Weekly Vulnerabilities Reports > November 16 to 22, 2020

Overview

291 new vulnerabilities reported during this period, including 41 critical vulnerabilities and 127 high severity vulnerabilities. This weekly summary report vulnerabilities in 286 products from 121 vendors including Schneider Electric, Cisco, IBM, Fedoraproject, and Jetbrains. Vulnerabilities are notably categorized as "Cross-site Scripting", "SQL Injection", "Unrestricted Upload of File with Dangerous Type", "Improper Input Validation", and "Out-of-bounds Write".

  • 229 reported vulnerabilities are remotely exploitables.
  • 20 reported vulnerabilities have public exploit available.
  • 89 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 172 reported vulnerabilities are exploitable by an anonymous user.
  • Schneider Electric has the most reported vulnerabilities, with 30 reported vulnerabilities.
  • Cisco has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

41 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-16 CVE-2020-27486 Garmin Classic Buffer Overflow vulnerability in Garmin Forerunner 235 Firmware

Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow.

9.9
2020-11-16 CVE-2020-27485 Garmin Improper Validation of Array Index vulnerability in Garmin Forerunner 235 Firmware

Garmin Forerunner 235 before 8.20 is affected by: Array index error.

9.9
2020-11-16 CVE-2020-27484 Garmin Integer Overflow or Wraparound vulnerability in Garmin Forerunner 235 Firmware

Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow.

9.9
2020-11-16 CVE-2020-27483 Garmin Improper Validation of Array Index vulnerability in Garmin Forerunner 235 Firmware

Garmin Forerunner 235 before 8.20 is affected by: Array index error.

9.9
2020-11-21 CVE-2020-25189 Paradox Unspecified vulnerability in Paradox Ip150 Firmware 5.02.09

The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).

9.8
2020-11-20 CVE-2020-28877 TP Link Classic Buffer Overflow vulnerability in Tp-Link products

Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N.

9.8
2020-11-20 CVE-2020-25839 Microfocus SQL Injection vulnerability in Microfocus Identity Manager 4.8

NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability.

9.8
2020-11-19 CVE-2020-7561 Schneider Electric Unspecified vulnerability in Schneider-Electric Easergy T300 Firmware 1.5.2/2.7

A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with firmware 2.7 and older) that could cause a wide range of problems, including information exposure, denial of service, and command execution when access to a resource from an attacker is not restricted or incorrectly restricted.

9.8
2020-11-19 CVE-2020-28212 Schneider Electric Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert

A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when a brute force attack is done over Modbus.

9.8
2020-11-19 CVE-2020-28951 Openwrt Use After Free vulnerability in Openwrt

libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using malicious package names.

9.8
2020-11-19 CVE-2020-11831 Oppo Incorrect Permission Assignment for Critical Resource vulnerability in Oppo Ovoicemanager 2.0.1

OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.

9.8
2020-11-19 CVE-2020-11830 Oppo Unspecified vulnerability in Oppo Qualityprotect 2.0

QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.

9.8
2020-11-19 CVE-2020-11829 Oppo Unspecified vulnerability in Oppo Coloros 2.0.05493E40200722

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.

9.8
2020-11-19 CVE-2019-20933 Influxdata
Debian
Improper Authentication vulnerability in multiple products

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

9.8
2020-11-18 CVE-2020-3586 Cisco OS Command Injection vulnerability in Cisco DNA Spaces: Connector

A vulnerability in the web-based management interface of Cisco DNA Spaces Connector could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.

9.8
2020-11-18 CVE-2020-3531 Cisco Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to access the back-end database of an affected system.

9.8
2020-11-18 CVE-2020-3470 Cisco Improper Input Validation vulnerability in Cisco products

Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges.

9.8
2020-11-18 CVE-2020-28578 Trendmicro Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

9.8
2020-11-18 CVE-2020-26097 Planet Use of Hard-coded Credentials vulnerability in Planet Nvr-1615 Firmware and Nvr-915 Firmware

The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet.

9.8
2020-11-18 CVE-2020-6016 Valvesoftware Out-of-bounds Write vulnerability in Valvesoftware Game Networking Sockets 1.0.0/1.1.0

Valve's Game Networking Sockets prior to version v1.2.0 improperly handles unreliable segments with negative offsets in function SNP_ReceiveUnreliableSegment(), leading to a Heap-Based Buffer Underflow and a free() of memory not from the heap, resulting in a memory corruption and probably even a remote code execution.

9.8
2020-11-17 CVE-2020-28183 Water Billing System Project SQL Injection vulnerability in Water Billing System Project Water Billing System 1.0

SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.

9.8
2020-11-17 CVE-2020-28130 Online Library Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Online Library Management System Project Online Library Management System 1.0

An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).

9.8
2020-11-17 CVE-2020-26553 Aviatrix Unrestricted Upload of File with Dangerous Type vulnerability in Aviatrix Controller 5.3.1516

An issue was discovered in Aviatrix Controller before R6.0.2483.

9.8
2020-11-17 CVE-2020-28133 Simple Grocery Store Sales AND Inventory Sales Project SQL Injection vulnerability in Simple Grocery Store Sales and Inventory Sales Project Simple Grocery Store Sales and Inventory System 1.0

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0.

9.8
2020-11-17 CVE-2020-28140 Online Clothing Store Project Unrestricted Upload of File with Dangerous Type vulnerability in Online Clothing Store Project Online Clothing Store 1.0

SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.

9.8
2020-11-17 CVE-2020-28138 Online Clothing Store Project SQL Injection vulnerability in Online Clothing Store Project Online Clothing Store 1.0

SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.

9.8
2020-11-17 CVE-2020-27555 Basetech Insecure Default Initialization of Resource vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921

Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user.

9.8
2020-11-17 CVE-2020-7774 Y18N Project
Oracle
Siemens
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
9.8
2020-11-17 CVE-2020-27131 Cisco Deserialization of Untrusted Data vulnerability in Cisco Security Manager

Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device.

9.8
2020-11-17 CVE-2020-27125 Cisco Improper Input Validation vulnerability in Cisco Security Manager

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system.

9.8
2020-11-17 CVE-2020-11851 Microfocus Code Injection vulnerability in Microfocus Arcsight Logger 6.61/7.0/7.0.1

Arbitrary code execution vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1.

9.8
2020-11-16 CVE-2020-26510 Airleader Insecure Default Initialization of Resource vulnerability in Airleader Master Control

Airleader Master <= 6.21 devices have default credentials that can be used to access the exposed Tomcat Manager for deployment of a new .war file, with resultant remote code execution.

9.8
2020-11-16 CVE-2020-26508 Canon Insufficiently Protected Credentials vulnerability in Canon OCE Colorwave 3500 Firmware 5.1.1.0

The WebTools component on Canon Oce ColorWave 3500 5.1.1.0 devices allows attackers to retrieve stored SMB credentials via the export feature, even though these are intentionally inaccessible in the UI.

9.8
2020-11-16 CVE-2020-27422 Anuko Insufficient Session Expiration vulnerability in Anuko Time Tracker

In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account.

9.8
2020-11-16 CVE-2020-25952 User Registration Login AND User Management System Project SQL Injection vulnerability in User Registration & Login and User Management System Project User Registration & Login and User Management System 2.1

SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With admin panel 2.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.

9.8
2020-11-16 CVE-2020-25207 Jetbrains Unspecified vulnerability in Jetbrains Toolbox

JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.

9.8
2020-11-16 CVE-2020-5664 Riken Deserialization of Untrusted Data vulnerability in Riken Xoonips

Deserialization of untrusted data vulnerability in XooNIps 3.49 and earlier allows remote attackers to execute arbitrary code via unspecified vectors.

9.8
2020-11-16 CVE-2020-28642 Infinitewp Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Infinitewp 2.4.2/2.4.3

In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset code, which makes it easier for remote attackers to conduct admin Account Takeover attacks.

9.8
2020-11-16 CVE-2020-8271 Citrix Path Traversal vulnerability in Citrix Sd-Wan

Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

9.8
2020-11-18 CVE-2020-3419 Cisco Improper Control of Dynamically-Managed Code Resources vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to join a Webex session without appearing on the participant list.

9.1
2020-11-17 CVE-2020-27130 Cisco Unspecified vulnerability in Cisco Security Manager

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information.

9.1

127 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-21 CVE-2020-25185 Paradox Unspecified vulnerability in Paradox Ip150 Firmware 5.02.09

The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09).

8.8
2020-11-20 CVE-2020-13671 Drupal
Fedoraproject
Unrestricted Upload of File with Dangerous Type vulnerability in multiple products

Drupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting configurations.

8.8
2020-11-19 CVE-2020-7572 Schneider Electric Unspecified vulnerability in Schneider-Electric Webreports 1.9/3.1

A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary XML code and obtain disclosure of confidential data, denial of service, server side request forgery due to improper configuration of the XML parser.

8.8
2020-11-19 CVE-2020-7569 Schneider Electric Unspecified vulnerability in Schneider-Electric Webreports 1.9/3.1

A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to upload arbitrary files due to incorrect verification of user supplied files and achieve remote code execution.

8.8
2020-11-19 CVE-2020-28213 Schneider Electric Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert

A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus.

8.8
2020-11-19 CVE-2020-12495 Endress Improper Privilege Management vulnerability in Endress products

Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) with Firmware version prior to V2.0.0 is prone to improper privilege management.

8.8
2020-11-18 CVE-2020-28579 Trendmicro Out-of-bounds Write vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.

8.8
2020-11-18 CVE-2020-26075 Cisco SQL Injection vulnerability in Cisco IOT Field Network Director

A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device.

8.8
2020-11-18 CVE-2020-24297 TP Link OS Command Injection vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2

httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline.

8.8
2020-11-18 CVE-2020-7564 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP.

8.8
2020-11-18 CVE-2020-7563 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP.

8.8
2020-11-17 CVE-2020-26548 Aviatrix Unspecified vulnerability in Aviatrix Controller 5.3.1516

An issue was discovered in Aviatrix Controller before R5.4.1290.

8.8
2020-11-17 CVE-2020-28136 Phpgurukul Unrestricted Upload of File with Dangerous Type vulnerability in PHPgurukul Tourism Management System 1.0

An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.

8.8
2020-11-17 CVE-2020-7841 Tobesoft Improper Input Validation vulnerability in Tobesoft Xplatform

Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto://

8.8
2020-11-17 CVE-2020-28688 Artworks Gallery IN PHP CSS Javascript AND Mysql Project Unrestricted Upload of File with Dangerous Type vulnerability in Artworks Gallery in PHP, Css, Javascript, and Mysql Project Artworks Gallery in PHP, Css, Javascript, and Mysql 1.0

The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.

8.8
2020-11-17 CVE-2020-28687 Artworks Gallery IN PHP CSS Javascript AND Mysql Project Unrestricted Upload of File with Dangerous Type vulnerability in Artworks Gallery in PHP, Css, Javascript, and Mysql Project Artworks Gallery in PHP, Css, Javascript, and Mysql 1.0

The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files.

8.8
2020-11-16 CVE-2020-28693 Horizontcms Project Unrestricted Upload of File with Dangerous Type vulnerability in Horizontcms Project Horizontcms 1.0.0

An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name>

8.8
2020-11-16 CVE-2020-26217 Xstream Project
Debian
Netapp
Apache
Oracle
XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream.
8.8
2020-11-16 CVE-2020-23489 Wwbn Missing Authorization vulnerability in Wwbn Avideo

The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability.

8.8
2020-11-16 CVE-2020-4700 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges.

8.8
2020-11-16 CVE-2020-4655 IBM SQL Injection vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to SQL injection.

8.8
2020-11-16 CVE-2020-4647 IBM SQL Injection vulnerability in IBM Sterling File Gateway

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 is vulnerable to SQL injection.

8.8
2020-11-16 CVE-2020-13769 Ivanti SQL Injection vulnerability in Ivanti Endpoint Manager

LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.

8.8
2020-11-16 CVE-2020-5659 Riken SQL Injection vulnerability in Riken Xoonips

SQL injection vulnerability in the XooNIps 3.49 and earlier allows remote authenticated attackers to execute arbitrary SQL commands via unspecified vectors.

8.8
2020-11-16 CVE-2020-28649 Orbisius Cross-Site Request Forgery (CSRF) vulnerability in Orbisius Child Theme Creator

The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file.

8.8
2020-11-16 CVE-2020-28648 Nagios Improper Input Validation vulnerability in Nagios XI

Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code.

8.8
2020-11-16 CVE-2020-8273 Citrix OS Command Injection vulnerability in Citrix Sd-Wan

Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.

8.8
2020-11-16 CVE-2020-8270 Citrix OS Command Injection vulnerability in Citrix Virtual Apps and Desktops 1903/1912/2006

An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342

8.8
2020-11-16 CVE-2020-8269 Citrix Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops, Xenapp and Xendesktop

An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9

8.8
2020-11-16 CVE-2020-25695 Postgresql
Debian
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
8.8
2020-11-18 CVE-2020-26072 Cisco Improper Privilege Management vulnerability in Cisco IOT Field Network Director

A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain.

8.7
2020-11-20 CVE-2020-4004 Vmware Use After Free vulnerability in VMWare products

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller.

8.2
2020-11-19 CVE-2020-13356 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9.

8.2
2020-11-19 CVE-2020-13355 Gitlab Path Traversal vulnerability in Gitlab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14.

8.1
2020-11-18 CVE-2020-26226 Semantic Release Project Unspecified vulnerability in Semantic-Release Project Semantic-Release

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL.

8.1
2020-11-18 CVE-2020-7562 Schneider Electric Unspecified vulnerability in Schneider-Electric products

A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause a segmentation fault or a buffer overflow when uploading a specially crafted file on the controller over FTP.

8.1
2020-11-17 CVE-2020-14389 Redhat Use of Password Hash With Insufficient Computational Effort vulnerability in Redhat Keycloak

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.

8.1
2020-11-16 CVE-2020-8897 Amazon Use of a Broken or Risky Cryptographic Algorithm vulnerability in Amazon AWS Encryption SDK

A weak robustness vulnerability exists in the AWS Encryption SDKs for Java, Python, C and Javalcript prior to versions 2.0.0.

8.1
2020-11-16 CVE-2020-8259 Nextcloud Insufficiently Protected Credentials vulnerability in Nextcloud Server

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.

8.1
2020-11-16 CVE-2020-25694 Postgresql
Debian
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.
8.1
2020-11-20 CVE-2020-4005 Vmware Unspecified vulnerability in VMWare Cloud Foundation and Esxi

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed.

7.8
2020-11-20 CVE-2020-28845 Netskope Improper Neutralization of Formula Elements in a CSV File vulnerability in Netskope 75.0

A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.

7.8
2020-11-20 CVE-2020-20740 Pdfresurrect Project
Debian
Fedoraproject
Out-of-bounds Write vulnerability in multiple products

PDFResurrect before 0.20 lack of header validation checks causes heap-buffer-overflow in pdf_get_version().

7.8
2020-11-20 CVE-2020-19667 Imagemagick
Debian
Out-of-bounds Write vulnerability in multiple products

Stack-based buffer overflow and unconditional jump in ReadXPMImage in coders/xpm.c in ImageMagick 7.0.10-7.

7.8
2020-11-20 CVE-2020-4739 IBM Untrusted Search Path vulnerability in IBM DB2

IBM DB2 Accessories Suite for Linux, UNIX, and Windows, DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability in Microsoft Windows client.

7.8
2020-11-19 CVE-2020-7558 Schneider Electric Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

7.8
2020-11-19 CVE-2020-7557 Schneider Electric Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

7.8
2020-11-19 CVE-2020-7556 Schneider Electric Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

7.8
2020-11-19 CVE-2020-7555 Schneider Electric Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

7.8
2020-11-19 CVE-2020-7554 Schneider Electric Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

7.8
2020-11-19 CVE-2020-7553 Schneider Electric Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

7.8
2020-11-19 CVE-2020-7552 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

7.8
2020-11-19 CVE-2020-7551 Schneider Electric Out-of-bounds Write vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

7.8
2020-11-19 CVE-2020-7550 Schneider Electric Unspecified vulnerability in Schneider-Electric Interactive Graphical Scada System

A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 and prior that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition.

7.8
2020-11-19 CVE-2020-7544 Schneider Electric Unspecified vulnerability in Schneider-Electric Operator Terminal Expert Runtime 3.1

A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Expert runtime (Vijeo XD) that could cause privilege escalation on the workstation when interacting directly with a driver installed by the runtime software of EcoStruxureª Operator Terminal Expert.

7.8
2020-11-19 CVE-2020-28211 Schneider Electric Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert

A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause bypass of authentication when overwriting memory using a debugger.

7.8
2020-11-19 CVE-2020-25989 Pritunl Link Following vulnerability in Pritunl Pritunl-Client-Electron

Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.2550.20.

7.8
2020-11-19 CVE-2020-28949 PHP
Debian
Fedoraproject
Drupal
Injection vulnerability in multiple products

Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to overwrite files) can still succeed.

7.8
2020-11-19 CVE-2020-28948 PHP
Debian
Fedoraproject
Drupal
Deserialization of Untrusted Data vulnerability in multiple products

Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is not blocked.

7.8
2020-11-19 CVE-2020-4701 IBM Classic Buffer Overflow vulnerability in IBM DB2 10.5/11.1/11.5

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.

7.8
2020-11-18 CVE-2020-15301 Salesagility Improper Neutralization of Formula Elements in a CSV File vulnerability in Salesagility Suitecrm

SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules.

7.8
2020-11-18 CVE-2020-28572 Trendmicro Unspecified vulnerability in Trendmicro Apex ONE 2019

A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege.

7.8
2020-11-18 CVE-2020-27697 Trendmicro Link Following vulnerability in Trendmicro products

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a non-protected location with high privileges (symlink attack) which can lead to obtaining administrative privileges during the installation of the product.

7.8
2020-11-18 CVE-2020-27696 Trendmicro Unspecified vulnerability in Trendmicro products

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a specific Windows system directory which can lead to obtaining administrative privileges during the installation of the product.

7.8
2020-11-18 CVE-2020-27695 Trendmicro Untrusted Search Path vulnerability in Trendmicro products

Trend Micro Security 2020 (Consumer) contains a vulnerability in the installer package that could be exploited by placing a malicious DLL in a local directory which can lead to obtaining administrative privileges during the installation of the product.

7.8
2020-11-18 CVE-2020-3367 Cisco OS Command Injection vulnerability in Cisco Asyncos

A vulnerability in the log subscription subsystem of Cisco AsyncOS for the Cisco Secure Web Appliance (formerly Web Security Appliance) could allow an authenticated, local attacker to perform command injection and elevate privileges to root.

7.8
2020-11-17 CVE-2020-13958 Apache Unspecified vulnerability in Apache Openoffice

A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system.

7.8
2020-11-17 CVE-2020-27192 Binarynights Missing Authorization vulnerability in Binarynights Forklift

BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift.

7.8
2020-11-17 CVE-2020-15349 Binarynights Missing Authorization vulnerability in Binarynights Forklift

BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.

7.8
2020-11-19 CVE-2020-13359 Gitlab Unspecified vulnerability in Gitlab

The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls.

7.6
2020-11-21 CVE-2020-28975 Scikit Learn Unspecified vulnerability in Scikit-Learn 0.23.2

svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array.

7.5
2020-11-21 CVE-2020-14258 Hcltech Improper Input Validation vulnerability in Hcltech Notes 10.0/11.0/9.0

HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input.

7.5
2020-11-21 CVE-2020-14234 Hcltech Improper Input Validation vulnerability in Hcltech Domino 10.0.0/9.0/9.0.1

HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server.

7.5
2020-11-21 CVE-2020-14230 Hcltech Improper Input Validation vulnerability in Hcltech Domino

HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input.

7.5
2020-11-20 CVE-2020-26236 Scratchverifier Unspecified vulnerability in Scratchverifier

In ScratchVerifier before commit a603769, an attacker can hijack the verification process to log into someone else's account on any site that uses ScratchVerifier for logins.

7.5
2020-11-20 CVE-2020-4937 IBM Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.

7.5
2020-11-20 CVE-2020-5668 Mitsubishielectric Resource Exhaustion vulnerability in Mitsubishielectric products

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series modules (R00/01/02CPU firmware version '19' and earlier, R04/08/16/32/120 (EN) CPU firmware version '51' and earlier, R08/16/32/120SFCPU firmware version '22' and earlier, R08/16/32/120PCPU firmware version '25' and earlier, R08/16/32/120PSFCPU firmware version '06' and earlier, RJ71EN71 firmware version '47' and earlier, RJ71GF11-T2 firmware version '47' and earlier, RJ72GF15-T2 firmware version '07' and earlier, RJ71GP21-SX firmware version '47' and earlier, RJ71GP21S-SX firmware version '47' and earlier, and RJ71GN11-T2 firmware version '11' and earlier) allows a remote unauthenticated attacker to cause an error in a CPU unit and cause a denial-of-service (DoS) condition in execution of the program and its communication, or to cause a denial-of-service (DoS) condition in communication via the unit by receiving a specially crafted SLMP packet

7.5
2020-11-19 CVE-2020-7559 Schneider Electric Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert

A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

7.5
2020-11-19 CVE-2020-7538 Schneider Electric Unspecified vulnerability in Schneider-Electric Ecostruxure Control Expert

A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus.

7.5
2020-11-19 CVE-2020-28924 Rclone
Fedoraproject
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products

An issue was discovered in Rclone before 1.53.3.

7.5
2020-11-19 CVE-2020-25699 Moodle
Fedoraproject
Incorrect Authorization vulnerability in multiple products

In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course.

7.5
2020-11-19 CVE-2020-25698 Moodle
Fedoraproject
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course.
7.5
2020-11-19 CVE-2020-28054 Tsmmanager Unspecified vulnerability in Tsmmanager 6.5.0.21

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer.

7.5
2020-11-19 CVE-2020-8277 Nodejs
Fedoraproject
Oracle
C Ares Project
Resource Exhaustion vulnerability in multiple products

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses.

7.5
2020-11-19 CVE-2019-12412 Apache NULL Pointer Dereference vulnerability in Apache Libapreq2

A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash.

7.5
2020-11-18 CVE-2020-12593 Symantec Unspecified vulnerability in Symantec Endpoint Detection and Response

Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.

7.5
2020-11-18 CVE-2020-28574 Trendmicro Path Traversal vulnerability in Trendmicro Worry-Free Business Security 10.0

A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-Free Business Security 10 SP1 could allow an unauthenticated attacker to exploit the vulnerability and modify or delete arbitrary files on the product's management console.

7.5
2020-11-18 CVE-2020-3392 Cisco Missing Authentication for Critical Function vulnerability in Cisco IOT Field Network Director

A vulnerability in the API of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive information on an affected system.

7.5
2020-11-18 CVE-2020-26076 Cisco Information Exposure vulnerability in Cisco IOT Field Network Director

A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device.

7.5
2020-11-18 CVE-2020-28367 Golang Code Injection vulnerability in Golang GO

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive.

7.5
2020-11-18 CVE-2020-28366 Golang
Fedoraproject
Netapp
Code Injection vulnerability in multiple products

Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file.

7.5
2020-11-18 CVE-2020-28362 Golang
Fedoraproject
Netapp
Improper Certificate Validation vulnerability in multiple products

Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.

7.5
2020-11-18 CVE-2020-28091 Cxuu SQL Injection vulnerability in Cxuu Cxuucms 3.0

cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via the keywords parameter via search.php.

7.5
2020-11-17 CVE-2020-26552 Aviatrix Unspecified vulnerability in Aviatrix Controller 5.3.1516

An issue was discovered in Aviatrix Controller before R6.0.2483.

7.5
2020-11-17 CVE-2020-26551 Aviatrix Cleartext Storage of Sensitive Information vulnerability in Aviatrix Controller 5.3.1516

An issue was discovered in Aviatrix Controller before R5.3.1151.

7.5
2020-11-17 CVE-2020-26550 Aviatrix Use of Insufficiently Random Values vulnerability in Aviatrix Controller 5.3.1516

An issue was discovered in Aviatrix Controller before R5.3.1151.

7.5
2020-11-17 CVE-2020-26549 Aviatrix Files or Directories Accessible to External Parties vulnerability in Aviatrix Controller 5.3.1516

An issue was discovered in Aviatrix Controller before R5.4.1290.

7.5
2020-11-17 CVE-2020-25400 Taskcafe Project Unspecified vulnerability in Taskcafe Project Taskcafe

Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token.

7.5
2020-11-17 CVE-2020-27554 Basetech Insufficiently Protected Credentials vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921

Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device.

7.5
2020-11-17 CVE-2020-27553 Basetech Path Traversal vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921

In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“.

7.5
2020-11-16 CVE-2020-26224 Prestashop Unspecified vulnerability in Prestashop

In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed.

7.5
2020-11-16 CVE-2020-26509 Airleader Use of Hard-coded Credentials vulnerability in Airleader Master Control

Airleader Master and Easy <= 6.21 devices have default credentials that can be used for a denial of service.

7.5
2020-11-16 CVE-2020-23490 Wwbn Unspecified vulnerability in Wwbn Avideo

There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming.

7.5
2020-11-16 CVE-2020-4476 IBM Unspecified vulnerability in IBM Sterling File Gateway

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

7.5
2020-11-16 CVE-2020-28723 Cloudavid Memory Leak vulnerability in Cloudavid Pparam 1.3.1

Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.

7.5
2020-11-16 CVE-2020-27623 Jetbrains Unspecified vulnerability in Jetbrains Ideavim

JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances.

7.5
2020-11-16 CVE-2020-27423 Anuko Improper Restriction of Excessive Authentication Attempts vulnerability in Anuko Time Tracker

Anuko Time Tracker v1.19.23.5311 lacks rate limit on the password reset module which allows attacker to perform Denial of Service attack on any legitimate user's mailbox

7.5
2020-11-16 CVE-2020-27191 Lionwiki Unspecified vulnerability in Lionwiki

LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion.

7.5
2020-11-16 CVE-2020-25209 Jetbrains Unspecified vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.

7.5
2020-11-16 CVE-2020-25013 Jetbrains Unspecified vulnerability in Jetbrains Toolbox

JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.

7.5
2020-11-16 CVE-2020-8272 Citrix Improper Authentication vulnerability in Citrix Sd-Wan

Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8

7.5
2020-11-16 CVE-2020-5666 Mitsubishielectric Resource Exhaustion vulnerability in Mitsubishielectric products

Uncontrolled resource consumption vulnerability in MELSEC iQ-R Series CPU Modules (R00/01/02CPU Firmware versions from '05' to '19' and R04/08/16/32/120(EN)CPU Firmware versions from '35' to '51') allows a remote attacker to cause an error in a CPU unit via a specially crafted HTTP packet, which may lead to a denial-of-service (DoS) condition in execution of the program and its communication.

7.5
2020-11-19 CVE-2020-8279 Nextcloud Improper Certificate Validation vulnerability in Nextcloud Social

Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.

7.4
2020-11-17 CVE-2020-25705 Linux
Redhat
A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports.
7.4
2020-11-19 CVE-2020-7566 Schneider Electric Unspecified vulnerability in Schneider-Electric Modicon M221 Firmware

A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

7.3
2020-11-19 CVE-2020-7565 Schneider Electric Unspecified vulnerability in Schneider-Electric Modicon M221 Firmware

A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

7.3
2020-11-19 CVE-2020-12510 Beckhoff Incorrect Default Permissions vulnerability in Beckhoff Twincat Extended Automation Runtime 3.1

The default installation path of the TwinCAT XAR 3.1 software in all versions is underneath C:\TwinCAT.

7.3
2020-11-18 CVE-2020-25406 Lemocms Unrestricted Upload of File with Dangerous Type vulnerability in Lemocms

app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executable files.

7.3
2020-11-18 CVE-2020-28581 Trendmicro OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

7.2
2020-11-18 CVE-2020-28580 Trendmicro OS Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.

7.2
2020-11-17 CVE-2020-21665 Fastadmin SQL Injection vulnerability in Fastadmin 1.0.0.20191212

In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh.

7.2
2020-11-16 CVE-2020-28692 Gilacms Unrestricted Upload of File with Dangerous Type vulnerability in Gilacms Gila CMS 1.16.0

In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files.

7.2
2020-11-16 CVE-2020-2492 Qnap Command Injection vulnerability in Qnap QTS

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.

7.2
2020-11-16 CVE-2020-2490 Qnap Command Injection vulnerability in Qnap QTS

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands.

7.2
2020-11-17 CVE-2020-28914 Katacontainers Incorrect Permission Assignment for Critical Resource vulnerability in Katacontainers Kata-Containers

An improper file permissions vulnerability affects Kata Containers prior to 1.11.5.

7.1
2020-11-17 CVE-2020-26405 Gitlab Path Traversal vulnerability in Gitlab

Path traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations.

7.1
2020-11-19 CVE-2020-28209 Schneider Electric Unspecified vulnerability in Schneider-Electric Enterprise Server Installer 1.9/3.1

A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterprise Server installer V1.9 - V3.1 and Enterprise Central installer V2.0 - V3.1 that could cause any local Windows user who has write permission on at least one of the subfolders of the Connect Agent service binary path, being able to gain the privilege of the user who started the service.

7.0

117 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-18 CVE-2020-13799 Westerndigital
Linaro
Authentication Bypass by Capture-replay vulnerability in multiple products

Western Digital has identified a security vulnerability in the Replay Protected Memory Block (RPMB) protocol as specified in multiple standards for storage device interfaces, including all versions of eMMC, UFS, and NVMe.

6.8
2020-11-16 CVE-2020-28656 VW Improper Validation of Integrity Check Value vulnerability in VW Polo Firmware 2019

The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a metainfo file are parsed, which can cause attacker-controlled files to be written to the infotainment system and executed as root.

6.8
2020-11-20 CVE-2020-7842 Netu Improper Input Validation vulnerability in Netu Wf2429Tb Firmware 1.1.10

Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users.

6.6
2020-11-20 CVE-2020-19668 Libsixel Project Out-of-bounds Read vulnerability in Libsixel Project Libsixel 1.8.6

Unverified indexs into the array lead to out of bound access in the gif_out_code function in fromgif.c in libsixel 1.8.6.

6.5
2020-11-19 CVE-2020-7573 Schneider Electric Unspecified vulnerability in Schneider-Electric Webreports 1.9/3.1

A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker being able to access a restricted web resources due to improper access control.

6.5
2020-11-19 CVE-2020-12496 Endress Information Exposure vulnerability in Endress products

Endress+Hauser Ecograph T (Neutral/Private Label) (RSG35, ORSG35) and Memograph M (Neutral/Private Label) (RSG45, ORSG45) with Firmware version V2.0.0 and above is prone to exposure of sensitive information to an unauthorized actor.

6.5
2020-11-19 CVE-2020-25700 Moodle
Fedoraproject
SQL Injection vulnerability in multiple products

In moodle, some database module web services allowed students to add entries within groups they did not belong to.

6.5
2020-11-18 CVE-2020-3482 Cisco Improper Privilege Management vulnerability in Cisco products

A vulnerability in the Traversal Using Relays around NAT (TURN) server component of Cisco Expressway software could allow an unauthenticated, remote attacker to bypass security controls and send network traffic to restricted destinations.

6.5
2020-11-18 CVE-2020-3471 Cisco Improper Synchronization vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to maintain bidirectional audio despite being expelled from an active Webex session.

6.5
2020-11-18 CVE-2020-4592 IBM Unspecified vulnerability in IBM MQ Appliance 9.1.0.0

IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages.

6.5
2020-11-18 CVE-2020-26078 Cisco Path Traversal vulnerability in Cisco IOT Field Network Director

A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system.

6.5
2020-11-18 CVE-2020-26068 Cisco Authorization Bypass Through User-Controlled Key vulnerability in Cisco Roomos and Telepresence Collaboration Endpoint

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software could allow an authenticated, remote attacker to generate an access token for an affected device.

6.5
2020-11-18 CVE-2020-28005 TP Link Classic Buffer Overflow vulnerability in Tp-Link Tl-Wpa4220 Firmware 4.0.2

httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint.

6.5
2020-11-18 CVE-2020-28917 View Frontend Statistics Project Cleartext Storage of Sensitive Information vulnerability in View Frontend Statistics Project View Frontend Statistics

An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1 for TYPO3.

6.5
2020-11-17 CVE-2020-25988 Genexis Cleartext Transmission of Sensitive Information vulnerability in Genexis Platinum 4410 Firmware P4410V21.34H

UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an action 'X_GetAccess' which leaks the credentials of 'admin', provided that the attacker is network adjacent.

6.5
2020-11-17 CVE-2020-13351 Gitlab Incorrect Default Permissions vulnerability in Gitlab

Insufficient permission checks in scheduled pipeline API in GitLab CE/EE 13.0+ allows an attacker to read variable names and values for scheduled pipelines on projects visible to the attacker.

6.5
2020-11-17 CVE-2020-27558 Basetech Improper Authentication vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921

Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream.

6.5
2020-11-16 CVE-2020-4692 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI.

6.5
2020-11-16 CVE-2020-4671 IBM Information Exposure Through Log Files vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 stores potentially sensitive information in log files that could be read by an authenticatedl user.

6.5
2020-11-16 CVE-2020-4566 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user.

6.5
2020-11-16 CVE-2020-4475 IBM Unspecified vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

6.5
2020-11-16 CVE-2020-26129 Jetbrains HTTP Request Smuggling vulnerability in Jetbrains Ktor

In JetBrains Ktor before 1.4.1, HTTP request smuggling was possible.

6.5
2020-11-21 CVE-2020-5797 TP Link Link Following vulnerability in Tp-Link Archer C9 Firmware 180125

UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.

6.1
2020-11-19 CVE-2020-28350 Sokrates Cross-site Scripting vulnerability in Sokrates Sowasql 5.6.1

A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.

6.1
2020-11-19 CVE-2020-28210 Schneider Electric Unspecified vulnerability in Schneider-Electric Ecostruxure Building Operation 2.0/3.1

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerability exists in EcoStruxure Building Operation WebStation V2.0 - V3.1 that could cause an attacker to inject HTML and JavaScript code into the user's browser.

6.1
2020-11-19 CVE-2020-28947 Misp Cross-site Scripting vulnerability in Misp 2.4.134

In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandled.

6.1
2020-11-19 CVE-2020-22394 Yzmcms Cross-site Scripting vulnerability in Yzmcms 5.5

In YzmCMS v5.5 the member contribution function in the editor contains a cross-site scripting (XSS) vulnerability.

6.1
2020-11-19 CVE-2020-25702 Moodle
Fedoraproject
Cross-site Scripting vulnerability in multiple products

In Moodle, it was possible to include JavaScript when re-naming content bank items.

6.1
2020-11-19 CVE-2020-15710 Pulseaudio Project Double Free vulnerability in Pulseaudio Project Pulseaudio

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program.

6.1
2020-11-18 CVE-2020-26215 Jupyter
Debian
Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability.
6.1
2020-11-18 CVE-2020-22723 Ljcmsshop Project Cross-site Scripting vulnerability in Ljcmsshop Project Ljcmsshop 1.14

A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.

6.1
2020-11-18 CVE-2020-15300 Salesagility Open Redirect vulnerability in Salesagility Suitecrm

SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document.

6.1
2020-11-18 CVE-2020-27126 Cisco Cross-site Scripting vulnerability in Cisco Webex Meetings 40.10.2

A vulnerability in an API of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks.

6.1
2020-11-18 CVE-2020-26081 Cisco Injection vulnerability in Cisco IOT Field Network Director

Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system.

6.1
2020-11-18 CVE-2020-26554 Reddoxx Cross-site Scripting vulnerability in Reddoxx Maildepot 2033

REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message.

6.1
2020-11-18 CVE-2020-26884 RSA Injection vulnerability in RSA Archer

RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability.

6.1
2020-11-18 CVE-2020-28724 Palletsprojects Open Redirect vulnerability in Palletsprojects Werkzeug

Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.

6.1
2020-11-17 CVE-2020-28092 Pescms Cross-site Scripting vulnerability in Pescms Team 2.3.2

PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=

6.1
2020-11-17 CVE-2020-28129 Adrianmercurio Cross-site Scripting vulnerability in Adrianmercurio GYM Management System 1.0

Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.

6.1
2020-11-17 CVE-2020-26216 Typo3 Unspecified vulnerability in Typo3 Fluid

TYPO3 Fluid before versions 2.0.8, 2.1.7, 2.2.4, 2.3.7, 2.4.4, 2.5.11 and 2.6.10 is vulnerable to Cross-Site Scripting.

6.1
2020-11-17 CVE-2020-25890 Kyocera Cross-site Scripting vulnerability in Kyocera Ecosys M2640Idw Firmware

The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book".

6.1
2020-11-17 CVE-2020-28139 Online Clothing Store Project Cross-site Scripting vulnerability in Online Clothing Store Project Online Clothing Store 1.0

SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.

6.1
2020-11-17 CVE-2020-11860 Microfocus Cross-site Scripting vulnerability in Microfocus Arcsight Logger 6.61/7.0/7.0.1

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1.

6.1
2020-11-16 CVE-2020-26225 Prestashop Unspecified vulnerability in Prestashop Product Comments 4.0.0/4.0.1/4.1.0

In PrestaShop Product Comments before version 4.2.0, an attacker could inject malicious web code into the users' web browsers by creating a malicious link.

6.1
2020-11-16 CVE-2020-27627 Jetbrains Injection vulnerability in Jetbrains Teamcity

JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.

6.1
2020-11-16 CVE-2020-27459 Chronoengine Cross-site Scripting vulnerability in Chronoengine Chronoforums 2.0.11

Chronoforeum 2.0.11 allows Stored XSS vulnerabilities when inserting a crafted payload into a post.

6.1
2020-11-16 CVE-2020-7773 Markdown IT Highlightjs Project Cross-site Scripting vulnerability in Markdown-It-Highlightjs Project Markdown-It-Highlightjs

This affects the package markdown-it-highlightjs before 3.3.1.

6.1
2020-11-18 CVE-2020-26933 Trustedcomputinggroup Improper Initialization vulnerability in Trustedcomputinggroup Trusted Platform Module 2.0

Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED.

6.0
2020-11-18 CVE-2020-28915 Linux Out-of-bounds Read vulnerability in Linux Kernel

A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def.

5.8
2020-11-19 CVE-2020-7567 Schneider Electric Unspecified vulnerability in Schneider-Electric Modicon M221 Firmware

A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to find the password hash when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller and broke the encryption keys.

5.7
2020-11-17 CVE-2020-13348 Gitlab Unspecified vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 10.2.

5.7
2020-11-21 CVE-2020-25725 Xpdfreader
Fedoraproject
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem.
5.5
2020-11-19 CVE-2020-28941 Linux
Fedoraproject
Debian
Release of Invalid Pointer or Reference vulnerability in multiple products

An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9.9.

5.5
2020-11-17 CVE-2020-27557 Basetech Insufficiently Protected Credentials vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921

Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials.

5.5
2020-11-17 CVE-2020-13358 Gitlab Unspecified vulnerability in Gitlab

A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects.

5.5
2020-11-19 CVE-2020-7571 Schneider Electric Unspecified vulnerability in Schneider-Electric Webreports 1.9/3.1

A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Reflected) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause a remote attacker to inject arbitrary web script or HTML due to incorrect sanitization of user supplied data and achieve a Cross-Site Scripting reflected attack against other WebReport users.

5.4
2020-11-19 CVE-2020-7570 Schneider Electric Unspecified vulnerability in Schneider-Electric Webreports 1.9/3.1

A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) vulnerability exists in EcoStruxure Building Operation WebReports V1.9 - V3.1 that could cause an authenticated remote user being able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Cross-Site Scripting stored attack against other WebReport users.

5.4
2020-11-19 CVE-2020-4718 IBM Cross-site Scripting vulnerability in IBM Jazz Reporting Service

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting.

5.4
2020-11-18 CVE-2020-14208 Salesagility Cross-site Scripting vulnerability in Salesagility Suitecrm

SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality.

5.4
2020-11-18 CVE-2020-25454 Grocy Project Cross-site Scripting vulnerability in Grocy Project Grocy 2.7.1

Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets executed when deleting the recipe.

5.4
2020-11-18 CVE-2020-28361 Kamailio HTTP Request Smuggling vulnerability in Kamailio

Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and other products, allows a bypass of a header-removal protection mechanism via whitespace characters.

5.4
2020-11-17 CVE-2020-26701 Kaaproject Cross-site Scripting vulnerability in Kaaproject KAA 1.2.0

Cross-site scripting (XSS) vulnerability in Dashboards section in Kaa IoT Platform v1.2.0 allows remote attackers to inject malicious web scripts or HTML Injection payloads via the Description parameter.

5.4
2020-11-17 CVE-2020-25798 Limesurvey Cross-site Scripting vulnerability in Limesurvey

A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page.

5.4
2020-11-17 CVE-2020-28647 Progress Cross-site Scripting vulnerability in Progress Moveit Transfer

In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application.

5.4
2020-11-17 CVE-2020-25832 Microfocus Cross-site Scripting vulnerability in Microfocus Filr 4.2.1

Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1.

5.4
2020-11-17 CVE-2020-25834 Microfocus Cross-site Scripting vulnerability in Microfocus Arcsight Logger 6.61/7.0/7.0.1

Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1.

5.4
2020-11-16 CVE-2020-4672 IBM Cross-site Scripting vulnerability in IBM Business Automation Workflow 20.0.0.1

IBM Business Automation Workflow 20.0.0.1 is vulnerable to cross-site scripting.

5.4
2020-11-16 CVE-2020-27991 Nagios Cross-site Scripting vulnerability in Nagios XI

Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).

5.4
2020-11-16 CVE-2020-27990 Nagios Cross-site Scripting vulnerability in Nagios XI

Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent).

5.4
2020-11-16 CVE-2020-27989 Nagios Cross-site Scripting vulnerability in Nagios XI

Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard).

5.4
2020-11-16 CVE-2020-27988 Nagios Cross-site Scripting vulnerability in Nagios XI

Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field).

5.4
2020-11-16 CVE-2020-13773 Ivanti Cross-site Scripting vulnerability in Ivanti Endpoint Manager

Ivanti Endpoint Manager through 2020.1.1 allows XSS via /LDMS/frm_splitfrm.aspx, /LDMS/licensecheck.aspx, /LDMS/frm_splitcollapse.aspx, /LDMS/alert_log.aspx, /LDMS/ServerList.aspx, /LDMS/frm_coremainfrm.aspx, /LDMS/frm_findfrm.aspx, /LDMS/frm_taskfrm.aspx, and /LDMS/query_browsecomp.aspx.

5.4
2020-11-16 CVE-2020-5663 Riken Cross-site Scripting vulnerability in Riken Xoonips

Stored cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.

5.4
2020-11-16 CVE-2020-5662 Riken Cross-site Scripting vulnerability in Riken Xoonips

Reflected cross-site scripting vulnerability in XooNIps 3.49 and earlier allows remote authenticated attackers to inject arbitrary script via unspecified vectors.

5.4
2020-11-16 CVE-2020-28650 Wpbakery Cross-site Scripting vulnerability in Wpbakery Page Builder

The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles.

5.4
2020-11-20 CVE-2020-20739 Libvips
Debian
Fedoraproject
Missing Initialization of Resource vulnerability in multiple products

im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.

5.3
2020-11-19 CVE-2020-28954 Bigbluebutton Improper Encoding or Escaping of Output vulnerability in Bigbluebutton

web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name.

5.3
2020-11-19 CVE-2020-25703 Moodle
Fedoraproject
Information Exposure vulnerability in multiple products

The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden.

5.3
2020-11-19 CVE-2020-25701 Moodle
Fedoraproject
Incorrect Authorization vulnerability in multiple products

If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method.

5.3
2020-11-19 CVE-2020-9049 Johnsoncontrols Improper Authentication vulnerability in Johnsoncontrols C-Cure web and Victor web

A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization.

5.3
2020-11-19 CVE-2020-8278 Nextcloud Incorrect Authorization vulnerability in Nextcloud Social 0.3.1

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.

5.3
2020-11-18 CVE-2020-3441 Cisco Unspecified vulnerability in Cisco Webex Meetings Server

A vulnerability in Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to view sensitive information from the meeting room lobby.

5.3
2020-11-17 CVE-2020-27556 Basetech Use of Insufficiently Random Values vulnerability in Basetech Ge-131 Bt-1837836 Firmware 20180921

A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device.

5.3
2020-11-17 CVE-2020-26406 Gitlab Unspecified vulnerability in Gitlab

Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3.

5.3
2020-11-17 CVE-2020-13352 Gitlab Unspecified vulnerability in Gitlab

Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group.

5.3
2020-11-16 CVE-2020-27622 Jetbrains Unspecified vulnerability in Jetbrains Intellij Idea

In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version.

5.3
2020-11-16 CVE-2020-13772 Ivanti Unspecified vulnerability in Ivanti Endpoint Manager

In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required.

5.3
2020-11-16 CVE-2020-27629 Jetbrains Unspecified vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts.

5.3
2020-11-16 CVE-2020-27626 Jetbrains Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack

JetBrains YouTrack before 2020.3.5333 was vulnerable to SSRF.

5.3
2020-11-16 CVE-2020-27625 Jetbrains Unspecified vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues.

5.3
2020-11-16 CVE-2020-27624 Jetbrains Server-Side Request Forgery (SSRF) vulnerability in Jetbrains Youtrack

JetBrains YouTrack before 2020.3.888 was vulnerable to SSRF.

5.3
2020-11-16 CVE-2020-25210 Jetbrains Unspecified vulnerability in Jetbrains Youtrack

In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.

5.3
2020-11-16 CVE-2020-7765 Google Unspecified vulnerability in Google Firebase/Util

This affects the package @firebase/util before 0.3.4.

5.3
2020-11-20 CVE-2020-28974 Linux
Debian
Out-of-bounds Read vulnerability in multiple products

A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers to read privileged information or potentially crash the kernel, aka CID-3c4e0dff2095.

5.0
2020-11-18 CVE-2020-26079 Cisco Insufficiently Protected Credentials vulnerability in Cisco IOT Field Network Director

A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device.

4.9
2020-11-18 CVE-2020-24723 User Registration Login AND User Management System Project Cross-site Scripting vulnerability in User Registration & Login and User Management System Project User Registration & Login and User Management System 2.1

Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1.

4.8
2020-11-17 CVE-2020-25833 Microfocus Cross-site Scripting vulnerability in Microfocus Idol

Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version prior to version 12.7.

4.8
2020-11-17 CVE-2020-10776 Redhat Cross-site Scripting vulnerability in Redhat Keycloak

A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter.

4.8
2020-11-16 CVE-2020-4705 IBM Cross-site Scripting vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 is vulnerable to cross-site scripting.

4.8
2020-11-20 CVE-2020-4788 IBM
Fedoraproject
Oracle
IBM Power9 (AIX 7.1, 7.2, and VIOS 3.1) processors could allow a local user to obtain sensitive information from the data in the L1 cache under extenuating circumstances.
4.7
2020-11-17 CVE-2020-25746 Resourcexpress Information Exposure vulnerability in Resourcexpress Qubi3 Firmware

QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable), aka wireless password visibility.

4.6
2020-11-16 CVE-2019-19562 Harman Improper Authentication vulnerability in Harman Hermes 2.1

An authentication bypass in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with physical access to device hardware to obtain system information.

4.6
2020-11-16 CVE-2019-19560 Harman Improper Authentication vulnerability in Harman Hermes 1.5

An authentication bypass in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with physical access to device hardware to obtain system information.

4.6
2020-11-16 CVE-2019-19556 Harman Unspecified vulnerability in Harman Hermes 1.0

An authentication bypass in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with physical access to device hardware to obtain system information.

4.6
2020-11-16 CVE-2020-8152 Nextcloud Insufficiently Protected Credentials vulnerability in Nextcloud Server

Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the public key to decrypt them later on.

4.4
2020-11-19 CVE-2020-7568 Schneider Electric Unspecified vulnerability in Schneider-Electric Modicon M221 Firmware

A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller.

4.3
2020-11-19 CVE-2020-28953 Bigbluebutton Unspecified vulnerability in Bigbluebutton

In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.

4.3
2020-11-19 CVE-2020-28942 Primekey Improper Certificate Validation vulnerability in Primekey Ejbca

An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA over the Peers protocol.

4.3
2020-11-19 CVE-2020-5947 F5 Unspecified vulnerability in F5 products

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers.

4.3
2020-11-18 CVE-2020-26077 Cisco Improper Privilege Management vulnerability in Cisco IOT Field Network Director

A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system.

4.3
2020-11-17 CVE-2020-13349 Gitlab Resource Exhaustion vulnerability in Gitlab

An issue has been discovered in GitLab EE affecting all versions starting from 8.12.

4.3
2020-11-17 CVE-2020-13350 Gitlab Cross-Site Request Forgery (CSRF) vulnerability in Gitlab

CSRF in runner administration page in all versions of GitLab CE/EE allows an attacker who's able to target GitLab instance administrators to pause/resume runners.

4.3
2020-11-17 CVE-2020-13354 Gitlab Resource Exhaustion vulnerability in Gitlab

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6.

4.3
2020-11-16 CVE-2020-4763 IBM Unspecified vulnerability in IBM Sterling File Gateway

IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies.

4.3
2020-11-16 CVE-2020-4665 IBM Unspecified vulnerability in IBM Sterling File Gateway

IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies.

4.3
2020-11-16 CVE-2020-27628 Jetbrains Unspecified vulnerability in Jetbrains Teamcity

In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records.

4.3
2020-11-18 CVE-2020-26080 Cisco Improper Privilege Management vulnerability in Cisco IOT Field Network Director

A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system.

4.1

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-19 CVE-2020-6879 ZTE Improper Input Validation vulnerability in ZTE Zxhn F670L Firmware and Zxhn Z500 Firmware

Some ZTE devices have input verification vulnerabilities.

3.5
2020-11-16 CVE-2020-24366 Jetbrains Unspecified vulnerability in Jetbrains Youtrack

Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.

3.3
2020-11-17 CVE-2020-13353 Gitlab Insufficient Session Expiration vulnerability in Gitlab Gitaly

When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.

3.2
2020-11-16 CVE-2019-19563 Harman Unspecified vulnerability in Harman Hermes 2.1

A misconfiguration in the debug interface in Mercedes-Benz HERMES 2.1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.

2.4
2020-11-16 CVE-2019-19561 Harman Insecure Storage of Sensitive Information vulnerability in Harman Hermes 1.5

A misconfiguration in the debug interface in Mercedes-Benz HERMES 1.5 allows an attacker with direct physical access to device hardware to obtain cellular modem information.

2.4
2020-11-16 CVE-2019-19557 Harman Insecure Storage of Sensitive Information vulnerability in Harman Hermes 1.0

A misconfiguration in the debug interface in Mercedes-Benz HERMES 1 allows an attacker with direct physical access to device hardware to obtain cellular modem information.

2.4