Weekly Vulnerabilities Reports > September 28 to October 4, 2020

Overview

217 new vulnerabilities reported during this period, including 37 critical vulnerabilities and 83 high severity vulnerabilities. This weekly summary report vulnerabilities in 177 products from 105 vendors including Gitlab, Mozilla, Opensuse, Debian, and Nvidia. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Path Traversal", "Out-of-bounds Write", and "Use After Free".

  • 170 reported vulnerabilities are remotely exploitables.
  • 6 reported vulnerabilities have public exploit available.
  • 74 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 124 reported vulnerabilities are exploitable by an anonymous user.
  • Gitlab has the most reported vulnerabilities, with 16 reported vulnerabilities.
  • Halo has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

37 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-02 CVE-2020-26527 Damstratechnology Origin Validation Error vulnerability in Damstratechnology Smart Asset 2020.7

An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7.

9.8
2020-10-02 CVE-2020-18185 Pluxml Code Injection vulnerability in Pluxml 5.7

class.plx.admin.php in PluXml 5.7 allows attackers to execute arbitrary PHP code by modify the configuration file in a linux environment.

9.8
2020-10-02 CVE-2020-7737 Safetydance Project Unspecified vulnerability in Safetydance Project Safetydance

All versions of package safetydance are vulnerable to Prototype Pollution via the set function.

9.8
2020-10-02 CVE-2020-7736 Bmoor Project Unspecified vulnerability in Bmoor Project Bmoor

The package bmoor before 0.8.12 are vulnerable to Prototype Pollution via the set function.

9.8
2020-10-02 CVE-2020-24698 Powerdns Double Free vulnerability in Powerdns Authoritative

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.

9.8
2020-10-02 CVE-2020-12126 Wavlink Improper Authentication vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403

Multiple authentication bypass vulnerabilities in the /cgi-bin/ endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to leak router settings, change configuration variables, and cause denial of service via an unauthenticated endpoint.

9.8
2020-10-02 CVE-2020-12125 Wavlink Classic Buffer Overflow vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403

A remote buffer overflow vulnerability in the /cgi-bin/makeRequest.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary machine instructions as root without authentication.

9.8
2020-10-02 CVE-2020-12124 Wavlink OS Command Injection vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403

A remote command-line injection vulnerability in the /cgi-bin/live_api.cgi endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to execute arbitrary Linux commands as root without authentication.

9.8
2020-10-02 CVE-2020-26539 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.

9.8
2020-10-02 CVE-2020-26537 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.

9.8
2020-10-02 CVE-2020-26535 Foxitsoftware Out-of-bounds Write vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.

9.8
2020-10-02 CVE-2020-26534 Foxitsoftware Use After Free vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.

9.8
2020-10-02 CVE-2020-26518 Artica SQL Injection vulnerability in Artica Pandora FMS

Artica Pandora FMS before 743 allows unauthenticated attackers to conduct SQL injection attacks via the pandora_console/include/chart_generator.php session_id parameter.

9.8
2020-10-01 CVE-2020-15533 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager

In Zoho ManageEngine Application Manager 14.7 Build 14730 (before 14684, and between 14689 and 14750), the AlarmEscalation module is vulnerable to unauthenticated SQL Injection attack.

9.8
2020-10-01 CVE-2020-15227 Nette
Debian
Code Injection vulnerability in multiple products

Nette versions before 2.0.19, 2.1.13, 2.2.10, 2.3.14, 2.4.16, 3.0.6 are vulnerable to an code injection attack by passing specially formed parameters to URL that may possibly leading to RCE.

9.8
2020-10-01 CVE-2020-25990 Websitebaker SQL Injection vulnerability in Websitebaker 2.12.2

WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/preferences/save.php.

9.8
2020-09-30 CVE-2020-12870 Rainbowfishsoftware SQL Injection vulnerability in Rainbowfishsoftware Pacsone Server 6.8.4

RainbowFish PacsOne Server 6.8.4 allows SQL injection on the username parameter in the signup page.

9.8
2020-09-30 CVE-2020-26042 Hoosk SQL Injection vulnerability in Hoosk 1.8.0

An issue was discovered in Hoosk CMS v1.8.0.

9.8
2020-09-30 CVE-2020-26041 Hoosk Unspecified vulnerability in Hoosk 1.8.0

An issue was discovered in Hoosk CmS v1.8.0.

9.8
2020-09-30 CVE-2020-25763 Seat Reservation System Project Unrestricted Upload of File with Dangerous Type vulnerability in Seat Reservation System Project Seat Reservation System 1.0

Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowing Remote Attackers to gain Remote Code Execution (RCE) on the Hosting Webserver via uploading PHP files.

9.8
2020-09-30 CVE-2020-21526 Halo Path Traversal vulnerability in Halo 1.1.3

An Arbitrary file writing vulnerability in halo v1.1.3.

9.8
2020-09-30 CVE-2020-21523 Halo Injection vulnerability in Halo 1.1.3

A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function.

9.8
2020-09-30 CVE-2020-21522 Halo Path Traversal vulnerability in Halo 1.1.3

An issue was discovered in halo V1.1.3.

9.8
2020-09-30 CVE-2020-20800 Metinfo SQL Injection vulnerability in Metinfo 7.0.0

An issue was discovered in MetInfo v7.0.0 beta.

9.8
2020-09-30 CVE-2020-19672 Niushop Unrestricted Upload of File with Dangerous Type vulnerability in Niushop 1.11

Niushop B2B2C Multi-business basic version V1.11, can bypass the administrator to obtain the background upload interface, through parameter upload, bypass the getimagesize function, upload php file, getshell.

9.8
2020-09-30 CVE-2020-15487 RE Desk SQL Injection vulnerability in Re-Desk Re:Desk 2.3

Re:Desk 2.3 contains a blind unauthenticated SQL injection vulnerability in the getBaseCriteria() function in the protected/models/Ticket.php file.

9.8
2020-09-30 CVE-2020-26154 Libproxy Project
Fedoraproject
Debian
Opensuse
Classic Buffer Overflow vulnerability in multiple products

url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header.

9.8
2020-09-30 CVE-2018-5353 Zohocorp Authentication Bypass by Spoofing vulnerability in Zohocorp Manageengine Adselfservice Plus

The custom GINA/CP module in Zoho ManageEngine ADSelfService Plus before 5.5 build 5517 allows remote attackers to execute code and escalate privileges via spoofing.

9.8
2020-09-30 CVE-2020-26158 Leanote Cross-site Scripting vulnerability in Leanote

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled when the batch feature is triggered.

9.6
2020-09-30 CVE-2020-26157 Leanote Cross-site Scripting vulnerability in Leanote

Leanote Desktop through 2.6.2 allows XSS because a note's title is mishandled during syncing.

9.6
2020-10-02 CVE-2020-26525 Damstratechnology SQL Injection vulnerability in Damstratechnology Smart Asset 2020.7

Damstra Smart Asset 2020.7 has SQL injection via the API/api/Asset originator parameter.

9.1
2020-10-02 CVE-2020-15232 Mapfish Unspecified vulnerability in Mapfish Print

In mapfish-print before version 3.24, a user can do to an XML External Entity (XXE) attack with the provided SDL style.

9.1
2020-10-02 CVE-2020-12676 Fusionauth Improper Verification of Cryptographic Signature vulnerability in Fusionauth Samlv2 0.2.3

FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".

9.1
2020-10-02 CVE-2020-18191 GET Simple Path Traversal vulnerability in Get-Simple Getsimplecms 3.3.15

GetSimpleCMS-3.3.15 is affected by directory traversal.

9.1
2020-10-02 CVE-2020-18190 Bludit Path Traversal vulnerability in Bludit 3.8.1

Bludit v3.8.1 is affected by directory traversal.

9.1
2020-09-30 CVE-2020-25762 Seat Reservation System Project SQL Injection vulnerability in Seat Reservation System Project Seat Reservation System 1.0

An issue was discovered in SourceCodester Seat Reservation System 1.0.

9.1
2020-09-30 CVE-2020-21524 Halo XXE vulnerability in Halo 1.1.3

There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc.

9.1

83 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-02 CVE-2020-24628 HPE Code Injection vulnerability in HPE KVM IP Console Switch G2 Firmware

A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.

8.8
2020-10-02 CVE-2020-26124 Openmediavault Code Injection vulnerability in Openmediavault 2.1/5.0.0

openmediavault before 4.1.36 and 5.x before 5.5.12 allows authenticated PHP code injection attacks, via the sortfield POST parameter of rpc.php, because json_encode_safe is not used in config/databasebackend.inc.

8.8
2020-10-01 CVE-2020-5786 Teltonika Networks Cross-Site Request Forgery (CSRF) vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.03

Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

8.8
2020-10-01 CVE-2020-15675 Mozilla Use After Free vulnerability in Mozilla Firefox

When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash.

8.8
2020-10-01 CVE-2020-15674 Mozilla Improper Locking vulnerability in Mozilla Firefox

Mozilla developers reported memory safety bugs present in Firefox 80.

8.8
2020-10-01 CVE-2020-15670 Mozilla Reachable Assertion vulnerability in Mozilla Firefox and Firefox ESR

Mozilla developers reported memory safety bugs present in Firefox for Android 79.

8.8
2020-10-01 CVE-2020-15669 Mozilla Use After Free vulnerability in Mozilla Firefox ESR

When aborting an operation, such as a fetch, an abort signal may be deleted while alerting the objects to be notified.

8.8
2020-10-01 CVE-2020-15667 Mozilla Out-of-bounds Write vulnerability in Mozilla Firefox

When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution.

8.8
2020-10-01 CVE-2020-15663 Mozilla Uncontrolled Search Path Element vulnerability in Mozilla Firefox

If Firefox is installed to a user-writable directory, the Mozilla Maintenance Service would execute updater.exe from the install location with system privileges.

8.8
2020-10-01 CVE-2020-15678 Mozilla
Opensuse
Debian
Use After Free vulnerability in multiple products

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free.

8.8
2020-10-01 CVE-2020-15673 Mozilla
Debian
Opensuse
Use After Free vulnerability in multiple products

Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2.

8.8
2020-09-30 CVE-2020-12715 Rainbowfishsoftware Unrestricted Upload of File with Dangerous Type vulnerability in Rainbowfishsoftware Pacsone Server 6.8.4

RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control.

8.8
2020-09-30 CVE-2020-14374 Dpdk
Opensuse
Canonical
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5.
8.8
2020-09-30 CVE-2020-21564 Pluck CMS Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck 4.7.10/4.7.11

An issue was discovered in Pluck CMS 4.7.10-dev2 and 4.7.11.

8.8
2020-09-30 CVE-2020-13296 Gitlab Missing Authorization vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6.

8.8
2020-09-30 CVE-2020-26163 Bigbluebutton Unspecified vulnerability in Bigbluebutton Greenlight

BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link.

8.8
2020-09-30 CVE-2020-25760 Projectworlds SQL Injection vulnerability in Projectworlds Visitor Management System in PHP 1.0

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection.

8.8
2020-09-30 CVE-2018-5354 Anixis Authentication Bypass by Spoofing vulnerability in Anixis Password Reset Client

The custom GINA/CP module in ANIXIS Password Reset Client before version 3.22 allows remote attackers to execute code and escalate privileges via spoofing.

8.8
2020-10-01 CVE-2020-25017 Envoyproxy Unspecified vulnerability in Envoyproxy Envoy

Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers.

8.3
2020-09-30 CVE-2020-13321 Gitlab Unspecified vulnerability in Gitlab

A vulnerability was discovered in GitLab versions prior to 13.1.

8.3
2020-10-02 CVE-2020-15589 Zohocorp Unspecified vulnerability in Zohocorp products

A design issue was discovered in GetInternetRequestHandle, InternetSendRequestEx and InternetSendRequestByBitrate in the client side of Zoho ManageEngine Desktop Central 10.0.552.W and Remote Access Plus before 10.1.2119.1.

8.1
2020-10-02 CVE-2020-24696 Powerdns Race Condition vulnerability in Powerdns Authoritative

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.

8.1
2020-10-02 CVE-2020-12123 Wavlink Cross-Site Request Forgery (CSRF) vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403

CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens.

8.1
2020-09-30 CVE-2020-13952 Apache Unspecified vulnerability in Apache Superset

In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection.

8.1
2020-09-30 CVE-2019-20920 Handlebarsjs Code Injection vulnerability in Handlebarsjs Handlebars

Handlebars before 3.0.8 and 4.x before 4.5.3 is vulnerable to Arbitrary Code Execution.

8.1
2020-09-30 CVE-2020-13658 Lansweeper Cross-Site Request Forgery (CSRF) vulnerability in Lansweeper 8.0.130.17

In Lansweeper 8.0.130.17, the web console is vulnerable to a CSRF attack that would allow a low-level Lansweeper user to elevate their privileges within the application.

8.0
2020-10-02 CVE-2020-25776 Trendmicro Link Following vulnerability in Trendmicro Antivirus 2019/2020

Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges.

7.8
2020-10-02 CVE-2020-5987 Nvidia Incomplete Cleanup vulnerability in Nvidia Virtual GPU Manager

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which guest-supplied parameters remain writable by the guest after the plugin has validated them, which may lead to the guest being able to pass invalid parameters to plugin handlers, which may lead to denial of service or escalation of privileges.

7.8
2020-10-02 CVE-2020-5984 Nvidia Use After Free vulnerability in Nvidia Virtual GPU Manager

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin in which it may have the use-after-free vulnerability while freeing some resources, which may lead to denial of service, code execution, and information disclosure.

7.8
2020-10-02 CVE-2020-5981 Nvidia Out-of-bounds Write vulnerability in Nvidia Virtual GPU Manager

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution.

7.8
2020-10-02 CVE-2020-5980 Nvidia Unspecified vulnerability in Nvidia Virtual GPU Manager

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in multiple components in which a securely loaded system DLL will load its dependencies in an insecure fashion, which may lead to code execution or denial of service.

7.8
2020-10-02 CVE-2020-5979 Nvidia Unspecified vulnerability in Nvidia Virtual GPU Manager

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the NVIDIA Control Panel component in which a user is presented with a dialog box for input by a high-privilege process, which may lead to escalation of privileges.

7.8
2020-10-02 CVE-2020-24356 Cloudflare Uncontrolled Search Path Element vulnerability in Cloudflare Cloudflared

`cloudflared` versions prior to 2020.8.1 contain a local privilege escalation vulnerability on Windows systems.

7.8
2020-10-02 CVE-2020-17382 MSI Out-of-bounds Write vulnerability in MSI Ambientlink Mslo64 Firmware 1.0.0.8

The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054).

7.8
2020-10-02 CVE-2020-26538 Foxitsoftware Uncontrolled Search Path Element vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.

7.8
2020-10-01 CVE-2020-24620 Unisys Use of Hard-coded Credentials vulnerability in Unisys Stealth

Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format.

7.8
2020-09-30 CVE-2020-16234 Fatek Unspecified vulnerability in Fatek Winproladder 3.28

In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code.

7.8
2020-09-30 CVE-2020-6654 Eaton Untrusted Search Path vulnerability in Eaton 9000X Programming and Configuration Software 2.0.38

A DLL Hijacking vulnerability in Eaton's 9000x Programming and Configuration Software v 2.0.38 and prior allows an attacker to execute arbitrary code by replacing the required DLLs with malicious DLLs when the software try to load vci11un6.DLL and cinpl.DLL.

7.8
2020-09-30 CVE-2020-14376 Dpdk
Opensuse
Canonical
Classic Buffer Overflow vulnerability in multiple products

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5.

7.8
2020-09-30 CVE-2020-14375 Dpdk
Opensuse
Canonical
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products

A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5.

7.8
2020-09-29 CVE-2020-4607 IBM Improper Input Validation vulnerability in IBM Security Verify Privilege Vault Remote On-Premises 1.3.2

IBM Security Secret Server (IBM Security Verify Privilege Vault Remote 1.2 ) could allow a local user to bypass security restrictions due to improper input validation.

7.8
2020-09-29 CVE-2020-25773 Trendmicro Double Free vulnerability in Trendmicro Apex ONE 2019/Saas

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products.

7.8
2020-09-29 CVE-2020-24563 Trendmicro Improper Authentication vulnerability in Trendmicro Apex ONE 2019/Saas

A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the security agent unload option (if configured), which then could be manipulated to gain a privilege escalation and code execution.

7.8
2020-09-29 CVE-2020-24562 Trendmicro Link Following vulnerability in Trendmicro Officescan XG

A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to create a hard link to any file on the system, which then could be manipulated to gain a privilege escalation and code execution.

7.8
2020-09-30 CVE-2020-21527 Halo Path Traversal vulnerability in Halo 1.1.3

There is an Arbitrary file deletion vulnerability in halo v1.1.3.

7.7
2020-09-30 CVE-2020-13323 Gitlab Unspecified vulnerability in Gitlab

A vulnerability was discovered in GitLab versions prior 13.1.

7.7
2020-10-04 CVE-2017-18924 Oauth2 Server Project Code Injection vulnerability in Oauth2-Server Project Oauth2-Server

oauth2-server (aka node-oauth2-server) through 3.1.1 implements OAuth 2.0 without PKCE.

7.5
2020-10-02 CVE-2020-25623 Erlang Path Traversal vulnerability in Erlang Erlang/Otp

Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal.

7.5
2020-10-02 CVE-2020-8110 Bitdefender Access of Uninitialized Pointer vulnerability in Bitdefender Engines 7.84063/7.84892/7.84897

A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory.

7.5
2020-10-02 CVE-2020-24697 Powerdns Unspecified vulnerability in Powerdns Authoritative

An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used.

7.5
2020-10-02 CVE-2020-14293 Secudos OS Command Injection vulnerability in Secudos Domos 5.6/5.6.1/5.8

conf_datetime in Secudos DOMOS 5.8 allows remote attackers to execute arbitrary commands as root via shell metacharacters in the zone field (obtained from the web interface).

7.5
2020-10-02 CVE-2020-12127 Wavlink Missing Authentication for Critical Function vulnerability in Wavlink Wn530H4 Firmware M30H4.V5030.190403

An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication.

7.5
2020-10-02 CVE-2020-26540 Foxitsoftware Improper Verification of Cryptographic Signature vulnerability in Foxitsoftware Foxit Reader and Phantompdf

An issue was discovered in Foxit Reader and PhantomPDF before 4.1 on macOS.

7.5
2020-10-02 CVE-2020-26511 Wpo365 Improper Authentication vulnerability in Wpo365 Wordpress + Azure AD / Microsoft Office 365

The wpo365-login plugin before v11.7 for WordPress allows use of a symmetric algorithm to decrypt a JWT token.

7.5
2020-10-01 CVE-2020-9491 Apache Use of a Broken or Risky Cryptographic Algorithm vulnerability in Apache Nifi

In Apache NiFi 1.2.0 to 1.11.4, the NiFi UI and API were protected by mandating TLS v1.2, as well as listening connections established by processors like ListenHTTP, HandleHttpRequest, etc.

7.5
2020-10-01 CVE-2020-9487 Apache Missing Authentication for Critical Function vulnerability in Apache Nifi

In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token (one-time password) mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content.

7.5
2020-10-01 CVE-2020-9486 Apache Information Exposure Through Log Files vulnerability in Apache Nifi

In Apache NiFi 1.10.0 to 1.11.4, the NiFi stateless execution engine produced log output which included sensitive property values.

7.5
2020-10-01 CVE-2020-11979 Apache
Gradle
Fedoraproject
Oracle
As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them.
7.5
2020-10-01 CVE-2020-25018 Envoyproxy Unspecified vulnerability in Envoyproxy Envoy 2D69E30

Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.

7.5
2020-10-01 CVE-2020-4576 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.5, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to obtain sensitive information with a specially-crafted sequence of serialized objects.

7.5
2020-10-01 CVE-2020-8109 Bitdefender Out-of-bounds Write vulnerability in Bitdefender Engines 7.84063/7.84892

A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer.

7.5
2020-10-01 CVE-2019-20902 Atlassian Unspecified vulnerability in Atlassian Crowd

Upgrading Crowd via XML Data Transfer can reactivate a disabled user from OpenLDAP.

7.5
2020-09-30 CVE-2020-15488 RE Desk Unrestricted Upload of File with Dangerous Type vulnerability in Re-Desk Re:Desk 2.3

Re:Desk 2.3 allows insecure file upload.

7.5
2020-09-30 CVE-2019-20922 Handlebarsjs Resource Exhaustion vulnerability in Handlebarsjs Handlebars

Handlebars before 4.4.5 allows Regular Expression Denial of Service (ReDoS) because of eager matching.

7.5
2020-09-30 CVE-2020-26160 JWT GO Project Improper Handling of Exceptional Conditions vulnerability in Jwt-Go Project Jwt-Go

jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification).

7.5
2020-09-30 CVE-2020-26149 Linuxfoundation Insufficiently Protected Credentials vulnerability in Linuxfoundation Nats.Deno and Nats.Js

NATS nats.js before 2.0.0-209, nats.ws before 1.0.0-111, and nats.deno before 1.0.0-9 allow credential disclosure from a client to a server.

7.5
2020-09-30 CVE-2020-26148 Md4C Project Use of Uninitialized Resource vulnerability in Md4C Project Md4C 0.4.5

md_push_block_bytes in md4c.c in md4c 0.4.5 allows attackers to trigger use of uninitialized memory, and cause a denial of service (e.g., assertion failure) via a malformed Markdown document.

7.5
2020-09-30 CVE-2020-21525 Halo Path Traversal vulnerability in Halo 1.1.3

Halo V1.1.3 is affected by: Arbitrary File reading.

7.5
2020-09-30 CVE-2020-13951 Apache Unspecified vulnerability in Apache Openmeetings

Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack.

7.5
2020-09-30 CVE-2020-26150 Logaritmo Forced Browsing vulnerability in Logaritmo Aware Callmanager 2012

info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function.

7.5
2020-09-30 CVE-2018-11765 Apache Improper Authentication vulnerability in Apache Hadoop

In Apache Hadoop versions 3.0.0-alpha2 to 3.0.0, 2.9.0 to 2.9.2, 2.8.0 to 2.8.5, any users can access some servlets without authentication when Kerberos authentication is enabled and SPNEGO through HTTP is not enabled.

7.5
2020-10-02 CVE-2019-19199 Reddoxx Insufficient Session Expiration vulnerability in Reddoxx Maildepot 2032

REDDOXX MailDepot 2032 SP2 2.2.1242 has Insufficient Session Expiration because tokens are not invalidated upon a logout.

7.4
2020-10-02 CVE-2020-24397 Zohocorp Integer Overflow or Wraparound vulnerability in Zohocorp Manageengine Desktop Central 10.0.0

An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534.

7.2
2020-10-02 CVE-2020-18184 Pluxxml Unspecified vulnerability in Pluxxml 5.7

In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.

7.2
2020-09-30 CVE-2020-15849 RE Desk SQL Injection vulnerability in Re-Desk Re:Desk 2.3

Re:Desk 2.3 has a blind authenticated SQL injection vulnerability in the SettingsController class, in the actionEmailTemplates() method.

7.2
2020-09-30 CVE-2020-8243 Pulsesecure
Ivanti
Code Injection vulnerability in multiple products

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution.

7.2
2020-09-30 CVE-2020-14030 Ozeki Deserialization of Untrusted Data vulnerability in Ozeki NG SMS Gateway

An issue was discovered in Ozeki NG SMS Gateway through 4.17.6.

7.2
2020-09-30 CVE-2020-13322 Gitlab Incorrect Authorization vulnerability in Gitlab

A vulnerability was discovered in GitLab versions after 12.9.

7.2
2020-10-02 CVE-2020-5988 Nvidia Double Free vulnerability in Nvidia Virtual GPU Manager

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which allocated memory can be freed twice, which may lead to information disclosure or denial of service.

7.1
2020-10-02 CVE-2020-5985 Nvidia Improper Input Validation vulnerability in Nvidia Virtual GPU Manager

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service.

7.1
2020-10-02 CVE-2020-5983 Nvidia Out-of-bounds Write vulnerability in Nvidia Virtual GPU Manager

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin and the host driver kernel module, in which the potential exists to write to a memory location that is outside the intended boundary of the frame buffer memory allocated to guest operating systems, which may lead to denial of service or information disclosure.

7.1
2020-09-30 CVE-2020-14377 Dpdk
Canonical
Opensuse
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5.
7.1
2020-09-30 CVE-2020-13325 Gitlab Unspecified vulnerability in Gitlab

A vulnerability was discovered in GitLab versions prior 13.1.

7.1

92 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-01 CVE-2020-16844 Istio Unspecified vulnerability in Istio

In Istio 1.5.0 though 1.5.8 and Istio 1.6.0 through 1.6.7, when users specify an AuthorizationPolicy resource with DENY actions using wildcard suffixes (e.g.

6.8
2020-09-30 CVE-2020-25816 Hashicorp Unspecified vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly.

6.8
2020-10-02 CVE-2020-26541 Linux Unspecified vulnerability in Linux Kernel

The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism.

6.5
2020-10-02 CVE-2020-15230 Vapor Project Unspecified vulnerability in Vapor Project Vapor

Vapor is a web framework for Swift.

6.5
2020-10-02 CVE-2020-24568 Mbconnectline SQL Injection vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1.

6.5
2020-10-02 CVE-2020-5422 Cloud Foundry Exposure of Resource to Wrong Sphere vulnerability in Cloud Foundry Bosh System Metrics Server

BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director.

6.5
2020-10-02 CVE-2020-7069 PHP
Fedoraproject
Debian
Opensuse
Canonical
Netapp
Oracle
Tenable
Inadequate Encryption Strength vulnerability in multiple products

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used.

6.5
2020-10-01 CVE-2020-5789 Teltonika Networks Path Traversal vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.03

Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to read the contents of arbitrary files on disk.

6.5
2020-10-01 CVE-2020-5788 Teltonika Networks Path Traversal vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.03

Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/system/admin/certificates/delete action.

6.5
2020-10-01 CVE-2020-5787 Teltonika Networks Path Traversal vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.03

Relative Path Traversal in Teltonika firmware TRB2_R_00.02.04.3 allows a remote, authenticated attacker to delete arbitrary files on disk via the admin/services/packages/remove action.

6.5
2020-10-01 CVE-2020-5784 Teltonika Networks Server-Side Request Forgery (SSRF) vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.03

Server-Side Request Forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a low privileged user to cause the application to perform HTTP GET requests to arbitrary URLs.

6.5
2020-10-01 CVE-2020-15666 Mozilla Information Exposure Through an Error Message vulnerability in Mozilla Firefox

When trying to load a non-video in an audio/video context the exact status code (200, 302, 404, 500, 412, 403, etc.) was disclosed via the MediaError Message.

6.5
2020-10-01 CVE-2020-15664 Mozilla Incorrect Authorization vulnerability in Mozilla Firefox and Firefox ESR

By holding a reference to the eval() function from an about:blank window, a malicious webpage could have gained access to the InstallTrigger object which would allow them to prompt the user to install an extension.

6.5
2020-09-30 CVE-2020-26137 Python
Canonical
Debian
Oracle
Injection vulnerability in multiple products

urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest().

6.5
2020-09-30 CVE-2020-24570 Mbconnectline Server-Side Request Forgery (SSRF) vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1.

6.5
2020-09-30 CVE-2020-13329 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13.

6.5
2020-09-30 CVE-2020-13324 Gitlab Unspecified vulnerability in Gitlab

A vulnerability was discovered in GitLab versions prior to 13.1.

6.5
2020-09-30 CVE-2020-13320 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab before version 12.10.13 that allowed a project member with limited permissions to view the project security dashboard.

6.5
2020-09-30 CVE-2019-17098 August Use of Hard-coded Credentials vulnerability in August Home and Connect Wi-Fi Bridge Firmware

Use of hard-coded cryptographic key vulnerability in August Connect Wi-Fi Bridge App, Connect Firmware allows an attacker to decrypt an intercepted payload containing the Wi-Fi network authentication credentials.

6.5
2020-09-29 CVE-2020-15216 Goxmldsig Project
Fedoraproject
Improper Verification of Cryptographic Signature vulnerability in multiple products

In goxmldsig (XML Digital Signatures implemented in pure Go) before version 1.1.0, with a carefully crafted XML file, an attacker can completely bypass signature validation and pass off an altered file as a signed one.

6.5
2020-09-29 CVE-2020-25775 Trendmicro Race Condition vulnerability in Trendmicro products

The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race condition arbitrary file deletion vulnerability that could allow an unprivileged user to manipulate the product's secure erase feature to delete files with a higher set of privileges.

6.3
2020-10-02 CVE-2020-15231 Mapfish Unspecified vulnerability in Mapfish Print

In mapfish-print before version 3.24, a user can use the JSONP support to do a Cross-site scripting.

6.1
2020-10-02 CVE-2020-26135 Livehelperchat Cross-site Scripting vulnerability in Livehelperchat Live Helper Chat

Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO.

6.1
2020-10-02 CVE-2020-26134 Livehelperchat Cross-site Scripting vulnerability in Livehelperchat Live Helper Chat

Live Helper Chat before 3.44v allows stored XSS in chat messages with an operator via BBCode.

6.1
2020-10-02 CVE-2020-14294 Secudos Cross-site Scripting vulnerability in Secudos Qiata FTA 1.50.1/1.70.19

An issue was discovered in Secudos Qiata FTA 1.70.19.

6.1
2020-10-02 CVE-2020-13168 Sysaid Cross-site Scripting vulnerability in Sysaid On-Premises and Sysaidsy On-Premises

SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter.

6.1
2020-10-02 CVE-2020-26523 Froala Cross-site Scripting vulnerability in Froala Editor

Froala Editor before 3.2.2 allows XSS via pasted content.

6.1
2020-10-01 CVE-2020-5785 Teltonika Networks Cross-site Scripting vulnerability in Teltonika-Networks Trb245 Firmware 00.02.04.03

Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.04.3 allows an unauthenticated attacker to conduct reflected cross-site scripting via a crafted ‘action’ or ‘pkg_name’ parameter.

6.1
2020-10-01 CVE-2020-14223 Hcltech Cross-site Scripting vulnerability in Hcltech Digital Experience 8.5/9.0/9.5

HCL Digital Experience 8.5, 9.0, 9.5 is susceptible to cross-site scripting (XSS).

6.1
2020-10-01 CVE-2020-15677 Mozilla
Debian
Opensuse
Open Redirect vulnerability in multiple products

By exploiting an Open Redirect vulnerability on a website, an attacker could have spoofed the site displayed in the download file dialog to show the original site (the one suffering from the open redirect) rather than the site the file was actually downloaded from.

6.1
2020-10-01 CVE-2020-15676 Mozilla
Debian
Opensuse
Cross-site Scripting vulnerability in multiple products

Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element.

6.1
2020-10-01 CVE-2019-19393 Rittal Cross-site Scripting vulnerability in Rittal CMC PU III 7030.000 Firmware 3.11.002/3.15.704

The Web application on Rittal CMC PU III 7030.000 V3.00 V3.11.00_2 to V3.15.70_4 devices fails to sanitize user input on the system configurations page.

6.1
2020-09-30 CVE-2020-25626 Encode
Redhat
Debian
Cross-site Scripting vulnerability in multiple products

A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2.

6.1
2020-09-30 CVE-2019-20921 Snapappointments Cross-site Scripting vulnerability in Snapappointments Bootstrap-Select

bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS).

6.1
2020-09-30 CVE-2020-8238 Pulsesecure
Ivanti
Cross-site Scripting vulnerability in multiple products

A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Secure < 9.1R8.2 could allow attackers to conduct Cross-Site Scripting (XSS).

6.1
2020-09-30 CVE-2020-26043 Hoosk Cross-site Scripting vulnerability in Hoosk 1.8.0

An issue was discovered in Hoosk CMS v1.8.0.

6.1
2020-09-30 CVE-2020-25761 Projectworlds Cross-site Scripting vulnerability in Projectworlds Visitor Management System in PHP 1.0

Projectworlds Visitor Management System in PHP 1.0 allows XSS.

6.1
2020-09-30 CVE-2020-22481 Hack Cross-site Scripting vulnerability in Hack Hfish 0.5.1

An issue was discovered in HFish 0.5.1.

6.1
2020-09-30 CVE-2020-24721 Apple
Google
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS.
5.7
2020-10-02 CVE-2020-5989 Nvidia NULL Pointer Dereference vulnerability in Nvidia Virtual GPU Manager

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it can dereference a NULL pointer, which may lead to denial of service.

5.5
2020-10-02 CVE-2020-5986 Nvidia Improper Input Validation vulnerability in Nvidia Virtual GPU Manager

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service.

5.5
2020-10-02 CVE-2020-26536 Foxitsoftware NULL Pointer Dereference vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.

5.5
2020-10-02 CVE-2020-26519 Artifex
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

Artifex MuPDF before 1.18.0 has a heap based buffer over-write when parsing JBIG2 files allowing attackers to cause a denial of service.

5.5
2020-10-01 CVE-2020-13940 Apache XXE vulnerability in Apache Nifi

In Apache NiFi 1.0.0 to 1.11.4, the notification service manager and various policy authorizer and user group provider objects allowed trusted administrators to inadvertently configure a potentially malicious XML file.

5.5
2020-09-29 CVE-2020-25772 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

5.5
2020-09-29 CVE-2020-25771 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

5.5
2020-09-29 CVE-2020-25770 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

5.5
2020-09-29 CVE-2020-24565 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

5.5
2020-09-29 CVE-2020-24564 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas

An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product.

5.5
2020-10-02 CVE-2020-13338 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2.

5.4
2020-10-02 CVE-2020-24627 HPE Cross-site Scripting vulnerability in HPE KVM IP Console Switch G2 Firmware

A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex32 Prior to 2.8.3.

5.4
2020-10-01 CVE-2020-24861 GET Simple Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.16

GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page

5.4
2020-10-01 CVE-2020-24860 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.14

CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields.

5.4
2020-10-01 CVE-2019-20903 Atlassian Cross-site Scripting vulnerability in Atlassian Editor-Core

The hyperlinks functionality in atlaskit/editor-core in before version 113.1.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in link targets.

5.4
2020-09-30 CVE-2020-12869 Rainbowfishsoftware Cross-site Scripting vulnerability in Rainbowfishsoftware Pacsone Server 6.8.4

RainbowFish PacsOne Server 6.8.4 allows XSS.

5.4
2020-09-30 CVE-2019-18989 Mediatek Authentication Bypass by Spoofing vulnerability in Mediatek Mt7620N Firmware 1.06

A partial authentication bypass vulnerability exists on Mediatek MT7620N 1.06 devices.

5.4
2020-09-30 CVE-2019-18990 Realtek Authentication Bypass by Spoofing vulnerability in Realtek products

A partial authentication bypass vulnerability exists on Realtek RTL8812AR 1.21WW, RTL8196D 1.0.0, RTL8192ER 2.10, and RTL8881AN 1.09 devices.

5.4
2020-09-30 CVE-2019-18991 Qualcomm Authentication Bypass by Spoofing vulnerability in Qualcomm products

A partial authentication bypass vulnerability exists on Atheros AR9132 3.60(AMX.8), AR9283 1.85, and AR9285 1.0.0.12NA devices.

5.4
2020-09-30 CVE-2020-22842 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple

CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php.

5.4
2020-09-30 CVE-2020-13331 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions prior to 12.10.13.

5.4
2020-09-30 CVE-2020-13330 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions prior to 12.10.13.

5.4
2020-10-02 CVE-2020-26526 Damstratechnology Unspecified vulnerability in Damstratechnology Smart Asset 2020.7

An issue was discovered in Damstra Smart Asset 2020.7.

5.3
2020-10-02 CVE-2020-7070 PHP
Fedoraproject
Debian
Opensuse
Canonical
Netapp
Tenable
Reliance on Cookies without Validation and Integrity Checking vulnerability in multiple products

In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when PHP is processing incoming HTTP cookie values, the cookie names are url-decoded.

5.3
2020-10-02 CVE-2020-26524 Filecloud Unspecified vulnerability in Filecloud

CodeLathe FileCloud before 20.2.0.11915 allows username enumeration.

5.3
2020-10-01 CVE-2020-25200 Pritunl Information Exposure Through Discrepancy vulnerability in Pritunl 1.29.2145.25

Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session login attempts.

5.3
2020-09-30 CVE-2020-19676 Alibaba Unspecified vulnerability in Alibaba Nacos 1.1.4

Nacos 1.1.4 is affected by: Incorrect Access Control.

5.3
2020-09-30 CVE-2020-13953 Apache Files or Directories Accessible to External Parties vulnerability in Apache Tapestry

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

5.3
2020-09-30 CVE-2020-5132 Sonicwall Unspecified vulnerability in Sonicwall Sma100 Firmware and Sonicos

SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability.

5.3
2020-10-01 CVE-2020-15228 Toolkit Project Command Injection vulnerability in Toolkit Project Toolkit

In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Actions Runner over stdout by generating a string in a specific format.

5.0
2020-09-30 CVE-2020-8256 Pulsesecure
Ivanti
XXE vulnerability in multiple products

A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.

4.9
2020-09-30 CVE-2020-21244 Frontaccounting Path Traversal vulnerability in Frontaccounting 2.4.7

An issue was discovered in FrontAccounting 2.4.7.

4.9
2020-09-30 CVE-2020-19670 Niushop Missing Authentication for Critical Function vulnerability in Niushop 1.11

In Niushop B2B2C Multi-Business Basic Edition V1.11, authentication can be bypassed, causing administrators to reset any passwords.

4.9
2020-10-02 CVE-2020-15233 ORY Open Redirect vulnerability in ORY Fosite

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go.

4.8
2020-10-02 CVE-2020-15234 ORY Improper Handling of Case Sensitivity vulnerability in ORY Fosite

ORY Fosite is a security first OAuth2 & OpenID Connect framework for Go.

4.8
2020-10-02 CVE-2020-13337 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.

4.8
2020-09-30 CVE-2020-25830 Mantisbt Cross-site Scripting vulnerability in Mantisbt

An issue was discovered in MantisBT before 2.24.3.

4.8
2020-09-30 CVE-2020-25288 Mantisbt Cross-site Scripting vulnerability in Mantisbt

An issue was discovered in MantisBT before 2.24.3.

4.8
2020-09-30 CVE-2020-13336 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13.

4.8
2020-09-30 CVE-2020-13328 Gitlab Cross-site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13.

4.8
2020-10-02 CVE-2020-5982 Nvidia Allocation of Resources Without Limits or Throttling vulnerability in Nvidia Virtual GPU Manager

NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) scheduler, in which the software does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests, which may lead to denial of service.

4.4
2020-10-01 CVE-2020-5387 Dell Improper Handling of Exceptional Conditions vulnerability in Dell XPS 13 9370 Firmware

Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability.

4.4
2020-10-02 CVE-2020-17482 Powerdns Use of Uninitialized Resource vulnerability in Powerdns Authoritative

An issue has been found in PowerDNS Authoritative Server before 4.3.1 where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory.

4.3
2020-10-01 CVE-2020-15668 Mozilla Improper Locking vulnerability in Mozilla Firefox

A lock was missing when accessing a data structure and importing certificate information into the trust database.

4.3
2020-10-01 CVE-2020-15665 Mozilla Unspecified vulnerability in Mozilla Firefox

Firefox did not reset the address bar after the beforeunload dialog was shown if the user chose to remain on the page.

4.3
2020-09-30 CVE-2020-25781 Mantisbt Missing Authorization vulnerability in Mantisbt

An issue was discovered in file_download.php in MantisBT before 2.24.3.

4.3
2020-09-30 CVE-2020-24569 Mbconnectline SQL Injection vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1.

4.3
2020-09-30 CVE-2020-15594 Zohocorp Server-Side Request Forgery (SSRF) vulnerability in Zohocorp Manageengine Application Control Plus

An SSRF issue was discovered in Zoho Application Control Plus before version 10.0.511.

4.3
2020-09-30 CVE-2020-13794 Linuxfoundation Missing Authorization vulnerability in Linuxfoundation Harbor

Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor.

4.3
2020-09-30 CVE-2020-13326 Gitlab Unspecified vulnerability in Gitlab

A vulnerability was discovered in GitLab versions prior to 13.1.

4.3
2020-09-30 CVE-2020-13319 Gitlab Missing Authorization vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13.

4.3
2020-09-30 CVE-2020-15595 Zohocorp Unspecified vulnerability in Zohocorp Manageengine Application Control Plus

An issue was discovered in Zoho Application Control Plus before version 10.0.511.

4.3
2020-09-29 CVE-2020-25774 Trendmicro Out-of-bounds Read vulnerability in Trendmicro Apex ONE 2019/Saas

A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-09-30 CVE-2020-15731 Bitdefender Improper Input Validation vulnerability in Bitdefender Engines 7.84063/7.84892/7.84897

An improper Input Validation vulnerability in the code handling file renaming and recovery in Bitdefender Engines allows an attacker to write an arbitrary file in a location hardcoded in a specially-crafted malicious file name.

3.6
2020-09-30 CVE-2020-14378 Dpdk
Opensuse
Canonical
Integer Underflow (Wrap or Wraparound) vulnerability in multiple products

An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop.

3.3
2020-09-30 CVE-2020-4629 IBM Information Exposure Through an Error Message vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local user with specialized access to obtain sensitive information from a detailed technical error message.

3.3
2020-10-02 CVE-2020-25741 Qemu NULL Pointer Dereference vulnerability in Qemu 5.0.0

fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block pointer for the current drive.

3.2
2020-10-01 CVE-2020-15671 Mozilla Race Condition vulnerability in Mozilla Firefox

When typing in a password under certain conditions, a race may have occured where the InputContext was not being correctly set for the input field, resulting in the typed password being saved to the keyboard dictionary.

3.1