Weekly Vulnerabilities Reports > July 13 to 19, 2020

Overview

613 new vulnerabilities reported during this period, including 80 critical vulnerabilities and 252 high severity vulnerabilities. This weekly summary report vulnerabilities in 383 products from 103 vendors including Oracle, Microsoft, Canonical, Opensuse, and Netapp. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "OS Command Injection", "Out-of-bounds Write", and "Out-of-bounds Read".

  • 439 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 142 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 307 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 205 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 11 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

80 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-07-15 CVE-2020-14701 Oracle Unspecified vulnerability in Oracle Sd-Wan Aware 8.2

Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface).

10.0
2020-07-15 CVE-2020-14606 Oracle Unspecified vulnerability in Oracle Sd-Wan Edge 8.2/9.0

Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface).

10.0
2020-07-14 CVE-2020-1350 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'.

10.0
2020-07-14 CVE-2020-13753 Wpewebkit
Webkitgtk
Fedoraproject
Debian
Canonical
Opensuse
Improper Input Validation vulnerability in multiple products

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl.

10.0
2020-07-14 CVE-2020-6287 SAP Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check.

10.0
2020-07-17 CVE-2020-7206 HP OS Command Injection vulnerability in HP Nagios-Plugins-Hpilo 1.50

HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability.

9.8
2020-07-17 CVE-2020-5759 Grandstream OS Command Injection vulnerability in Grandstream products

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH.

9.8
2020-07-17 CVE-2020-5757 Grandstream OS Command Injection vulnerability in Grandstream products

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.

9.8
2020-07-17 CVE-2020-0231 Google Out-of-bounds Write vulnerability in Google Android

There is a possible out of bounds write due to an incorrect bounds check.

9.8
2020-07-17 CVE-2020-0230 Google Out-of-bounds Write vulnerability in Google Android

There is a possible out of bounds write due to an incorrect bounds check.

9.8
2020-07-17 CVE-2020-0225 Google Out-of-bounds Write vulnerability in Google Android 10.0

In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check.

9.8
2020-07-17 CVE-2020-0224 Google Type Confusion vulnerability in Google Android

In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion.

9.8
2020-07-17 CVE-2020-1654 Juniper Classic Buffer Overflow vulnerability in Juniper Junos

On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition.

9.8
2020-07-17 CVE-2020-1652 Opennms Unspecified vulnerability in Opennms

OpenNMS is accessible via port 9443

9.8
2020-07-17 CVE-2020-1647 Juniper Double Free vulnerability in Juniper Junos

On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message.

9.8
2020-07-17 CVE-2020-7826 Eyesurfer Download of Code Without Integrity Check vulnerability in Eyesurfer Bflyinstallerx.Ocx 1.0.0.16

EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method.

9.8
2020-07-17 CVE-2020-7825 Tobesoft OS Command Injection vulnerability in Tobesoft Miplatform 2019.05.16

A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier.

9.8
2020-07-17 CVE-2020-14001 Kramdown Project
Debian
Fedoraproject
Canonical
Missing Authorization vulnerability in multiple products

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `).

9.8
2020-07-17 CVE-2020-7684 Rollup Plugin Serve Project Path Traversal vulnerability in Rollup-Plugin-Serve Project Rollup-Plugin-Serve

This affects all versions of package rollup-plugin-serve.

9.8
2020-07-17 CVE-2020-15801 Python
Netapp
Untrusted Search Path vulnerability in multiple products

In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations.

9.8
2020-07-17 CVE-2020-9682 Adobe Link Following vulnerability in Adobe Creative Cloud Desktop Application

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability.

9.8
2020-07-17 CVE-2020-9671 Adobe Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Creative Cloud Desktop Application

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability.

9.8
2020-07-17 CVE-2020-9670 Adobe Link Following vulnerability in Adobe Creative Cloud Desktop Application

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability.

9.8
2020-07-17 CVE-2020-9669 Adobe Improper Privilege Management vulnerability in Adobe Creative Cloud

Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability.

9.8
2020-07-17 CVE-2020-11982 Apache Deserialization of Untrusted Data vulnerability in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below.

9.8
2020-07-17 CVE-2020-11981 Apache OS Command Injection vulnerability in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below.

9.8
2020-07-16 CVE-2020-12007 Mitsubishielectric
Iconics
Deserialization of Untrusted Data vulnerability in multiple products

A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability.

9.8
2020-07-16 CVE-2020-12011 Mitsubishielectric
Iconics
Out-of-bounds Write vulnerability in multiple products

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution.

9.8
2020-07-16 CVE-2020-3357 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition.

9.8
2020-07-16 CVE-2020-3331 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

9.8
2020-07-16 CVE-2020-3330 Cisco Use of Hard-coded Credentials vulnerability in Cisco Rv110W Wireless-N VPN Firewall Firmware

A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account.

9.8
2020-07-16 CVE-2020-3323 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device.

9.8
2020-07-16 CVE-2020-3144 Cisco Improper Authentication vulnerability in Cisco products

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device.

9.8
2020-07-16 CVE-2020-3140 Cisco Incorrect Authorization vulnerability in Cisco Prime License Manager

A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device.

9.8
2020-07-16 CVE-2019-20914 GNU NULL Pointer Dereference vulnerability in GNU Libredwg

An issue was discovered in GNU LibreDWG through 0.9.3.

9.8
2020-07-16 CVE-2020-15027 Connectwise Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7

ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts.

9.8
2020-07-16 CVE-2020-14000 MIT Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm

MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker.

9.8
2020-07-15 CVE-2020-10288 ABB Improper Authentication vulnerability in ABB Robotware 5.09

IRC5 exposes an ftp server (port 21).

9.8
2020-07-15 CVE-2020-10287 ABB Insufficiently Protected Credentials vulnerability in ABB Irb140 Firmware and Irc5 Firmware

The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals.

9.8
2020-07-15 CVE-2020-10285 Ufactory Insufficient Entropy vulnerability in Ufactory Xarm 5 Lite Firmware 1.5.0

The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack.

9.8
2020-07-15 CVE-2020-12684 Inetsoftware XXE vulnerability in Inetsoftware I-Net Clear Reports 19.0.287

XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser.

9.8
2020-07-15 CVE-2020-14687 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

9.8
2020-07-15 CVE-2020-14645 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

9.8
2020-07-15 CVE-2020-14644 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

9.8
2020-07-15 CVE-2020-14625 Oracle Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

9.8
2020-07-15 CVE-2020-8178 Jison Project OS Command Injection vulnerability in Jison Project Jison

Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks.

9.8
2020-07-15 CVE-2020-14511 Moxa Out-of-bounds Write vulnerability in Moxa products

Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4).

9.8
2020-07-15 CVE-2020-14503 Advantech Improper Input Validation vulnerability in Advantech Iview 5.6

Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability.

9.8
2020-07-15 CVE-2020-14501 Advantech Missing Authentication for Critical Function vulnerability in Advantech Iview 5.6

Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue.

9.8
2020-07-15 CVE-2020-14507 Advantech Path Traversal vulnerability in Advantech Iview 5.6

Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code.

9.8
2020-07-15 CVE-2020-14505 Advantech Injection vulnerability in Advantech Iview 5.6

Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability.

9.8
2020-07-15 CVE-2020-14497 Advantech SQL Injection vulnerability in Advantech Iview 5.6

Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries.

9.8
2020-07-14 CVE-2020-1025 Microsoft Improper Input Validation vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation.

9.8
2020-07-14 CVE-2020-9297 Netflix Expression Language Injection vulnerability in Netflix Titus

Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators.

9.8
2020-07-14 CVE-2020-11546 Superwebmailer Code Injection vulnerability in Superwebmailer

SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php.

9.8
2020-07-14 CVE-2020-7593 Siemens Classic Buffer Overflow vulnerability in Siemens Logo! 8 BM Firmware

A vulnerability has been identified in LOGO! 8 BM (incl.

9.8
2020-07-14 CVE-2020-1948 Apache Deserialization of Untrusted Data vulnerability in Apache Dubbo

This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower.

9.8
2020-07-14 CVE-2020-11956 Rittal Improper Privilege Management vulnerability in Rittal products

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices.

9.8
2020-07-14 CVE-2020-10042 Siemens Classic Buffer Overflow vulnerability in Siemens products

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).

9.8
2020-07-14 CVE-2020-10038 Siemens Missing Authentication for Critical Function vulnerability in Siemens products

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).

9.8
2020-07-14 CVE-2020-13926 Apache SQL Injection vulnerability in Apache Kylin

Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible.

9.8
2020-07-14 CVE-2020-13925 Apache OS Command Injection vulnerability in Apache Kylin

Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely.

9.8
2020-07-14 CVE-2020-11951 Rittal Use of Hard-coded Credentials vulnerability in Rittal products

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices.

9.8
2020-07-13 CVE-2020-10988 Tenda Use of Hard-coded Credentials vulnerability in Tenda Ac15 Firmware 15.03.05.19

A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device.

9.8
2020-07-13 CVE-2020-10987 Tenda OS Command Injection vulnerability in Tenda Ac15 Firmware 15.03.05.19

The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter.

9.8
2020-07-15 CVE-2020-14705 Oracle Unspecified vulnerability in Oracle Goldengate

Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management).

9.6
2020-07-16 CVE-2020-12013 Mitsubishielectric
Iconics
SQL Injection vulnerability in multiple products

A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely.

9.1
2020-07-15 CVE-2020-10284 Ufactory Unspecified vulnerability in Ufactory Xarm Studio 1.3.0

No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu.

9.1
2020-07-15 CVE-2020-14665 Oracle Unspecified vulnerability in Oracle Trade Management

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Invoice).

9.1
2020-07-15 CVE-2020-14658 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

9.1
2020-07-15 CVE-2020-14599 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Gateway for Mobile Devices 12.1.1/12.1.3

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications).

9.1
2020-07-15 CVE-2020-14598 Oracle Unspecified vulnerability in Oracle Customer Relationship Management Gateway for Mobile Devices 12.1.1/12.1.3

Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications).

9.1
2020-07-15 CVE-2020-11436 Librehealth Cross-site Scripting vulnerability in Librehealth EHR 2.0.0

LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators.

9.0
2020-07-14 CVE-2020-1043 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'.

9.0
2020-07-14 CVE-2020-1042 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'.

9.0
2020-07-14 CVE-2020-1041 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'.

9.0
2020-07-14 CVE-2020-1040 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'.

9.0
2020-07-14 CVE-2020-1036 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'.

9.0
2020-07-14 CVE-2020-1032 Microsoft Improper Input Validation vulnerability in Microsoft products

A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'.

9.0
2020-07-13 CVE-2020-11749 Pandorafms Cross-site Scripting vulnerability in Pandorafms Pandora FMS

Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views.

9.0

252 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-07-17 CVE-2020-9257 Huawei Classic Buffer Overflow vulnerability in Huawei P30 PRO Firmware

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability.

8.8
2020-07-17 CVE-2020-5758 Grandstream OS Command Injection vulnerability in Grandstream products

Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP.

8.8
2020-07-17 CVE-2020-5756 Grandstream OS Command Injection vulnerability in Grandstream Gwn7000 Firmware 1.0.6.32

Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API.

8.8
2020-07-17 CVE-2020-15816 Westerndigital Exposure of Resource to Wrong Sphere vulnerability in Westerndigital WD Discovery

In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables.

8.8
2020-07-17 CVE-2020-4464 IBM Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector.

8.8
2020-07-17 CVE-2020-11978 Apache OS Command Injection vulnerability in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below.

8.8
2020-07-16 CVE-2020-3387 Cisco Unspecified vulnerability in Cisco Sd-Wan Firmware

A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system.

8.8
2020-07-16 CVE-2020-3381 Cisco Path Traversal vulnerability in Cisco Sd-Wan Firmware

A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system.

8.8
2020-07-16 CVE-2020-3332 Cisco OS Command Injection vulnerability in Cisco products

A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device.

8.8
2020-07-16 CVE-2020-3146 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device.

8.8
2020-07-16 CVE-2020-3145 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products

Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device.

8.8
2020-07-16 CVE-2019-20912 GNU Out-of-bounds Write vulnerability in GNU Libredwg

An issue was discovered in GNU LibreDWG through 0.9.3.

8.8
2020-07-15 CVE-2020-10286 Ufactory Improper Privilege Management vulnerability in Ufactory products

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation.

8.8
2020-07-15 CVE-2020-9309 Silverstripe Unrestricted Upload of File with Dangerous Type vulnerability in Silverstripe Mimevalidator and Recipe

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file).

8.8
2020-07-15 CVE-2020-14066 Icewarp Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1

IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access.

8.8
2020-07-15 CVE-2020-12854 Seczetta Unrestricted Upload of File with Dangerous Type vulnerability in Seczetta Neprofile 3.3.11

A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11.

8.8
2020-07-15 CVE-2020-11439 Librehealth Path Traversal vulnerability in Librehealth EHR 2.0.0

LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application.

8.8
2020-07-15 CVE-2020-11438 Librehealth Cross-Site Request Forgery (CSRF) vulnerability in Librehealth EHR 2.0.0

LibreHealth EMR v2.0.0 is affected by systemic CSRF.

8.8
2020-07-15 CVE-2020-2228 Jenkins Incorrect Authorization vulnerability in Jenkins Gitlab Authentication

Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability.

8.8
2020-07-14 CVE-2020-1481 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code Eslint Extension

A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1448 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1447 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1446 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1439 Microsoft Deserialization of Untrusted Data vulnerability in Microsoft products

A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1436 Microsoft Out-of-bounds Write vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1435 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1421 Microsoft Type Confusion vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1416 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'.

8.8
2020-07-14 CVE-2020-1412 Microsoft Improper Privilege Management vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1408 Microsoft Origin Validation Error vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2020-1240 Microsoft Unspecified vulnerability in Microsoft 365 Apps

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

8.8
2020-07-14 CVE-2019-12784 Verint Cross-Site Request Forgery (CSRF) vulnerability in Verint Impact 360 15.1

An issue was discovered in Verint Impact 360 15.1.

8.8
2020-07-14 CVE-2020-11955 Rittal Incorrect Default Permissions vulnerability in Rittal products

An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices.

8.8
2020-07-14 CVE-2020-11953 Rittal OS Command Injection vulnerability in Rittal products

An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices.

8.8
2020-07-14 CVE-2020-10045 Siemens Authentication Bypass by Capture-replay vulnerability in Siemens products

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).

8.8
2020-07-14 CVE-2020-6292 SAP Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1

Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration.

8.8
2020-07-14 CVE-2020-6291 SAP Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1

SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration

8.8
2020-07-14 CVE-2020-6289 SAP Cross-Site Request Forgery (CSRF) vulnerability in SAP Disclosure Management 10.1

SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site.

8.8
2020-07-14 CVE-2020-15711 Misp Cross-Site Request Forgery (CSRF) vulnerability in Misp

In MISP before 2.4.129, setting a favourite homepage was not CSRF protected.

8.8
2020-07-13 CVE-2020-14300 Redhat
Docker
Improper Check for Dropped Privileges vulnerability in multiple products

The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes.

8.8
2020-07-13 CVE-2020-14298 Redhat
Docker
Improper Check for Dropped Privileges vulnerability in multiple products

The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304.

8.8
2020-07-16 CVE-2020-3358 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition.

8.6
2020-07-16 CVE-2020-3351 Cisco Resource Exhaustion vulnerability in Cisco products

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.

8.6
2020-07-15 CVE-2020-14611 Oracle Unspecified vulnerability in Oracle Webcenter Portal 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer).

8.6
2020-07-15 CVE-2020-14609 Oracle Unspecified vulnerability in Oracle Business Intelligence

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers).

8.6
2020-07-17 CVE-2020-1645 Juniper Unspecified vulnerability in Juniper Junos

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart.

8.3
2020-07-16 CVE-2020-4462 IBM XXE vulnerability in IBM products

IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

8.2
2020-07-15 CVE-2020-14723 Oracle Unspecified vulnerability in Oracle Help Technologies 11.1.1.9.0/12.2.1.3.0

Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX).

8.2
2020-07-15 CVE-2020-14690 Oracle Unspecified vulnerability in Oracle Business Intelligence

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

8.2
2020-07-15 CVE-2020-14688 Oracle Unspecified vulnerability in Oracle Common Applications

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework).

8.2
2020-07-15 CVE-2020-14686 Oracle Unspecified vulnerability in Oracle Isupport

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others).

8.2
2020-07-15 CVE-2020-14682 Oracle Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges).

8.2
2020-07-15 CVE-2020-14681 Oracle Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups).

8.2
2020-07-15 CVE-2020-14671 Oracle Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface).

8.2
2020-07-15 CVE-2020-14670 Oracle Unspecified vulnerability in Oracle Advanced Outbound Telephony

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Settings).

8.2
2020-07-15 CVE-2020-14669 Oracle Unspecified vulnerability in Oracle Configurator 12.1/12.2

Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet).

8.2
2020-07-15 CVE-2020-14668 Oracle Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups).

8.2
2020-07-15 CVE-2020-14666 Oracle Unspecified vulnerability in Oracle Email Center

Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display).

8.2
2020-07-15 CVE-2020-14660 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

8.2
2020-07-15 CVE-2020-14628 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
8.2
2020-07-15 CVE-2020-14608 Oracle Unspecified vulnerability in Oracle Fusion Middleware Mapviewer 12.2.1.3.0

Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server).

8.2
2020-07-15 CVE-2020-14596 Oracle Cross-site Scripting vulnerability in Oracle Istore 12.1.1/12.1.2/12.1.3

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Address Book).

8.2
2020-07-15 CVE-2020-14595 Oracle Unspecified vulnerability in Oracle Ilearning 6.1/6.1.1

Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Assessment Manager).

8.2
2020-07-15 CVE-2020-14588 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container).

8.2
2020-07-15 CVE-2020-14585 Oracle Cross-site Scripting vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service).

8.2
2020-07-15 CVE-2020-14584 Oracle Cross-site Scripting vulnerability in Oracle BI Publisher 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security).

8.2
2020-07-15 CVE-2020-14582 Oracle Cross-site Scripting vulnerability in Oracle Istore

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration).

8.2
2020-07-15 CVE-2020-14580 Oracle Unspecified vulnerability in Oracle Communications Applications 8.1.0/8.2.0/8.3.0

Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications Applications (component: System Admin).

8.2
2020-07-15 CVE-2020-14534 Oracle Unspecified vulnerability in Oracle Applications Framework 12.2.9

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups).

8.2
2020-07-14 CVE-2020-7587 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1).

8.2
2020-07-17 CVE-2020-15110 Jupyterhub Incorrect Authorization vulnerability in Jupyterhub Kubespawner

In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames.

8.1
2020-07-17 CVE-2020-15813 Graylog Improper Certificate Validation vulnerability in Graylog

Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers.

8.1
2020-07-16 CVE-2019-20915 GNU Out-of-bounds Read vulnerability in GNU Libredwg

An issue was discovered in GNU LibreDWG through 0.9.3.

8.1
2020-07-16 CVE-2019-20913 GNU Out-of-bounds Read vulnerability in GNU Libredwg

An issue was discovered in GNU LibreDWG through 0.9.3.

8.1
2020-07-16 CVE-2019-20910 GNU Out-of-bounds Read vulnerability in GNU Libredwg

An issue was discovered in GNU LibreDWG through 0.9.3.

8.1
2020-07-15 CVE-2020-14626 Oracle Unspecified vulnerability in Oracle Business Intelligence

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General).

8.1
2020-07-15 CVE-2020-14569 Oracle Unspecified vulnerability in Oracle Flexcube Investor Servicing

Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure).

8.1
2020-07-15 CVE-2020-14565 Oracle Unspecified vulnerability in Oracle Unified Directory 11.1.2.3.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: Security).

8.1
2020-07-14 CVE-2020-7578 Siemens Improper Privilege Management vulnerability in Siemens Opcenter Execution Core

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2).

8.1
2020-07-14 CVE-2020-7577 Siemens SQL Injection vulnerability in Siemens Opcenter Execution Core

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2).

8.1
2020-07-14 CVE-2020-10039 Siemens Missing Encryption of Sensitive Data vulnerability in Siemens products

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).

8.1
2020-07-15 CVE-2020-2968 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Java VM component of Oracle Database Server.

8.0
2020-07-17 CVE-2020-9254 Huawei Improper Input Validation vulnerability in Huawei P30 PRO Firmware

HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability.

7.8
2020-07-17 CVE-2020-7818 Hmtalk Out-of-bounds Write vulnerability in Hmtalk Daviewindy 8.98.4/8.98.7/8.98.9

DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe.

7.8
2020-07-17 CVE-2020-0227 Google Missing Authorization vulnerability in Google Android

In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check.

7.8
2020-07-17 CVE-2020-0226 Google Type Confusion vulnerability in Google Android 10.0

In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion.

7.8
2020-07-17 CVE-2020-0120 Google Out-of-bounds Write vulnerability in Google Android 10.0

In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow.

7.8
2020-07-17 CVE-2020-5131 Sonicwall Improper Input Validation vulnerability in Sonicwall Netextender

SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system.

7.8
2020-07-17 CVE-2020-9688 Adobe Command Injection vulnerability in Adobe Download Manager 2.0.0.518

Adobe Download Manager version 2.0.0.518 have a command injection vulnerability.

7.8
2020-07-17 CVE-2020-9673 Adobe Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability.

7.8
2020-07-17 CVE-2020-9672 Adobe Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018

Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability.

7.8
2020-07-17 CVE-2020-9650 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability.

7.8
2020-07-17 CVE-2020-9646 Adobe Out-of-bounds Write vulnerability in Adobe Media Encoder

Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability.

7.8
2020-07-16 CVE-2020-3388 Cisco Improper Authentication vulnerability in Cisco Sd-Wan Firmware

A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

7.8
2020-07-16 CVE-2020-3380 Cisco Argument Injection or Modification vulnerability in Cisco Data Center Network Manager

A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system.

7.8
2020-07-16 CVE-2020-3379 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system.

7.8
2020-07-16 CVE-2020-3180 Cisco Insufficiently Protected Credentials vulnerability in Cisco Sd-Wan

A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password.

7.8
2020-07-15 CVE-2020-15602 Trendmicro Untrusted Search Path vulnerability in Trendmicro products

An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system.

7.8
2020-07-14 CVE-2020-1465 Microsoft Unspecified vulnerability in Microsoft Onedrive

An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft OneDrive Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1463 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1458 Microsoft Untrusted Search Path vulnerability in Microsoft 365 Apps

A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1449 Microsoft Origin Validation Error vulnerability in Microsoft 365 Apps, Office and Project 2016

A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1438 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1437 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1431 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1430 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1429 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1428 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1427 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1424 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1423 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1422 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1418 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1415 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1414 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1413 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1411 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1410 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1409 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1407 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1406 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1404 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1402 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1401 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1400 Microsoft Integer Underflow (Wrap or Wraparound) vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1399 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1396 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1395 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1394 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1393 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1392 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1390 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1388 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1387 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1385 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1384 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1382 Microsoft Use After Free vulnerability in Microsoft Windows 10 and Windows Server 2016

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1381 Microsoft Use After Free vulnerability in Microsoft Windows 10 and Windows Server 2016

An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1375 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1373 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1372 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1371 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1370 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1369 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1368 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory, aka 'Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1366 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory, aka 'Windows Print Workflow Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1365 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1363 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Picker Platform Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1362 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1360 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations, aka 'Windows Profile Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1359 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1357 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1356 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1355 Microsoft Out-of-bounds Write vulnerability in Microsoft Windows 10 and Windows Server 2016

A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory., aka 'Windows Font Driver Host Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1354 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1353 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1352 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows USO Core Worker Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1349 Microsoft Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook

A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1347 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1346 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1344 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1249 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-1147 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

7.8
2020-07-14 CVE-2020-1085 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'.

7.8
2020-07-14 CVE-2020-11827 GOG Incorrect Permission Assignment for Critical Resource vulnerability in GOG Galaxy

In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe.

7.8
2020-07-13 CVE-2019-4591 IBM Session Fixation vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system.

7.8
2020-07-15 CVE-2020-14720 Oracle Unspecified vulnerability in Oracle Internet Expenses

Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities).

7.7
2020-07-15 CVE-2020-14719 Oracle Unspecified vulnerability in Oracle Internet Expenses

Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities).

7.7
2020-07-15 CVE-2020-14667 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

7.6
2020-07-15 CVE-2020-14657 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

7.6
2020-07-15 CVE-2020-14610 Oracle Cross-site Scripting vulnerability in Oracle Applications Framework 12.2.9

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload).

7.6
2020-07-17 CVE-2020-10605 Grundfos Missing Authentication for Critical Function vulnerability in Grundfos CIM 500 Firmware

Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files.

7.5
2020-07-17 CVE-2020-0228 Google Unspecified vulnerability in Google Android

There is an improper configuration of recorder related service.

7.5
2020-07-17 CVE-2020-1653 Juniper Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos

On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore).

7.5
2020-07-17 CVE-2020-1650 Juniper Unspecified vulnerability in Juniper Junos

On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC.

7.5
2020-07-17 CVE-2020-1649 Juniper Unspecified vulnerability in Juniper Junos

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages: [LOG: Err] MQSS(2): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(2): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1960, QID 0 [LOG: Err] MQSS(2): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0xc38fb1 [LOG: Notice] Error: /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(2), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS).

7.5
2020-07-17 CVE-2020-1648 Juniper Unspecified vulnerability in Juniper Junos and Junos OS Evolved

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart.

7.5
2020-07-17 CVE-2020-1646 Juniper Unspecified vulnerability in Juniper Junos and Junos OS Evolved

On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart.

7.5
2020-07-17 CVE-2020-1644 Juniper Improper Input Validation vulnerability in Juniper Junos

On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart.

7.5
2020-07-17 CVE-2020-1640 Juniper Improper Input Validation vulnerability in Juniper Junos

An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition.

7.5
2020-07-16 CVE-2020-12015 Mitsubishielectric
Iconics
Deserialization of Untrusted Data vulnerability in multiple products

A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization.

7.5
2020-07-16 CVE-2020-12009 Mitsubishielectric
Iconics
Deserialization of Untrusted Data vulnerability in multiple products

A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability.

7.5
2020-07-16 CVE-2020-13405 Microweber Missing Authentication for Critical Function vulnerability in Microweber

userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request.

7.5
2020-07-16 CVE-2020-3369 Cisco Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.5
2020-07-16 CVE-2019-20909 GNU NULL Pointer Dereference vulnerability in GNU Libredwg

An issue was discovered in GNU LibreDWG through 0.9.3.

7.5
2020-07-15 CVE-2020-6164 Silverstripe Unspecified vulnerability in Silverstripe

In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application.

7.5
2020-07-15 CVE-2020-15779 Socket IO File Project Path Traversal vulnerability in Socket.Io-File Project Socket.Io-File

A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js.

7.5
2020-07-15 CVE-2020-15603 Trendmicro Out-of-bounds Read vulnerability in Trendmicro products

An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash.

7.5
2020-07-15 CVE-2020-2967 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

7.5
2020-07-15 CVE-2020-14713 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
7.5
2020-07-15 CVE-2020-14699 Oracle
Opensuse
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.5
2020-07-15 CVE-2020-14679 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

7.5
2020-07-15 CVE-2020-14677 Oracle
Opensuse
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.5
2020-07-15 CVE-2020-14676 Oracle
Opensuse
Out-of-bounds Read vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.5
2020-07-15 CVE-2020-14675 Oracle
Opensuse
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.5
2020-07-15 CVE-2020-14674 Oracle
Opensuse
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

7.5
2020-07-15 CVE-2020-14649 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
7.5
2020-07-15 CVE-2020-14647 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
7.5
2020-07-15 CVE-2020-14646 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
7.5
2020-07-15 CVE-2020-14642 Oracle Improper Resource Shutdown or Release vulnerability in Oracle Coherence

Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore).

7.5
2020-07-15 CVE-2020-14639 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps).

7.5
2020-07-15 CVE-2020-14630 Oracle Improper Resource Shutdown or Release vulnerability in Oracle Enterprise Session Border Controller 8.1.0/8.2.0/8.3.0

Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications Applications (component: File Upload).

7.5
2020-07-15 CVE-2020-14589 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container).

7.5
2020-07-15 CVE-2020-15572 Torproject Out-of-bounds Read vulnerability in Torproject TOR

Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001.

7.5
2020-07-15 CVE-2020-14499 Advantech Unspecified vulnerability in Advantech Iview 5.6

Advantech iView, versions 5.6 and prior, has an improper access control vulnerability.

7.5
2020-07-14 CVE-2020-1469 Microsoft Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Bond 9.0.1

A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'.

7.5
2020-07-14 CVE-2020-1403 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 11/9

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'.

7.5
2020-07-14 CVE-2020-1374 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'.

7.5
2020-07-14 CVE-2020-5374 Dell Use of Hard-coded Credentials vulnerability in Dell EMC Omimssc for Sccm and EMC Omimssc for Scvmm

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability.

7.5
2020-07-14 CVE-2020-5373 Dell Missing Authentication for Critical Function vulnerability in Dell EMC Omimssc for Sccm and EMC Omimssc for Scvmm

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability.

7.5
2020-07-14 CVE-2020-15074 Openvpn Insufficient Session Expiration vulnerability in Openvpn Access Server

OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.

7.5
2020-07-14 CVE-2020-13847 Sylabs Improper Validation of Integrity Check Value vulnerability in Sylabs Singularity

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check.

7.5
2020-07-14 CVE-2020-13846 Sylabs Unspecified vulnerability in Sylabs Singularity

Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code.

7.5
2020-07-14 CVE-2020-13845 Sylabs Improper Validation of Integrity Check Value vulnerability in Sylabs Singularity

Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value.

7.5
2020-07-14 CVE-2020-13935 Apache
Debian
Netapp
Opensuse
Canonical
Mcafee
Oracle
Infinite Loop vulnerability in multiple products

The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104.

7.5
2020-07-14 CVE-2020-13934 Apache
Debian
Netapp
Opensuse
Canonical
Oracle
Memory Leak vulnerability in multiple products

An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2.

7.5
2020-07-14 CVE-2020-7584 Siemens Resource Exhaustion vulnerability in Siemens products

A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1).

7.5
2020-07-14 CVE-2020-10044 Siemens Missing Authentication for Critical Function vulnerability in Siemens products

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).

7.5
2020-07-14 CVE-2020-10037 Siemens Out-of-bounds Read vulnerability in Siemens products

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).

7.5
2020-07-13 CVE-2020-15050 Supremainc Path Traversal vulnerability in Supremainc Biostar 2

An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2.

7.5
2020-07-13 CVE-2020-5766 SRS Simple Hits Counter Project SQL Injection vulnerability in SRS Simple Hits Counter Project SRS Simple Hits Counter 1.0.3/1.0.4

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.

7.5
2020-07-13 CVE-2020-15689 Embedthis NULL Pointer Dereference vulnerability in Embedthis Appweb

Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range.

7.5
2020-07-13 CVE-2019-20907 Python
Opensuse
Debian
Fedoraproject
Canonical
Netapp
Oracle
Infinite Loop vulnerability in multiple products

In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.

7.5
2020-07-13 CVE-2019-20898 Atlassian Unspecified vulnerability in Atlassian Jira Software Data Center

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen.

7.5
2020-07-15 CVE-2020-14536 Oracle Unspecified vulnerability in Oracle products

Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Workbench).

7.4
2020-07-15 CVE-2020-14535 Oracle Unspecified vulnerability in Oracle Commerce Service Center

Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center).

7.4
2020-07-15 CVE-2020-8203 Lodash
Oracle
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
7.4
2020-07-16 CVE-2020-3405 Cisco XXE vulnerability in Cisco Sd-Wan Firmware

A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.

7.3
2020-07-15 CVE-2020-14724 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility).

7.3
2020-07-15 CVE-2020-14561 Oracle Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation).

7.3
2020-07-15 CVE-2020-14543 Oracle Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation).

7.3
2020-07-15 CVE-2020-8958 Gpononu OS Command Injection vulnerability in Gpononu products

Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field.

7.2
2020-07-15 CVE-2020-14718 Oracle Unspecified vulnerability in Oracle Graalvm 19.3.2/20.1.0

Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI).

7.2
2020-07-15 CVE-2020-14697 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
7.2
2020-07-15 CVE-2020-14696 Oracle Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Layout Templates).

7.2
2020-07-15 CVE-2020-14678 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
7.2
2020-07-15 CVE-2020-14663 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
7.2
2020-07-15 CVE-2020-14571 Oracle Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service).

7.2
2020-07-14 CVE-2020-4512 IBM OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands.

7.2
2020-07-17 CVE-2020-15108 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature.

7.1
2020-07-15 CVE-2020-2984 Oracle Unspecified vulnerability in Oracle Configuration Manager 12.1.2.0.6

Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script).

7.1
2020-07-15 CVE-2020-2983 Oracle Unspecified vulnerability in Oracle Data Masking and Subsetting 13.3.0.0/13.4.0.0

Vulnerability in the Oracle Data Masking and Subsetting product of Oracle Enterprise Manager (component: Data Masking).

7.1
2020-07-15 CVE-2020-2982 Oracle Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.3.0.0/13.4.0.0

Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management).

7.1
2020-07-15 CVE-2020-14709 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card).

7.1
2020-07-15 CVE-2020-14691 Oracle Unspecified vulnerability in Oracle Financial Services Liquidity Risk Management 8.0.6.0.0

Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface).

7.1
2020-07-15 CVE-2020-14602 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

7.1
2020-07-15 CVE-2020-14570 Oracle Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service).

7.1
2020-07-15 CVE-2019-17637 Eclipse
Debian
XXE vulnerability in multiple products

In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences.

7.1
2020-07-14 CVE-2020-1461 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.

7.1
2020-07-14 CVE-2020-1405 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'.

7.1
2020-07-14 CVE-2020-1364 Microsoft Unspecified vulnerability in Microsoft products

A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'.

7.1
2020-07-15 CVE-2020-2981 Oracle Unspecified vulnerability in Oracle Berkeley DB

Vulnerability in the Data Store component of Oracle Berkeley DB.

7.0

266 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-07-15 CVE-2020-14557 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container).

6.8
2020-07-15 CVE-2020-14552 Oracle Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework).

6.8
2020-07-14 CVE-2020-1398 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly., aka 'Windows Lockscreen Elevation of Privilege Vulnerability'.

6.8
2020-07-14 CVE-2020-15720 Dogtagpki Improper Certificate Validation vulnerability in Dogtagpki

In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation.

6.8
2020-07-17 CVE-2020-0122 Google Incorrect Default Permissions vulnerability in Google Android

In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass.

6.7
2020-07-15 CVE-2020-15780 Linux
Opensuse
Canonical
Missing Authorization vulnerability in multiple products

An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7.

6.7
2020-07-15 CVE-2019-20908 Linux
Opensuse
Canonical
An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4.
6.7
2020-07-14 CVE-2020-1333 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'.

6.7
2020-07-14 CVE-2020-7581 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1).

6.7
2020-07-17 CVE-2019-12000 HP Improper Certificate Validation vulnerability in HP MSE MSG GW Application E-Ltu

HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application.

6.6
2020-07-15 CVE-2020-2969 Oracle Unspecified vulnerability in Oracle Database Server

Vulnerability in the Data Pump component of Oracle Database Server.

6.6
2020-07-18 CVE-2020-9256 Huawei Unspecified vulnerability in Huawei Mate 30 PRO Firmware 10.0.0.203(C00E202R7P2)/10.0.0.205(C00E202R7P2)

Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability.

6.5
2020-07-18 CVE-2020-9101 Huawei Out-of-bounds Write vulnerability in Huawei products

There is an out-of-bounds write vulnerability in some products.

6.5
2020-07-17 CVE-2020-9259 Huawei Improper Authentication vulnerability in Huawei Honor V30 Firmware 10.0.1.135(C00E130R4P1)

Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability.

6.5
2020-07-17 CVE-2020-5767 Icegram Cross-Site Request Forgery (CSRF) vulnerability in Icegram Email Subscribers & Newsletters 4.4.8

Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link.

6.5
2020-07-17 CVE-2020-1651 Juniper Memory Leak vulnerability in Juniper Junos

On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption.

6.5
2020-07-17 CVE-2020-1641 Juniper Race Condition vulnerability in Juniper Junos

A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS).

6.5
2020-07-17 CVE-2020-15807 GNU NULL Pointer Dereference vulnerability in GNU Libredwg

GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files.

6.5
2020-07-16 CVE-2020-3437 Cisco Unspecified vulnerability in Cisco Sd-Wan Firmware

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device.

6.5
2020-07-16 CVE-2020-3401 Cisco Path Traversal vulnerability in Cisco Sd-Wan Firmware

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.

6.5
2020-07-16 CVE-2020-3385 Cisco Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router

A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system.

6.5
2020-07-16 CVE-2020-3372 Cisco Resource Exhaustion vulnerability in Cisco Sd-Wan Firmware

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system.

6.5
2020-07-16 CVE-2019-20911 GNU Infinite Loop vulnerability in GNU Libredwg

An issue was discovered in GNU LibreDWG through 0.9.3.

6.5
2020-07-15 CVE-2020-14982 Kronos SQL Injection vulnerability in Kronos web Time and Attendance 3.8

A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.

6.5
2020-07-15 CVE-2020-14065 Icewarp Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1

IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space.

6.5
2020-07-15 CVE-2020-14064 Icewarp Exposure of Resource to Wrong Sphere vulnerability in Icewarp Mail Server 12.3.0.1

IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts.

6.5
2020-07-15 CVE-2020-15117 Symless
Fedoraproject
Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products

In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB.

6.5
2020-07-15 CVE-2020-14711 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
6.5
2020-07-15 CVE-2020-14693 Oracle Unspecified vulnerability in Oracle Insurance Accounting Analyzer 8.0.6/8.0.9

Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface).

6.5
2020-07-15 CVE-2020-14692 Oracle Unspecified vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.6/8.0.7/8.0.8

Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface).

6.5
2020-07-15 CVE-2020-14685 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

6.5
2020-07-15 CVE-2020-14680 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.5
2020-07-15 CVE-2020-14655 Oracle Unspecified vulnerability in Oracle Security Service 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API).

6.5
2020-07-15 CVE-2020-14652 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

6.5
2020-07-15 CVE-2020-14619 Netapp
Fedoraproject
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser).
6.5
2020-07-15 CVE-2020-14605 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

6.5
2020-07-15 CVE-2020-14594 Oracle Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Inventory Integration).

6.5
2020-07-15 CVE-2020-14591 Oracle
Netapp
Fedoraproject
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in).
6.5
2020-07-15 CVE-2020-14576 Oracle
Netapp
Fedoraproject
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF).
6.5
2020-07-15 CVE-2020-14539 Oracle
Netapp
Fedoraproject
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
6.5
2020-07-14 CVE-2020-1468 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'.

6.5
2020-07-14 CVE-2020-1433 Microsoft Unspecified vulnerability in Microsoft Edge

An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'.

6.5
2020-07-14 CVE-2020-1397 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'.

6.5
2020-07-14 CVE-2020-5246 Traccar Injection vulnerability in Traccar

Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability.

6.5
2020-07-14 CVE-2020-7592 Siemens Cleartext Transmission of Sensitive Information vulnerability in Siemens products

A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl.

6.5
2020-07-14 CVE-2020-6285 SAP Unspecified vulnerability in SAP Netweaver

SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

6.5
2020-07-14 CVE-2020-4511 IBM Unspecified vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command.

6.5
2020-07-13 CVE-2020-10986 Tenda Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac15 Firmware 15.03.05.19

A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page.

6.5
2020-07-13 CVE-2019-20897 Atlassian Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian products

The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file.

6.5
2020-07-17 CVE-2020-0305 Google
Opensuse
Use After Free vulnerability in multiple products

In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition.

6.4
2020-07-15 CVE-2020-14721 Oracle Unspecified vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI).

6.3
2020-07-15 CVE-2020-14662 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

6.3
2020-07-15 CVE-2020-15700 Joomla Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla!

An issue was discovered in Joomla! through 3.9.19.

6.3
2020-07-15 CVE-2020-15695 Joomla Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla!

An issue was discovered in Joomla! through 3.9.19.

6.3
2020-07-14 CVE-2020-6290 SAP Session Fixation vulnerability in SAP Disclosure Management 10.1

SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID.

6.3
2020-07-14 CVE-2020-11952 Rittal Unspecified vulnerability in Rittal products

An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices.

6.2
2020-07-17 CVE-2020-15497 Jalios Cross-site Scripting vulnerability in Jalios Jcms 10.0.2

jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter.

6.1
2020-07-17 CVE-2020-15803 Zabbix
Fedoraproject
Debian
Opensuse
Cross-site Scripting vulnerability in multiple products

Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.

6.1
2020-07-17 CVE-2020-9485 Apache Cross-site Scripting vulnerability in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below.

6.1
2020-07-15 CVE-2020-15051 Articatech Cross-site Scripting vulnerability in Articatech Artica Proxy 4.28.030.418/4.28.030418

An issue was discovered in Artica Proxy before 4.30.000000.

6.1
2020-07-15 CVE-2020-15718 Rosariosis Cross-site Scripting vulnerability in Rosariosis 6.7.2

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script.

6.1
2020-07-15 CVE-2020-15717 Rosariosis Cross-site Scripting vulnerability in Rosariosis 6.7.2

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script.

6.1
2020-07-15 CVE-2020-15716 Rosariosis Cross-site Scripting vulnerability in Rosariosis 6.7.2

RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script.

6.1
2020-07-15 CVE-2020-2562 Oracle Cross-site Scripting vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module).

6.1
2020-07-15 CVE-2020-14640 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps).

6.1
2020-07-15 CVE-2020-14638 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps).

6.1
2020-07-15 CVE-2020-14637 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps).

6.1
2020-07-15 CVE-2020-14636 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps).

6.1
2020-07-15 CVE-2020-14627 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query).

6.1
2020-07-15 CVE-2020-14615 Oracle Cross-site Scripting vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

6.1
2020-07-15 CVE-2020-14613 Oracle Cross-site Scripting vulnerability in Oracle Webcenter Sites 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface).

6.1
2020-07-15 CVE-2020-14607 Oracle Cross-site Scripting vulnerability in Oracle Fusion Middleware Mapviewer 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server).

6.1
2020-07-15 CVE-2020-14601 Oracle Cross-site Scripting vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

6.1
2020-07-15 CVE-2020-14592 Oracle Cross-site Scripting vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor).

6.1
2020-07-15 CVE-2020-14572 Oracle Cross-site Scripting vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

6.1
2020-07-15 CVE-2020-14563 Oracle Cross-site Scripting vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI).

6.1
2020-07-15 CVE-2020-14528 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

6.1
2020-07-15 CVE-2020-9496 Apache Deserialization of Untrusted Data vulnerability in Apache Ofbiz 17.12.03

XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03

6.1
2020-07-15 CVE-2020-15696 Joomla Cross-site Scripting vulnerability in Joomla Joomla!

An issue was discovered in Joomla! through 3.9.19.

6.1
2020-07-14 CVE-2020-1442 Microsoft Cross-site Scripting vulnerability in Microsoft Office Online Server and Office web Apps

A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'.

6.1
2020-07-14 CVE-2019-12783 Verint Open Redirect vulnerability in Verint Impact 360 15.1

An issue was discovered in Verint Impact 360 15.1.

6.1
2020-07-14 CVE-2019-12773 Verint Cross-site Scripting vulnerability in Verint Impact 360 15.1

An issue was discovered in Verint Impact 360 15.1.

6.1
2020-07-14 CVE-2020-15721 Rosariosis Cross-site Scripting vulnerability in Rosariosis

RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.

6.1
2020-07-14 CVE-2020-10043 Siemens Cross-site Scripting vulnerability in Siemens products

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).

6.1
2020-07-14 CVE-2020-10041 Siemens Cross-site Scripting vulnerability in Siemens products

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).

6.1
2020-07-14 CVE-2020-6281 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting.

6.1
2020-07-14 CVE-2020-6276 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2

SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability.

6.1
2020-07-14 CVE-2020-4513 IBM Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting.

6.1
2020-07-13 CVE-2020-10989 Tenda Cross-site Scripting vulnerability in Tenda Ac15 Firmware 15.03.05.19

An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter.

6.1
2020-07-13 CVE-2019-20901 Atlassian Open Redirect vulnerability in Atlassian Jira

The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter.

6.1
2020-07-16 CVE-2020-4095 Hcltech Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform

"BigFix Platform is storing clear text credentials within the system's memory.

6.0
2020-07-15 CVE-2020-14704 Oracle
Opensuse
Use of Uninitialized Resource vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

6.0
2020-07-15 CVE-2020-14703 Oracle
Opensuse
Use of Uninitialized Resource vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

6.0
2020-07-15 CVE-2020-14629 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
6.0
2020-07-17 CVE-2020-15586 Golang
Cloudfoundry
Debian
Opensuse
Fedoraproject
Race Condition vulnerability in multiple products

Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.

5.9
2020-07-17 CVE-2020-14928 Gnome
Debian
Fedoraproject
Canonical
Injection vulnerability in multiple products

evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3.

5.9
2020-07-16 CVE-2020-3150 Cisco Incorrect Authorization vulnerability in Cisco Rv110W Firmware and Rv215W Firmware

A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration.

5.9
2020-07-15 CVE-2019-19326 Silverstripe HTTP Request Smuggling vulnerability in Silverstripe

Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning.

5.9
2020-07-15 CVE-2020-14706 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

5.9
2020-07-15 CVE-2020-14618 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App).

5.9
2020-07-15 CVE-2020-14549 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Server).

5.9
2020-07-15 CVE-2020-14531 Oracle Unspecified vulnerability in Oracle Siebel UI Framework

Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server).

5.9
2020-07-15 CVE-2020-14530 Oracle Unspecified vulnerability in Oracle Security Service 11.1.1.9.0

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None).

5.9
2020-07-15 CVE-2020-14527 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

5.9
2020-07-16 CVE-2020-3370 Cisco Improper Input Validation vulnerability in Cisco Email Security Appliance

A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device.

5.8
2020-07-15 CVE-2020-14722 Oracle Unspecified vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0

Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI).

5.8
2020-07-14 CVE-2020-6282 SAP Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java

SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application.

5.8
2020-07-15 CVE-2020-14617 Oracle Unspecified vulnerability in Oracle Primavera Unifier

Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App).

5.7
2020-07-15 CVE-2020-15366 AJV JS Unspecified vulnerability in Ajv.Js AJV 6.12.2

An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2.

5.6
2020-07-17 CVE-2020-9255 Huawei Improper Input Validation vulnerability in Huawei Honor 10 Firmware

Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability.

5.5
2020-07-17 CVE-2020-9227 Huawei Missing Initialization of Resource vulnerability in Huawei Moana-Al00B Firmware

Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability.

5.5
2020-07-17 CVE-2020-0107 Google Missing Authorization vulnerability in Google Android 10.0

In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation.

5.5
2020-07-17 CVE-2020-1643 Juniper Improper Handling of Exceptional Conditions vulnerability in Juniper Junos

Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS).

5.5
2020-07-17 CVE-2020-9649 Adobe Out-of-bounds Read vulnerability in Adobe Media Encoder

Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability.

5.5
2020-07-15 CVE-2020-14651 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles).
5.5
2020-07-15 CVE-2020-14643 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles).
5.5
2020-07-15 CVE-2020-14537 Oracle Improper Resource Shutdown or Release vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts).

5.5
2020-07-14 CVE-2020-1445 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1426 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1420 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1419 Microsoft Missing Initialization of Resource vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1391 Microsoft Unspecified vulnerability in Microsoft Windows 10 and Windows Server 2016

An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory, aka 'Windows Agent Activation Runtime Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1389 Microsoft Improper Initialization vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1386 Microsoft Unspecified vulnerability in Microsoft products

An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1367 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1361 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka 'Windows WalletService Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1358 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1351 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1342 Microsoft Use of Uninitialized Resource vulnerability in Microsoft products

An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-1330 Microsoft Unspecified vulnerability in Microsoft products

An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'.

5.5
2020-07-14 CVE-2020-10040 Siemens Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products

A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18).

5.5
2020-07-14 CVE-2020-4510 IBM XXE vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data.

5.5
2020-07-13 CVE-2019-19338 Linux
Redhat
Information Exposure Through Discrepancy vulnerability in multiple products

A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs.

5.5
2020-07-17 CVE-2020-5769 Teltonika Networks Cross-site Scripting vulnerability in Teltonika-Networks Gateway Trb245 Firmware Trb2R00.02.02

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section.

5.4
2020-07-17 CVE-2020-4104 Hcltech Cross-site Scripting vulnerability in Hcltech Bigfix Webui

HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module.

5.4
2020-07-17 CVE-2019-4091 Hcltech Cross-site Scripting vulnerability in Hcltech Marketing Campaign

"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system.

5.4
2020-07-17 CVE-2019-4090 Hcltech Cross-site Scripting vulnerability in Hcltech Marketing Campaign 10.1.0/11.0.1/11.1.0

"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."

5.4
2020-07-17 CVE-2020-11983 Apache Cross-site Scripting vulnerability in Apache Airflow

An issue was found in Apache Airflow versions 1.10.10 and below.

5.4
2020-07-16 CVE-2020-3468 Cisco SQL Injection vulnerability in Cisco Sd-Wan Firmware

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.

5.4
2020-07-16 CVE-2020-3406 Cisco Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware

A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

5.4
2020-07-16 CVE-2019-4748 IBM Cross-site Scripting vulnerability in IBM products

IBM Jazz Team Server based Applications are vulnerable to cross-site scripting.

5.4
2020-07-16 CVE-2019-4747 IBM Cross-site Scripting vulnerability in IBM products

IBM Team Concert (RTC) is vulnerable to cross-site scripting.

5.4
2020-07-15 CVE-2020-9311 Silverstripe Cross-site Scripting vulnerability in Silverstripe

In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs.

5.4
2020-07-15 CVE-2020-2976 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

5.4
2020-07-15 CVE-2020-2975 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

5.4
2020-07-15 CVE-2020-2974 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

5.4
2020-07-15 CVE-2020-2973 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

5.4
2020-07-15 CVE-2020-2972 Oracle Cross-site Scripting vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

5.4
2020-07-15 CVE-2020-2971 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

5.4
2020-07-15 CVE-2020-2966 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console).

5.4
2020-07-15 CVE-2020-2513 Oracle Cross-site Scripting vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

5.4
2020-07-15 CVE-2020-2227 Jenkins Cross-site Scripting vulnerability in Jenkins Deployer Framework 1.0/1.1/1.2

Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability.

5.4
2020-07-15 CVE-2020-2226 Jenkins Cross-site Scripting vulnerability in Jenkins Matrix Authorization Strategy

Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability.

5.4
2020-07-15 CVE-2020-2225 Jenkins Cross-site Scripting vulnerability in Jenkins Matrix Project

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability.

5.4
2020-07-15 CVE-2020-2224 Jenkins Cross-site Scripting vulnerability in Jenkins Matrix Project

Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability.

5.4
2020-07-15 CVE-2020-2223 Jenkins Cross-site Scripting vulnerability in Jenkins

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability.

5.4
2020-07-15 CVE-2020-2222 Jenkins Cross-site Scripting vulnerability in Jenkins

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability.

5.4
2020-07-15 CVE-2020-2221 Jenkins Cross-site Scripting vulnerability in Jenkins

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability.

5.4
2020-07-15 CVE-2020-2220 Jenkins Cross-site Scripting vulnerability in Jenkins

Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability.

5.4
2020-07-15 CVE-2020-14710 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security).

5.4
2020-07-15 CVE-2020-14653 Oracle Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management

Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

5.4
2020-07-15 CVE-2020-14612 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Candidate Gateway 9.2

Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Time and Labor).

5.4
2020-07-15 CVE-2020-14587 Oracle Unspecified vulnerability in Oracle Peoplesoft products 9.2

Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses).

5.4
2020-07-15 CVE-2020-14529 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module).

5.4
2020-07-15 CVE-2020-5765 Tenable Cross-site Scripting vulnerability in Tenable Nessus

Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration.

5.4
2020-07-14 CVE-2020-1456 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

5.4
2020-07-14 CVE-2020-1454 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'.

5.4
2020-07-14 CVE-2020-1451 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

5.4
2020-07-14 CVE-2020-1450 Microsoft Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

5.4
2020-07-14 CVE-2020-1443 Microsoft Unspecified vulnerability in Microsoft products

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

5.4
2020-07-14 CVE-2020-1326 Microsoft Cross-site Scripting vulnerability in Microsoft Azure Devops Server 2019/2019.0.1

A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'.

5.4
2020-07-14 CVE-2020-15104 Envoyproxy Origin Validation Error vulnerability in Envoyproxy Envoy

In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains.

5.4
2020-07-14 CVE-2020-11084 Ipear Project Command Injection vulnerability in Ipear Project Ipear 0.6.14/0.6.15/0.7.0

In iPear, the manual execution of the eval() function can lead to command injection.

5.4
2020-07-14 CVE-2020-7576 Siemens Cross-site Scripting vulnerability in Siemens Opcenter Execution Core

A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2).

5.4
2020-07-14 CVE-2020-6278 SAP Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2

SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting

5.4
2020-07-14 CVE-2020-6267 SAP Incorrect Permission Assignment for Critical Resource vulnerability in SAP Disclosure Management 10.1

Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag.

5.4
2020-07-14 CVE-2020-4364 IBM Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting.

5.4
2020-07-17 CVE-2020-1655 Juniper Unspecified vulnerability in Juniper Junos

When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages: [LOG: Err] MQSS(0): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(0): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1838, QID 0 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk length error in stage 5 - Chunk Address: 0x4321f3 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0x0 [LOG: Notice] Error: /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(0), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS).

5.3
2020-07-17 CVE-2020-5130 Sonicwall Improper Input Validation vulnerability in Sonicwall Sonicos

SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request.

5.3
2020-07-17 CVE-2020-14039 Golang
Opensuse
Improper Certificate Validation vulnerability in multiple products

In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows).

5.3
2020-07-17 CVE-2020-7696 React Native Fast Image Project Information Exposure vulnerability in React-Native-Fast-Image Project React-Native-Fast-Image

This affects all versions of package react-native-fast-image.

5.3
2020-07-16 CVE-2020-3197 Cisco Improper Authentication vulnerability in Cisco Meeting Server

A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system.

5.3
2020-07-15 CVE-2020-15107 Openenclave Unspecified vulnerability in Openenclave

In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application.

5.3
2020-07-15 CVE-2019-17639 Eclipse Type Confusion vulnerability in Eclipse Openj9

In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value.

5.3
2020-07-15 CVE-2020-6165 Silverstripe Incorrect Default Permissions vulnerability in Silverstripe

SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set.

5.3
2020-07-15 CVE-2020-14700 Oracle
Opensuse
Out-of-bounds Read vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

5.3
2020-07-15 CVE-2020-14698 Oracle
Opensuse
Out-of-bounds Read vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

5.3
2020-07-15 CVE-2020-14695 Oracle
Opensuse
Out-of-bounds Read vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

5.3
2020-07-15 CVE-2020-14694 Oracle
Opensuse
Out-of-bounds Read vulnerability in multiple products

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

5.3
2020-07-15 CVE-2020-14673 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
5.3
2020-07-15 CVE-2020-14650 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
5.3
2020-07-15 CVE-2020-14648 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
5.3
2020-07-15 CVE-2020-14635 Oracle Unspecified vulnerability in Oracle Application Object Library

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Logging).

5.3
2020-07-15 CVE-2020-14604 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

5.3
2020-07-15 CVE-2020-14603 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

5.3
2020-07-15 CVE-2020-14558 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

5.3
2020-07-15 CVE-2020-14550 Oracle
Netapp
Fedoraproject
Canonical
Mariadb
Vulnerability in the MySQL Client product of Oracle MySQL (component: C API).
5.3
2020-07-15 CVE-2020-15699 Joomla Insufficient Verification of Data Authenticity vulnerability in Joomla Joomla!

An issue was discovered in Joomla! through 3.9.19.

5.3
2020-07-15 CVE-2020-15698 Joomla Unspecified vulnerability in Joomla Joomla!

An issue was discovered in Joomla! through 3.9.19.

5.3
2020-07-15 CVE-2020-13923 Apache Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz

IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04

5.3
2020-07-14 CVE-2020-1434 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'.

5.3
2020-07-14 CVE-2020-7588 Siemens Unspecified vulnerability in Siemens products

A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1).

5.3
2020-07-14 CVE-2020-6286 SAP Path Traversal vulnerability in SAP Netweaver Application Server Java

The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal.

5.3
2020-07-13 CVE-2019-20899 Atlassian Unspecified vulnerability in Atlassian products

The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API.

5.3
2020-07-15 CVE-2020-14712 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
5.0
2020-07-15 CVE-2020-14707 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
5.0
2020-07-15 CVE-2020-14545 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility).

5.0
2020-07-17 CVE-2020-5768 Icegram SQL Injection vulnerability in Icegram Email Subscribers & Newsletters 4.4.8

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields.

4.9
2020-07-16 CVE-2020-3450 Cisco SQL Injection vulnerability in Cisco Vision Dynamic Signage Director

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system.

4.9
2020-07-15 CVE-2020-14702 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.9
2020-07-15 CVE-2020-14656 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking).
4.9
2020-07-15 CVE-2020-14654 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-07-15 CVE-2020-14641 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles).
4.9
2020-07-15 CVE-2020-14632 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options).
4.9
2020-07-15 CVE-2020-14631 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit).
4.9
2020-07-15 CVE-2020-14624 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON).
4.9
2020-07-15 CVE-2020-14623 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2020-07-15 CVE-2020-14622 Oracle Unspecified vulnerability in Oracle Weblogic Server

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

4.9
2020-07-15 CVE-2020-14620 Netapp
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.9
2020-07-15 CVE-2020-14614 Netapp
Fedoraproject
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-07-15 CVE-2020-14597 Netapp
Fedoraproject
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-07-15 CVE-2020-14586 Oracle
Netapp
Fedoraproject
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).
4.9
2020-07-15 CVE-2020-14575 Netapp
Fedoraproject
Canonical
Oracle
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.9
2020-07-15 CVE-2020-14568 Oracle
Netapp
Fedoraproject
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
4.9
2020-07-15 CVE-2020-14567 Oracle
Netapp
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
4.9
2020-07-15 CVE-2020-14547 Oracle
Netapp
Fedoraproject
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).
4.9
2020-07-15 CVE-2020-14540 Oracle
Netapp
Fedoraproject
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).
4.9
2020-07-14 CVE-2020-1267 Microsoft Unspecified vulnerability in Microsoft products

This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'.

4.9
2020-07-16 CVE-2020-3349 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.

4.8
2020-07-16 CVE-2020-3348 Cisco Cross-site Scripting vulnerability in Cisco Data Center Network Manager

Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device.

4.8
2020-07-14 CVE-2020-11083 Octobercms Cross-site Scripting vulnerability in Octobercms October

In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field.

4.8
2020-07-13 CVE-2019-20900 Atlassian Cross-site Scripting vulnerability in Atlassian Jira Data Center and Jira Server

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module.

4.8
2020-07-16 CVE-2020-4316 IBM Unspecified vulnerability in IBM Publishing Engine and Rational Publishing Engine

IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies.

4.7
2020-07-15 CVE-2020-14717 Oracle Unspecified vulnerability in Oracle Common Applications

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework).

4.7
2020-07-15 CVE-2020-14716 Oracle Unspecified vulnerability in Oracle Common Applications

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework).

4.7
2020-07-15 CVE-2020-14661 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

4.7
2020-07-15 CVE-2020-14659 Oracle Unspecified vulnerability in Oracle CRM Technical Foundation

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

4.7
2020-07-15 CVE-2020-14574 Oracle Unspecified vulnerability in Oracle Communications Interactive Session Recorder

Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications Applications (component: FACE).

4.7
2020-07-15 CVE-2020-14555 Oracle Unspecified vulnerability in Oracle Marketing

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

4.7
2020-07-15 CVE-2020-14554 Oracle Unspecified vulnerability in Oracle Application Object Library

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics).

4.7
2020-07-15 CVE-2020-14532 Oracle Unspecified vulnerability in Oracle Commerce Platform

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework).

4.7
2020-07-15 CVE-2020-2977 Oracle Unspecified vulnerability in Oracle Application Express

Vulnerability in the Oracle Application Express component of Oracle Database Server.

4.6
2020-07-15 CVE-2020-14715 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
4.4
2020-07-15 CVE-2020-14714 Oracle
Opensuse
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).
4.4
2020-07-15 CVE-2020-4100 Hcltechsw Improper Control of Dynamically-Managed Code Resources vulnerability in Hcltechsw HCL Verse 11.0.4

"HCL Verse for Android was found to employ dynamic code loading.

4.4
2020-07-16 CVE-2020-3378 Cisco SQL Injection vulnerability in Cisco Sd-Wan Firmware

A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries.

4.3
2020-07-16 CVE-2020-3345 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings Server

A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser.

4.3
2020-07-15 CVE-2020-13788 Linuxfoundation Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor

Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet.

4.3
2020-07-15 CVE-2020-11437 Librehealth SQL Injection vulnerability in Librehealth EHR 2.0.0

LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database.

4.3
2020-07-15 CVE-2020-14708 Oracle Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0

Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment).

4.3
2020-07-15 CVE-2020-14684 Oracle Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

4.3
2020-07-15 CVE-2020-14600 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal).

4.3
2020-07-15 CVE-2020-14566 Oracle Unspecified vulnerability in Oracle Primavera Portfolio Management

Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access).

4.3
2020-07-15 CVE-2020-14559 Oracle
Netapp
Fedoraproject
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema).
4.3
2020-07-15 CVE-2020-14553 Oracle
Netapp
Fedoraproject
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth).
4.3
2020-07-15 CVE-2020-14551 Oracle Unspecified vulnerability in Oracle Autovue 21.0

Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security).

4.3
2020-07-15 CVE-2020-14544 Oracle Unspecified vulnerability in Oracle Transportation Management 6.4.3

Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security).

4.3
2020-07-15 CVE-2020-15697 Joomla Incorrect Permission Assignment for Critical Resource vulnerability in Joomla Joomla!

An issue was discovered in Joomla! through 3.9.19.

4.3
2020-07-15 CVE-2020-7292 Mcafee Inappropriate Encoding for Output Context vulnerability in Mcafee web Gateway

Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL.

4.3
2020-07-14 CVE-2020-1462 Microsoft Unspecified vulnerability in Microsoft Edge

An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'.

4.3
2020-07-14 CVE-2020-1444 Microsoft Unspecified vulnerability in Microsoft products

A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'.

4.3
2020-07-14 CVE-2020-1432 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 11

An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'.

4.3
2020-07-13 CVE-2020-14174 Atlassian Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper.

4.3
2020-07-15 CVE-2020-14560 Oracle Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4

Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization).

4.2
2020-07-15 CVE-2020-14546 Oracle Unspecified vulnerability in Oracle Hyperion Financial Close Management 11.1.2.4

Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager).

4.2
2020-07-14 CVE-2020-15719 Openldap
Redhat
Opensuse
Mcafee
Oracle
Improper Certificate Validation vulnerability in multiple products

libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support.

4.2

15 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-07-15 CVE-2020-14533 Oracle Unspecified vulnerability in Oracle Commerce Platform

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework).

3.5
2020-07-15 CVE-2020-14548 Oracle Unspecified vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General).

3.4
2020-07-17 CVE-2020-9102 Huawei Unspecified vulnerability in Huawei products

There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information.

3.3
2020-07-15 CVE-2020-14542 Oracle Unspecified vulnerability in Oracle Solaris 11

Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri).

3.3
2020-07-14 CVE-2020-15101 Schokokeks Uncontrolled Recursion vulnerability in Schokokeks Freewvs

In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk().

3.3
2020-07-14 CVE-2020-15100 Schokokeks Allocation of Resources Without Limits or Throttling vulnerability in Schokokeks Freewvs

In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process.

3.3
2020-07-14 CVE-2020-12025 Rockwellautomation XXE vulnerability in Rockwellautomation Studio 5000 Logix Designer 32.00/32.01/32.02

Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program.

3.3
2020-07-15 CVE-2020-14634 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
2.7
2020-07-15 CVE-2020-14633 Oracle
Netapp
Canonical
Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB).
2.7
2020-07-15 CVE-2020-14616 Oracle Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting).

2.7
2020-07-15 CVE-2020-14590 Oracle Unspecified vulnerability in Oracle Applications Framework

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request).

2.7
2020-07-15 CVE-2020-14564 Oracle Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Environment Mgmt Console).

2.7
2020-07-14 CVE-2020-6280 SAP Unspecified vulnerability in SAP Abap Platform and Netweaver Application Server Abap

SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure.

2.7
2020-07-17 CVE-2020-9252 Huawei Path Traversal vulnerability in Huawei products

HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability.

2.3
2020-07-15 CVE-2020-14541 Oracle Unspecified vulnerability in Oracle Hyperion Financial Close Management 11.1.2.4

Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager).

2.0