVE-2020-6245 SAP Injection vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.

6.7
2020-05-15 CVE-2020-11524 Freerdp
Canonical
Opensuse
Out-of-bounds Write vulnerability in multiple products

libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

6.6
2020-05-15 CVE-2020-11523 Freerdp
Debian
Canonical
Opensuse
Integer Overflow or Wraparound vulnerability in multiple products

libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow.

6.6
2020-05-15 CVE-2020-11521 Freerdp
Canonical
Opensuse
Debian
Integer Overflow or Wraparound vulnerability in multiple products

libfreerdp/codec/planar.c in FreeRDP version > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write.

6.6
2020-05-12 CVE-2020-10706 Redhat Unspecified vulnerability in Redhat Openshift Container Platform

A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encryption of data at rest is enabled.

6.6
2020-05-17 CVE-2020-13125 Brainstormforce Unspecified vulnerability in Brainstormforce Ultimate Addons for Elementor

An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126.

6.5
2020-05-15 CVE-2020-11522 Freerdp
Debian
Canonical
Opensuse
Out-of-bounds Read vulnerability in multiple products

libfreerdp/gdi/gdi.c in FreeRDP > 1.0 through 2.0.0-rc4 has an Out-of-bounds Read.

6.5
2020-05-14 CVE-2020-12068 Codesys Unspecified vulnerability in Codesys products

An issue was discovered in CODESYS Development System before 3.5.16.0.

6.5
2020-05-14 CVE-2020-12042 Opto22 Improper Verification of Cryptographic Signature vulnerability in Opto22 Softpac Project 9.6

Opto 22 SoftPAC Project Version 9.6 and prior.

6.5
2020-05-14 CVE-2020-5408 Pivotal Software
Vmware
Use of Insufficiently Random Values vulnerability in multiple products

Spring Security versions 5.3.x prior to 5.3.2, 5.2.x prior to 5.2.4, 5.1.x prior to 5.1.10, 5.0.x prior to 5.0.16 and 4.2.x prior to 4.2.16 use a fixed null initialization vector with CBC Mode in the implementation of the queryable text encryptor.

6.5
2020-05-14 CVE-2019-13023 Jetstream Insufficiently Protected Credentials vulnerability in Jetstream Jetselect

An issue was discovered in all versions of Bond JetSelect.

6.5
2020-05-14 CVE-2019-13021 Jetstream Cleartext Storage of Sensitive Information vulnerability in Jetstream Jetselect

The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database.

6.5
2020-05-14 CVE-2020-4259 IBM Incorrect Default Permissions vulnerability in IBM Sterling File Gateway

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 could allow an authenticated user could manipulate cookie information and remove or add modules from the cookie to access functionality not authorized to.

6.5
2020-05-14 CVE-2020-12717 Alberta
Tracetogether
Health
GOV
The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short.
6.5
2020-05-13 CVE-2020-2003 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Pan-Os

An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services.

6.5
2020-05-12 CVE-2020-6259 SAP Missing Authorization vulnerability in SAP Adaptive Server Enterprise 15.7/16.0

Under certain conditions SAP Adaptive Server Enterprise, versions 15.7, 16.0, allows an attacker to access information which would otherwise be restricted leading to Missing Authorization Check.

6.5
2020-05-12 CVE-2020-6258 SAP Missing Authorization vulnerability in SAP Identity Management 8.0

SAP Identity Management, version 8.0, does not perform necessary authorization checks for an authenticated user, allowing the attacker to view certain sensitive information of the victim, leading to Missing Authorization Check.

6.5
2020-05-12 CVE-2020-6251 SAP Unspecified vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted.

6.5
2020-05-12 CVE-2019-4478 IBM Unspecified vulnerability in IBM Maximo Asset Management 7.6.0.0/7.6.1/7.6.1.1

IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to.

6.5
2020-05-11 CVE-2020-10060 Zephyrproject Access of Uninitialized Pointer vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0/2.3.0

In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places.

6.5
2020-05-14 CVE-2020-12875 Veritas Incorrect Authorization vulnerability in Veritas Aptare

Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks.

6.3
2020-05-14 CVE-2020-1945 Apache
Canonical
Fedoraproject
Opensuse
Oracle
Exposure of Resource to Wrong Sphere vulnerability in multiple products

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information.

6.3
2020-05-16 CVE-2020-13121 Rcos Open Redirect vulnerability in Rcos Submitty

Submitty through 20.04.01 has an open redirect via authentication/login?old= during an invalid login attempt.

6.1
2020-05-15 CVE-2019-20389 Intelliants Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1

An XSS issue was identified on the Subrion CMS 4.2.1 /panel/configuration/general settings page.

6.1
2020-05-15 CVE-2020-12685 Redhat Cross-site Scripting vulnerability in Redhat Interchange

XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript.

6.1
2020-05-15 CVE-2020-7809 Altools Cross-site Scripting vulnerability in Altools Alsong 3.46

ALSong 3.46 and earlier version contain a Document Object Model (DOM) based cross-site scripting vulnerability caused by improper validation of user input.

6.1
2020-05-14 CVE-2020-12677 Progress Cross-site Scripting vulnerability in Progress Moveit Automation

An issue was discovered in Progress MOVEit Automation Web Admin.

6.1
2020-05-14 CVE-2020-1941 Apache
Oracle
Cross-site Scripting vulnerability in multiple products

In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.

6.1
2020-05-14 CVE-2019-15083 Zohocorp Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus 10.0.0

Default installations of Zoho ManageEngine ServiceDesk Plus 10.0 before 10500 are vulnerable to XSS injected by a workstation local administrator.

6.1
2020-05-14 CVE-2020-5575 Sixapart Cross-site Scripting vulnerability in Sixapart Movable Type

Cross-site scripting vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary script or HTML via unspecified vectors.

6.1
2020-05-14 CVE-2020-5409 Pivotal Software Open Redirect vulnerability in Pivotal Software Concourse

Pivotal Concourse, most versions prior to 6.0.0, allows redirects to untrusted websites in its login flow.

6.1
2020-05-13 CVE-2020-2017 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os

A DOM-Based Cross Site Scripting Vulnerability exists in PAN-OS and Panorama Management Web Interfaces.

6.1
2020-05-13 CVE-2020-2005 Paloaltonetworks Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os

A cross-site scripting (XSS) vulnerability exists when visiting malicious websites with the Palo Alto Networks GlobalProtect Clientless VPN that can compromise the user's active session.

6.1
2020-05-13 CVE-2020-1997 Paloaltonetworks Open Redirect vulnerability in Paloaltonetworks Pan-Os

An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway.

6.1
2020-05-13 CVE-2020-8020 Opensuse
Debian
A Improper Neutralization of Input During Web Page Generation vulnerability in open-build-service allows remote attackers to store arbitrary JS code to cause XSS.
6.1
2020-05-13 CVE-2020-12742 Iubenda Improper Input Validation vulnerability in Iubenda Iubenda-Cookie-Law-Solution

The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols.

6.1
2020-05-13 CVE-2020-12699 DKD Open Redirect vulnerability in DKD Direct Mail

The direct_mail extension through 5.2.3 for TYPO3 has an Open Redirect via jumpUrl.

6.1
2020-05-12 CVE-2020-6254 SAP Cross-site Scripting vulnerability in SAP Enterprise Threat Detection 1.0/2.0

SAP Enterprise Threat Detection, versions 1.0, 2.0, does not sufficiently encode error response pages in case of errors, allowing XSS payload reflecting in the response, leading to reflected Cross Site Scripting.

6.1
2020-05-15 CVE-2020-1758 Redhat Improper Certificate Validation vulnerability in Redhat Keycloak

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server.

5.9
2020-05-11 CVE-2019-4667 IBM Cleartext Transmission of Sensitive Information vulnerability in IBM Urbancode Deploy 7.0.5.2

IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

5.9
2020-05-14 CVE-2020-12046 Opto22 Improper Verification of Cryptographic Signature vulnerability in Opto22 Softpac Project 9.6

Opto 22 SoftPAC Project Version 9.6 and prior.

5.7
2020-05-15 CVE-2020-12872 Yaws Inadequate Encryption Strength vulnerability in Yaws

yaws_config.erl in Yaws through 2.0.2 and/or 2.0.7 loads obsolete TLS ciphers, as demonstrated by ones that allow Sweet32 attacks, if running on an Erlang/OTP virtual machine with a version less than 21.0.

5.5
2020-05-15 CVE-2020-3810 Debian
Fedoraproject
Canonical
Out-of-bounds Read vulnerability in multiple products

Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.

5.5
2020-05-14 CVE-2020-0106 Google Missing Authorization vulnerability in Google Android 10.0

In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check.

5.5
2020-05-14 CVE-2020-0104 Google Unspecified vulnerability in Google Android 10.0/9.0

In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error.

5.5
2020-05-14 CVE-2020-0101 Google Missing Initialization of Resource vulnerability in Google Android

In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data.

5.5
2020-05-14 CVE-2020-0100 Google Out-of-bounds Read vulnerability in Google Android 8.0/8.1

In onTransact of IHDCP.cpp, there is a possible out of bounds read due to incorrect error handling.

5.5
2020-05-14 CVE-2020-0091 Google Unspecified vulnerability in Google Android

In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700

5.5
2020-05-14 CVE-2020-0090 Google Unspecified vulnerability in Google Android

An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048

5.5
2020-05-14 CVE-2020-0065 Google Unspecified vulnerability in Google Android

An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448

5.5
2020-05-14 CVE-2020-0064 Google Unspecified vulnerability in Google Android

An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855

5.5
2020-05-13 CVE-2020-2004 Paloaltonetworks Information Exposure Through Log Files vulnerability in Paloaltonetworks Globalprotect

Under certain circumstances a user's password may be logged in cleartext in the PanGPS.log diagnostic file when logs are collected for troubleshooting on GlobalProtect app (also known as GlobalProtect Agent) for MacOS and Windows.

5.5
2020-05-13 CVE-2020-9501 Dahuasecurity Unspecified vulnerability in Dahuasecurity web P2P

Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways.

5.5
2020-05-13 CVE-2020-7455 Freebsd Missing Release of Resource after Effective Lifetime vulnerability in Freebsd 11.3/11.4/12.1

In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, the FTP packet handler in libalias incorrectly calculates some packet length allowing disclosure of small amounts of kernel (for kernel NAT) or natd process space (for userspace natd).

5.5
2020-05-12 CVE-2020-5898 F5 Unspecified vulnerability in F5 Big-Ip Access Policy Manager

In versions 7.1.5-7.1.9, BIG-IP Edge Client Windows Stonewall driver does not sanitize the pointer received from the userland.

5.5
2020-05-11 CVE-2020-11864 Libemf Project
Opensuse
Fedoraproject
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2).
5.5
2020-05-11 CVE-2020-11863 Libemf Project
Opensuse
Fedoraproject
libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2).
5.5
2020-05-11 CVE-2020-1698 Redhat Information Exposure Through Log Files vulnerability in Redhat Keycloak

A flaw was found in keycloak in versions before 9.0.0.

5.5
2020-05-11 CVE-2020-10685 Redhat
Debian
Incomplete Cleanup vulnerability in multiple products

A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when using modules which decrypts vault files such as assemble, script, unarchive, win_copy, aws_s3 or copy modules.

5.5
2020-05-15 CVE-2020-12882 Rcos Cross-site Scripting vulnerability in Rcos Submitty

Submitty through 20.04.01 allows XSS via upload of an SVG document, as demonstrated by an attack by a Student against a Teaching Fellow.

5.4
2020-05-13 CVE-2020-11065 Typo3 Cross-site Scripting vulnerability in Typo3

In TYPO3 CMS greater than or equal to 9.5.12 and less than 9.5.17, and greater than or equal to 10.2.0 and less than 10.4.2, it has been discovered that link tags generated by typolink functionality are vulnerable to cross-site scripting; properties being assigned as HTML attributes have not been parsed correctly.

5.4
2020-05-13 CVE-2020-11064 Typo3 Cross-site Scripting vulnerability in Typo3

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, it has been discovered that HTML placeholder attributes containing data of other database records are vulnerable to cross-site scripting.

5.4
2020-05-13 CVE-2020-1993 Paloaltonetworks Session Fixation vulnerability in Paloaltonetworks Pan-Os

The GlobalProtect Portal feature in PAN-OS does not set a new session identifier after a successful user login, which allows session fixation attacks, if an attacker is able to control a user's session ID.

5.4
2020-05-13 CVE-2020-11070 Typo3 Cross-site Scripting vulnerability in Typo3 SVG Sanitizer 1.0.0/1.0.1/1.0.2

The SVG Sanitizer extension for TYPO3 has a cross-site scripting vulnerability in versions before 1.0.3.

5.4
2020-05-12 CVE-2020-11062 Glpi Project Cross-site Scripting vulnerability in Glpi-Project Glpi

In GLPI after 0.68.1 and before 9.4.6, multiple reflexive XSS occur in Dropdown endpoints due to an invalid Content-Type.

5.4
2020-05-12 CVE-2020-6257 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

SAP Business Objects Business Intelligence Platform (CMC and BI Launchpad) 4.2 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.

5.4
2020-05-12 CVE-2020-4195 IBM Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM API Connect

IBM API Connect V2018.4.1.0 through 2018.4.1.10 could allow a remote attacker to hijack the clicking action of the victim.

5.4
2020-05-12 CVE-2020-8155 Nextcloud Cross-site Scripting vulnerability in Nextcloud Server

An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-site scripting vulnerability when opening a malicious PDF.

5.4
2020-05-15 CVE-2020-13093 Ispyconnect Path Traversal vulnerability in Ispyconnect Agent DVR 2.7.0.0

iSpyConnect.com Agent DVR before 2.7.1.0 allows directory traversal.

5.3
2020-05-15 CVE-2020-12888 Linux
Fedoraproject
Opensuse
Debian
Canonical
Netapp
Improper Handling of Exceptional Conditions vulnerability in multiple products

The VFIO PCI driver in the Linux kernel through 5.6.13 mishandles attempts to access disabled memory space.

5.3
2020-05-14 CVE-2019-17572 Apache Path Traversal vulnerability in Apache Rocketmq

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability.

5.3
2020-05-14 CVE-2020-5574 Sixapart Injection vulnerability in Sixapart Movable Type

HTML attribute value injection vulnerability in Movable Type series (Movable Type 7 r.4606 (7.2.1) and earlier (Movable Type 7), Movable Type Advanced 7 r.4606 (7.2.1) and earlier (Movable Type Advanced 7), Movable Type for AWS 7 r.4606 (7.2.1) and earlier (Movable Type for AWS 7), Movable Type 6.5.3 and earlier (Movable Type 6.5), Movable Type Advanced 6.5.3 and earlier (Movable Type Advanced 6.5), Movable Type 6.3.11 and earlier (Movable Type 6.3), Movable Type Advanced 6.3.11 and earlier (Movable Type 6.3), Movable Type Premium 1.29 and earlier, and Movable Type Premium Advanced 1.29 and earlier) allows remote attackers to inject arbitrary HTML attribute value via unspecified vectors.

5.3
2020-05-13 CVE-2020-1996 Paloaltonetworks Missing Authorization vulnerability in Paloaltonetworks Pan-Os

A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file.

5.3
2020-05-13 CVE-2020-12831 Linuxfoundation Incorrect Permission Assignment for Critical Resource vulnerability in Linuxfoundation Free Range Routing

An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1.

5.3
2020-05-13 CVE-2019-2388 Mongodb Forced Browsing vulnerability in Mongodb OPS Manager 4.0.10/4.0.9/4.1.5

In affected Ops Manager versions there is an exposed http route was that may allow attackers to view a specific access log of a publicly exposed Ops Manager instance.

5.3
2020-05-13 CVE-2020-12697 DKD Allocation of Resources Without Limits or Throttling vulnerability in DKD Direct Mail

The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.

5.3
2020-05-12 CVE-2020-12826 Linux
Redhat
Canonical
Integer Overflow or Wraparound vulnerability in multiple products

A signal access-control issue was discovered in the Linux kernel before 5.6.5, aka CID-7395ea4e65c2.

5.3
2020-05-12 CVE-2020-5248 Glpi Project Use of Hard-coded Credentials vulnerability in Glpi-Project Glpi

GLPI before before version 9.4.6 has a vulnerability involving a default encryption key.

5.3
2020-05-12 CVE-2020-4346 IBM Unspecified vulnerability in IBM API Connect

IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information.

5.3
2020-05-11 CVE-2020-7647 Jooby Path Traversal vulnerability in Jooby

All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby and org.jooby:jooby are vulnerable to Directory Traversal via two separate vectors.

5.3
2020-05-11 CVE-2020-5834 Symantec Path Traversal vulnerability in Symantec Endpoint Protection Manager

Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to a directory traversal attack that could allow a remote actor to determine the size of files in the directory.

5.3
2020-05-11 CVE-2020-12784 Cpanel Unspecified vulnerability in Cpanel

cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505).

5.3
2020-05-11 CVE-2020-12748 Google Unspecified vulnerability in Google Android 10.0

An issue was discovered on Samsung mobile devices with Q(10.0) software.

5.3
2020-05-15 CVE-2020-10744 Redhat Race Condition vulnerability in Redhat Ansible and Ansible Tower

An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary directory when running become_user from become directive.

5.0
2020-05-14 CVE-2020-0093 Google
Debian
Canonical
Libexif Project
Opensuse
Out-of-bounds Read vulnerability in multiple products

In exif_data_save_data_entry of exif-data.c, there is a possible out of bounds read due to a missing bounds check.

5.0
2020-05-14 CVE-2020-0092 Google Information Exposure vulnerability in Google Android 10.0

In setHideSensitive of NotificationStackScrollLayout.java, there is a possible disclosure of sensitive notification content due to a permissions bypass.

5.0
2020-05-12 CVE-2020-1746 Redhat
Debian
A flaw was found in the Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x before 2.8.11 and 2.9.x before 2.9.7 as well as Ansible Tower before and including versions 3.4.5 and 3.5.5 and 3.6.3 when the ldap_attr and ldap_entry community modules are used.
5.0
2020-05-13 CVE-2020-1995 Paloaltonetworks NULL Pointer Dereference vulnerability in Paloaltonetworks Pan-Os 9.1.0/9.1.1

A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash.

4.9
2020-05-13 CVE-2020-5838 Symantec Cross-site Scripting vulnerability in Symantec IT Analytics

Symantec IT Analytics, prior to 2.9.1, may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can potentially enable attackers to inject client-side scripts into web pages viewed by other users.

4.8
2020-05-11 CVE-2020-10059 Zephyrproject Improper Certificate Validation vulnerability in Zephyrproject Zephyr 2.1.0/2.2.0

The UpdateHub module disables DTLS peer checking, which allows for a man in the middle attack.

4.8
2020-05-14 CVE-2020-1960 Apache Unspecified vulnerability in Apache Flink

A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control.

4.7
2020-05-13 CVE-2020-1994 Paloaltonetworks Unspecified vulnerability in Paloaltonetworks Pan-Os

A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system.

4.4
2020-05-14 CVE-2020-4365 IBM Server-Side Request Forgery (SSRF) vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 8.5 is vulnerable to server-side request forgery.

4.3
2020-05-14 CVE-2020-4299 IBM Unspecified vulnerability in IBM Sterling File Gateway

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request.

4.3
2020-05-13 CVE-2020-4312 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page.

4.3
2020-05-13 CVE-2020-12700 DKD Missing Authorization vulnerability in DKD Direct Mail

The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query.

4.3
2020-05-13 CVE-2020-12698 DKD Missing Authorization vulnerability in DKD Direct Mail

The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables.

4.3
2020-05-12 CVE-2020-6256 SAP Missing Authorization vulnerability in SAP Master Data Governance

SAP Master Data Governance, versions - 748, 749, 750, 751, 752, 800, 801, 802, 803, 804, allows users to display change request details without having required authorizations, due to Missing Authorization Check.

4.3
2020-05-11 CVE-2020-1724 Redhat Insufficient Session Expiration vulnerability in Redhat Keycloak

A flaw was found in Keycloak in versions before 9.0.2.

4.3

9 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-13 CVE-2020-11063 Typo3 Information Exposure Through Discrepancy vulnerability in Typo3 10.4.0/10.4.1

In TYPO3 CMS versions 10.4.0 and 10.4.1, it has been discovered that time-based attacks can be used with the password reset functionality for backend users.

3.7
2020-05-17 CVE-2020-4345 IBM SQL Injection vulnerability in IBM I 7.2/7.3/7.4

IBM i 7.2, 7.3, and 7.4 users running complex SQL statements under a specific set of circumstances may allow a local user to obtain sensitive information that they should not have access to.

3.3
2020-05-15 CVE-2020-11931 Pulseaudio
Canonical
Exposure of Resource to Wrong Sphere vulnerability in multiple products

An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module.

3.3
2020-05-11 CVE-2020-5833 Symantec Out-of-bounds Read vulnerability in Symantec Endpoint Protection Manager

Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.

3.3
2020-05-15 CVE-2020-9073 Huawei Improper Authentication vulnerability in Huawei P20 Firmware

Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability.

2.4
2020-05-13 CVE-2020-11932 Canonical Information Exposure Through Log Files vulnerability in Canonical Subiquity

It was discovered that the Subiquity installer for Ubuntu Server logged the LUKS full disk encryption password if one was entered.

2.3
2020-05-15 CVE-2020-11526 Freerdp
Canonical
Opensuse
Debian
Integer Overflow or Wraparound vulnerability in multiple products

libfreerdp/core/update.c in FreeRDP versions > 1.1 through 2.0.0-rc4 has an Out-of-bounds Read.

2.2
2020-05-15 CVE-2020-11525 Freerdp
Debian
Canonical
Opensuse
Out-of-bounds Read vulnerability in multiple products

libfreerdp/cache/bitmap.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out of bounds read.

2.2
2020-05-12 CVE-2020-11058 Freerdp
Canonical
Debian
In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read.
2.2