Weekly Vulnerabilities Reports > October 19 to 25, 2020

Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd.

A vulnerability in the Cisco Firepower Chassis Manager (FCM) of Cisco FXOS Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack against a user of an affected device.

The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection.

A vulnerability in the SSL/TLS session handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

A vulnerability in the licensing service of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.The vulnerability is due to improper handling of system resource values by the affected system.

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to upload arbitrary-sized files to specific folders on an affected device, which could lead to an unexpected device reload.

A vulnerability in the IP fragment-handling implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a memory leak on an affected device.

A vulnerability in the web interface of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection product of Oracle PeopleSoft (component: eSupplier Connection).

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging).

A vulnerability in the Common Access Card (CAC) authentication feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass authentication and access the FMC system.

This affects the package @tsed/core before 5.65.7.

Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: UI and Visualization).

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds write issue was addressed with improved bounds checking.

A buffer overflow issue was addressed with improved memory handling.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds write issue was addressed with improved bounds checking.

A buffer overflow issue was addressed with improved memory handling.

A memory corruption issue was addressed with improved state management.

An issue existed within the path validation logic for symlinks.

An issue existed within the path validation logic for symlinks.

Multiple memory corruption issues were addressed with improved state management.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow issue was addressed with improved memory handling.

A buffer overflow was addressed with improved bounds checking.

An out-of-bounds write issue was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved bounds checking.

An out-of-bounds write issue was addressed with improved bounds checking.

An integer overflow was addressed through improved input validation.

An out-of-bounds write issue was addressed with improved bounds checking.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds write issue was addressed with improved bounds checking.

An out-of-bounds write issue was addressed with improved bounds checking.

A memory initialization issue was addressed with improved memory handling.

A logic issue was addressed with improved validation.

A vulnerability in the ICMP ingress packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 4110 appliances could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

A vulnerability in the packet processing functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation).

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Flex Fields).

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure).

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003.

An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003.

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: LDAP Auth).

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Mozilla developers reported memory safety bugs present in Firefox 81.

Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3.

A buffer overflow was addressed with improved bounds checking.

admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality.

tiki-login.php in Tiki before 21.2 sets the admin password to a blank value after 50 invalid login attempts.

receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code.

The Loginizer plugin before 1.6.4 for WordPress allows SQL injection (with resultant XSS), related to loginizer_login_failed and lz_valid_ip.

A vulnerability in the SIP inspection process of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a crash and reload of an affected device, resulting in a denial of service (DoS) condition.

A vulnerability in the TCP packet processing of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly.

A vulnerability in the SSL VPN negotiation process for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition.

A vulnerability in the OSPF Version 2 (OSPFv2) implementation of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition.

BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint.

BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox."

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO).

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: E-Business Suite - XDO).

Vulnerability in the Oracle Hospitality OPERA 5 Property Services product of Oracle Hospitality Applications (component: Logging).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3.

Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.

An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2.

An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2.

In JetBrains YouTrack before 2020.2.10514, SSRF is possible because URL filtering can be escaped.

An issue was discovered in tcpreplay tcpprep v4.3.3.

An issue was discovered in tcpreplay tcpprep v4.3.3.

An issue was discovered in Ghisler Total Commander 9.51.

FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL].

A memory corruption issue was addressed with improved input validation.

Dreamweaver version 20.2 (and earlier) is affected by an uncontrolled search path element vulnerability that could lead to privilege escalation.

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

A vulnerability in the secure boot process of Cisco FXOS Software could allow an authenticated, local attacker to bypass the secure boot mechanisms.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Scheduler component of Oracle Database Server.

Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\.

Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSSLDIR variable as a subdirectory within C:\jenkins_agent\.

Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user.

The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable.

Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code.

A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login).

Vulnerability in the Oracle FLEXCUBE Direct Banking product of Oracle Financial Services Applications (component: Pre Login).

An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a host OS denial of service, achieve data corruption, or possibly gain privileges by exploiting a race condition that leads to a use-after-free involving 2MiB and 1GiB superpages.

A flaw was found in the fabric8-maven-plugin 4.0.0 and later.

A race condition was addressed with additional validation.

A memory corruption issue was addressed with improved memory handling.

A race condition was addressed with improved state handling.

Adobe Premiere Pro version 14.4 (and earlier) is affected by an uncontrolled search path element that could result in arbitrary code execution in the context of the current user.

Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe Photoshop for Windows version 21.2.1 (and earlier) is affected by an uncontrolled search path element vulnerability that could result in arbitrary code execution in the context of the current user.

Adobe After Effects version 17.1.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user.

Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory.

A CSRF vulnerability in Eyoucms v1.2.7 allows an attacker to add an admin account via login.php.

A buffer overflow issue was addressed with improved memory handling.

A memory corruption issue was addressed with improved input validation.

A memory corruption issue was addressed with improved validation.

An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier.

Adobe Creative Cloud Desktop Application version 5.2 (and earlier) and 2.1 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user.

A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash.

This affects the package scratch-svg-renderer before 0.2.0-prerelease.20201019174008.

SQL injection vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to execute arbitrary SQL commands via a specially crafted URL.

Vulnerability in the RDBMS Security component of Oracle Database Server.

Vulnerability in the Oracle Banking Payments product of Oracle Financial Services Applications (component: Core).

Vulnerability in the Oracle Banking Corporate Lending product of Oracle Financial Services Applications (component: Core).

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications (component: Infrastructure).

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Logging).

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: X Plugin).

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services).

Vulnerability in the Database Filesystem component of Oracle Database Server.

Vulnerability in the Oracle Text component of Oracle Database Server.

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file.

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file.

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file.

Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file.

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files.

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files.

Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files.

SAP Banking Services version 500, use an incorrect authorization object in some of its reports.

A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method.

HUAWEI Mate 30 versions earlier than 10.1.0.150(C00E136R5P3) and HUAWEI P30 version earlier than 10.1.0.160(C00E160R2P11) have a use after free vulnerability.

GoPro gpmf-parser through 1.5 has a stack out-of-bounds write vulnerability in GPMF_ExpandComplexTYPE().

SolarWinds N-central through 2020.1 allows session hijacking and requires user interaction or physical access.

A vulnerability in the multi-instance feature of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to escape the container for their Cisco FTD instance and execute commands with root privileges in the host namespace.

Multiple vulnerabilities in the secure boot process of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software for the Firepower 1000 Series and Firepower 2100 Series Appliances could allow an authenticated, local attacker to bypass the secure boot mechanism.

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges.

On Windows the Veyon Service before version 4.4.2 contains an unquoted service path vulnerability, allowing locally authenticated users with administrative privileges to run malicious executables with LocalSystem privileges.

A memory corruption issue was addressed with improved memory handling.

An out-of-bounds read was addressed with improved input validation.

An out-of-bounds read was addressed with improved input validation.

In Magento (rubygems openmage/magento-lts package) before versions 19.4.8 and 20.0.4, an admin user can generate soap credentials that can be used to trigger RCE via PHP Object Injection through product attributes and a product.

A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured access rule and access parts of the WebVPN portal that are supposed to be blocked.

Vulnerability in the PeopleSoft Enterprise HCM Global Payroll Core product of Oracle PeopleSoft (component: Security).

Vulnerability in the Database Vault component of Oracle Database Server.

Improper neutralization of argument delimiters in a command in Nagios XI 5.7.3 allows a remote, authenticated admin user to write to arbitrary files and ultimately execute code with the privileges of the apache user.

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.2.2 is vulnerable to SQL injection.

This affects all versions of package osm-static-maps.

Atmel Advanced Software Framework (ASF) 4 has an Integer Overflow.

HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas.

In BigBlueButton before 2.2.28 (or earlier), the client-side Mute button only signifies that the server should stop accepting audio data from the client.

Vulnerability in the Oracle E-Business Suite Secure Enterprise Search product of Oracle E-Business Suite (component: Search Integration Engine).

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Oracle Diagnostics Interfaces).

In Spree before versions 3.7.11, 4.0.4, or 4.1.11, expired user tokens could be used to access Storefront API v2 endpoints.

GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData().

A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.

Multiple vulnerabilities in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the web services interface of an affected device.

A vulnerability in the ingress packet processing path of Cisco Firepower Threat Defense (FTD) Software for interfaces that are configured either as Inline Pair or in Passive mode could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.

Marketo Sales Insight plugin version 1.4355 (and earlier) is affected by a blind stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields.

An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10.

A path handling issue was addressed with improved validation.

A vulnerability in the TCP Intercept functionality of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass configured Access Control Policies (including Geolocation) and Service Polices on an affected system.

omniauth-auth0 (rubygems) versions >= 2.3.0 and < 2.4.1 improperly validate the JWT token signature when using the `jwt_validator.verify` method.

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security).

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Integration Broker).

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server).

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration).

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Grids).

Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect).

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: User Interface).

Vulnerability in the Oracle Hospitality Suite8 product of Oracle Hospitality Applications (component: WebConnect).

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface).

Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service).

Vulnerability in the BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security).

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popup windows).

Prior to 0.11.0-beta, LND (Lightning Network Daemon) had a vulnerability in its invoice database.

VMware vCenter Server (6.7 before 6.7u3, 6.6 before 6.5u3k) contains a session hijack vulnerability in the vCenter Server Appliance Management Interface update function due to a lack of certificate validation.

A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs.

An out-of-bounds read was addressed with improved bounds checking.

AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php

A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path.

Vulnerability in the Oracle Utilities Framework product of Oracle Utilities Applications (component: System Wide).

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Administration).

Vulnerability in the Core RDBMS component of Oracle Database Server.

SAP NetWeaver (Compare Systems) versions - 7.20, 7.30, 7.40, 7.50, does not sufficiently validate uploaded XML documents.

HUAWEI Mate 20 versions earlier than 10.0.0.188(C00E74R3P8) have a buffer overflow vulnerability in the Bluetooth module.

An issue was discovered in Xen through 4.14.x allowing x86 PV guest OS users to gain guest OS privileges by modifying kernel memory contents, because invalidation of TLB entries is mishandled during use of an INVLPG-like attack technique.

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass FTP inspection.

A vulnerability in the host input API daemon of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.

An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure.

When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash.

If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler.

In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service.

A logic issue was addressed with improved state management.

In Strapi before 3.2.5, there is no admin::hasPermissions restriction for CTB (aka content-type-builder) routes.

A memory corruption issue was addressed with improved memory handling.

An out-of-bounds read was addressed with improved input validation.

A logic issue was addressed with improved restrictions.

AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php

In Tensorflow before version 2.4.0, when the `boxes` argument of `tf.image.crop_and_resize` has a very large value, the CPU kernel implementation receives it as a C++ `nan` floating point value.

In Tensorflow before version 2.4.0, an attacker can pass an invalid `axis` value to `tf.quantization.quantize_and_dequantize`.

A vulnerability in the ssl_inspection component of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to crash Snort instances.

The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access.

BigBlueButton through 2.2.28 records a video meeting despite the deactivation of video recording in the user interface.

BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session.

BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files.

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: SQL Extensions).

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core).

Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: AMP EBS Integration).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query).

Vulnerability in the Oracle Hospitality RES 3700 product of Oracle Food and Beverage Applications (component: CAL).

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences).

Prior to 0.10.0-beta, LND (Lightning Network Daemon) would have accepted a counterparty high-S signature and broadcast tx-relay invalid local commitment/HTLC transactions.

The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attacker to invoke queries on the database and retrieve sensitive information.

InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request.

Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller.

DomainMOD before 4.14.0 uses MD5 without a salt for password storage.

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally.

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity.

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_ScaledData().

GoPro gpmf-parser 1.5 has a division-by-zero vulnerability in GPMF_Decompress().

A mis-handling of invalid unicode characters in the Java implementation of Tink versions prior to 1.5 allows an attacker to change the ID part of a ciphertext, which result in the creation of a second ciphertext that can decrypt to the same plaintext.

Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server.

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server.

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server.

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core).

Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface).

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server.

Vulnerability in the Oracle Application Express component of Oracle Database Server.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem).

Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services).

Vulnerability in the Java VM component of Oracle Database Server.

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device.

IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service.

An issue was discovered in the Linux kernel through 5.9.1, as used with Xen through 4.14.x.

A vulnerability in the Clientless SSL VPN (WebVPN) of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to inject arbitrary HTTP headers in the responses of the affected system.

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation.

FRITZ!OS before 7.21 on FRITZ!Box devices allows a bypass of a DNS Rebinding protection mechanism.

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager.

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have Insecure Permissions, with resultant svc_netcontrol arbitrary command injection and privilege escalation.

Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call.

Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out).

Verifone Pinpad Payment Terminals allow undocumented physical access to the system via an SBI bootloader memory write operation.

Verifone VerixV Pinpad Payment Terminals with QT000530 allow bypass of integrity and origin control for S1G file generation.

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 1 of 2).

Microchip CryptoAuthentication Library CryptoAuthLib prior to 20191122 has a Buffer Overflow (issue 2 of 2).

A logic issue was addressed with improved restrictions.

A path handling issue was addressed with improved validation.

A memory corruption issue was addressed with improved validation.

The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access.

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability.

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass.

This issue was addressed with improved checks.

A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4.

When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in.

In Network Security Services (NSS) before 3.36.7 and before 3.41.1, a malformed signature can cause a crash due to a null dereference, resulting in a Denial of Service.

An information disclosure issue was addressed with improved state management.

A file access issue existed with certain home folder files.

An issue was discovered in Octopus Deploy through 2020.4.4.

Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft.

A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6.

The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped.

Adobe InDesign version 15.1.2 (and earlier) is affected by a NULL pointer dereference bug that occurs when handling a malformed .indd file.

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface.

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.

The cm-download-manager plugin before 2.8.0 for WordPress allows XSS.

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.

Cross-site scripting vulnerability in Simple Download Monitor 3.8.8 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.

In BigBlueButton before 2.2.28 (or earlier), uploaded presentations are sent to clients without a Content-Type header, which allows XSS, as demonstrated by a .png file extension for an HTML document.

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics).

Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: APIs).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology).

Cross-site request forgery in Nagios XI 5.7.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser.

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of Danyil Vasilenko's Bolt Browser allows an attacker to obfuscate the true source of data as presented in the browser.

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of the Yandex Browser allows an attacker to obfuscate the true source of data as presented in the browser.

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser.

User Interface (UI) Misrepresentation of Critical Information vulnerability in the address bar of UCWeb's UC Browser allows an attacker to obfuscate the true source of data as presented in the browser.

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager.

IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies.

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting.

The affected Reason S20 Ethernet Switch is vulnerable to cross-site scripting (XSS), which may allow attackers to trick users into following a link or navigating to a page that posts a malicious JavaScript statement to the vulnerable site, causing the malicious JavaScript to be rendered by the site and executed by the victim client.

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.

There is a reflected cross site scripting vulnerability in SAP NetWeaver Composite Application Framework, versions - 7.20, 7.30, 7.31, 7.40, 7.50.

SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure.

In platform before version 9.4.4, inline attributes are not properly escaped.

Blinger.io v.1.0.2519 is vulnerable to Blind/Persistent XSS.

A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.

AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter.

SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly.

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability.

OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access).

OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API.

Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid.

A logic issue was addressed with improved state management.

The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address.

Greenlight in BigBlueButton through 2.2.28 places usernames in room URLs, which may represent an unintended information leak to users in a room, or an information leak to outsiders if any user publishes a screenshot of a browser window.

BigBlueButton before 2.3 does not implement LibreOffice sandboxing.

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer).

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query).

Vulnerability in the Hyperion Analytic Provider Services product of Oracle Hyperion (component: Smart View Provider).

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General).

Vulnerability in the Oracle REST Data Services product of Oracle REST Data Services (component: General).

A cleartext storage of sensitive information vulnerability in FortiOS command line interface in versions 6.2.4 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an authenticated attacker to obtain sensitive information such as users passwords by connecting to FortiGate CLI and executing the "diag sys ha checksum show" command.

BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF attacks via an uploaded Office document that has a crafted URL in an ODF xlink field.

In Sylius before versions 1.6.9, 1.7.9 and 1.8.3, the user may register in a shop by email [email protected], verify it, change it to the mail [email protected] and stay verified and enabled.

A vulnerability in the TLS handler of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000 Series firewalls could allow an unauthenticated, remote attacker to gain access to sensitive information.

This issue was addressed with a new entitlement.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10.

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability.

OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS.

A cross-site scripting (XSS) vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04_R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service.

Strapi before 3.2.5 has stored XSS in the wysiwyg editor's preview feature.

Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used.

A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages.

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions).

Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment).

In VMware ESXi (6.7 before ESXi670-201908101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x before 15.1.0), Fusion (11.x before 11.1.0), the VMCI host drivers used by VMware hypervisors contain a memory leak vulnerability.

VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device.

IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting.

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting.

SAP NetWeaver Design Time Repository (DTR), versions - 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.

This affects all versions of package lightning-server.

ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel).

E6878-370 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP21C233) and E6878-870 versions 10.0.3.1(H557SP27C233),10.0.3.1(H563SP11C233) have a denial of service vulnerability.

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.

Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow installation of unsigned packages.

Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.

A logic issue was addressed with improved restrictions.

An access issue was addressed with additional sandbox restrictions.

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility).

Vulnerability in the Hyperion Lifecycle Management product of Oracle Hyperion (component: Shared Services).

Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service).

Vulnerability in the Hyperion BI+ product of Oracle Hyperion (component: IQR-Foundation service).

Vulnerability in the Hyperion Planning product of Oracle Hyperion (component: Application Development Framework).

IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash.

HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability.

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to access hidden commands.

Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation).

Vulnerability in the SQL Developer Install component of Oracle Database Server.