Weekly Vulnerabilities Reports > August 3 to 9, 2020
Overview
163 new vulnerabilities reported during this period, including 15 critical vulnerabilities and 40 high severity vulnerabilities. This weekly summary report vulnerabilities in 184 products from 85 vendors including IBM, Jetbrains, Fedoraproject, Canonical, and Deltaww. Vulnerabilities are notably categorized as "Cross-site Scripting", "Improper Input Validation", "Out-of-bounds Write", "Information Exposure", and "Improper Authentication".
- 106 reported vulnerabilities are remotely exploitables.
- 54 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 119 reported vulnerabilities are exploitable by an anonymous user.
- IBM has the most reported vulnerabilities, with 20 reported vulnerabilities.
- Apache has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
15 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-08-06 | CVE-2020-12441 | Ivanti | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Ivanti products Denial-of-Service (DoS) in Ivanti Service Manager HEAT Remote Control 7.4 due to a buffer overflow in the protocol parser of the ‘HEATRemoteService’ agent. | 10.0 |
2020-08-06 | CVE-2020-7356 | Cayintech | SQL Injection vulnerability in Cayintech Xpost 1.0/2.0/2.5.18103 CAYIN xPost suffers from an unauthenticated SQL Injection vulnerability. | 10.0 |
2020-08-06 | CVE-2020-7357 | Cayintech | OS Command Injection vulnerability in Cayintech products Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. | 9.9 |
2020-08-07 | CVE-2020-11984 | Apache Netapp Canonical Debian Fedoraproject Opensuse Oracle | Classic Buffer Overflow vulnerability in multiple products Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE | 9.8 |
2020-08-05 | CVE-2020-17353 | Lilypond Fedoraproject Debian Opensuse | scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code. | 9.8 |
2020-08-05 | CVE-2020-13921 | Apache | SQL Injection vulnerability in Apache Skywalking **Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. | 9.8 |
2020-08-05 | CVE-2020-13151 | Aerospike | OS Command Injection vulnerability in Aerospike Server Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. | 9.8 |
2020-08-07 | CVE-2020-13376 | Securenvoy | Path Traversal vulnerability in Securenvoy Securmail 9.3.503 SecurEnvoy SecurMail 9.3.503 allows attackers to upload executable files and achieve OS command execution via a crafted SecurEnvoyReply cookie. | 9.3 |
2020-08-06 | CVE-2020-16215 | Advantech | Improper Input Validation vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. | 9.3 |
2020-08-09 | CVE-2020-17452 | Flatcore | Unrestricted Upload of File with Dangerous Type vulnerability in Flatcore flatCore before 1.5.7 allows upload and execution of a .php file by an admin. | 9.0 |
2020-08-06 | CVE-2020-13365 | Zyxel | Improper Authentication vulnerability in Zyxel products Certain Zyxel products have a locally accessible binary that allows a non-root user to generate a password for an undocumented user account that can be used for a TELNET session as root. | 9.0 |
2020-08-06 | CVE-2020-13364 | Zyxel | Unspecified vulnerability in Zyxel products A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. | 9.0 |
2020-08-06 | CVE-2020-7361 | Easycorp | OS Command Injection vulnerability in Easycorp Zentao PRO 8.8.2 The EasyCorp ZenTao Pro application suffers from an OS command injection vulnerability in its '/pro/repo-create.html' component. | 9.0 |
2020-08-05 | CVE-2020-13404 | Quadra Informatique | OS Command Injection vulnerability in Quadra-Informatique Atos/Sips The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. | 9.0 |
2020-08-04 | CVE-2020-15467 | Cohesive | OS Command Injection vulnerability in Cohesive Vns3 The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. | 9.0 |
40 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-08-08 | CVE-2020-15824 | Jetbrains Oracle | Improper Privilege Management vulnerability in multiple products In JetBrains Kotlin from 1.4-M1 to 1.4-RC (as Kotlin 1.3.7x is not affected by the issue. | 8.8 |
2020-08-07 | CVE-2020-11852 | Microfocus | OS Command Injection vulnerability in Microfocus Secure Messaging Gateway 471 DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). | 8.8 |
2020-08-05 | CVE-2020-7298 | Mcafee | Unspecified vulnerability in Mcafee Total Protection Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially crafted object making a specific function call. | 8.4 |
2020-08-07 | CVE-2020-15063 | Digitus | Improper Authentication vulnerability in Digitus Da-70254 Firmware 2.073.000.E0008 DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 8.3 |
2020-08-07 | CVE-2020-15059 | Lindy International | Improper Authentication vulnerability in Lindy-International 42633 Firmware 2.078.000 Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 8.3 |
2020-08-07 | CVE-2020-15055 | TP Link | Improper Authentication vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | 8.3 |
2020-08-07 | CVE-2020-8026 | Opensuse | Incorrect Default Permissions vulnerability in Opensuse Backports Sle, Leap and Tumbleweed A Incorrect Default Permissions vulnerability in the packaging of inn in openSUSE Leap 15.2, openSUSE Tumbleweed, openSUSE Leap 15.1 allows local attackers with control of the new user to escalate their privileges to root. | 7.8 |
2020-08-07 | CVE-2020-16225 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Tpeditor Delta Electronics TPEditor Versions 1.97 and prior. | 7.8 |
2020-08-07 | CVE-2020-16223 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Tpeditor Delta Electronics TPEditor Versions 1.97 and prior. | 7.8 |
2020-08-07 | CVE-2020-16221 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Tpeditor Delta Electronics TPEditor Versions 1.97 and prior. | 7.8 |
2020-08-07 | CVE-2020-16219 | Deltaww | Out-of-bounds Read vulnerability in Deltaww Tpeditor Delta Electronics TPEditor Versions 1.97 and prior. | 7.8 |
2020-08-06 | CVE-2020-16229 | Advantech | Type Confusion vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. | 7.8 |
2020-08-06 | CVE-2020-16217 | Advantech | Double Free vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. | 7.8 |
2020-08-06 | CVE-2020-16213 | Advantech | Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. | 7.8 |
2020-08-06 | CVE-2020-16207 | Advantech | Out-of-bounds Write vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. | 7.8 |
2020-08-06 | CVE-2020-15114 | Redhat Fedoraproject | Missing Release of Resource after Effective Lifetime vulnerability in multiple products In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP proxy to allow for basic service discovery and access. | 7.7 |
2020-08-04 | CVE-2020-16134 | Swisscom | Insufficiently Protected Credentials vulnerability in Swisscom products An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. | 7.7 |
2020-08-07 | CVE-2019-7005 | Avaya | Unspecified vulnerability in Avaya IP Office A vulnerability was discovered in the web interface component of IP Office that may potentially allow a remote, unauthenticated user with network access to gain sensitive information. | 7.5 |
2020-08-07 | CVE-2020-16169 | Robotemi | Improper Authentication vulnerability in Robotemi Robox OS 117.21/119.24 Authentication Bypass Using an Alternate Path or Channel in temi Robox OS prior to120, temi Android app up to 1.3.7931 allows remote attackers to gain elevated privileges on the temi and have it automatically answer the attacker's calls, granting audio, video, and motor control via unspecified vectors. | 7.5 |
2020-08-07 | CVE-2020-9490 | Apache Oracle Opensuse Debian Fedoraproject Canonical Redhat | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43. | 7.5 |
2020-08-07 | CVE-2020-11993 | Apache Netapp Canonical Opensuse Debian Fedoraproject Oracle | HTTP Request Smuggling vulnerability in multiple products Apache HTTP Server versions 2.4.20 to 2.4.43 When trace/debug was enabled for the HTTP/2 module and on certain traffic edge patterns, logging statements were made on the wrong connection, causing concurrent use of memory pools. | 7.5 |
2020-08-06 | CVE-2020-15115 | Redhat Fedoraproject | Weak Password Requirements vulnerability in multiple products etcd before versions 3.3.23 and 3.4.10 does not perform any password length validation, which allows for very short passwords, such as those with a length of one. | 7.5 |
2020-08-06 | CVE-2020-13793 | Ivanti | Use of Hard-coded Credentials vulnerability in Ivanti DSM Netinst 5.1 Unsafe storage of AD credentials in Ivanti DSM netinst 5.1 due to a static, hard-coded encryption key. | 7.5 |
2020-08-06 | CVE-2020-16845 | Golang Opensuse Debian Fedoraproject | Infinite Loop vulnerability in multiple products Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. | 7.5 |
2020-08-05 | CVE-2020-5609 | Yokogawa | Path Traversal vulnerability in Yokogawa products Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to create or overwrite arbitrary files and run arbitrary commands via unspecified vectors. | 7.5 |
2020-08-05 | CVE-2020-5608 | Yokogawa | Improper Authentication vulnerability in Yokogawa products CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/M9000CS R5.04.01 to R5.05.01, and B/M9000 VP R6.01.01 to R8.03.01 allows a remote unauthenticated attacker to bypass authentication and send altered communication packets via unspecified vectors. | 7.5 |
2020-08-04 | CVE-2020-4459 | IBM | Use of Hard-coded Credentials vulnerability in IBM Security Secret Server 10.7/10.7.000059 IBM Security Verify Access 10.7 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |
2020-08-04 | CVE-2020-5616 | Calendar01 Project Calendar02 Project Calendarform01 Project Gallery01 Project Link01 Project Pkobo News01 Project Pkobo Vote01 Project Telop01 Project | Improper Authentication vulnerability in multiple products [Calendar01], [Calendar02], [PKOBO-News01], [PKOBO-vote01], [Telop01], [Gallery01], [CalendarForm01], and [Link01] [Calendar01] free edition ver1.0.0, [Calendar02] free edition ver1.0.0, [PKOBO-News01] free edition ver1.0.3 and earlier, [PKOBO-vote01] free edition ver1.0.1 and earlier, [Telop01] free edition ver1.0.0, [Gallery01] free edition ver1.0.3 and earlier, [CalendarForm01] free edition ver1.0.3 and earlier, and [Link01] free edition ver1.0.0 allows remote attackers to bypass authentication and log in to the product with administrative privileges via unspecified vectors. | 7.5 |
2020-08-05 | CVE-2020-17366 | Nlnetlabs | Improper Certificate Validation vulnerability in Nlnetlabs Routinator An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. | 7.4 |
2020-08-04 | CVE-2020-6012 | Checkpoint | Link Following vulnerability in Checkpoint Zonealarm Anti-Ransomware 1.0.0601/1.0.710 ZoneAlarm Anti-Ransomware before version 1.0.713 copies files for the report from a directory with low privileges. | 7.4 |
2020-08-07 | CVE-2020-15480 | Passmark | Unspecified vulnerability in Passmark Burnintest, Osforensics and Performancetest An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. | 7.2 |
2020-08-07 | CVE-2020-15479 | Passmark | Classic Buffer Overflow vulnerability in Passmark Burnintest, Osforensics and Performancetest An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. | 7.2 |
2020-08-06 | CVE-2020-7352 | GOG | Use of Hard-coded Credentials vulnerability in GOG Galaxy The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. | 7.2 |
2020-08-05 | CVE-2020-8607 | Trendmicro | Improper Input Validation vulnerability in Trendmicro products An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could allow an attacker in user-mode with administrator permissions to abuse the driver to modify a kernel address that may cause a system crash or potentially lead to code execution in kernel mode. | 7.2 |
2020-08-03 | CVE-2019-19455 | Wowza | Incorrect Permission Assignment for Critical Resource vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.5 has Insecure Permissions which may allow a local attacker to escalate privileges in / usr / local / WowzaStreamingEngine / manager / bin / in the Linux version of the server by writing arbitrary commands in any file and execute them as root. | 7.2 |
2020-08-03 | CVE-2020-4534 | IBM | Improper Privilege Management vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local authenticated attacker to gain elevated privileges on the system, caused by improper handling of UNC paths. | 7.2 |
2020-08-05 | CVE-2020-15113 | Etcd Fedoraproject | Improper Preservation of Permissions vulnerability in multiple products In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatically generate self-signed certificates for TLS connections with clients) with restricted access permissions (700) by using the os.MkdirAll. | 7.1 |
2020-08-03 | CVE-2020-5772 | Teltonika Networks | Unrestricted Upload of File with Dangerous Type vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.01 Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. | 7.1 |
2020-08-03 | CVE-2020-5771 | Teltonika Networks | Unrestricted Upload of File with Dangerous Type vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.01 Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. | 7.1 |
2020-08-06 | CVE-2020-15702 | Canonical | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Canonical Apport TOCTOU Race Condition vulnerability in apport allows a local attacker to escalate privileges and execute arbitrary code. | 7.0 |
90 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-08-03 | CVE-2020-4554 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I2 Analysts Notebook 9.2.1/9.2.2 IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 6.9 |
2020-08-03 | CVE-2020-4553 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I2 Analysts Notebook 9.2.1/9.2.2 IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 6.9 |
2020-08-03 | CVE-2020-4552 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I2 Analysts Notebook 9.2.1 IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 6.9 |
2020-08-03 | CVE-2020-4551 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I2 Analysts Notebook 9.2.1/9.2.2 IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 6.9 |
2020-08-03 | CVE-2020-4550 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I2 Analysts Notebook 9.2.1/9.2.2 IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 6.9 |
2020-08-03 | CVE-2020-4549 | IBM | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in IBM I2 Analysts Notebook 9.2.1 IBM i2 Analyst Notebook 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. | 6.9 |
2020-08-07 | CVE-2020-7810 | Handysoft | Improper Validation of Integrity Check Value vulnerability in Handysoft Hslogin2.Dll 6.7.8.4/7.3.4 hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. | 6.8 |
2020-08-07 | CVE-2020-16227 | Deltaww | Improper Input Validation vulnerability in Deltaww Tpeditor Delta Electronics TPEditor Versions 1.97 and prior. | 6.8 |
2020-08-04 | CVE-2020-15135 | Save Server Project | Cross-Site Request Forgery (CSRF) vulnerability in Save-Server Project Save-Server 1.0.3/1.0.4 save-server (npm package) before version 1.05 is affected by a CSRF vulnerability, as there is no CSRF mitigation (Tokens etc.). | 6.8 |
2020-08-04 | CVE-2020-16203 | Deltaww | Access of Uninitialized Pointer vulnerability in Deltaww Cncsoft Screeneditor 1.00.88/1.00.96/1.01.23 Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. | 6.8 |
2020-08-04 | CVE-2020-16199 | Deltaww | Out-of-bounds Write vulnerability in Deltaww Cncsoft Screeneditor 1.00.88/1.00.96/1.01.23 Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. | 6.8 |
2020-08-04 | CVE-2020-7823 | Hmtalk | Out-of-bounds Write vulnerability in Hmtalk Daviewindy 8.98.4/8.98.7 DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. | 6.8 |
2020-08-04 | CVE-2020-7822 | Hmtalk | Out-of-bounds Write vulnerability in Hmtalk Daviewindy 8.98.4/8.98.7 DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. | 6.8 |
2020-08-04 | CVE-2020-5615 | Calendar01 Project Calendar02 Project | Cross-Site Request Forgery (CSRF) vulnerability in multiple products Cross-site request forgery (CSRF) vulnerability in [Calendar01] free edition ver1.0.0 and [Calendar02] free edition ver1.0.0 allows remote attackers to hijack the authentication of administrators via unspecified vectors. | 6.8 |
2020-08-03 | CVE-2020-5770 | Teltonika Networks | Cross-Site Request Forgery (CSRF) vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.01 Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | 6.8 |
2020-08-05 | CVE-2020-14344 | X ORG Fedoraproject Canonical Opensuse | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. | 6.7 |
2020-08-08 | CVE-2020-15825 | Jetbrains | Improper Privilege Management vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. | 6.5 |
2020-08-08 | CVE-2020-15817 | Jetbrains | Code Injection vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | 6.5 |
2020-08-07 | CVE-2020-17352 | Sophos | OS Command Injection vulnerability in Sophos XG Firewall Firmware 17.5/18.0 Two OS command injection vulnerabilities in the User Portal of Sophos XG Firewall through 2020-08-05 potentially allow an authenticated attacker to remotely execute arbitrary code. | 6.5 |
2020-08-07 | CVE-2020-16168 | Robotemi | Origin Validation Error vulnerability in Robotemi Temi Firmware Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors. | 6.5 |
2020-08-06 | CVE-2020-15136 | Redhat Fedoraproject | Missing Authentication for Critical Function vulnerability in multiple products In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only applied to endpoints detected in DNS SRV records. | 6.5 |
2020-08-05 | CVE-2020-15112 | Etcd Fedoraproject | Improper Validation of Array Index vulnerability in multiple products In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.go. | 6.5 |
2020-08-05 | CVE-2020-15106 | Etcd Fedoraproject | In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. | 6.5 |
2020-08-03 | CVE-2020-5773 | Teltonika Networks | Improper Privilege Management vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.01 Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. | 6.5 |
2020-08-03 | CVE-2020-4328 | IBM | SQL Injection vulnerability in IBM Financial Transaction Manager FOR Multiplatform 3.2.4 IBM Financial Transaction Manager 3.2.4 is vulnerable to SQL injection. | 6.5 |
2020-08-07 | CVE-2020-16167 | Robotemi | Missing Authentication for Critical Function vulnerability in Robotemi Launcher OS 11969/13146 Missing Authentication for Critical Function in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to receive and answer calls intended for another temi user. | 6.4 |
2020-08-05 | CVE-2020-4481 | IBM | XML Entity Expansion vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
2020-08-03 | CVE-2020-16272 | KEE | Improper Input Validation vulnerability in KEE Keepassrpc The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection. | 6.4 |
2020-08-03 | CVE-2020-16271 | KEE | Use of Insufficiently Random Values vulnerability in KEE Keepassrpc The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection. | 6.4 |
2020-08-03 | CVE-2020-4377 | IBM | XML Entity Expansion vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Anaytics 11.0 and 11.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
2020-08-07 | CVE-2020-15065 | Digitus | Improper Input Validation vulnerability in Digitus Da-70254 Firmware 2.073.000.E0008 DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. | 6.1 |
2020-08-07 | CVE-2020-15061 | Lindy International | Improper Input Validation vulnerability in Lindy-International 42633 Firmware 2.078.000 Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. | 6.1 |
2020-08-07 | CVE-2020-15057 | TP Link | Improper Input Validation vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | 6.1 |
2020-08-03 | CVE-2020-11584 | Plesk | Cross-site Scripting vulnerability in Plesk Onyx 17.8.11 A GET-based XSS reflected vulnerability in Plesk Onyx 17.8.11 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | 6.1 |
2020-08-03 | CVE-2020-11583 | Plesk | Cross-site Scripting vulnerability in Plesk Obsidian 18.0.17 A GET-based XSS reflected vulnerability in Plesk Obsidian 18.0.17 allows remote unauthenticated users to inject arbitrary JavaScript, HTML, or CSS via a GET parameter. | 6.1 |
2020-08-03 | CVE-2020-13820 | Extremenetworks | Cross-site Scripting vulnerability in Extremenetworks Extreme Management Center 8.4.1.24 Extreme Management Center 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | 6.1 |
2020-08-09 | CVE-2020-16248 | Prometheus | Server-Side Request Forgery (SSRF) vulnerability in Prometheus Blackbox Exporter Prometheus Blackbox Exporter through 0.17.0 allows /probe?target= SSRF. | 5.8 |
2020-08-05 | CVE-2020-16253 | Pghero Project | Cross-Site Request Forgery (CSRF) vulnerability in Pghero Project Pghero The PgHero gem through 2.6.0 for Ruby allows CSRF. | 5.8 |
2020-08-06 | CVE-2020-15701 | Canonical | Improper Handling of Exceptional Conditions vulnerability in Canonical Apport An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. | 5.5 |
2020-08-06 | CVE-2020-16211 | Advantech | Out-of-bounds Read vulnerability in Advantech Webaccess/Hmi Designer 2.1/2.1.9.31 Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. | 5.5 |
2020-08-05 | CVE-2020-14347 | X ORG Debian Canonical | Improper Initialization vulnerability in multiple products A flaw was found in the way xserver memory was not properly initialized. | 5.5 |
2020-08-04 | CVE-2020-15943 | Gantt Chart Project | Missing Authorization vulnerability in Gantt-Chart Project Gantt-Chart An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. | 5.5 |
2020-08-03 | CVE-2020-16269 | Radare Fedoraproject | radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section. | 5.5 |
2020-08-03 | CVE-2019-19453 | Wowza | Cross-site Scripting vulnerability in Wowza Streaming Engine Wowza Streaming Engine before 4.8.5 allows XSS (issue 1 of 2). | 5.4 |
2020-08-07 | CVE-2020-11985 | Apache | Insufficient Verification of Data Authenticity vulnerability in Apache Http Server IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. | 5.3 |
2020-08-08 | CVE-2020-15829 | Jetbrains | Information Exposure vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2019.2.3, password parameters could be disclosed via build logs. | 5.0 |
2020-08-08 | CVE-2020-15827 | Jetbrains | Improper Verification of Cryptographic Signature vulnerability in Jetbrains Toolbox 1.17/1.17.6802 In JetBrains ToolBox version 1.17 before 1.17.6856, the set of signature verifications omitted the jetbrains-toolbox.exe file. | 5.0 |
2020-08-08 | CVE-2020-15823 | Jetbrains | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2020.2.8873 is vulnerable to SSRF in the Workflow component. | 5.0 |
2020-08-08 | CVE-2020-15820 | Jetbrains | Information Exposure vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. | 5.0 |
2020-08-08 | CVE-2020-15819 | Jetbrains | Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack JetBrains YouTrack before 2020.2.10643 was vulnerable to SSRF that allowed scanning internal ports. | 5.0 |
2020-08-08 | CVE-2020-15818 | Jetbrains | Information Exposure vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. | 5.0 |
2020-08-08 | CVE-2019-19704 | Jetbrains | Information Exposure vulnerability in Jetbrains Upsource In JetBrains Upsource before 2020.1, information disclosure is possible because of an incorrect user matching algorithm. | 5.0 |
2020-08-05 | CVE-2020-15132 | Sulu | Information Exposure Through an Error Message vulnerability in Sulu In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username or email address. | 5.0 |
2020-08-05 | CVE-2020-15127 | Projectcontour | Missing Authentication for Critical Function vulnerability in Projectcontour Contour In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire ingress data plane. | 5.0 |
2020-08-04 | CVE-2020-15109 | Nebulab | Missing Authorization vulnerability in Nebulab Solidus In solidus before versions 2.8.6, 2.9.6, and 2.10.2, there is an bility to change order address without triggering address validations. | 5.0 |
2020-08-04 | CVE-2020-15956 | Acti | Classic Buffer Overflow vulnerability in Acti NVR 2.3.04.07/3.0.12.42 ActiveMediaServer.exe in ACTi NVR3 Standard Server 3.0.12.42 allows remote unauthenticated attackers to trigger a buffer overflow and application termination via a malformed payload. | 5.0 |
2020-08-03 | CVE-2020-12739 | Fanuc | Improper Input Validation vulnerability in Fanuc products A denial-of-service vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. | 5.0 |
2020-08-03 | CVE-2019-4366 | IBM | Information Exposure vulnerability in IBM Cognos Analytics 11.0.0/11.1.0 IBM Cognos Analytics 11.0 and 11.1 is susceptible to an information disclosure vulnerability where an attacker could gain access to cached browser data. | 5.0 |
2020-08-07 | CVE-2020-8025 | Suse | Incorrect Execution-Assigned Permissions vulnerability in Suse products A Incorrect Execution-Assigned Permissions vulnerability in the permissions package of SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 15; openSUSE Leap 15.1, openSUSE Tumbleweed sets the permissions for some of the directories of the pcp package to unintended settings. | 4.6 |
2020-08-06 | CVE-2020-7817 | Raonwiz | Download of Code Without Integrity Check vulnerability in Raonwiz K Upload 6.2.2018.529 MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). | 4.6 |
2020-08-06 | CVE-2020-7459 | Freebsd | Improper Input Validation vulnerability in Freebsd 11.3/11.4/12.1 In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, missing length validation code common to mulitple USB network drivers allows a malicious USB device to write beyond the end of an allocated network packet buffer. | 4.6 |
2020-08-04 | CVE-2019-20001 | Ricoh | Improper Privilege Management vulnerability in Ricoh Streamline NX Client Tool and Streamline NX PC Client An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. | 4.6 |
2020-08-04 | CVE-2020-5617 | Skygroup | Improper Privilege Management vulnerability in Skygroup Skysea Client View 12.200.12N/15.210.05F Privilege escalation vulnerability in SKYSEA Client View Ver.12.200.12n to 15.210.05f allows an attacker to obtain unauthorized privileges and modify/obtain sensitive information or perform unintended operations via unspecified vectors. | 4.6 |
2020-08-03 | CVE-2020-8574 | Netapp | Unspecified vulnerability in Netapp Active IQ Unified Manager Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. | 4.6 |
2020-08-03 | CVE-2020-8108 | Bitdefender | Improper Authentication vulnerability in Bitdefender Endpoint Security Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. | 4.6 |
2020-08-06 | CVE-2020-7460 | Freebsd | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Freebsd 11.3/11.4/12.1 In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELEASE before p2, and 11.3-RELEASE before p12, the sendmsg system call in the compat32 subsystem on 64-bit platforms has a time-of-check to time-of-use vulnerability allowing a mailcious userspace program to modify control message headers after they were validation. | 4.4 |
2020-08-08 | CVE-2020-15831 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI. | 4.3 |
2020-08-08 | CVE-2020-15830 | Jetbrains | Cross-site Scripting vulnerability in Jetbrains Teamcity JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI. | 4.3 |
2020-08-07 | CVE-2020-15907 | Mahara | Cross-site Scripting vulnerability in Mahara In Mahara 19.04 before 19.04.6, 19.10 before 19.10.4, and 20.04 before 20.04.1, certain places could execute file or folder names containing JavaScript. | 4.3 |
2020-08-05 | CVE-2020-9036 | Jeedom | Cross-site Scripting vulnerability in Jeedom 4.0.38 Jeedom through 4.0.38 allows XSS. | 4.3 |
2020-08-05 | CVE-2020-16254 | Chartkick Project | Injection vulnerability in Chartkick Project Chartkick The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). | 4.3 |
2020-08-05 | CVE-2020-16192 | Limesurvey | Cross-site Scripting vulnerability in Limesurvey 4.3.2 LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. | 4.3 |
2020-08-05 | CVE-2020-17364 | Usvn | Cross-site Scripting vulnerability in Usvn User-Friendly SVN USVN (aka User-friendly SVN) before 1.0.9 allows XSS via SVN logs. | 4.3 |
2020-08-05 | CVE-2020-4243 | IBM | Session Fixation vulnerability in IBM Security Identity Governance and Intelligence 5.2.6 IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in the middle techniques due to not properly invalidating session tokens. | 4.3 |
2020-08-05 | CVE-2020-16252 | Field Test Project | Cross-Site Request Forgery (CSRF) vulnerability in Field Test Project Field Test The Field Test gem 0.2.0 through 0.3.2 for Ruby allows CSRF. | 4.3 |
2020-08-05 | CVE-2020-13819 | Extremenetworks | Cross-site Scripting vulnerability in Extremenetworks Extreme Management Center 8.4.1.24/8.5 Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. | 4.3 |
2020-08-04 | CVE-2020-16847 | Extremenetworks | Cross-site Scripting vulnerability in Extremenetworks Extreme Management Center 8.4.1.24/8.5 Extreme Analytics in Extreme Management Center before 8.5.0.169 allows unauthenticated reflected XSS via a parameter in a GET request, aka CFD-4887. | 4.3 |
2020-08-04 | CVE-2020-16843 | Amazon | Unspecified vulnerability in Amazon Firecracker 0.20.0/0.21.0/0.21.1 In Firecracker 0.20.x before 0.20.1 and 0.21.x before 0.21.2, the network stack can freeze under heavy ingress traffic. | 4.3 |
2020-08-04 | CVE-2020-16201 | Deltaww | Out-of-bounds Read vulnerability in Deltaww Cncsoft Screeneditor 1.00.88/1.00.96/1.01.23 Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. | 4.3 |
2020-08-03 | CVE-2020-16131 | Tiki | Cross-site Scripting vulnerability in Tiki Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php. | 4.3 |
2020-08-03 | CVE-2015-9549 | Ocportal | Cross-site Scripting vulnerability in Ocportal 9.0.20 A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php. | 4.3 |
2020-08-03 | CVE-2020-4560 | IBM | Cross-site Scripting vulnerability in IBM Financial Transaction Manager 3.2.4.0 IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. | 4.3 |
2020-08-08 | CVE-2020-15828 | Jetbrains | Information Exposure vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. | 4.0 |
2020-08-08 | CVE-2020-15826 | Jetbrains | Incorrect Authorization vulnerability in Jetbrains Teamcity In JetBrains TeamCity before 2020.1, users are able to assign more permissions than they have. | 4.0 |
2020-08-08 | CVE-2020-15821 | Jetbrains | Incorrect Default Permissions vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2020.2.6881, a user without permission is able to create an article draft. | 4.0 |
2020-08-07 | CVE-2020-5412 | Vmware | Externally Controlled Reference to a Resource in Another Sphere vulnerability in VMWare Spring Cloud Netflix 2.1.0/2.2.0 Spring Cloud Netflix, versions 2.2.x prior to 2.2.4, versions 2.1.x prior to 2.1.6, and older unsupported versions allow applications to use the Hystrix Dashboard proxy.stream endpoint to make requests to any server reachable by the server hosting the dashboard. | 4.0 |
2020-08-05 | CVE-2017-18112 | Atlassian | Information Exposure vulnerability in Atlassian Fisheye Affected versions of Atlassian Fisheye allow remote attackers to view the HTTP password of a repository via an Information Disclosure vulnerability in the logging feature. | 4.0 |
2020-08-04 | CVE-2020-4410 | IBM | Information Exposure vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products could allow an authenticated user to send a specially crafted HTTP GET request to read attachments on the server that they should not have access to. | 4.0 |
2020-08-03 | CVE-2020-14319 | Redhat | Cross-Site Request Forgery (CSRF) vulnerability in Redhat AMQ Online and Enmasse It was found that the AMQ Online console is vulnerable to a Cross-Site Request Forgery (CSRF) which is exploitable in cases where preflight checks are not instigated or bypassed. | 4.0 |
2020-08-03 | CVE-2019-4589 | IBM | Improper Privilege Management vulnerability in IBM Cognos Analytics 11.1.0/11.0.0 IBM Cognos Analytics 11.0 and 11.1 is vulnerable to privlege escalation where the "My schedules and subscriptions" page is visible and accessible to a less privileged user. | 4.0 |
18 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-08-04 | CVE-2020-13522 | Softperfect | Unspecified vulnerability in Softperfect RAM Disk 4.1 An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. | 3.6 |
2020-08-09 | CVE-2020-17451 | Flatcore | Cross-site Scripting vulnerability in Flatcore flatCore before 1.5.7 allows XSS by an admin via the acp/acp.php?tn=pages&sub=edit&editpage=1 page_linkname, page_title, page_content, or page_extracontent parameter, or the acp/acp.php?tn=system&sub=sys_pref prefs_pagename, prefs_pagetitle, or prefs_pagesubtitle parameter. | 3.5 |
2020-08-04 | CVE-2020-15944 | Gantt Chart Project | Cross-site Scripting vulnerability in Gantt-Chart Project Gantt-Chart An issue was discovered in the Gantt-Chart module before 5.5.5 for Jira. | 3.5 |
2020-08-04 | CVE-2020-4542 | IBM | Cross-site Scripting vulnerability in IBM Engineering Requirements Management Doors Next 7.0 IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 3.5 |
2020-08-04 | CVE-2020-4525 | IBM | Cross-site Scripting vulnerability in IBM products IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 3.5 |
2020-08-04 | CVE-2020-4396 | IBM | Cross-site Scripting vulnerability in IBM Engineering Test Management 7.0.0 IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. | 3.5 |
2020-08-07 | CVE-2020-15062 | Digitus | Insufficiently Protected Credentials vulnerability in Digitus Da-70254 Firmware 2.073.000.E0008 DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 3.3 |
2020-08-07 | CVE-2020-15058 | Lindy International | Insufficiently Protected Credentials vulnerability in Lindy-International 42633 Firmware 2.078.000 Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 3.3 |
2020-08-07 | CVE-2020-15054 | TP Link | Insufficiently Protected Credentials vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | 3.3 |
2020-08-03 | CVE-2020-16116 | KDE Debian Fedoraproject Opensuse Canonical | Path Traversal vulnerability in multiple products In kerfuffle/jobs.cpp in KDE Ark before 20.08.0, a crafted archive can install files outside the extraction directory via ../ directory traversal. | 3.3 |
2020-08-07 | CVE-2020-15138 | Prismjs | Cross-site Scripting vulnerability in Prismjs Previewers Prism is vulnerable to Cross-Site Scripting. | 2.6 |
2020-08-07 | CVE-2020-15064 | Digitus | Cross-site Scripting vulnerability in Digitus Da-70254 Firmware 2.073.000.E0008 DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2.3 |
2020-08-07 | CVE-2020-15060 | Lindy International | Cross-site Scripting vulnerability in Lindy-International 42633 Firmware 2.078.000 Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2.3 |
2020-08-07 | CVE-2020-15056 | TP Link | Cross-site Scripting vulnerability in Tp-Link Tl-Ps310U Firmware TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | 2.3 |
2020-08-06 | CVE-2020-11937 | Canonical | Memory Leak vulnerability in Canonical Whoopsie In whoopsie, parse_report() from whoopsie.c allows a local attacker to cause a denial of service via a crafted file. | 2.1 |
2020-08-04 | CVE-2020-13523 | Softperfect | Missing Authorization vulnerability in Softperfect RAM Disk 4.1 An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. | 2.1 |
2020-08-03 | CVE-2020-8575 | Netapp | Unspecified vulnerability in Netapp Active IQ Unified Manager 7.3/9.5/9.6 Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS). | 2.1 |
2020-08-04 | CVE-2020-4631 | IBM | Incorrect Permission Assignment for Critical Resource vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.6 agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which could allow a local user to cause interruption of the service operations. | 1.9 |