Weekly Vulnerabilities Reports > August 17 to 23, 2020

Overview

330 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 60 high severity vulnerabilities. This weekly summary report vulnerabilities in 320 products from 96 vendors including Microsoft, Adobe, Cisco, Sierrawireless, and Huawei. Vulnerabilities are notably categorized as "Improper Privilege Management", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Information Exposure", and "Cross-site Scripting".

  • 224 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 63 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 269 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 121 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 18 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

37 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-08-21 CVE-2020-8234 UI Insufficient Session Expiration vulnerability in UI Edgemax Firmware

A vulnerability exists in The EdgeMax EdgeSwitch firmware <v1.9.1 where the EdgeSwitch legacy web interface SIDSSL cookie for admin can be guessed, enabling the attacker to obtain high privileges and get a root shell by a Command injection.

10.0
2020-08-21 CVE-2020-24054 Moog OS Command Injection vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware

The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbroadcast' command that can spawn a given process repeatedly at a certain time interval as 'root'.

10.0
2020-08-21 CVE-2020-24051 Moog Improper Authentication vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware

The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physical security protocol, which requires authentication for some of its operations.

10.0
2020-08-20 CVE-2020-15636 Netgear Stack-based Buffer Overflow vulnerability in Netgear R6700 Firmware

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58.

10.0
2020-08-18 CVE-2020-24032 Xorux OS Command Injection vulnerability in Xorux Lpar2Rrd and Stor2Rrd

tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection via shell metacharacters in a timezone.

10.0
2020-08-18 CVE-2020-15865 Stimulsoft Improper Input Validation vulnerability in Stimulsoft Reports 2013.1.1600.0

A Remote Code Execution vulnerability in Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0 allows an attacker to encode C# scripts as base-64 in the report XML file so that they will be compiled and executed on the server that processes this file.

10.0
2020-08-19 CVE-2020-9722 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability.

9.3
2020-08-19 CVE-2020-9715 Adobe Use After Free vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an use-after-free vulnerability.

9.3
2020-08-19 CVE-2020-9704 Adobe Classic Buffer Overflow vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability.

9.3
2020-08-19 CVE-2020-9693 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds write vulnerability.

9.3
2020-08-19 CVE-2020-9701 Adobe Classic Buffer Overflow vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability.

9.3
2020-08-19 CVE-2020-9700 Adobe Classic Buffer Overflow vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability.

9.3
2020-08-19 CVE-2020-9699 Adobe Classic Buffer Overflow vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability.

9.3
2020-08-19 CVE-2020-9698 Adobe Classic Buffer Overflow vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a buffer error vulnerability.

9.3
2020-08-17 CVE-2020-1581 Microsoft Improper Privilege Management vulnerability in Microsoft 365 Apps and Office

An elevation of privilege vulnerability exists in the way that Microsoft Office Click-to-Run (C2R) components handle objects in memory, aka 'Microsoft Office Click-to-Run Elevation of Privilege Vulnerability'.

9.3
2020-08-17 CVE-2020-1564 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1563 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft 365 Apps and Office

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1562 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1561 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1558 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1557 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1555 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Chakracore and Edge

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Scripting Engine Memory Corruption Vulnerability'.

9.3
2020-08-17 CVE-2020-1504 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Excel 2010

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1498 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft 365 Apps, Excel and Office

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1496 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft 365 Apps, Excel and Office

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1495 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1494 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft 365 Apps, Excel and Office

A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1483 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft 365 Apps, Office and Outlook

A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'.

9.3
2020-08-17 CVE-2020-1472 Microsoft
Fedoraproject
Opensuse
Canonical
Synology
Samba
Debian
Oracle
Use of Insufficiently Random Values vulnerability in multiple products

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC), aka 'Netlogon Elevation of Privilege Vulnerability'.

9.3
2020-08-17 CVE-2020-1339 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects, aka 'Windows Media Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-1046 Microsoft Unspecified vulnerability in Microsoft .Net Framework

A remote code execution vulnerability exists when Microsoft .NET Framework processes input, aka '.NET Framework Remote Code Execution Vulnerability'.

9.3
2020-08-17 CVE-2020-0604 Microsoft Unspecified vulnerability in Microsoft Visual Studio Code

A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'.

9.3
2020-08-21 CVE-2019-11859 Sierrawireless Classic Buffer Overflow vulnerability in Sierrawireless Aleos

A buffer overflow exists in the SMS handler API of ALEOS before 4.13.0, 4.9.5, 4.9.4 that may allow code execution as root.

9.0
2020-08-21 CVE-2020-24057 Verint OS Command Injection vulnerability in Verint S5120Fd Firmware Verintfw042

The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.cgi') that allows the user to manage network filtering on the unit.

9.0
2020-08-18 CVE-2020-23934 Ritecms OS Command Injection vulnerability in Ritecms 2.2.1

An issue was discovered in RiteCMS 2.2.1.

9.0
2020-08-17 CVE-2020-24220 Shopxo OS Command Injection vulnerability in Shopxo 1.8.1

ShopXO v1.8.1 has a command execution vulnerability.

9.0
2020-08-17 CVE-2020-8233 UI
Opensuse
OS Command Injection vulnerability in multiple products

A command injection vulnerability exists in EdgeSwitch firmware <v1.9.0 that allowed an authenticated read-only user to execute arbitrary shell commands over the HTTP interface, allowing them to escalate privileges.

9.0

60 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-08-20 CVE-2020-15635 Netgear Stack-based Buffer Overflow vulnerability in Netgear R6700 Firmware

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58.

8.3
2020-08-17 CVE-2020-13122 Noviflow OS Command Injection vulnerability in Noviflow Noviware Nw500.2.12

The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command.

8.0
2020-08-17 CVE-2020-3500 Cisco Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco Staros

A vulnerability in the IPv6 implementation of Cisco StarOS could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2020-08-17 CVE-2020-1570 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2020-08-17 CVE-2020-1569 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists when Microsoft Edge improperly accesses objects in memory, aka 'Microsoft Edge Memory Corruption Vulnerability'.

7.6
2020-08-17 CVE-2020-1568 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Edge

A remote code execution vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Remote Code Execution Vulnerability'.

7.6
2020-08-17 CVE-2020-1567 Microsoft Improper Input Validation vulnerability in Microsoft Internet Explorer 11/9

A remote code execution vulnerability exists in the way that the MSHTML engine improperly validates input.An attacker could execute arbitrary code in the context of the current user, aka 'MSHTML Engine Remote Code Execution Vulnerability'.

7.6
2020-08-17 CVE-2020-1380 Microsoft Out-of-bounds Write vulnerability in Microsoft Internet Explorer 11

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.

7.6
2020-08-21 CVE-2019-11855 Sierrawireless Unspecified vulnerability in Sierrawireless Aleos

An RPC server is enabled by default on the gateway's LAN of ALEOS before 4.12.0, 4.9.5, and 4.4.9.

7.5
2020-08-21 CVE-2020-24055 Verint Out-of-bounds Write vulnerability in Verint 4320 Firmware and 5620Ptz Firmware

Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an autodiscovery service implemented in the binary executable '/usr/sbin/DM' that listens on port TCP 6666.

7.5
2020-08-21 CVE-2020-7710 Safe Eval Project Improper Privilege Management vulnerability in Safe-Eval Project Safe-Eval

This affects all versions of package safe-eval.

7.5
2020-08-20 CVE-2020-16279 Rangee Improper Input Validation vulnerability in Rangee Rangeeos 8.0.4

The Kommbox component in Rangee GmbH RangeeOS 8.0.4 is vulnerable to Remote Code Execution due to untrusted user supplied input being passed to the command line without sanitization.

7.5
2020-08-20 CVE-2020-23935 Student Management System Project SQL Injection vulnerability in Student Management System Project Student Management System 1.0

Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".

7.5
2020-08-20 CVE-2020-23936 Vehicle Parking Management System Project Improper Authentication vulnerability in Vehicle Parking Management System Project Vehicle Parking Management System 1.0

PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via "Username: admin'# && Password: (Write Something)".

7.5
2020-08-20 CVE-2020-10283 Dronecode Unspecified vulnerability in Dronecode Micro AIR Vehicle Link 1.0

The Micro Air Vehicle Link (MAVLink) protocol presents authentication mechanisms on its version 2.0 however according to its documentation, in order to maintain backwards compatibility, GCS and autopilot negotiate the version via the AUTOPILOT_VERSION message.

7.5
2020-08-20 CVE-2020-17456 Seowonintech OS Command Injection vulnerability in Seowonintech products

SEOWON INTECH SLC-130 And SLR-120S devices allow Remote Code Execution via the ipAddr parameter to the system_log.cgi page.

7.5
2020-08-18 CVE-2020-14936 Contiki NG Out-of-bounds Write vulnerability in Contiki-Ng 4.4/4.5

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent.

7.5
2020-08-18 CVE-2020-14935 Contiki NG Out-of-bounds Write vulnerability in Contiki-Ng

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP bulk get request response encoding function.

7.5
2020-08-18 CVE-2020-14934 Contiki NG Out-of-bounds Write vulnerability in Contiki-Ng 4.4/4.5

Buffer overflows were discovered in Contiki-NG 4.4 through 4.5, in the SNMP agent.

7.5
2020-08-18 CVE-2019-6258 D Link Classic Buffer Overflow vulnerability in D-Link Dir-822 Firmware

D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file.

7.5
2020-08-18 CVE-2020-7708 Irrelon Improper Input Validation vulnerability in Irrelon @Irrelon/Path and Irrelon-Path

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions.

7.5
2020-08-18 CVE-2020-7707 Property Expr Project Improper Input Validation vulnerability in Property-Expr Project Property-Expr

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.

7.5
2020-08-18 CVE-2020-7706 Connie Lang Project Improper Input Validation vulnerability in Connie-Lang Project Connie-Lang 0.0.1/0.0.2/0.1.0

The package connie-lang before 0.1.1 are vulnerable to Prototype Pollution in the configuration language library used by connie.

7.5
2020-08-17 CVE-2020-7704 Linux Cmdline Project Improper Input Validation vulnerability in Linux-Cmdline Project Linux-Cmdline

The package linux-cmdline before 1.0.1 are vulnerable to Prototype Pollution via the constructor.

7.5
2020-08-17 CVE-2020-24208 Online Shopping Alphaware Project SQL Injection vulnerability in Online Shopping Alphaware Project Online Shopping Alphaware 1.0

A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters.

7.5
2020-08-17 CVE-2020-8212 Citrix Incorrect Authorization vulnerability in Citrix Xenmobile Server

Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows access to privileged functionality.

7.5
2020-08-17 CVE-2020-8211 Citrix SQL Injection vulnerability in Citrix Xenmobile Server

Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 allows SQL Injection.

7.5
2020-08-17 CVE-2020-7703 NIS Utils Project Resource Exhaustion vulnerability in Nis-Utils Project Nis-Utils

All versions of package nis-utils are vulnerable to Prototype Pollution via the setValue function.

7.5
2020-08-17 CVE-2020-7702 Templ8 Project Resource Exhaustion vulnerability in Templ8 Project Templ8

All versions of package templ8 are vulnerable to Prototype Pollution via the parse function.

7.5
2020-08-17 CVE-2020-12606 Dbsoft SQL Injection vulnerability in Dbsoft Sglac

An issue was discovered in DB Soft SGLAC before 20.05.001.

7.5
2020-08-21 CVE-2020-9063 NCR Classic Buffer Overflow vulnerability in NCR Aptra XFS

NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host.

7.2
2020-08-21 CVE-2020-10126 NCR Improper Verification of Cryptographic Signature vulnerability in NCR Aptra XFS 05.01.00

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch note acceptor (BNA), enabling an attacker with physical access to internal ATM components to restart the host computer and execute arbitrary code with SYSTEM privileges because while booting, the update process looks for CAB archives on removable media and executes a specific file without first validating the signature of the CAB archive.

7.2
2020-08-21 CVE-2019-11847 Sierrawireless Improper Privilege Management vulnerability in Sierrawireless Aleos

An improper privilege management vulnerabitlity exists in ALEOS before 4.11.0, 4.9.4 and 4.4.9.

7.2
2020-08-21 CVE-2020-10290 Sintef Improper Privilege Management vulnerability in Sintef URX

Universal Robots controller execute URCaps (zip files containing Java-powered applications) without any permission restrictions and a wide API that presents many primitives that can compromise the overall robot operations as demonstrated in our video.

7.2
2020-08-20 CVE-2020-16282 Rangee OS Command Injection vulnerability in Rangee Rangeeos 8.0.4

In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user.

7.2
2020-08-20 CVE-2020-15862 NET Snmp
Canonical
Improper Privilege Management vulnerability in multiple products

Net-SNMP through 5.7.3 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root.

7.2
2020-08-20 CVE-2020-15861 NET Snmp Link Following vulnerability in Net-Snmp

Net-SNMP through 5.7.3 allows Escalation of Privileges because of UNIX symbolic link (symlink) following.

7.2
2020-08-19 CVE-2020-14356 Linux
Opensuse
Redhat
NULL Pointer Dereference vulnerability in multiple products

A flaw null pointer dereference in the Linux kernel cgroupv2 subsystem in versions before 5.7.10 was found in the way when reboot the system.

7.2
2020-08-18 CVE-2020-5385 Dell Incorrect Permission Assignment for Critical Resource vulnerability in Dell Encryption and Endpoint Security Suite Enterprise

Dell Encryption versions prior to 10.8 and Dell Endpoint Security Suite versions prior to 2.8 contain a privilege escalation vulnerability because of an incomplete fix for CVE-2020-5358.

7.2
2020-08-17 CVE-2020-1587 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1584 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1579 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Function Discovery SSDP Provider improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Function Discovery SSDP Provider Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1571 Microsoft Incorrect Default Permissions vulnerability in Microsoft Windows 10

An elevation of privilege vulnerability exists in Windows Setup in the way it handles permissions.A locally authenticated attacker could run arbitrary code with elevated system privileges, aka 'Windows Setup Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1566 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1550 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CDP User Components Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1549 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows CDP User Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CDP User Components Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1529 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1520 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory., aka 'Windows Font Driver Host Remote Code Execution Vulnerability'.

7.2
2020-08-17 CVE-2020-1486 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1480 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, aka 'Windows GDI Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1479 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when DirectX improperly handles objects in memory, aka 'DirectX Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1467 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows improperly handles hard links, aka 'Windows Hard Link Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1417 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1378 Microsoft Out-of-bounds Write vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1377 Microsoft Unspecified vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-1337 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'.

7.2
2020-08-17 CVE-2020-3433 Cisco Uncontrolled Search Path Element vulnerability in Cisco Anyconnect Secure Mobility Client

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to perform a DLL hijacking attack.

7.2
2020-08-21 CVE-2020-8227 Nextcloud Path Traversal vulnerability in Nextcloud 2.6.4

Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a malicious Nextcloud Server to store files outside of the dedicated sync directory.

7.1
2020-08-19 CVE-2020-9712 Adobe Incorrect Authorization vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability.

7.1
2020-08-19 CVE-2020-9696 Adobe Unspecified vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability.

7.1

196 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-08-21 CVE-2020-15309 Wolfssl Race Condition vulnerability in Wolfssl

An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed.

6.9
2020-08-21 CVE-2020-24574 GOG Use of Hard-coded Credentials vulnerability in GOG Galaxy

The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands.

6.9
2020-08-21 CVE-2020-24567 Voidtools Improper Privilege Management vulnerability in Voidtools Everything

** DISPUTED ** voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory.

6.9
2020-08-17 CVE-2020-1574 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 1909/2004

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'.

6.9
2020-08-17 CVE-2020-1560 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'.

6.9
2020-08-20 CVE-2020-8870 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916.

6.8
2020-08-20 CVE-2020-8869 Foxitsoftware Stack-based Buffer Overflow vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.916.

6.8
2020-08-20 CVE-2020-15638 Foxitsoftware Type Confusion vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.2.29539.

6.8
2020-08-20 CVE-2020-15630 Foxitsoftware Out-of-bounds Read vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922.

6.8
2020-08-20 CVE-2020-15629 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Studio Photo

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922.

6.8
2020-08-20 CVE-2020-13826 I Doit Injection vulnerability in I-Doit

A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export.

6.8
2020-08-19 CVE-2020-9724 Adobe Improper Privilege Management vulnerability in Adobe Lightroom 9.2.0.10

Adobe Lightroom versions 9.2.0.10 and earlier have an insecure library loading vulnerability.

6.8
2020-08-19 CVE-2020-9714 Adobe Unspecified vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a security bypass vulnerability.

6.8
2020-08-19 CVE-2020-9694 Adobe Out-of-bounds Write vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds write vulnerability.

6.8
2020-08-17 CVE-2020-1585 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'.

6.8
2020-08-17 CVE-2020-1582 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft 365 Apps, Access and Office

A remote code execution vulnerability exists in Microsoft Access software when the software fails to properly handle objects in memory, aka 'Microsoft Access Remote Code Execution Vulnerability'.

6.8
2020-08-17 CVE-2020-1554 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

6.8
2020-08-17 CVE-2020-1552 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folder Service improperly handles file operations, aka 'Windows Work Folder Service Elevation of Privilege Vulnerability'.

6.8
2020-08-17 CVE-2020-1534 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Service improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Service Elevation of Privilege Vulnerability'.

6.8
2020-08-17 CVE-2020-1531 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Accounts Control improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Accounts Control Elevation of Privilege Vulnerability'.

6.8
2020-08-17 CVE-2020-1528 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Radio Manager API improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Radio Manager API Elevation of Privilege Vulnerability'.

6.8
2020-08-17 CVE-2020-1525 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

6.8
2020-08-17 CVE-2020-1492 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

6.8
2020-08-17 CVE-2020-1478 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

6.8
2020-08-17 CVE-2020-1477 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

6.8
2020-08-17 CVE-2020-1473 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'.

6.8
2020-08-17 CVE-2020-1379 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'.

6.8
2020-08-17 CVE-2020-9241 Huawei Incorrect Authorization vulnerability in Huawei E6878-370 Firmware 10.0.3.1(H563Sp1C00)/10.0.3.1(H563Sp21C233)

Huawei 5G Mobile WiFi E6878-370 with versions of 10.0.3.1(H563SP1C00),10.0.3.1(H563SP21C233) have an improper authorization vulnerability.

6.8
2020-08-21 CVE-2020-5417 Cloudfoundry Incorrect Permission Assignment for Critical Resource vulnerability in Cloudfoundry Cf-Deployment

Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components.

6.5
2020-08-21 CVE-2019-11858 Sierrawireless Classic Buffer Overflow vulnerability in Sierrawireless Aleos

Multiple buffer overflow vulnerabilities exist in the AceManager Web API of ALEOS before 4.13.0, 4.9.5, and 4.4.9.

6.5
2020-08-21 CVE-2019-11853 Sierrawireless Command Injection vulnerability in Sierrawireless Aleos

Several potential command injections vulnerabilities exist in the AT command interface of ALEOS before 4.11.0, and 4.9.4.

6.5
2020-08-21 CVE-2019-11848 Sierrawireless Out-of-bounds Write vulnerability in Sierrawireless Aleos

An API abuse vulnerability exists in the AT command API of ALEOS before 4.13.0, 4.9.5, 4.4.9 due to lack of length checking when handling certain user-provided values.

6.5
2020-08-21 CVE-2020-15070 Zulip Injection vulnerability in Zulip Server

Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value.

6.5
2020-08-20 CVE-2020-10289 Openrobotics Deserialization of Untrusted Data vulnerability in Openrobotics Robot Operating System

Use of unsafe yaml load.

6.5
2020-08-20 CVE-2020-15149 Nodebb Improper Authentication vulnerability in Nodebb

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server.

6.5
2020-08-20 CVE-2020-15146 Sylius Expression Language Injection vulnerability in Sylius Syliusresourcebundle

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.

6.5
2020-08-20 CVE-2020-15143 Sylius Expression Language Injection vulnerability in Sylius Syliusresourcebundle

In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized properly.

6.5
2020-08-17 CVE-2020-1509 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Elevation of Privilege Vulnerability'.

6.5
2020-08-17 CVE-2020-9242 Huawei OS Command Injection vulnerability in Huawei Fusioncompute 8.0.0

FusionCompute 8.0.0 have a command injection vulnerability.

6.5
2020-08-17 CVE-2020-13941 Apache Improper Input Validation vulnerability in Apache Solr

Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0.

6.5
2020-08-21 CVE-2020-24590 Wso2 XML Entity Expansion vulnerability in Wso2 API Manager and API Microgateway

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.

6.4
2020-08-21 CVE-2020-24589 Wso2 XML Entity Expansion vulnerability in Wso2 API Manager and API Microgateway

The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.

6.4
2020-08-21 CVE-2019-11852 Sierrawireless Out-of-bounds Read vulnerability in Sierrawireless Aleos

An out-of-bounds reads vulnerability exists in the ACEView Service of ALEOS before 4.13.0, 4.9.5, and 4.4.9.

6.4
2020-08-21 CVE-2020-24052 Moog XML Entity Expansion vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware

Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request.

6.4
2020-08-18 CVE-2020-14937 Contiki NG Out-of-bounds Read vulnerability in Contiki-Ng 4.4/4.5

Memory access out of buffer boundaries issues was discovered in Contiki-NG 4.4 through 4.5, in the SNMP BER encoder/decoder.

6.4
2020-08-17 CVE-2020-9233 Huawei Improper Authentication vulnerability in Huawei Fusioncompute 8.0.0

FusionCompute 8.0.0 have an insufficient authentication vulnerability.

6.4
2020-08-21 CVE-2020-15147 Cogboard Injection vulnerability in Cogboard RED Discord BOT

Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module.

6.0
2020-08-17 CVE-2020-1182 Microsoft Improper Input Validation vulnerability in Microsoft Dynamics 365 for Finance and Operations 10.0.11

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'.

6.0
2020-08-21 CVE-2020-14194 Zulip Improper Input Validation vulnerability in Zulip Server

Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link.

5.8
2020-08-20 CVE-2020-12618 Emclient Improper Certificate Validation vulnerability in Emclient EM Client

eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones.

5.8
2020-08-20 CVE-2020-15634 Netgear Use of Externally-Controlled Format String vulnerability in Netgear R6700 Firmware

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers with firmware 1.0.4.84_10.0.58.

5.8
2020-08-20 CVE-2020-15531 Silabs Classic Buffer Overflow vulnerability in Silabs Bluetooth LOW Energy Software Development KIT 2.13.0.0/2.13.1.0/2.13.2.0

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data.

5.8
2020-08-19 CVE-2020-4653 IBM Open Redirect vulnerability in IBM Planning Analytics 2.0

IBM Planning Analytics 2.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack.

5.8
2020-08-21 CVE-2020-24591 Wso2 XXE vulnerability in Wso2 products

The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates.

5.5
2020-08-21 CVE-2019-11856 Sierrawireless Authentication Bypass by Capture-replay vulnerability in Sierrawireless Aleos

A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4.9 allowing message replay.

5.5
2020-08-21 CVE-2020-15140 Cogboard Injection vulnerability in Cogboard RED Discord BOT

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command.

5.5
2020-08-17 CVE-2020-1501 Microsoft Improper Input Validation vulnerability in Microsoft products

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

5.5
2020-08-17 CVE-2020-1500 Microsoft Improper Input Validation vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

5.5
2020-08-17 CVE-2020-1499 Microsoft Improper Input Validation vulnerability in Microsoft products

A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.

5.5
2020-08-17 CVE-2020-4686 IBM Improper Privilege Management vulnerability in IBM products

IBM Spectrum Virtualize 8.3.1 could allow a remote user authenticated via LDAP to escalate their privileges and perform actions they should not have access to.

5.5
2020-08-23 CVE-2020-7711 Goxmldsig Project NULL Pointer Dereference vulnerability in Goxmldsig Project Goxmldsig

This affects all versions of package github.com/russellhaering/goxmldsig.

5.0
2020-08-21 CVE-2020-8620 ISC
Opensuse
Netapp
Canonical
Reachable Assertion vulnerability in multiple products

In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the server and send data on that connection can exploit this to trigger the assertion failure, causing the server to exit.

5.0
2020-08-21 CVE-2020-5775 Instructure Server-Side Request Forgery (SSRF) vulnerability in Instructure Canvas Learning Management Service 20200729

Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.

5.0
2020-08-21 CVE-2020-24056 Verint Path Traversal vulnerability in Verint 4320 Firmware, 5620Ptz Firmware and S5120Fd Firmware

A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_0_23, V4320_FW_0_31, and Verint S5120FD Verint_FW_0_42units.

5.0
2020-08-21 CVE-2020-24053 Moog Path Traversal vulnerability in Moog Exvf5C-2 Firmware and Exvp7C2-3 Firmware

Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability.

5.0
2020-08-21 CVE-2020-24585 Wolfssl Unspecified vulnerability in Wolfssl

An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0.

5.0
2020-08-21 CVE-2020-12457 Wolfssl Improper Input Validation vulnerability in Wolfssl

An issue was discovered in wolfSSL before 4.5.0.

5.0
2020-08-21 CVE-2020-3976 Vmware Resource Exhaustion vulnerability in VMWare Cloud Foundation and Vcenter Server

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services.

5.0
2020-08-21 CVE-2020-14518 Philips Information Exposure Through Log Files vulnerability in Philips Dreammapper

Philips DreamMapper, Version 2.24 and prior.

5.0
2020-08-21 CVE-2020-14215 Zulip Incorrect Authorization vulnerability in Zulip Server

Zulip Server before 2.1.5 has Incorrect Access Control because 0198_preregistrationuser_invited_as adds the administrator role to invitations.

5.0
2020-08-21 CVE-2020-24571 Nexusdb Path Traversal vulnerability in Nexusdb

NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.

5.0
2020-08-20 CVE-2020-24359 Hashicorp Improper Input Validation vulnerability in Hashicorp Vault-Ssh-Helper

HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface.

5.0
2020-08-19 CVE-2020-9723 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

5.0
2020-08-19 CVE-2020-9721 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

5.0
2020-08-19 CVE-2020-9720 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

5.0
2020-08-19 CVE-2020-9719 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

5.0
2020-08-19 CVE-2020-9718 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

5.0
2020-08-19 CVE-2020-9717 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

5.0
2020-08-19 CVE-2020-9716 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

5.0
2020-08-19 CVE-2020-11848 Microfocus Unspecified vulnerability in Microfocus Arcsight Management Center

Denial of service vulnerability on Micro Focus ArcSight Management Center.

5.0
2020-08-19 CVE-2020-9705 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

5.0
2020-08-17 CVE-2020-15152 FTP SRV Project Server-Side Request Forgery (SSRF) vulnerability in Ftp-Srv Project Ftp-Srv

ftp-srv is an npm package which is a modern and extensible FTP server designed to be simple yet configurable.

5.0
2020-08-17 CVE-2020-13933 Apache
Debian
Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.
5.0
2020-08-17 CVE-2020-1597 Microsoft
Fedoraproject
A denial of service vulnerability exists when ASP.NET Core improperly handles web requests, aka 'ASP.NET Core Denial of Service Vulnerability'.
5.0
2020-08-17 CVE-2020-1466 Microsoft Improper Input Validation vulnerability in Microsoft products

A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests, aka 'Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability'.

5.0
2020-08-17 CVE-2020-3448 Cisco Missing Authentication for Critical Function vulnerability in Cisco Cyber Vision Center

A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device.

5.0
2020-08-17 CVE-2020-3411 Cisco Improper Authentication vulnerability in Cisco DNA Center

A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system.

5.0
2020-08-17 CVE-2020-3363 Cisco Improper Input Validation vulnerability in Cisco products

A vulnerability in the IPv6 packet processing engine of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

5.0
2020-08-17 CVE-2020-24372 Luajit Out-of-bounds Read vulnerability in Luajit

LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.

5.0
2020-08-17 CVE-2020-24371 LUA Release of Invalid Pointer or Reference vulnerability in LUA 5.4.0

lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.

5.0
2020-08-17 CVE-2020-24370 LUA Integer Underflow (Wrap or Wraparound) vulnerability in LUA 5.4.0

ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).

5.0
2020-08-17 CVE-2020-24369 LUA NULL Pointer Dereference vulnerability in LUA 5.4.0

ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference.

5.0
2020-08-17 CVE-2020-8226 Phpbb Server-Side Request Forgery (SSRF) vulnerability in PHPbb

A vulnerability exists in phpBB <v3.2.10 and <v3.3.1 which allowed remote image dimensions check to be used to SSRF.

5.0
2020-08-17 CVE-2020-8210 Citrix Insufficiently Protected Credentials vulnerability in Citrix Xenmobile Server

Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 before RP6, Citrix XenMobile Server 10.10 RP6 and Citrix XenMobile Server before 10.9 RP5 discloses credentials of a service account.

5.0
2020-08-17 CVE-2020-8209 Citrix Path Traversal vulnerability in Citrix Xenmobile Server

Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.

5.0
2020-08-17 CVE-2020-3434 Cisco Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to cause a denial of service (DoS) condition on an affected device.

4.9
2020-08-21 CVE-2020-10125 NCR Inadequate Encryption Strength vulnerability in NCR Aptra XFS 04.02.01/05.01.00

NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to validate bunch note acceptor (BNA) software updates, which can be broken by an attacker with physical access in a sufficiently short period of time, thereby enabling the attacker to sign arbitrary files and CAB archives used to update BNA software, as well as bypass application whitelisting, resulting in the ability to execute arbitrary code.

4.6
2020-08-21 CVE-2019-11862 Sierrawireless Incorrect Authorization vulnerability in Sierrawireless Aleos

The SSH service on ALEOS before 4.12.0, 4.9.5, 4.4.9 allows traffic proxying.

4.6
2020-08-21 CVE-2019-11850 Sierrawireless Out-of-bounds Write vulnerability in Sierrawireless Aleos

A stack overflow vulnerabiltity exist in the AT command interface of ALEOS before 4.11.0.

4.6
2020-08-21 CVE-2019-11849 Sierrawireless Out-of-bounds Write vulnerability in Sierrawireless Aleos

A stack overflow vulnerabiltity exists in the AT command APIs of ALEOS before 4.11.0.

4.6
2020-08-20 CVE-2020-16281 Rangee Improper Encoding or Escaping of Output vulnerability in Rangee Rangeeos 8.0.4

The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible.

4.6
2020-08-17 CVE-2020-1565 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the &quot;Public Account Pictures&quot; folder improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1556 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1553 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1551 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1547 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1546 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1545 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1544 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1543 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1542 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1541 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1540 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1539 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1538 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1537 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations, aka 'Windows Remote Access Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1536 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1535 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Backup Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Backup Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1533 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1530 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Remote Access Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1527 Microsoft Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Custom Protocol Engine improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Custom Protocol Engine Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1526 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Network Connection Broker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Network Connection Broker Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1524 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Speech Shell Components improperly handle memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Shell Components Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1522 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1521 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Speech Runtime improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Speech Runtime Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1519 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1518 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1517 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows File Server Resource Management Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows File Server Resource Management Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1516 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1515 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Telephony Server improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Telephony Server Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1513 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1511 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1490 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Storage Service improperly handles file operations, aka 'Windows Storage Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1489 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows CSC Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows CSC Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1488 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1484 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1475 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists in the way that the srmsvc.dll handles objects in memory, aka 'Windows Server Resource Management Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-1470 Microsoft Improper Privilege Management vulnerability in Microsoft products

An elevation of privilege vulnerability exists when the Windows Work Folders Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Work Folders Service Elevation of Privilege Vulnerability'.

4.6
2020-08-17 CVE-2020-9237 Huawei Use After Free vulnerability in Huawei Taurus-Al00B Firmware

Huawei smartphone Taurus-AL00B with versions earlier than 10.1.0.126(C00E125R5P3) have a user after free vulnerability.

4.6
2020-08-21 CVE-2020-10124 NCR Cleartext Transmission of Sensitive Information vulnerability in NCR Aptra XFS 05.01.00

NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity of messages between the BNA and the host computer, which could allow an attacker with physical access to the internal components of the ATM to execute arbitrary code, including code that enables the attacker to commit deposit forgery.

4.4
2020-08-21 CVE-2020-8623 ISC
Fedoraproject
Opensuse
Debian
Canonical
Synology
Netapp
Reachable Assertion vulnerability in multiple products

In BIND 9.10.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.10.5-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker that can reach a vulnerable system with a specially crafted query packet can trigger a crash.

4.3
2020-08-21 CVE-2020-8621 ISC
Opensuse
Canonical
Synology
Netapp
Reachable Assertion vulnerability in multiple products

In BIND 9.14.0 -> 9.16.5, 9.17.0 -> 9.17.3, If a server is configured with both QNAME minimization and 'forward first' then an attacker who can send queries to it may be able to trigger the condition that will cause the server to crash.

4.3
2020-08-21 CVE-2020-12759 Zulip Cross-site Scripting vulnerability in Zulip Server

Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.

4.3
2020-08-20 CVE-2020-12619 Freron Improper Certificate Validation vulnerability in Freron Mailmate

MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones.

4.3
2020-08-20 CVE-2019-20152 Treasuryxpress Cross-site Scripting vulnerability in Treasuryxpress 19191105

An XSS issue was discovered in TreasuryXpress 19191105.

4.3
2020-08-20 CVE-2019-20151 Treasuryxpress Cross-site Scripting vulnerability in Treasuryxpress 19191105

An XSS issue was discovered in TreasuryXpress 19191105.

4.3
2020-08-20 CVE-2020-15637 Foxitsoftware Use After Free vulnerability in Foxitsoftware Phantompdf

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PhantomPDF 9.7.1.29511.

4.3
2020-08-20 CVE-2020-13825 I Doit Cross-site Scripting vulnerability in I-Doit

A cross-site scripting (XSS) vulnerability in i-doit 1.14.2 allows remote attackers to inject arbitrary web script or HTML via the viewMode, tvMode, tvType, objID, catgID, objTypeID, or editMode parameter.

4.3
2020-08-19 CVE-2020-24368 Icinga
Debian
Path Traversal vulnerability in multiple products

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2.

4.3
2020-08-19 CVE-2020-9710 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

4.3
2020-08-19 CVE-2020-9707 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

4.3
2020-08-19 CVE-2020-9706 Adobe Out-of-bounds Read vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have an out-of-bounds read vulnerability.

4.3
2020-08-19 CVE-2020-9703 Adobe Resource Exhaustion vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability.

4.3
2020-08-19 CVE-2020-9702 Adobe Resource Exhaustion vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a stack exhaustion vulnerability.

4.3
2020-08-19 CVE-2020-9697 Adobe Memory Leak vulnerability in Adobe Acrobat DC

Adobe Acrobat and Reader versions 2020.009.20074 and earlier, 2020.001.30002, 2017.011.30171 and earlier, and 2015.006.30523 and earlier have a disclosure of sensitive data vulnerability.

4.3
2020-08-19 CVE-2020-24381 Gunet Information Exposure vulnerability in Gunet Open Eclass Platform

GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read students' submitted assessments because it does not ensure that the web server blocks directory listings, and the data directory is inside the web root by default.

4.3
2020-08-18 CVE-2020-15926 Rocket Chat Cross-site Scripting vulnerability in Rocket.Chat

Rocket.Chat through 3.4.2 allows XSS where an attacker can send a specially crafted message to a channel or in a direct message to the client which results in remote code execution on the client side.

4.3
2020-08-18 CVE-2020-14333 Ovirt Cross-site Scripting vulnerability in Ovirt Ovirt-Engine

A flaw was found in Ovirt Engine's web interface in ovirt 4.4 and earlier, where it did not filter user-controllable parameters completely, resulting in a reflected cross-site scripting attack.

4.3
2020-08-17 CVE-2020-13183 Teradici Cross-site Scripting vulnerability in Teradici Pcoip Management Console 19.11.1/20.01.0/20.04

Reflected Cross Site Scripting in Teradici PCoIP Management Console prior to 20.07 could allow an attacker to take over the user's active session if the user is exposed to a malicious payload.

4.3
2020-08-17 CVE-2020-12480 Lightbend Cross-Site Request Forgery (CSRF) vulnerability in Lightbend Play Framework

In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed.

4.3
2020-08-17 CVE-2020-1583 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'.

4.3
2020-08-17 CVE-2020-1577 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'.

4.3
2020-08-17 CVE-2020-1512 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows State Repository Service improperly handles objects in memory, aka 'Windows State Repository Service Information Disclosure Vulnerability'.

4.3
2020-08-17 CVE-2020-1510 Microsoft Information Exposure vulnerability in Microsoft Windows 10

An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'.

4.3
2020-08-17 CVE-2020-1503 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'.

4.3
2020-08-17 CVE-2020-1502 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'.

4.3
2020-08-17 CVE-2020-1497 Microsoft Information Exposure vulnerability in Microsoft 365 Apps, Excel and Office

An information disclosure vulnerability exists when Microsoft Excel improperly discloses the contents of its memory, aka 'Microsoft Excel Information Disclosure Vulnerability'.

4.3
2020-08-17 CVE-2020-1493 Microsoft Information Exposure vulnerability in Microsoft 365 Apps, Office and Outlook

An information disclosure vulnerability exists when attaching files to Outlook messages, aka 'Microsoft Outlook Information Disclosure Vulnerability'.

4.3
2020-08-17 CVE-2020-1487 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when Media Foundation improperly handles objects in memory, aka 'Media Foundation Information Disclosure Vulnerability'.

4.3
2020-08-17 CVE-2020-3463 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings Online

A vulnerability in the web-based management interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of the affected service.

4.3
2020-08-17 CVE-2020-3449 Cisco Improper Check for Unusual or Exceptional Conditions vulnerability in Cisco IOS XR

A vulnerability in the Border Gateway Protocol (BGP) additional paths feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to prevent authorized users from monitoring the BGP status and cause the BGP process to stop processing new updates, resulting in a denial of service (DOS) condition.

4.3
2020-08-17 CVE-2020-3346 Cisco Cross-site Scripting vulnerability in Cisco Unified Communications Manager

A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

4.3
2020-08-17 CVE-2020-8208 Citrix Cross-site Scripting vulnerability in Citrix Xenmobile Server

Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).

4.3
2020-08-21 CVE-2020-5416 Cloudfoundry Improper Resource Shutdown or Release vulnerability in Cloudfoundry Cf-Deployment

Cloud Foundry Routing (Gorouter), versions prior to 0.204.0, when used in a deployment with NGINX reverse proxies in front of the Gorouters, is potentially vulnerable to denial-of-service attacks in which an unauthenticated malicious attacker can send specially-crafted HTTP requests that may cause the Gorouters to be dropped from the NGINX backend pool.

4.0
2020-08-21 CVE-2020-8624 ISC
Fedoraproject
Improper Privilege Management vulnerability in multiple products

In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.12-S1 -> 9.9.13-S1, 9.11.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker who has been granted privileges to change a specific subset of the zone's content could abuse these unintended additional privileges to update other contents of the zone.

4.0
2020-08-21 CVE-2020-8622 ISC
Fedoraproject
Debian
Canonical
Netapp
Opensuse
Synology
Oracle
Reachable Assertion vulnerability in multiple products

In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit.

4.0
2020-08-21 CVE-2020-14201 Dolibarr Improper Privilege Management vulnerability in Dolibarr

Dolibarr CRM before 11.0.5 allows privilege escalation.

4.0
2020-08-21 CVE-2019-11857 Sierrawireless Improper Input Validation vulnerability in Sierrawireless Aleos

Lack of input sanitization in AceManager of ALEOS before 4.12.0, 4.9.5 and 4.4.9 allows disclosure of sensitive system information.

4.0
2020-08-21 CVE-2020-7923 Mongodb
Debian
Improper Handling of Exceptional Conditions vulnerability in multiple products

A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear.

4.0
2020-08-21 CVE-2020-20634 Elementor Incorrect Permission Assignment for Critical Resource vulnerability in Elementor Page Builder

Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature.

4.0
2020-08-21 CVE-2020-9246 Huawei Information Exposure vulnerability in Huawei Fusioncompute 8.0.0

FusionCompute 8.0.0 has an information leak vulnerability.

4.0
2020-08-21 CVE-2020-16239 Philips Improper Authentication vulnerability in Philips Suresigns VS4 Firmware

Philips SureSigns VS4, A.07.107 and prior.

4.0
2020-08-20 CVE-2020-4687 IBM Information Exposure vulnerability in IBM Content Navigator 3.0.0/3.0.7/3.0.8

IBM Content Navigator 3.0.7 and 3.0.8 could allow an authenticated user to view cached content of another user that they should not have access to.

4.0
2020-08-20 CVE-2020-4548 IBM Improper Input Validation vulnerability in IBM Content Navigator 3.0.0/3.0.7/3.0.8

IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation.

4.0
2020-08-20 CVE-2019-20150 Treasuryxpress Insufficiently Protected Credentials vulnerability in Treasuryxpress 19191105

In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them.

4.0
2020-08-20 CVE-2020-15151 Openmage
Magento
Cross-Site Request Forgery (CSRF) vulnerability in multiple products

OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks.

4.0
2020-08-19 CVE-2020-23574 Sysax Unrestricted Upload of File with Dangerous Type vulnerability in Sysax Multi Server 6.90

When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes.

4.0
2020-08-19 CVE-2020-4648 IBM Incorrect Authorization vulnerability in IBM Planning Analytics 2.0

A vulnerability exsists in IBM Planning Analytics 2.0 whereby avatars in Planning Analytics Workspace could be modified by other users without authorization to do so.

4.0
2020-08-18 CVE-2020-9415 Tibco Information Exposure vulnerability in Tibco products

The TIBCO Data Virtualization Server component of TIBCO Software Inc.'s TIBCO Data Virtualization and TIBCO Data Virtualization for AWS Marketplace contains a vulnerability that theoretically allows a malicious authenticated user to download any arbitrary file from the affected system.

4.0
2020-08-18 CVE-2020-7019 Elastic Improper Privilege Management vulnerability in Elastic Elasticsearch

In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security.

4.0
2020-08-18 CVE-2020-7018 Elastic Improper Privilege Management vulnerability in Elastic Enterprise Search

Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interface.

4.0
2020-08-17 CVE-2020-3472 Cisco Incorrect Authorization vulnerability in Cisco Webex Meetings Online

A vulnerability in the contacts feature of Cisco Webex Meetings could allow an authenticated, remote attacker with a legitimate user account to access sensitive information.

4.0
2020-08-17 CVE-2020-3447 Cisco Information Exposure Through Log Files vulnerability in Cisco products

A vulnerability in the CLI of Cisco AsyncOS for Cisco Email Security Appliance (ESA) and Cisco AsyncOS for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device.

4.0
2020-08-17 CVE-2020-3413 Cisco Incorrect Authorization vulnerability in Cisco Webex Meetings Online

A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to delete a scheduled meeting template that belongs to another user in their organization.

4.0
2020-08-17 CVE-2020-3412 Cisco Incorrect Authorization vulnerability in Cisco Webex Meetings Online

A vulnerability in the scheduled meeting template feature of Cisco Webex Meetings could allow an authenticated, remote attacker to create a scheduled meeting template that would belong to another user in their organization.

4.0
2020-08-17 CVE-2020-8232 UI Information Exposure vulnerability in UI Edgeswitch Firmware 1.7.1

An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages.

4.0

37 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-08-21 CVE-2020-15858 Thalesgroup Path Traversal vulnerability in Thalesgroup products

Some devices of Thales DIS (formerly Gemalto, formerly Cinterion) allow Directory Traversal by physically proximate attackers.

3.6
2020-08-21 CVE-2020-5774 Tenable Insufficient Session Expiration vulnerability in Tenable Nessus

Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios.

3.6
2020-08-19 CVE-2020-24394 Linux
Canonical
Opensuse
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on new filesystem objects when the filesystem lacks ACL support, aka CID-22cf8419f131.

3.6
2020-08-21 CVE-2020-8189 Nextcloud Cross-site Scripting vulnerability in Nextcloud 2.6.4

A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.

3.5
2020-08-21 CVE-2020-3975 Vmware Cross-site Scripting vulnerability in VMWare APP Volumes

VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability.

3.5
2020-08-21 CVE-2020-20633 Cookielawinfo Cross-site Scripting vulnerability in Cookielawinfo Gdpr Cookie Consent

ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated stored XSS and privilege escalation.

3.5
2020-08-20 CVE-2020-15119 Auth0 Cross-site Scripting vulnerability in Auth0 Lock

In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM.

3.5
2020-08-19 CVE-2020-4381 IBM Unspecified vulnerability in IBM Elastic Storage Server

IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.6 could allow an authenticated user to cause a denial of service during deployment or upgrade if GUI specific services are enabled.

3.5
2020-08-17 CVE-2020-1591 Microsoft Cross-site Scripting vulnerability in Microsoft Dynamics 365 9.0

A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'.

3.5
2020-08-17 CVE-2020-1580 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-08-17 CVE-2020-1573 Microsoft Cross-site Scripting vulnerability in Microsoft products

A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.

3.5
2020-08-17 CVE-2020-3502 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings and Webex Meetings Server

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users.

3.5
2020-08-17 CVE-2020-3501 Cisco Improper Input Validation vulnerability in Cisco Webex Meetings and Webex Meetings Server

Multiple vulnerabilities in the user interface of Cisco Webex Meetings Desktop App could allow an authenticated, remote attacker to obtain restricted information from other Webex users.

3.5
2020-08-17 CVE-2020-3464 Cisco Cross-site Scripting vulnerability in Cisco UCS Director

A vulnerability in the web-based management interface of Cisco UCS Director could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.

3.5
2020-08-21 CVE-2020-9104 Huawei Memory Leak vulnerability in Huawei P30 Firmware

HUAWEI P30 smartphones with Versions earlier than 10.1.0.123(C431E22R2P5),Versions earlier than 10.1.0.123(C432E22R2P5),Versions earlier than 10.1.0.126(C10E7R5P1),Versions earlier than 10.1.0.126(C185E4R7P1),Versions earlier than 10.1.0.126(C461E7R3P1),Versions earlier than 10.1.0.126(C605E19R1P3),Versions earlier than 10.1.0.126(C636E7R3P4),Versions earlier than 10.1.0.128(C635E3R2P4),Versions earlier than 10.1.0.160(C00E160R2P11),Versions earlier than 10.1.0.160(C01E160R2P11) have a denial of service vulnerability.

3.3
2020-08-21 CVE-2020-7310 Mcafee Improper Privilege Management vulnerability in Mcafee Total Protection

Privilege Escalation vulnerability in the installer in McAfee McAfee Total Protection (MTP) trial prior to 4.0.161.1 allows local users to change files that are part of write protection rules via manipulating symbolic links to redirect a McAfee file operations to an unintended file.

3.3
2020-08-20 CVE-2020-15532 Silabs Classic Buffer Overflow vulnerability in Silabs Bluetooth LOW Energy Software Development KIT 2.13.0.0/2.13.1.0/2.13.2.0

Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data.

3.3
2020-08-21 CVE-2020-9062 Dieboldnixdorf Missing Authentication for Critical Function vulnerability in Dieboldnixdorf Probase 1.1.30

Diebold Nixdorf ProCash 2100xe USB ATMs running Wincor Probase version 1.1.30 do not encrypt, authenticate, or verify the integrity of messages between the CCDM and the host computer, allowing an attacker with physical access to internal ATM components to commit deposit forgery by intercepting and modifying messages to the host computer, such as the amount and value of currency being deposited.

2.1
2020-08-21 CVE-2020-10123 NCR Improper Authentication vulnerability in NCR Aptra XFS

The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.

2.1
2020-08-21 CVE-2020-9096 Huawei Out-of-bounds Read vulnerability in Huawei P30 PRO Firmware

HUAWEI P30 Pro smartphones with Versions earlier than 10.1.0.160(C00E160R2P8) have an out of bound read vulnerability.

2.1
2020-08-21 CVE-2020-9095 Huawei Integer Overflow or Wraparound vulnerability in Huawei P30 PRO Firmware

HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability.

2.1
2020-08-21 CVE-2020-16241 Philips Incorrect Authorization vulnerability in Philips Suresigns VS4 Firmware A.07.107

Philips SureSigns VS4, A.07.107 and prior.

2.1
2020-08-21 CVE-2020-16237 Philips Improper Input Validation vulnerability in Philips Suresigns VS4 Firmware

Philips SureSigns VS4, A.07.107 and prior.

2.1
2020-08-20 CVE-2020-16280 Rangee Insufficiently Protected Credentials vulnerability in Rangee Rangeeos 8.0.4

Multiple Rangee GmbH RangeeOS 8.0.4 modules store credentials in plaintext including credentials of users for several external facing administrative services, domain joined users, and local administrators.

2.1
2020-08-17 CVE-2020-1548 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows WaasMedic Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows WaasMedic Service Information Disclosure Vulnerability'.

2.1
2020-08-17 CVE-2020-1505 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory, aka 'Microsoft SharePoint Information Disclosure Vulnerability'.

2.1
2020-08-17 CVE-2020-1485 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory, aka 'Windows Image Acquisition Service Information Disclosure Vulnerability'.

2.1
2020-08-17 CVE-2020-1476 Microsoft Improper Privilege Management vulnerability in Microsoft .Net Framework

An elevation of privilege vulnerability exists when ASP.NET or .NET web applications running on IIS improperly allow access to cached files, aka 'ASP.NET and .NET Elevation of Privilege Vulnerability'.

2.1
2020-08-17 CVE-2020-1474 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists when the Windows Image Acquisition (WIA) Service improperly discloses contents of its memory, aka 'Windows Image Acquisition Service Information Disclosure Vulnerability'.

2.1
2020-08-17 CVE-2020-1464 Microsoft Improper Verification of Cryptographic Signature vulnerability in Microsoft products

A spoofing vulnerability exists when Windows incorrectly validates file signatures, aka 'Windows Spoofing Vulnerability'.

2.1
2020-08-17 CVE-2020-1459 Microsoft Information Exposure vulnerability in Microsoft Windows 10

An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka &quot;straight-line speculation, aka 'Windows ARM Information Disclosure Vulnerability'.

2.1
2020-08-17 CVE-2020-1455 Microsoft Improper Input Validation vulnerability in Microsoft SQL Server Management Studio

A denial of service vulnerability exists when Microsoft SQL Server Management Studio (SSMS) improperly handles files, aka 'Microsoft SQL Server Management Studio Denial of Service Vulnerability'.

2.1
2020-08-17 CVE-2020-1383 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists in RPC if the server has Routing and Remote Access enabled, aka 'Windows RRAS Service Information Disclosure Vulnerability'.

2.1
2020-08-17 CVE-2020-3435 Cisco Improper Input Validation vulnerability in Cisco Anyconnect Secure Mobility Client

A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to overwrite VPN profiles on an affected device.

2.1
2020-08-17 CVE-2020-8230 Nextcloud Out-of-bounds Write vulnerability in Nextcloud

A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and DEP protections in for windows allowed to corrupt memory.

2.1
2020-08-17 CVE-2020-9103 Huawei Unspecified vulnerability in Huawei Mate 20 Firmware 9.0.0.205(C00E205R2P1)

HUAWEI Mate 20 smartphones with 9.0.0.205(C00E205R2P1) have a logic error vulnerability.

2.1
2020-08-17 CVE-2020-1578 Microsoft Information Exposure vulnerability in Microsoft products

An information disclosure vulnerability exists in the Windows kernel that could allow an attacker to retrieve information that could lead to a Kernel Address Space Layout Randomization (ASLR) bypass, aka 'Windows Kernel Information Disclosure Vulnerability'.

1.9