Weekly Vulnerabilities Reports > May 25 to 31, 2020

Overview

133 new vulnerabilities reported during this period, including 18 critical vulnerabilities and 42 high severity vulnerabilities. This weekly summary report vulnerabilities in 337 products from 64 vendors including Debian, IBM, Opensuse, Canonical, and Freerdp. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "OS Command Injection", "Path Traversal", and "Improper Certificate Validation".

  • 98 reported vulnerabilities are remotely exploitables.
  • 43 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 69 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 24 reported vulnerabilities.
  • Mozilla has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

18 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-29 CVE-2020-12493 Swarco Unspecified vulnerability in Swarco CPU Ls4000 Firmware G4

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4...

10.0
2020-05-26 CVE-2020-12389 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.

10.0
2020-05-26 CVE-2020-12388 Mozilla Improper Input Validation vulnerability in Mozilla Firefox

The Firefox content processes did not sufficiently lockdown access control which could result in a sandbox escape.

10.0
2020-05-27 CVE-2020-11075 Anchore Unspecified vulnerability in Anchore Engine 0.7.0

In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an image analysis process.

9.9
2020-05-29 CVE-2020-11844 Microfocus Incorrect Authorization vulnerability in Microfocus Service Management Automation

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management.

9.8
2020-05-29 CVE-2020-13693 Bbpress Unspecified vulnerability in Bbpress

An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled.

9.8
2020-05-28 CVE-2019-6342 Drupal Unspecified vulnerability in Drupal 8.7.4

An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled.

9.8
2020-05-28 CVE-2020-11079 Node DNS Sync Project Command Injection vulnerability in Node-Dns-Sync Project Node-Dns-Sync 0.1.3

node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands .

9.8
2020-05-28 CVE-2020-7812 Kaoni Download of Code Without Integrity Check vulnerability in Kaoni Ezhttptrans 1.0.0.70

Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method.

9.8
2020-05-27 CVE-2020-8606 Trendmicro Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to bypass authentication on affected installations of Trend Micro InterScan Web Security Virtual Appliance.

9.8
2020-05-26 CVE-2020-6831 Mozilla
Canonical
Debian
Opensuse
Out-of-bounds Write vulnerability in multiple products

A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC.

9.8
2020-05-26 CVE-2020-12390 Mozilla Deserialization of Untrusted Data vulnerability in Mozilla Firefox

Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks.

9.8
2020-05-26 CVE-2020-12396 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox

Mozilla developers and community members reported memory safety bugs present in Firefox 75.

9.8
2020-05-26 CVE-2020-12395 Mozilla
Canonical
Out-of-bounds Write vulnerability in multiple products

Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7.

9.8
2020-05-26 CVE-2020-8171 UI OS Command Injection vulnerability in UI Airos

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:There are certain end-points containing functionalities that are vulnerable to command injection.

9.8
2020-05-25 CVE-2020-13442 Dext5 Unrestricted Upload of File with Dangerous Type vulnerability in Dext5 2.7.1402870

A Remote code execution vulnerability exists in DEXT5Upload in DEXT5 through 2.7.1402870.

9.8
2020-05-25 CVE-2020-5537 Cybozu Improper Input Validation vulnerability in Cybozu Desktop

Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors.

9.8
2020-05-25 CVE-2020-13485 Verbb Incorrect Comparison vulnerability in Verbb Knock

The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header.

9.1

42 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-29 CVE-2020-1832 Huawei Out-of-bounds Write vulnerability in Huawei E6878-370 Firmware 10.0.3.1(H557Sp27C233)/10.0.3.1(H563Sp1C233)

E6878-370 products with versions of 10.0.3.1(H557SP27C233) and 10.0.3.1(H563SP1C00) have a stack buffer overflow vulnerability.

8.8
2020-05-29 CVE-2020-12675 Mappresspro Unrestricted Upload of File with Dangerous Type vulnerability in Mappresspro Mappress

The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution.

8.8
2020-05-28 CVE-2020-11950 Vivotek OS Command Injection vulnerability in Vivotek products

VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to upload and execute a script (with resultant execution of OS commands).

8.8
2020-05-28 CVE-2020-13643 Siteorigin Cross-Site Request Forgery (CSRF) vulnerability in Siteorigin Page Builder

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress.

8.8
2020-05-28 CVE-2020-13642 Siteorigin Cross-Site Request Forgery (CSRF) vulnerability in Siteorigin Page Builder

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress.

8.8
2020-05-28 CVE-2020-13641 Infolific Cross-Site Request Forgery (CSRF) vulnerability in Infolific Real-Time Find and Replace

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress.

8.8
2020-05-27 CVE-2020-8605 Trendmicro OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations.

8.8
2020-05-27 CVE-2020-6774 Bosch Exposure of Resource to Wrong Sphere vulnerability in Bosch Recording Station Firmware

Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system.

8.8
2020-05-26 CVE-2020-8168 UI Cross-Site Request Forgery (CSRF) vulnerability in UI Airos

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Attackers can abuse multiple end-points not protected against cross-site request forgery (CSRF), as a result authenticated users can be persuaded to visit malicious web pages, which allows attackers to perform arbitrary actions, such as downgrade the device's firmware to older versions, modify configuration, upload arbitrary firmware, exfiltrate files and tokens.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

8.8
2020-05-25 CVE-2020-13458 Verbb Cross-Site Request Forgery (CSRF) vulnerability in Verbb Image Resizer

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS.

8.8
2020-05-26 CVE-2020-12387 Mozilla Use After Free vulnerability in Mozilla Thunderbird

A race condition when running shutdown code for Web Worker led to a use-after-free vulnerability.

8.1
2020-05-29 CVE-2020-13634 Youhua Improper Input Validation vulnerability in Youhua Windows Master 7.99.13.604

In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xF1002558

7.8
2020-05-28 CVE-2020-13173 Teradici Race Condition vulnerability in Teradici Pcoip Graphics Agent and Pcoip Standard Agent

Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe.

7.8
2020-05-27 CVE-2020-10936 Sympa
Fedoraproject
Debian
Canonical
Improper Privilege Management vulnerability in multiple products

Sympa before 6.2.56 allows privilege escalation.

7.8
2020-05-26 CVE-2020-9046 Johnsoncontrols Improper Privilege Management vulnerability in Johnsoncontrols Kantech Entrapass 8.22

A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.

7.8
2020-05-26 CVE-2020-12393 Mozilla OS Command Injection vulnerability in Mozilla Firefox

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website.

7.8
2020-05-29 CVE-2020-7654 Synk Information Exposure Through Log Files vulnerability in Synk Broker

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure.

7.5
2020-05-29 CVE-2020-6937 Mulesoft Unspecified vulnerability in Mulesoft Mule Runtime

A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.

7.5
2020-05-29 CVE-2020-1870 Huawei Missing Release of Resource after Effective Lifetime vulnerability in Huawei products

There is a denial of service vulnerability in some Huawei products.

7.5
2020-05-28 CVE-2020-8330 Lenovo Unspecified vulnerability in Lenovo products

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted.

7.5
2020-05-28 CVE-2020-8329 Lenovo Unspecified vulnerability in Lenovo products

A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted.

7.5
2020-05-28 CVE-2020-4245 IBM Weak Password Requirements vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts.

7.5
2020-05-28 CVE-2020-4232 IBM Improper Restriction of Excessive Authentication Attempts vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system.

7.5
2020-05-28 CVE-2020-13649 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.

7.5
2020-05-27 CVE-2020-8604 Trendmicro Path Traversal vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to disclose sensitive informatoin on affected installations.

7.5
2020-05-27 CVE-2020-11059 Aegir Project Information Exposure vulnerability in Aegir Project Aegir

In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm.

7.5
2020-05-27 CVE-2020-4379 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2020-05-27 CVE-2020-4350 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2020-05-27 CVE-2020-4349 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2020-05-27 CVE-2020-4226 IBM Information Exposure vulnerability in IBM Mobilefirst Platform Foundation 8.0.0.0

IBM MobileFirst Platform Foundation 8.0.0.0 stores highly sensitive information in URL parameters.

7.5
2020-05-27 CVE-2020-13623 Jerryscript Resource Exhaustion vulnerability in Jerryscript 2.2.0

JerryScript 2.2.0 allows attackers to cause a denial of service (stack consumption) via a proxy operation.

7.5
2020-05-27 CVE-2020-13622 Jerryscript Reachable Assertion vulnerability in Jerryscript 2.2.0

JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data.

7.5
2020-05-26 CVE-2020-6830 Mozilla Information Exposure vulnerability in Mozilla Firefox

For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions.

7.5
2020-05-26 CVE-2020-12391 Mozilla Incorrect Authorization vulnerability in Mozilla Firefox

Documents formed using data: URLs in an OBJECT element failed to inherit the CSP of the creating context.

7.5
2020-05-26 CVE-2020-3811 Netqmail
Debian
Canonical
Incorrect Authorization vulnerability in multiple products

qmail-verify as used in netqmail 1.06 is prone to a mail-address verification bypass vulnerability.

7.5
2020-05-25 CVE-2020-13482 EM Http Request Project
Fedoraproject
Improper Certificate Validation vulnerability in multiple products

EM-HTTP-Request 1.1.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library.

7.4
2020-05-27 CVE-2020-13386 Smartdraw Incorrect Permission Assignment for Critical Resource vulnerability in Smartdraw 2020 27.0.0.0

In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder.

7.3
2020-05-29 CVE-2020-8816 PI Hole OS Command Injection vulnerability in Pi-Hole

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

7.2
2020-05-28 CVE-2020-4246 IBM XXE vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

7.1
2020-05-29 CVE-2020-3957 Vmware Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in VMWare Fusion, Horizon Client and Remote Console

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener.

7.0
2020-05-29 CVE-2020-4352 IBM Unspecified vulnerability in IBM MQ for HPE Nonstop 8.0.4/8.1.0

IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode.

7.0
2020-05-27 CVE-2020-13630 Sqlite
Fedoraproject
Canonical
Netapp
Brocade
Debian
Siemens
Apple
Oracle
Use After Free vulnerability in multiple products

ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow, related to the snippet feature.

7.0

61 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-29 CVE-2020-11039 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks.
6.8
2020-05-29 CVE-2020-7650 Synk Path Traversal vulnerability in Synk Broker

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read.

6.5
2020-05-29 CVE-2020-7648 Synk Path Traversal vulnerability in Synk Broker

All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read.

6.5
2020-05-29 CVE-2020-7653 Synk Link Following vulnerability in Synk Broker

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read.

6.5
2020-05-29 CVE-2020-7652 Synk Path Traversal vulnerability in Synk Broker

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read.

6.5
2020-05-29 CVE-2020-11019 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index.
6.5
2020-05-29 CVE-2020-11018 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed.
6.5
2020-05-29 CVE-2020-11017 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server.
6.5
2020-05-28 CVE-2020-4249 IBM Incorrect Authorization vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization.

6.5
2020-05-28 CVE-2020-4231 IBM Improper Input Validation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could allow an authenticated user to perform unauthorized commands due to hazardous input validation.

6.5
2020-05-28 CVE-2020-11949 Vivotek Unspecified vulnerability in Vivotek products

testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem.

6.5
2020-05-28 CVE-2020-13645 Gnome
Canonical
Fedoraproject
Netapp
Broadcom
Improper Certificate Validation vulnerability in multiple products

In GNOME glib-networking through 2.64.2, the implementation of GTlsClientConnection skips hostname verification of the server's TLS certificate if the application fails to specify the expected server identity.

6.5
2020-05-27 CVE-2020-4348 IBM Missing Authorization vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control.

6.5
2020-05-26 CVE-2020-10719 Redhat
Netapp
HTTP Request Smuggling vulnerability in multiple products

A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTTP requests with large chunk sizes.

6.5
2020-05-27 CVE-2020-10737 Redhat Race Condition vulnerability in Redhat Oddjob

A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before 0.34.5 and 0.34.6 wherein, during the home creation, mkhomedir copies the /etc/skel directory into the newly created home and changes its ownership to the home's user without properly checking the homedir path.

6.3
2020-05-29 CVE-2020-4490 IBM Unspecified vulnerability in IBM products

IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw.

6.1
2020-05-28 CVE-2020-11082 Kaminari Project
Debian
In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links.
6.1
2020-05-27 CVE-2020-8603 Trendmicro Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow a remote attacker to tamper with the web interface of affected installations.

6.1
2020-05-27 CVE-2020-13633 Fork CMS Cross-site Scripting vulnerability in Fork-Cms Fork CMS

Fork before 5.8.3 allows XSS via navigation_title or title.

6.1
2020-05-27 CVE-2020-13628 Centreon Cross-site Scripting vulnerability in Centreon products

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to host-monitoring/src/toolbar.php.

6.1
2020-05-27 CVE-2020-13627 Centreon Cross-site Scripting vulnerability in Centreon products

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the widgetId parameter to service-monitoring/src/index.php.

6.1
2020-05-27 CVE-2020-10946 Centreon Cross-site Scripting vulnerability in Centreon products

Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php.

6.1
2020-05-26 CVE-2020-8170 UI Cross-site Scripting vulnerability in UI Airos

We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that fixes vulnerabilities found on AirMax AirOS v6.2.0 and prior TI, XW and XM boards, according to the description below:Multiple end-points with parameters vulnerable to reflected cross site scripting (XSS), allowing attackers to abuse the user' session information and/or account takeover of the admin user.Mitigation:Update to the latest AirMax AirOS firmware version available at the AirMax download page.

6.1
2020-05-26 CVE-2020-10751 Kernel
Redhat
A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message.
6.1
2020-05-25 CVE-2020-13486 Verbb Open Redirect vulnerability in Verbb Knock

The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection.

6.1
2020-05-28 CVE-2020-5357 Dell Uncontrolled Search Path Element vulnerability in Dell products

Dell Dock Firmware Update Utilities for Dell Client Consumer and Commercial docking stations contain an Arbitrary File Overwrite vulnerability.

6.0
2020-05-28 CVE-2020-13245 Netgear Improper Certificate Validation vulnerability in Netgear products

Certain NETGEAR devices are affected by Missing SSL Certificate Validation.

5.9
2020-05-26 CVE-2020-13616 Pichi Project Improper Certificate Validation vulnerability in Pichi Project Pichi

The boost ASIO wrapper in net/asio.cpp in Pichi before 1.3.0 lacks TLS hostname verification.

5.9
2020-05-26 CVE-2020-13615 Qore Improper Certificate Validation vulnerability in Qore

lib/QoreSocket.cpp in Qore before 0.9.4.2 lacks hostname verification for X.509 certificates.

5.9
2020-05-26 CVE-2020-13614 Axel Project
Fedoraproject
Opensuse
Improper Certificate Validation vulnerability in multiple products

An issue was discovered in ssl.c in Axel before 2.17.8.

5.9
2020-05-29 CVE-2020-8482 ABB Insecure Storage of Sensitive Information vulnerability in ABB Device Library Wizard 6.0.3.2/6.1.0

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data

5.5
2020-05-29 CVE-2020-3958 Vmware Reachable Assertion vulnerability in VMWare Esxi, Fusion and Workstation

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality.

5.5
2020-05-29 CVE-2020-11089 Freerdp
Opensuse
Debian
In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write).
5.5
2020-05-27 CVE-2020-13632 Sqlite
Fedoraproject
Canonical
Netapp
Brocade
Debian
Siemens
Oracle
NULL Pointer Dereference vulnerability in multiple products

ext/fts3/fts3_snippet.c in SQLite before 3.32.0 has a NULL pointer dereference via a crafted matchinfo() query.

5.5
2020-05-27 CVE-2020-13631 Sqlite
Fedoraproject
Canonical
Netapp
Brocade
Siemens
Apple
Oracle
SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c.
5.5
2020-05-27 CVE-2020-13253 Qemu
Canonical
Debian
Out-of-bounds Read vulnerability in multiple products

sd_wp_addr in hw/sd/sd.c in QEMU 4.2.0 uses an unvalidated address, which leads to an out-of-bounds read during sdhci_write() operations.

5.5
2020-05-26 CVE-2020-12392 Mozilla
Canonical
Path Traversal vulnerability in multiple products

The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website.

5.5
2020-05-26 CVE-2020-3812 Netqmail
Debian
Canonical
Improper Privilege Management vulnerability in multiple products

qmail-verify as used in netqmail 1.06 is prone to an information disclosure vulnerability.

5.5
2020-05-29 CVE-2020-11088 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage.
5.4
2020-05-29 CVE-2020-11087 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage.
5.4
2020-05-29 CVE-2020-11086 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure.
5.4
2020-05-29 CVE-2020-11038 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists.
5.4
2020-05-29 CVE-2020-4306 IBM Cross-site Scripting vulnerability in IBM Planning Analytics Local

IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting.

5.4
2020-05-28 CVE-2020-4419 IBM Cross-site Scripting vulnerability in IBM Jazz Reporting Service 6.0.6/6.0.6.1/7.0

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, and 7.0 is vulnerable to cross-site scripting.

5.4
2020-05-28 CVE-2020-13644 Pickplugins Cross-site Scripting vulnerability in Pickplugins Accordion

An issue was discovered in the Accordion plugin before 2.2.9 for WordPress.

5.4
2020-05-27 CVE-2020-4358 IBM Cross-site Scripting vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 is vulnerable to cross-site scripting.

5.4
2020-05-25 CVE-2020-13459 Verbb Cross-site Scripting vulnerability in Verbb Image Resizer

An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS.

5.4
2020-05-28 CVE-2020-4244 IBM Unspecified vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration.

5.3
2020-05-28 CVE-2020-4233 IBM Missing Encryption of Sensitive Data vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode.

5.3
2020-05-28 CVE-2019-20807 VIM
Debian
Opensuse
Canonical
Apple
Starwindsoftware
OS Command Injection vulnerability in multiple products

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).

5.3
2020-05-27 CVE-2020-4378 IBM Unspecified vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to perform unauthorized actions using a specially crated HTTP POST command.

4.9
2020-05-28 CVE-2020-13660 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple

CMS Made Simple through 2.2.14 allows XSS via a crafted File Picker profile name.

4.8
2020-05-26 CVE-2020-13487 Bbpress Cross-site Scripting vulnerability in Bbpress

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users.

4.8
2020-05-29 CVE-2020-1809 Huawei Unspecified vulnerability in Huawei Mate 10 Firmware

HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability.

4.6
2020-05-29 CVE-2020-1798 Huawei Improper Authentication vulnerability in Huawei P30 Firmware

HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability.

4.6
2020-05-29 CVE-2020-5573 Cybozu Information Exposure vulnerability in Cybozu Kintone

Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.

4.6
2020-05-29 CVE-2020-5572 Cybozu Information Exposure vulnerability in Cybozu Mailwise 1.0.1

Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.

4.6
2020-05-27 CVE-2019-20806 Linux NULL Pointer Dereference vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 5.2.

4.4
2020-05-29 CVE-2020-7651 Synk Path Traversal vulnerability in Synk Broker

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read.

4.3
2020-05-27 CVE-2020-10945 Centreon Information Exposure vulnerability in Centreon and Widget-Host-Monitoring

Centreon before 19.10.7 exposes Session IDs in server responses.

4.3
2020-05-27 CVE-2020-4357 IBM Information Exposure Through an Error Message vulnerability in IBM Spectrum Scale

IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.3

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-05-28 CVE-2020-13361 Qemu
Debian
Opensuse
Canonical
Out-of-bounds Write vulnerability in multiple products

In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.

3.9
2020-05-29 CVE-2020-11085 Freerdp
Opensuse
Debian
In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list.
3.5
2020-05-29 CVE-2020-3959 Vmware Memory Leak vulnerability in VMWare Esxi, Fusion and Workstation

VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module.

3.3
2020-05-26 CVE-2020-12394 Mozilla Unspecified vulnerability in Mozilla Firefox

A logic flaw in our location bar implementation could have allowed a local attacker to spoof the current location by selecting a different origin and removing focus from the input element.

3.3
2020-05-28 CVE-2020-13362 Qemu
Debian
Opensuse
Canonical
Out-of-bounds Read vulnerability in multiple products

In QEMU 5.0.0 and earlier, megasas_lookup_frame in hw/scsi/megasas.c has an out-of-bounds read via a crafted reply_queue_head field from a guest OS user.

3.2
2020-05-29 CVE-2020-11043 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset.
2.7
2020-05-29 CVE-2020-11040 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color.
2.7
2020-05-29 CVE-2020-11041 Freerdp
Opensuse
Debian
In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...).
2.7
2020-05-28 CVE-2020-4248 IBM Information Exposure Through an Error Message vulnerability in IBM Security Identity Governance and Intelligence 5.2.6

IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

2.7
2020-05-29 CVE-2020-1831 Huawei Incorrect Authorization vulnerability in Huawei Mate 20 Firmware

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability.

2.4
2020-05-29 CVE-2020-1833 Huawei Improper Authentication vulnerability in Huawei Honor 9X Firmware

Honor 9X smartphones with versions earlier than 9.1.1.172(C00E170R8P1) have an improper authentication vulnerability.

2.4
2020-05-29 CVE-2020-1797 Huawei Unspecified vulnerability in Huawei Mate 20 Firmware

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability.

2.4