Weekly Vulnerabilities Reports > October 5 to 11, 2020

Overview

222 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 38 high severity vulnerabilities. This weekly summary report vulnerabilities in 441 products from 99 vendors including Netgear, Cisco, Gitlab, Google, and Jenkins. Vulnerabilities are notably categorized as "Cross-site Scripting", "Information Exposure", "Improper Input Validation", "Improper Authentication", and "Command Injection".

  • 156 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 82 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 164 reported vulnerabilities are exploitable by an anonymous user.
  • Netgear has the most reported vulnerabilities, with 35 reported vulnerabilities.
  • Craftercms has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-09 CVE-2020-26908 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

10.0
2020-10-06 CVE-2020-26574 Leostream Cross-Site Scripting vulnerability in Leostream Connection Broker

** UNSUPPORTED WHEN ASSIGNED ** Leostream Connection Broker 8.2.x is affected by stored XSS.

9.3
2020-10-08 CVE-2020-4280 IBM Deserialization of Untrusted Data vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 could allow a remote attacker to execute arbitrary commands on the system, caused by insecure deserialization of user-supplied content by the Java deserialization function.

9.0
2020-10-07 CVE-2020-26596 Elementor Improper Input Validation vulnerability in Elementor PRO 3.0.5

The Dynamic OOO widget for the Elementor Pro plugin through 3.0.5 for WordPress allows remote authenticated users to execute arbitrary code because only the Editor role is needed to upload executable PHP code via the PHP Raw snippet.

9.0
2020-10-07 CVE-2020-13347 Gitlab Command Injection vulnerability in Gitlab

A command injection vulnerability was discovered in Gitlab runner versions prior to 13.2.4, 13.3.2 and 13.4.1.

9.0
2020-10-06 CVE-2020-26582 Dlink Command Injection vulnerability in Dlink Dap-1360U Firmware

D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18).

9.0
2020-10-06 CVE-2020-25803 Craftercms Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via FreeMarker template exposed objects.

9.0
2020-10-06 CVE-2020-25802 Craftercms Improper Control of Dynamically-Managed Code Resources vulnerability in Craftercms Studio

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of Crafter CMS allows authenticated developers to execute OS commands via Groovy scripting.

9.0

38 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-09 CVE-2020-26897 Netgear Insufficiently Protected Credentials vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

8.3
2020-10-09 CVE-2020-26909 Netgear Command Injection vulnerability in Netgear D7800 Firmware and R7500V2 Firmware

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.3
2020-10-09 CVE-2020-26906 Netgear Insufficiently Protected Credentials vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

8.3
2020-10-09 CVE-2020-26902 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

8.3
2020-10-09 CVE-2020-26898 Netgear Unspecified vulnerability in Netgear Rax40 Firmware 1.0.3.62/1.0.3.64

NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings.

8.3
2020-10-08 CVE-2020-3544 Cisco Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco products

A vulnerability in the Cisco Discovery Protocol implementation for Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to execute arbitrary code on an affected device or cause the device to reload.

8.3
2020-10-06 CVE-2020-5634 Elecom Unspecified vulnerability in Elecom products

ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10) allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors.

8.3
2020-10-08 CVE-2020-9048 Tyco Incorrect Permission Assignment for Critical Resource vulnerability in Tyco Victor web Client 5.4.1

A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack.

7.8
2020-10-08 CVE-2020-3596 Cisco Always-Incorrect Control Flow Implementation vulnerability in Cisco products

A vulnerability in the Session Initiation Protocol (SIP) of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

7.8
2020-10-06 CVE-2020-24219 Szuray Path Traversal vulnerability in Szuray products

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97.

7.8
2020-10-09 CVE-2020-26907 Netgear Command Injection vulnerability in Netgear Rbk852 Firmware, Rbr850 Firmware and Rbs850 Firmware

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

7.7
2020-10-10 CVE-2020-26948 MSF Emby Project Server-Side Request Forgery (SSRF) vulnerability in MSF Emby Project MSF Emby

Emby Server before 4.5.0 allows SSRF via the Items/RemoteSearch/Image ImageURL parameter.

7.5
2020-10-10 CVE-2020-26935 Phpmyadmin
Opensuse
Fedoraproject
Debian
SQL Injection vulnerability in multiple products

An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3.

7.5
2020-10-09 CVE-2020-26927 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

7.5
2020-10-09 CVE-2020-26919 Netgear Unspecified vulnerability in Netgear Jgs516Pe Firmware 2.6.0.35

NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level.

7.5
2020-10-08 CVE-2020-15243 Smartstore Improper Authentication vulnerability in Smartstore 4.0.0/4.0.1

Affected versions of Smartstore have a missing WebApi Authentication attribute.

7.5
2020-10-08 CVE-2020-1914 Facebook Always-Incorrect Control Flow Implementation vulnerability in Facebook Hermes

A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript.

7.5
2020-10-08 CVE-2020-25273 Online BUS Booking System Project Improper Authentication vulnerability in Online BUS Booking System Project Online BUS Booking System 1.0

In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.

7.5
2020-10-07 CVE-2020-11800 Zabbix
Opensuse
Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code.
7.5
2020-10-06 CVE-2020-26607 Google Improper Privilege Management vulnerability in Google Android

An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software.

7.5
2020-10-06 CVE-2020-1907 Whatsapp Out-Of-Bounds Write vulnerability in Whatsapp

A stack overflow in WhatsApp for Android prior to v2.20.196.16, WhatsApp Business for Android prior to v2.20.196.12, WhatsApp for iOS prior to v2.20.90, WhatsApp Business for iOS prior to v2.20.90, and WhatsApp for Portal prior to v173.0.0.29.505 could have allowed arbitrary code execution when parsing the contents of an RTP Extension header.

7.5
2020-10-06 CVE-2020-7741 Hello JS Project Cross-Site Scripting vulnerability in Hello.Js Project Hello.Js

This affects the package hellojs before 1.18.6.

7.5
2020-10-06 CVE-2020-8782 Sierrawireless Unspecified vulnerability in Sierrawireless Aleos

Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution.

7.5
2020-10-06 CVE-2020-7465 MPD Project Out-Of-Bounds Write vulnerability in MPD Project MPD

The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption).

7.5
2020-10-06 CVE-2020-25643 Linux
Redhat
Opensuse
Improper Input Validation vulnerability in multiple products

A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7.

7.5
2020-10-06 CVE-2020-24217 Szuray
Jtechdigital
Provideoinstruments
Missing Authentication FOR Critical Function vulnerability in multiple products

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders.

7.5
2020-10-06 CVE-2020-24214 Szuray
Jtechdigital
Provideoinstruments
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders.
7.5
2020-10-06 CVE-1999-0199 GNU Unchecked Return Value vulnerability in GNU Glibc

manual/search.texi in the GNU C Library (aka glibc) before 2.2 lacks a statement about the unspecified tdelete return value upon deletion of a tree's root, which might allow attackers to access a dangling pointer in an application whose developer was unaware of a documentation update from 1999.

7.5
2020-10-05 CVE-2020-16226 Mitsubishielectric Predictable Exact Value From Previous Values vulnerability in Mitsubishielectric products

Multiple Mitsubishi Electric products are vulnerable to impersonations of a legitimate device by a malicious actor, which may allow an attacker to remotely execute arbitrary commands.

7.5
2020-10-05 CVE-2020-24231 Jumpmind Unspecified vulnerability in Jumpmind Symmetricds

Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP.

7.5
2020-10-05 CVE-2020-4493 IBM Improper Authentication vulnerability in IBM Maximo Asset Management

IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow an attacker to bypass authentication and issue commands using a specially crafted HTTP command.

7.5
2020-10-08 CVE-2020-3602 Cisco OS Command Injection vulnerability in Cisco Staros

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.

7.2
2020-10-08 CVE-2020-3601 Cisco OS Command Injection vulnerability in Cisco Staros

A vulnerability in the CLI of Cisco StarOS operating system for Cisco ASR 5000 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device.

7.2
2020-10-08 CVE-2020-3535 Cisco Uncontrolled Search Path Element vulnerability in Cisco Webex Teams 3.0.15711.0

A vulnerability in the loading mechanism of specific DLLs in the Cisco Webex Teams client for Windows could allow an authenticated, local attacker to load a malicious library.

7.2
2020-10-07 CVE-2020-26880 Sympa Improper Privilege Management vulnerability in Sympa

Sympa through 6.2.57b.2 allows a local privilege escalation from the sympa user account to full root access by modifying the sympa.conf configuration file (which is owned by sympa) and parsing it through the setuid sympa_newaliases-wrapper executable.

7.2
2020-10-06 CVE-2020-8781 Sierrawireless Improper Input Validation vulnerability in Sierrawireless Aleos

Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process.

7.2
2020-10-06 CVE-2020-25637 Redhat Double Free vulnerability in Redhat Libvirt

A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsible for requesting information about network interfaces of a running QEMU domain.

7.2
2020-10-06 CVE-2020-5632 NEC Unspecified vulnerability in NEC Infocage Siteshell 1.4/1.5/1.6

InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated privilege via a specially crafted executable files.

7.2

131 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-08 CVE-2019-19115 Nahimic Uncontrolled Search Path Element vulnerability in Nahimic APO Software Component

An escalation of privilege vulnerability in Nahimic APO Software Component Driver 1.4.2, 1.5.0, 1.5.1, 1.6.1 and 1.6.2 allows an attacker to execute code with SYSTEM privileges.

6.9
2020-10-09 CVE-2020-26912 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear products

Certain NETGEAR devices are affected by CSRF.

6.8
2020-10-09 CVE-2020-26522 Garfield Petshop Project Cross-Site Request Forgery (CSRF) vulnerability in Garfield Petshop Project Garfield Petshop 20201001

A cross-site request forgery (CSRF) vulnerability in mod/user/act_user.php in Garfield Petshop through 2020-10-01 allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts.

6.8
2020-10-08 CVE-2020-26802 Formalms Cross-Site Request Forgery (CSRF) vulnerability in Formalms 2.3.0.2

forma.lms 2.3.0.2 is affected by Cross Site Request Forgery (CSRF) in formalms/appCore/index.php?r=lms/profile/show&ap=saveinfo via a GET request to change the admin email address in order to accomplish an account takeover.

6.8
2020-10-08 CVE-2020-2286 Jenkins Incorrect Authorization vulnerability in Jenkins Role-Based Authorization Strategy

Jenkins Role-based Authorization Strategy Plugin 3.0 and earlier does not properly invalidate a permission cache when the configuration is changed, resulting in permissions being granted based on an outdated configuration.

6.8
2020-10-08 CVE-2020-3567 Cisco Improper Input Validation vulnerability in Cisco Industrial Network Director and Network Level Service

A vulnerability in the management REST API of Cisco Industrial Network Director (IND) could allow an authenticated, remote attacker to cause the CPU utilization to increase to 100 percent, resulting in a denial of service (DoS) condition on an affected device.

6.8
2020-10-06 CVE-2020-24807 Socket IO File Project Improper Input Validation vulnerability in Socket.Io-File Project Socket.Io-File

** UNSUPPORTED WHEN ASSIGNED ** The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field.

6.8
2020-10-06 CVE-2020-15215 Electronjs Protection Mechanism Failure vulnerability in Electronjs Electron

Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass.

6.8
2020-10-09 CVE-2020-15838 Connectwise Improper Authentication vulnerability in Connectwise Automate 2019.12/2020.0/2020.7

The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.

6.5
2020-10-07 CVE-2020-14355 Spice Project
Redhat
Canonical
Debian
Opensuse
Classic Buffer Overflow vulnerability in multiple products

Multiple buffer overflow vulnerabilities were found in the QUIC image decoding process of the SPICE remote display system, before spice-0.14.2-1.

6.5
2020-10-06 CVE-2020-16267 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.7

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module.

6.5
2020-10-06 CVE-2020-15927 Zohocorp SQL Injection vulnerability in Zohocorp Manageengine Applications Manager 14.7

Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the SAP module.

6.5
2020-10-05 CVE-2020-26048 Cuppacms Unrestricted Upload of File With Dangerous Type vulnerability in Cuppacms

The file manager option in CuppaCMS before 2019-11-12 allows an authenticated attacker to upload a malicious file within an image extension and through a custom request using the rename function provided by the file manager is able to modify the image extension into PHP resulting in remote arbitrary code execution.

6.5
2020-10-05 CVE-2020-7709 Smallpdf Improper Input Validation vulnerability in Smallpdf Json-Pointer

This affects the package json-pointer before 0.6.1.

6.5
2020-10-08 CVE-2020-3598 Cisco Missing Authentication FOR Critical Function vulnerability in Cisco Vision Dynamic Signage Director

A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to access confidential information or make configuration changes.

6.4
2020-10-07 CVE-2020-15175 Glpi Project Files OR Directories Accessible TO External Parties vulnerability in Glpi-Project Glpi

In GLPI before version 9.5.2, the `?pluginimage.send.php?` endpoint allows a user to specify an image from a plugin.

6.4
2020-10-06 CVE-2020-7740 Node PDF Generator Project Improper Input Validation vulnerability in Node-Pdf-Generator Project Node-Pdf-Generator

This affects all versions of package node-pdf-generator.

6.4
2020-10-06 CVE-2020-7739 Phantomjs SEO Project Server-Side Request Forgery (SSRF) vulnerability in Phantomjs-Seo Project Phantomjs-Seo 1.0.0

This affects all versions of package phantomjs-seo.

6.4
2020-10-08 CVE-2020-3543 Cisco Resource Exhaustion vulnerability in Cisco products

A vulnerability in the Cisco Discovery Protocol of Cisco Video Surveillance 8000 Series IP Cameras could allow an unauthenticated, adjacent attacker to cause a memory leak, which could lead to a denial of service (DoS) condition on an affected device.

6.1
2020-10-08 CVE-2020-13339 Gitlab Cross-Site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview.

6.0
2020-10-05 CVE-2020-8182 Nextcloud Improper Preservation of Permissions vulnerability in Nextcloud Deck 0.8.0

Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with them with more permissions than they had themselves.

6.0
2020-10-09 CVE-2020-26928 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-10-09 CVE-2020-26926 Netgear Improper Authentication vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-10-09 CVE-2020-26921 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by authentication bypass.

5.8
2020-10-09 CVE-2020-26920 Netgear Command Injection vulnerability in Netgear Srk60 Firmware, Srr60 Firmware and Srs60 Firmware

Certain NETGEAR devices are affected by command injection by an unauthenticated attacker.

5.8
2020-10-09 CVE-2020-26916 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by incorrect configuration of security settings.

5.8
2020-10-09 CVE-2020-26911 Netgear Unspecified vulnerability in Netgear products

Certain NETGEAR devices are affected by lack of access control at the function level.

5.8
2020-10-08 CVE-2020-15242 Vercel Open Redirect vulnerability in Vercel Next.Js

Next.js versions >=9.5.0 and <9.5.4 are vulnerable to an Open Redirect.

5.8
2020-10-08 CVE-2020-25263 Pyrocms Cross-Site Request Forgery (CSRF) vulnerability in Pyrocms 3.7

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomaly.module.blocks URI: an arbitrary plugin will be deleted.

5.8
2020-10-08 CVE-2020-3597 Cisco Path Traversal vulnerability in Cisco Nexus Data Broker 3.9(0)

A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device.

5.8
2020-10-06 CVE-2020-1904 Whatsapp Path Traversal vulnerability in Whatsapp

A path validation issue in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have allowed for directory traversal overwriting files when sending specially crafted docx, xlx, and pptx files as attachments to messages.

5.8
2020-10-06 CVE-2020-15174 Electronjs Protection Mechanism Failure vulnerability in Electronjs Electron

In Electron before versions 11.0.0-beta.1, 10.0.1, 9.3.0 or 8.5.1 the `will-navigate` event that apps use to prevent navigations to unexpected destinations as per our security recommendations can be bypassed when a sub-frame performs a top-frame navigation across sites.

5.8
2020-10-09 CVE-2020-26930 Netgear Insecure Default Initialization of Resource vulnerability in Netgear Ex7700 Firmware

NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.

5.5
2020-10-08 CVE-2020-3467 Cisco Incorrect Authorization vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to modify parts of the configuration on an affected device.

5.5
2020-10-07 CVE-2020-25985 Monocms Path Traversal vulnerability in Monocms 1.0

MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion.

5.5
2020-10-09 CVE-2020-26929 Netgear Command Injection vulnerability in Netgear R6220 Firmware and R6230 Firmware

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-10-09 CVE-2020-26914 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-10-09 CVE-2020-26913 Netgear Out-Of-Bounds Write vulnerability in Netgear products

Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user.

5.2
2020-10-09 CVE-2020-26910 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

5.2
2020-10-05 CVE-2019-14557 Intel Classic Buffer Overflow vulnerability in Intel Bios

Buffer overflow in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable elevation of privilege or denial of service via adjacent access.

5.2
2020-10-10 CVE-2020-26945 Mybatis Deserialization of Untrusted Data vulnerability in Mybatis

MyBatis before 3.5.6 mishandles deserialization of object streams.

5.1
2020-10-08 CVE-2020-10816 Zohocorp Improper Authentication vulnerability in Zohocorp Manageengine Applications Manager 14.7

Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to register managed servers via AAMRequestProcessor servlet.

5.0
2020-10-08 CVE-2020-2288 Jenkins Incorrect Regular Expression vulnerability in Jenkins Audit Trail

In Jenkins Audit Trail Plugin 3.6 and earlier, the default regular expression pattern could be bypassed in many cases by adding a suffix to the URL that would be ignored during request handling.

5.0
2020-10-08 CVE-2020-2287 Jenkins Improper Interaction Between multiple Correctly-Behaving Entities vulnerability in Jenkins Audit Trail

Jenkins Audit Trail Plugin 3.6 and earlier applies pattern matching to a different representation of request URL paths than the Stapler web framework uses for dispatching requests, which allows attackers to craft URLs that bypass request logging of any target URL.

5.0
2020-10-08 CVE-2020-3568 Cisco Improper Input Validation vulnerability in Cisco Asyncos

A vulnerability in the antispam protection mechanisms of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the URL reputation filters on an affected device.

5.0
2020-10-07 CVE-2020-25768 Contao Improper Input Validation vulnerability in Contao

Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation.

5.0
2020-10-07 CVE-2020-15226 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

In GLPI before version 9.5.2, there is a SQL Injection in the API's search function.

5.0
2020-10-07 CVE-2020-15217 Glpi Project Cross-Site Scripting vulnerability in Glpi-Project Glpi 9.5.0/9.5.1

In GLPI before version 9.5.2, there is a leakage of user information through the public FAQ.

5.0
2020-10-07 CVE-2020-15176 Glpi Project SQL Injection vulnerability in Glpi-Project Glpi

In GLPI before version 9.5.2, when supplying a back tick in input that gets put into a SQL query,the application does not escape or sanitize allowing for SQL Injection to occur.

5.0
2020-10-07 CVE-2020-26876 Wpcoursesplugin Incorrect Authorization vulnerability in Wpcoursesplugin Wp-Courses 2.0.27

The wp-courses plugin through 2.0.27 for WordPress allows remote attackers to bypass the intended payment step (for course videos and materials) by using the /wp-json REST API, as exploited in the wild in September 2020.

5.0
2020-10-07 CVE-2020-24246 Peplink Unspecified vulnerability in Peplink products

Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.

5.0
2020-10-07 CVE-2019-16160 Mikrotik Integer Overflow OR Wraparound vulnerability in Mikrotik Routeros

An integer underflow in the SMB server of MikroTik RouterOS before 6.45.5 allows remote unauthenticated attackers to crash the service.

5.0
2020-10-07 CVE-2020-13334 Gitlab Incorrect Authorization vulnerability in Gitlab

In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query

5.0
2020-10-07 CVE-2020-7742 Simpl Schema Project Unspecified vulnerability in Simpl-Schema Project Simpl-Schema

This affects the package simpl-schema before 1.10.2.

5.0
2020-10-06 CVE-2020-26606 Google Information Exposure vulnerability in Google Android

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software.

5.0
2020-10-06 CVE-2020-26605 Google Information Exposure Through LOG Files vulnerability in Google Android 10.0/11.0

An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Exynos chipsets) software.

5.0
2020-10-06 CVE-2020-26604 Google Improper Privilege Management vulnerability in Google Android

An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software.

5.0
2020-10-06 CVE-2020-26603 Google Path Traversal vulnerability in Google Android

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software.

5.0
2020-10-06 CVE-2020-26602 Google Exposure of Resource TO Wrong Sphere vulnerability in Google Android

An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software.

5.0
2020-10-06 CVE-2020-26601 Google Improper Privilege Management vulnerability in Google Android

An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software.

5.0
2020-10-06 CVE-2020-26600 Google Information Exposure vulnerability in Google Android 10.0

An issue was discovered on Samsung mobile devices with Q(10.0) software.

5.0
2020-10-06 CVE-2020-26599 Google Improper Authentication vulnerability in Google Android 10.0

An issue was discovered on Samsung mobile devices with Q(10.0) software.

5.0
2020-10-06 CVE-2020-26598 Google Missing Authorization vulnerability in Google Android 8.0/8.1/9.0

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, and 9.0 software.

5.0
2020-10-06 CVE-2020-26597 Google Improper Input Validation vulnerability in Google Android 10.0/9.0

An issue was discovered on LG mobile devices with Android OS 9.0 and 10 software.

5.0
2020-10-06 CVE-2020-1902 Whatsapp Information Exposure vulnerability in Whatsapp and Whatsapp Business

A user running a quick search on a highly forwarded message on WhatsApp for Android from v2.20.108 to v2.20.140 or WhatsApp Business for Android from v2.20.35 to v2.20.49 could have been sent to the Google service over plain HTTP.

5.0
2020-10-06 CVE-2020-1901 Whatsapp Resource Exhaustion vulnerability in Whatsapp

Receiving a large text message containing URLs in WhatsApp for iOS prior to v2.20.91.4 could have caused the application to freeze while processing the message.

5.0
2020-10-06 CVE-2019-4326 Hcltech Improper Encoding OR Escaping of Output vulnerability in Hcltech Appscan 10.0.0/9.0.3.14

"HCL AppScan Enterprise security rules update administration section of the web application console is missing HTTP Strict-Transport-Security Header."

5.0
2020-10-06 CVE-2019-4325 Hcltech USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Hcltech Appscan 10.0.0/10.0.1/9.0.3.14

"HCL AppScan Enterprise makes use of broken or risky cryptographic algorithm to store REST API user details."

5.0
2020-10-06 CVE-2020-26575 Wireshark
Fedoraproject
Debian
Oracle
Infinite Loop vulnerability in multiple products

In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop.

5.0
2020-10-06 CVE-2020-25866 Wireshark Null Pointer Dereference vulnerability in Wireshark

In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dereference because a buffer was sized for compressed (not uncompressed) messages.

5.0
2020-10-06 CVE-2020-25863 Wireshark
Fedoraproject
Opensuse
Debian
Oracle
In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash.
5.0
2020-10-06 CVE-2020-25862 Wireshark
Fedoraproject
Opensuse
Debian
Oracle
Improper Validation of Integrity Check Value vulnerability in multiple products

In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash.

5.0
2020-10-06 CVE-2020-7466 MPD Project Out-Of-Bounds Read vulnerability in MPD Project MPD

The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted PPP authentication message to cause the daemon to read beyond allocated memory buffer, which would result in a denial of service condition.

5.0
2020-10-06 CVE-2020-15598 Trustwave
Debian
Infinite Loop vulnerability in multiple products

** DISPUTED ** Trustwave ModSecurity 3.x through 3.0.4 allows denial of service via a special request.

5.0
2020-10-06 CVE-2020-25644 Redhat Resource Exhaustion vulnerability in Redhat products

A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes an HTTP session.

5.0
2020-10-06 CVE-2020-24218 Szuray USE of Hard-Coded Credentials vulnerability in Szuray products

An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97.

5.0
2020-10-06 CVE-2020-24216 Szuray
Jtechdigital
Provideoinstruments
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders.
5.0
2020-10-06 CVE-2020-25987 Monocms Information Exposure Through LOG Files vulnerability in Monocms 1.0

MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS Blog.

5.0
2020-10-06 CVE-2020-25613 Ruby Lang
Fedoraproject
Http Request Smuggling vulnerability in multiple products

An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1.

5.0
2020-10-06 CVE-2020-24215 Szuray
Jtechdigital
Provideoinstruments
USE of Hard-Coded Credentials vulnerability in multiple products

An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders.

5.0
2020-10-05 CVE-2020-15235 Ractf Information Exposure vulnerability in Ractf Core 41Edf92

In RACTF before commit f3dc89b, unauthenticated users are able to get the value of sensitive config keys that would normally be hidden to everyone except admins.

5.0
2020-10-05 CVE-2020-15236 Requarks Path Traversal vulnerability in Requarks Wiki.Js 2.5.80

In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled.

5.0
2020-10-05 CVE-2020-6875 ZTE Improper Restriction of Excessive Authentication Attempts vulnerability in ZTE Zxone 19700 Snpe Firmware Zxone8700V1.40R2B13Snpe

A ZTE product is impacted by the improper access control vulnerability.

5.0
2020-10-05 CVE-2020-26061 Clickstudios Weak Password Recovery Mechanism FOR Forgotten Password vulnerability in Clickstudios Passwordstate 8.3

ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability.

5.0
2020-10-05 CVE-2020-8228 Nextcloud
Opensuse
Improper Restriction of Excessive Authentication Attempts vulnerability in multiple products

A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an uncontrolled amount of times.

5.0
2020-10-08 CVE-2020-26567 D Link Missing Authentication FOR Critical Function vulnerability in D-Link Dsr-250N Firmware

An issue was discovered on D-Link DSR-250N before 3.17B devices.

4.9
2020-10-07 CVE-2020-26164 KDE
Opensuse
Resource Exhaustion vulnerability in multiple products

In kdeconnect-kde (aka KDE Connect) before 20.08.2, an attacker on the local network could send crafted packets that trigger use of large amounts of CPU, memory, or network connection slots, aka a Denial of Service attack.

4.9
2020-10-06 CVE-2020-25641 Linux
Redhat
Infinite Loop vulnerability in multiple products

A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7.

4.9
2020-10-10 CVE-2020-26947 Getmonero Untrusted Search Path vulnerability in Getmonero Monero 0.17.0.1

monero-wallet-gui in Monero GUI before 0.17.1.0 includes the .

4.6
2020-10-09 CVE-2020-9105 Huawei Improper Input Validation vulnerability in Huawei Taurus-An00B Firmware 10.1.0.156

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an insufficient input validation vulnerability.

4.6
2020-10-09 CVE-2020-26922 Netgear Command Injection vulnerability in Netgear products

Certain NETGEAR devices are affected by command injection by an authenticated user.

4.6
2020-10-08 CVE-2020-26894 Faulknermedia Improper Privilege Management vulnerability in Faulknermedia Wildlife Issues in the NEW Millennium 18.0.160

LiveCode v9.6.1 on Windows allows local, low-privileged users to gain privileges by creating a malicious "cmd.exe" in the folder of the vulnerable LiveCode application.

4.6
2020-10-08 CVE-2020-4799 IBM Out-Of-Bounds Write vulnerability in IBM Informix Dynamic Server 14.10

IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability.

4.6
2020-10-07 CVE-2020-7316 Mcafee Unquoted Search Path OR Element vulnerability in Mcafee File and Removable Media Protection

Unquoted service path vulnerability in McAfee File and Removable Media Protection (FRP) prior to 5.3.0 allows local users to execute arbitrary code, with higher privileges, via execution and from a compromised folder.

4.6
2020-10-06 CVE-2020-1906 Whatsapp Out-Of-Bounds Write vulnerability in Whatsapp

A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams.

4.6
2020-10-05 CVE-2020-12302 Intel Improper Privilege Management vulnerability in Intel Driver & Support Assistant

Improper permissions in the Intel(R) Driver & Support Assistant before version 20.7.26.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2020-10-10 CVE-2020-26934 Phpmyadmin
Opensuse
Fedoraproject
Debian
Cross-Site Scripting vulnerability in multiple products

phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.

4.3
2020-10-09 CVE-2020-13955 Apache Missing Authentication FOR Critical Function vulnerability in Apache Calcite

HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks.

4.3
2020-10-09 CVE-2020-26162 Xerox Cross-Site Scripting vulnerability in Xerox products

Xerox WorkCentre EC7836 before 073.050.059.25300 and EC7856 before 073.020.059.25300 devices allow XSS via Description pages.

4.3
2020-10-08 CVE-2020-15241 Typo3 Open Redirect vulnerability in Typo3 Fluid Engine and Typo3

TYPO3 Fluid Engine (package `typo3fluid/fluid`) before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like `{showFullName ? fullName : defaultValue}`.

4.3
2020-10-08 CVE-2020-24301 Hapifhir Cross-Site Scripting vulnerability in Hapifhir Testpage Overlay 5.0.0

Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit an XSS vulnerability in this module, allowing arbitrary JavaScript to be executed in the user's browser.

4.3
2020-10-08 CVE-2020-15646 Mozilla Insufficiently Protected Credentials vulnerability in Mozilla Thunderbird

If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker.

4.3
2020-10-08 CVE-2019-4545 IBM
Linux
Unspecified vulnerability in IBM Qradar Security Information and Event Manager

IBM QRadar SIEM 7.3 and 7.4 when configured to use Active Directory Authentication may be susceptible to spoofing attacks.

4.3
2020-10-08 CVE-2020-2296 Jenkins Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Shared Objects

A cross-site request forgery (CSRF) vulnerability in Jenkins Shared Objects Plugin 0.44 and earlier allows attackers to configure shared objects.

4.3
2020-10-08 CVE-2020-2295 Barchart Cross-Site Request Forgery (CSRF) vulnerability in Barchart Maven Cascade Release

A cross-site request forgery (CSRF) vulnerability in Jenkins Maven Cascade Release Plugin 1.3.2 and earlier allows attackers to start cascade builds and layout builds, and reconfigure the plugin.

4.3
2020-10-08 CVE-2020-25272 Online BUS Booking System Project Cross-Site Scripting vulnerability in Online BUS Booking System Project Online BUS Booking System 1.0

In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.

4.3
2020-10-08 CVE-2020-25262 Pyrocms Cross-Site Request Forgery (CSRF) vulnerability in Pyrocms 3.7

PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: pages will be deleted.

4.3
2020-10-07 CVE-2020-15501 Smarter Unspecified vulnerability in Smarter Coffee Maker 1ST Generation

** UNSUPPORTED WHEN ASSIGNED ** Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization.

4.3
2020-10-07 CVE-2020-25867 Soplanning Improper Authentication vulnerability in Soplanning

SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings.

4.3
2020-10-07 CVE-2020-15177 Glpi Project Cross-Site Scripting vulnerability in Glpi-Project Glpi

In GLPI before version 9.5.2, the `install/install.php` endpoint insecurely stores user input into the database as `url_base` and `url_base_api`.

4.3
2020-10-07 CVE-2020-26870 Cure53
Debian
Microsoft
Cross-Site Scripting vulnerability in multiple products

Cure53 DOMPurify before 2.0.17 allows mutation XSS.

4.3
2020-10-06 CVE-2020-1905 Whatsapp USE of Insufficiently Random Values vulnerability in Whatsapp

Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated.

4.3
2020-10-06 CVE-2020-1903 Whatsapp Resource Exhaustion vulnerability in Whatsapp

An issue when unzipping docx, pptx, and xlsx documents in WhatsApp for iOS prior to v2.20.61 and WhatsApp Business for iOS prior to v2.20.61 could have resulted in an out-of-memory denial of service.

4.3
2020-10-06 CVE-2020-25986 Monocms Cross-Site Request Forgery (CSRF) vulnerability in Monocms 1.0

A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user.

4.3
2020-10-06 CVE-2020-23832 CAR Rental Management System Project Cross-Site Scripting vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.

4.3
2020-10-06 CVE-2020-5631 Cmonos Cross-Site Scripting vulnerability in Cmonos 2.0.20200916

Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors.

4.3
2020-10-05 CVE-2020-15237 Shrinerb Information Exposure Through Timing Discrepancy vulnerability in Shrinerb Shrine

In Shrine before version 3.3.0, when using the `derivation_endpoint` plugin, it's possible for the attacker to use a timing attack to guess the signature of the derivation URL.

4.3
2020-10-10 CVE-2020-26932 Sympa Incorrect Permission Assignment for Critical Resource vulnerability in Sympa

debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)

4.0
2020-10-08 CVE-2020-5389 Dell Information Exposure Through LOG Files vulnerability in Dell EMC Openmanage Integration FOR Microsoft System Center

Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an information disclosure vulnerability.

4.0
2020-10-08 CVE-2020-2294 Barchart Missing Authorization vulnerability in Barchart Maven Cascade Release

Jenkins Maven Cascade Release Plugin 1.3.2 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to start cascade builds and layout builds, and reconfigure the plugin.

4.0
2020-10-08 CVE-2020-2293 Jenkins Path Traversal vulnerability in Jenkins Persona

Jenkins Persona Plugin 2.4 and earlier allows users with Overall/Read permission to read arbitrary files on the Jenkins controller.

4.0
2020-10-08 CVE-2020-2298 Jenkins XXE vulnerability in Jenkins Nerrvana

Jenkins Nerrvana Plugin 1.02.06 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.

4.0
2020-10-07 CVE-2020-13342 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email

4.0
2020-10-07 CVE-2020-13346 Gitlab Information Exposure vulnerability in Gitlab

Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API.

4.0
2020-10-07 CVE-2020-13335 Gitlab Improper Authentication vulnerability in Gitlab

Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group.

4.0
2020-10-07 CVE-2020-13332 Gitlab Insufficient Session Expiration vulnerability in Gitlab

Improper access expiration date validation in GitLab version >=8.11.0-rc6+ allows user to have access to projects with expiration.

4.0
2020-10-06 CVE-2020-14183 Atlassian Information Exposure vulnerability in Atlassian Jira

Affected versions of Jira Server & Data Center allow a remote attacker with limited (non-admin) privileges to view a Jira instance's Support Entitlement Number (SEN) via an Information Disclosure vulnerability in the HTTP Response headers.

4.0
2020-10-06 CVE-2020-13343 Gitlab Exposure of Resource TO Wrong Sphere vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 11.2.

4.0
2020-10-06 CVE-2020-13333 Gitlab Resource Exhaustion vulnerability in Gitlab 13.1.0/13.2.0/13.3.0

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3.

4.0
2020-10-06 CVE-2020-15239 Xmpp Http Upload Project Path Traversal vulnerability in Xmpp-Http-Upload Project Xmpp-Http-Upload 0.1/0.2.0/0.3.0

In xmpp-http-upload before version 0.4.0, when the GET method is attacked, attackers can read files which have a `.data` suffix and which are accompanied by a JSON file with the `.meta` suffix.

4.0
2020-10-05 CVE-2020-8235 Nextcloud Authorization Bypass Through User-Controlled KEY vulnerability in Nextcloud Deck 1.0.4

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.

4.0

45 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-10-05 CVE-2020-25636 Redhat Files OR Directories Accessible TO External Parties vulnerability in Redhat Ansible 2.10.1

A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers.

3.6
2020-10-09 CVE-2020-26923 Netgear Cross-Site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-10-09 CVE-2020-26918 Netgear Cross-Site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-10-09 CVE-2020-26917 Netgear Cross-Site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-10-09 CVE-2020-26915 Netgear Cross-Site Scripting vulnerability in Netgear products

Certain NETGEAR devices are affected by stored XSS.

3.5
2020-10-08 CVE-2020-13340 Gitlab Cross-Site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log

3.5
2020-10-08 CVE-2020-2290 Jenkins Cross-Site Scripting vulnerability in Jenkins Active Choices

Jenkins Active Choices Plugin 2.4 and earlier does not escape some return values of sandboxed scripts for Reactive Reference Parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

3.5
2020-10-08 CVE-2020-2289 Jenkins Cross-Site Scripting vulnerability in Jenkins Active Choices

Jenkins Active Choices Plugin 2.4 and earlier does not escape the name and description of build parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.

3.5
2020-10-08 CVE-2020-25271 Phpgurukul Cross-Site Scripting vulnerability in PHPgurukul Hospital Management System in PHP 4.0

PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php.

3.5
2020-10-08 CVE-2020-25270 Phpgurukul Cross-Site Scripting vulnerability in PHPgurukul Hostel Management System 2.0

PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City.

3.5
2020-10-08 CVE-2020-2292 Jenkins Cross-Site Scripting vulnerability in Jenkins Release

Jenkins Release Plugin 2.10.2 and earlier does not escape the release version in badge tooltip, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Release/Release permission.

3.5
2020-10-08 CVE-2020-3589 Cisco Cross-Site Scripting vulnerability in Cisco Identity Services Engine

A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface.

3.5
2020-10-08 CVE-2020-3536 Cisco Cross-Site Scripting vulnerability in Cisco Sd-Wan

A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

3.5
2020-10-08 CVE-2020-3320 Cisco Cross-Site Scripting vulnerability in Cisco Firepower Management Center

A vulnerability in the web-based management interface of Cisco Firepower Management Center could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.

3.5
2020-10-07 CVE-2020-17551 Impresscms Cross-Site Scripting vulnerability in Impresscms 1.4.0

ImpressCMS 1.4.0 is affected by XSS in modules/system/admin.php which may result in arbitrary remote code execution.

3.5
2020-10-07 CVE-2020-25343 Getsymphony Cross-Site Scripting vulnerability in Getsymphony Symphony 3.0.0

Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject arbitrary web script or HTML to fields['body'] param via events\event.publish_article.php

3.5
2020-10-06 CVE-2020-13345 Gitlab Cross-Site Scripting vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions starting from 10.8.

3.5
2020-10-05 CVE-2020-8223 Nextcloud Improper Privilege Management vulnerability in Nextcloud Server 19.0.0

A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to reshare with higher permissions than they got assigned themselves.

3.5
2020-10-05 CVE-2020-26166 Qdpm Cross-Site Scripting vulnerability in Qdpm 9.1

The file upload functionality in qdPM 9.1 doesn't check the file description, which allows remote authenticated attackers to inject web script or HTML via the attachments info parameter, aka XSS.

3.5
2020-10-09 CVE-2020-26931 Netgear Information Exposure vulnerability in Netgear Wc7500 Firmware, Wc7600 Firmware and Wc9500 Firmware

Certain NETGEAR devices are affected by disclosure of sensitive information.

3.3
2020-10-09 CVE-2020-26924 Netgear Information Exposure vulnerability in Netgear Wac720 Firmware and Wac730 Firmware

Certain NETGEAR devices are affected by disclosure of sensitive information.

3.3
2020-10-09 CVE-2020-26905 Netgear Insufficiently Protected Credentials vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

3.3
2020-10-09 CVE-2020-26904 Netgear Insufficiently Protected Credentials vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

3.3
2020-10-09 CVE-2020-26903 Netgear Insufficiently Protected Credentials vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

3.3
2020-10-09 CVE-2020-26901 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of sensitive information.

3.3
2020-10-09 CVE-2020-26900 Netgear Insufficiently Protected Credentials vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of administrative credentials.

3.3
2020-10-09 CVE-2020-26899 Netgear Information Exposure vulnerability in Netgear products

Certain NETGEAR devices are affected by disclosure of sensitive information.

3.3
2020-10-05 CVE-2019-14558 Intel Unspecified vulnerability in Intel Bios

Insufficient control flow management in BIOS firmware for 8th, 9th, 10th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Processor 4000 & 5000 Series Processors may allow an authenticated user to potentially enable denial of service via adjacent access.

2.7
2020-10-07 CVE-2020-24722 Exposure Notifications Project Authentication Bypass BY Capture-Replay vulnerability in Exposure Notifications Project Exposure Notifications

** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-10-05, as used in COVID-19 applications on Android and iOS.

2.6
2020-10-09 CVE-2020-26925 Netgear Unspecified vulnerability in Netgear Gs808E Firmware 1.7.0.7

NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service.

2.1
2020-10-09 CVE-2020-13626 Oneplus Missing Authorization vulnerability in Oneplus APP Locker 20201006

OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked.

2.1
2020-10-08 CVE-2020-13344 Gitlab Information Exposure vulnerability in Gitlab

An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2.

2.1
2020-10-08 CVE-2020-2291 Jenkins Unprotected Storage of Credentials vulnerability in Jenkins Couchdb-Statistics

Jenkins couchdb-statistics Plugin 0.3 and earlier stores its server password unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

2.1
2020-10-08 CVE-2020-2297 Jenkins Unprotected Storage of Credentials vulnerability in Jenkins SMS Notification 1.0.1/1.1/1.2

Jenkins SMS Notification Plugin 1.2 and earlier stores an access token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system.

2.1
2020-10-06 CVE-2020-25743 Qemu
Redhat
Null Pointer Dereference vulnerability in multiple products

hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer check before an ide_cancel_dma_sync call.

2.1
2020-10-06 CVE-2020-25742 Qemu Null Pointer Dereference vulnerability in Qemu

pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci_get_bus() might not return a valid pointer.

2.1
2020-10-06 CVE-2020-26572 Opensc Project Out-Of-Bounds Write vulnerability in Opensc Project Opensc

The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher.

2.1
2020-10-06 CVE-2020-26571 Opensc Project Out-Of-Bounds Write vulnerability in Opensc Project Opensc

The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init.

2.1
2020-10-06 CVE-2020-26570 Opensc Project Out-Of-Bounds Write vulnerability in Opensc Project Opensc

The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file.

2.1
2020-10-05 CVE-2020-25635 Redhat Improper Cross-Boundary Removal of Sensitive Data vulnerability in Redhat Ansible 2.10.1

A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is not happening after playbook run is completed.

2.1
2020-10-05 CVE-2020-8671 Intel Always-Incorrect Control Flow Implementation vulnerability in Intel Bios

Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2020-10-05 CVE-2020-0571 Intel Information Exposure vulnerability in Intel Bios

Improper conditions check in BIOS firmware for 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series may allow an authenticated user to potentially enable information disclosure via local access.

2.1
2020-10-08 CVE-2020-12401 Mozilla USE of A Broken OR Risky Cryptographic Algorithm vulnerability in Mozilla Firefox

During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data.

1.9
2020-10-06 CVE-2020-4528 IBM Information Exposure vulnerability in IBM Datapower Gateway

IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files.

1.9
2020-10-08 CVE-2020-12400 Mozilla Information Exposure vulnerability in Mozilla Firefox

When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack.

1.2