Weekly Vulnerabilities Reports > November 23 to 29, 2020

Overview

197 new vulnerabilities reported during this period, including 10 critical vulnerabilities and 47 high severity vulnerabilities. This weekly summary report vulnerabilities in 238 products from 94 vendors including Debian, Mongodb, Linux, Fedoraproject, and Cdatatec. Vulnerabilities are notably categorized as "Cross-site Scripting", "Use of Hard-coded Credentials", "Improper Input Validation", "Path Traversal", and "Improper Authentication".

  • 151 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 62 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 132 reported vulnerabilities are exploitable by an anonymous user.
  • Debian has the most reported vulnerabilities, with 24 reported vulnerabilities.
  • Vsolcn has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

10 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-29 CVE-2020-29381 Vsolcn Command Injection vulnerability in Vsolcn products

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices.

10.0
2020-11-27 CVE-2019-19875 BR Automation Command Injection vulnerability in Br-Automation Industrial Automation Aprol

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08.

10.0
2020-11-24 CVE-2020-29056 Cdatatec
Cdata
Command Injection vulnerability in multiple products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

10.0
2020-11-24 CVE-2015-9551 Totolink Unspecified vulnerability in Totolink products

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices.

10.0
2020-11-24 CVE-2020-28334 Barco Use of Hard-coded Credentials vulnerability in Barco Wepresent Wipg-1600W Firmware

Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2).

10.0
2020-11-23 CVE-2020-6939 Tableau Unspecified vulnerability in Tableau Server

Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users.

10.0
2020-11-24 CVE-2020-13942 Apache Injection vulnerability in Apache Unomi 1.5.0/1.5.1

It is possible to inject malicious OGNL or MVEL scripts into the /context.json public endpoint.

9.8
2020-11-27 CVE-2020-29367 C Blosc2 Project Out-of-bounds Write vulnerability in C-Blosc2 Project C-Blosc2 2.0.0

blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.

9.3
2020-11-29 CVE-2020-29378 Vsolcn Improper Privilege Management vulnerability in Vsolcn products

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices.

9.0
2020-11-23 CVE-2020-4006 Vmware Command Injection vulnerability in VMWare products

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

9.0

47 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-25 CVE-2020-29074 X11Vnc Project
Fedoraproject
Debian
Incorrect Permission Assignment for Critical Resource vulnerability in multiple products

scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user.

8.8
2020-11-23 CVE-2020-25660 Redhat
Fedoraproject
Authentication Bypass by Capture-replay vulnerability in multiple products

A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, where it does not verify Ceph clients correctly and is then vulnerable to replay attacks in Nautilus.

8.8
2020-11-23 CVE-2020-12351 Linux Improper Input Validation vulnerability in Linux Kernel

Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.

8.8
2020-11-24 CVE-2020-26237 Highlightjs
Debian
Oracle
Modification of Assumed-Immutable Data (MAID) vulnerability in multiple products

Highlight.js is a syntax highlighter written in JavaScript.

8.7
2020-11-25 CVE-2020-29071 Liquidfiles Cross-site Scripting vulnerability in Liquidfiles

An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19.

8.5
2020-11-25 CVE-2020-26238 Cron Utils Project Injection vulnerability in Cron-Utils Project Cron-Utils

Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them.

8.1
2020-11-26 CVE-2020-27253 Rockwellautomation Improper Input Validation vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11

A flaw exists in the Ingress/Egress checks routine of FactoryTalk Linx Version 6.11 and prior.

7.8
2020-11-24 CVE-2020-29057 Cdatatec Unspecified vulnerability in Cdatatec products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

7.8
2020-11-27 CVE-2020-26245 Systeminformation OS Command Injection vulnerability in Systeminformation

npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection.

7.5
2020-11-27 CVE-2020-25708 Libvncserver Project
Redhat
Debian
Divide By Zero vulnerability in multiple products

A divide by zero issue was found to occur in libvncserver-0.9.12.

7.5
2020-11-27 CVE-2020-25014 Zyxel Out-of-bounds Write vulnerability in Zyxel Access Points Firmware and ZLD Firmware

A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 through to V4.55 allows remote unauthenticated attackers to execute arbitrary code via a crafted http packet.

7.5
2020-11-27 CVE-2020-10772 Nlnetlabs Resource Exhaustion vulnerability in Nlnetlabs Unbound 1.6.65

An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part of erratum RHSA-2020:2414.

7.5
2020-11-27 CVE-2017-15681 Craftercms Path Traversal vulnerability in Craftercms Crafter CMS 3.0.0

In Crafter CMS Crafter Studio 3.0.1 a directory traversal vulnerability exists which allows unauthenticated attackers to overwrite files from the operating system which can lead to RCE.

7.5
2020-11-27 CVE-2019-19876 BR Automation SQL Injection vulnerability in Br-Automation Industrial Automation Aprol

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08.

7.5
2020-11-27 CVE-2019-19874 BR Automation Injection vulnerability in Br-Automation Industrial Automation Aprol

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08.

7.5
2020-11-27 CVE-2019-19872 BR Automation Injection vulnerability in Br-Automation Industrial Automation Aprol

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08.

7.5
2020-11-26 CVE-2020-7778 Systeminformation OS Command Injection vulnerability in Systeminformation

This affects the package systeminformation before 4.30.2.

7.5
2020-11-26 CVE-2020-27251 Rockwellautomation Heap-based Buffer Overflow vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior.

7.5
2020-11-24 CVE-2020-29062 Cdatatec Use of Hard-coded Credentials vulnerability in Cdatatec products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

7.5
2020-11-24 CVE-2020-29061 Cdatatec Use of Hard-coded Credentials vulnerability in Cdatatec products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

7.5
2020-11-24 CVE-2020-29060 Cdatatec Use of Hard-coded Credentials vulnerability in Cdatatec products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

7.5
2020-11-24 CVE-2020-29059 Cdatatec Use of Hard-coded Credentials vulnerability in Cdatatec products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

7.5
2020-11-24 CVE-2020-28329 Barco Use of Hard-coded Credentials vulnerability in Barco Wepresent Wipg-1600W Firmware

Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image.

7.5
2020-11-24 CVE-2020-25159 Rtautomation Out-of-bounds Write vulnerability in Rtautomation 499Es Ethernet/Ip Adaptor Firmware

499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution.

7.5
2020-11-24 CVE-2020-28333 Barco Improper Authentication vulnerability in Barco Wepresent Wipg-1600W Firmware 2.5.1.8

Barco wePresent WiPG-1600W devices allow Authentication Bypass.

7.5
2020-11-24 CVE-2020-28332 Barco Download of Code Without Integrity Check vulnerability in Barco Wepresent Wipg-1600W Firmware 2.5.1.8

Barco wePresent WiPG-1600W devices download code without an Integrity Check.

7.5
2020-11-24 CVE-2020-28994 Karenderia Multiple Restaurant System Project SQL Injection vulnerability in Karenderia multiple Restaurant System Project Karenderia multiple Restaurant System 5.4.2

A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below.

7.5
2020-11-24 CVE-2020-4001 Vmware Use of Hard-coded Credentials vulnerability in VMWare Sd-Wan Orchestrator

The SD-WAN Orchestrator 3.3.2, 3.4.x, and 4.0.x has default passwords allowing for a Pass-the-Hash Attack.

7.5
2020-11-24 CVE-2020-29006 Misp Missing Authorization vulnerability in Misp

MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.

7.5
2020-11-24 CVE-2020-25475 Newsscriptphp SQL Injection vulnerability in Newsscriptphp News Script PHP PRO 2.3

SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an editNews action.

7.5
2020-11-24 CVE-2019-20925 Mongodb Incorrect Comparison vulnerability in Mongodb

An unauthenticated client can trigger denial of service by issuing specially crafted wire protocol messages, which cause the message decompressor to incorrectly allocate memory.

7.5
2020-11-24 CVE-2020-26890 Matrix
Fedoraproject
Improper Input Validation vulnerability in multiple products

Matrix Synapse before 1.20.0 erroneously permits non-standard NaN, Infinity, and -Infinity JSON values in fields of m.room.member events, allowing remote attackers to execute a denial of service attack against the federation and common Matrix clients.

7.5
2020-11-24 CVE-2020-15929 Ortussolutions Command Injection vulnerability in Ortussolutions Testbox

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters passed to system/runners/HTMLRunner.cfm allow an attacker to write an arbitrary CFM file (within the application's context) containing attacker-defined CFML tags, leading to Remote Code Execution.

7.5
2020-11-24 CVE-2020-28991 Gitea Unspecified vulnerability in Gitea

Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go.

7.5
2020-11-23 CVE-2020-28984 Spip
Debian
prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.
7.5
2020-11-23 CVE-2020-25696 Postgresql
Debian
Permissive Whitelist vulnerability in multiple products

A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24.

7.5
2020-11-23 CVE-2020-28360 Private IP Project Server-Side Request Forgery (SSRF) vulnerability in Private-Ip Project Private-Ip

Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ranges resulting in indeterminate SSRF.

7.5
2020-11-23 CVE-2020-28864 Winscp Classic Buffer Overflow vulnerability in Winscp 5.17.8

Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name.

7.5
2020-11-23 CVE-2020-4854 IBM Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 thorugh 10.1.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.

7.5
2020-11-23 CVE-2020-7925 Mongodb Improper Input Validation vulnerability in Mongodb

Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service.

7.5
2020-11-27 CVE-2020-28922 Pcanalyser Improper Privilege Management vulnerability in Pcanalyser PC Analyser 4.05/4.10

An issue was discovered in Devid Espenschied PC Analyser through 4.10.

7.2
2020-11-27 CVE-2020-28921 Pcanalyser Improper Privilege Management vulnerability in Pcanalyser PC Analyser 4.05/4.10

An issue was discovered in Devid Espenschied PC Analyser through 4.10.

7.2
2020-11-24 CVE-2020-25654 Clusterlabs
Debian
An ACL bypass flaw was found in pacemaker.
7.2
2020-11-23 CVE-2020-27985 Securityonionsolutions Improper Authentication vulnerability in Securityonionsolutions Security Onion

Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup.

7.2
2020-11-28 CVE-2020-29370 Linux
Netapp
Race Condition vulnerability in multiple products

An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11.

7.0
2020-11-28 CVE-2020-29369 Linux
Netapp
Race Condition vulnerability in multiple products

An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11.

7.0
2020-11-28 CVE-2020-29368 Linux
Netapp
Race Condition vulnerability in multiple products

An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5.

7.0

115 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-27 CVE-2020-7780 Softwaremill Cross-Site Request Forgery (CSRF) vulnerability in Softwaremill Akka-Http-Session

This affects the package com.softwaremill.akka-http-session:core_2.13 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.12 before 0.5.11; the package com.softwaremill.akka-http-session:core_2.11 before 0.5.11.

6.8
2020-11-27 CVE-2020-27745 Schedmd
Debian
Classic Buffer Overflow vulnerability in multiple products

Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin.

6.8
2020-11-26 CVE-2020-26936 Cloudera Cross-Site Request Forgery (CSRF) vulnerability in Cloudera Data Engineering

Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.

6.8
2020-11-26 CVE-2020-29128 Petl Project XML Injection (aka Blind XPath Injection) vulnerability in Petl Project Petl

petl before 1.68, in some configurations, allows resolution of entities in an XML document.

6.8
2020-11-24 CVE-2020-13620 Fastweb Cross-Site Request Forgery (CSRF) vulnerability in Fastweb Fastgate Gpon Fga2130Fwb Firmware 20200526

Fastweb FASTGate GPON FGA2130FWB devices through 2020-05-26 allow CSRF via the router administration web panel, leading to an attacker's ability to perform administrative actions such as modifying the configuration.

6.8
2020-11-23 CVE-2020-15436 Linux
Broadcom
Netapp
Use After Free vulnerability in multiple products

Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.

6.7
2020-11-24 CVE-2020-4002 Vmware Incorrect Permission Assignment for Critical Resource vulnerability in VMWare Sd-Wan Orchestrator

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way.

6.5
2020-11-24 CVE-2020-4000 Vmware Path Traversal vulnerability in VMWare Sd-Wan Orchestrator

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 allows for executing files through directory traversal.

6.5
2020-11-24 CVE-2020-3985 Vmware Improper Privilege Management vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue.

6.5
2020-11-23 CVE-2020-7927 Mongodb Unspecified vulnerability in Mongodb OPS Manager

Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege.

6.5
2020-11-23 CVE-2018-20803 Mongodb Infinite Loop vulnerability in Mongodb

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which loop indefinitely in mathematics processing while retaining locks.

6.5
2020-11-23 CVE-2020-7928 Mongodb Unspecified vulnerability in Mongodb

A user authorized to perform database queries may trigger a read overrun and access arbitrary memory by issuing specially crafted queries.

6.5
2020-11-23 CVE-2020-7777 Jsen Project Unspecified vulnerability in Jsen Project Jsen

This affects all versions of package jsen.

6.5
2020-11-23 CVE-2019-2393 Mongodb Use After Free vulnerability in Mongodb

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use $lookup and collations.

6.5
2020-11-23 CVE-2019-2392 Mongodb Integer Overflow or Wraparound vulnerability in Mongodb

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which use the $mod operator to overflow negative values.

6.5
2020-11-23 CVE-2019-20924 Mongodb Improper Check for Unusual or Exceptional Conditions vulnerability in Mongodb 4.2.0/4.2.1

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries which trigger an invariant in the IndexBoundsBuilder.

6.5
2020-11-23 CVE-2019-20923 Mongodb Unspecified vulnerability in Mongodb

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which throw unhandled Javascript exceptions containing types intended to be scoped to the Javascript engine's internals.

6.5
2020-11-23 CVE-2018-20805 Mongodb Excessive Iteration vulnerability in Mongodb

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries, which perform an $elemMatch .

6.5
2020-11-23 CVE-2018-20804 Mongodb Improper Input Validation vulnerability in Mongodb

A user authorized to perform database queries may trigger denial of service by issuing specially crafted applyOps invocations.

6.5
2020-11-23 CVE-2018-20802 Mongodb Unspecified vulnerability in Mongodb

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner.

6.5
2020-11-23 CVE-2020-7926 Mongodb Improper Handling of Exceptional Conditions vulnerability in Mongodb 4.4.0

A user authorized to perform database queries may cause denial of service by issuing a specially crafted query which violates an invariant in the server selection subsystem.

6.5
2020-11-23 CVE-2020-28053 Hashicorp Incorrect Authorization vulnerability in Hashicorp Consul

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration.

6.5
2020-11-27 CVE-2017-15680 Craftercms Missing Authorization vulnerability in Craftercms Crafter CMS 3.0.0

In Crafter CMS Crafter Studio 3.0.1 an IDOR vulnerability exists which allows unauthenticated attackers to view and modify administrative data.

6.4
2020-11-26 CVE-2020-25651 Spice Space
Debian
Fedoraproject
Race Condition vulnerability in multiple products

A flaw was found in the SPICE file transfer protocol.

6.4
2020-11-24 CVE-2020-7378 Opencrx Improper Authentication vulnerability in Opencrx

CRIXP OpenCRX version 4.30 and 5.0-20200717 and prior suffers from an unverified password change vulnerability.

6.4
2020-11-24 CVE-2020-25473 Newsscriptphp Unspecified vulnerability in Newsscriptphp News Script PHP PRO 2.3

SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies.

6.4
2020-11-26 CVE-2020-25653 Spice Space
Debian
Fedoraproject
Race Condition vulnerability in multiple products

A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections.

6.3
2020-11-24 CVE-2020-28348 Hashicorp Path Traversal vulnerability in Hashicorp Nomad

HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be subverted when not explicitly disabled or when using a volume mount type.

6.3
2020-11-24 CVE-2020-28726 Seeddms Open Redirect vulnerability in Seeddms 6.0.13

Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.

5.8
2020-11-23 CVE-2020-0569 Intel
Debian
Canonical
Opensuse
QT
Out-of-bounds Write vulnerability in multiple products

Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.

5.7
2020-11-26 CVE-2020-25652 Spice Space
Debian
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections that can be established via the UNIX domain socket in `/run/spice-vdagentd/spice-vdagent-sock`.

5.5
2020-11-25 CVE-2020-25650 Spice Space
Debian
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine.

5.5
2020-11-25 CVE-2020-26241 Ethereum Incorrect Calculation vulnerability in Ethereum GO Ethereum

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol.

5.5
2020-11-24 CVE-2020-26232 Jupyter Open Redirect vulnerability in Jupyter Server

Jupyter Server before version 1.0.6 has an Open redirect vulnerability.

5.5
2020-11-24 CVE-2020-28928 Musl Libc
Debian
Fedoraproject
Oracle
Out-of-bounds Write vulnerability in multiple products

In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).

5.5
2020-11-24 CVE-2020-10762 Redhat Information Exposure Through Log Files vulnerability in Redhat Gluster-Block

An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output from gluster-block CLI operations.

5.5
2020-11-28 CVE-2019-20934 Linux Use After Free vulnerability in Linux Kernel

An issue was discovered in the Linux kernel before 5.2.6.

5.4
2020-11-27 CVE-2020-29138 Sagemcom Missing Authentication for Critical Function vulnerability in Sagemcom F@St 3486 Router Firmware 4.109.0

Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, software NET_4.109.0, allows remote unauthenticated users to download the router configuration file via the /backupsettings.conf URI, when any valid session is running.

5.3
2020-11-24 CVE-2020-25640 Redhat Information Exposure Through Log Files vulnerability in Redhat Wildfly

A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS password at warning level on connection error, inserting sensitive information in the log file.

5.3
2020-11-23 CVE-2019-14586 Tianocore
Debian
Use After Free vulnerability in multiple products

Use after free vulnerability in EDK II may allow an authenticated user to potentially enable escalation of privilege, information disclosure and/or denial of service via adjacent access.

5.2
2020-11-29 CVE-2020-29377 Vsolcn Use of Hard-coded Credentials vulnerability in Vsolcn V1600D Firmware 2.03.69

An issue was discovered on V-SOL V1600D V2.03.69 OLT devices.

5.0
2020-11-29 CVE-2020-29376 Vsolcn Use of Hard-coded Credentials vulnerability in Vsolcn products

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices.

5.0
2020-11-27 CVE-2017-15685 Craftercms XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0

Crafter CMS Crafter Studio 3.0.1 is affected by: XML External Entity (XXE).

5.0
2020-11-27 CVE-2017-15684 Craftercms Path Traversal vulnerability in Craftercms Crafter CMS 3.0.0

Crafter CMS Crafter Studio 3.0.1 has a directory traversal vulnerability which allows unauthenticated attackers to view files from the operating system.

5.0
2020-11-27 CVE-2017-15683 Craftercms XML Injection (aka Blind XPath Injection) vulnerability in Craftercms Crafter CMS 3.0.0

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.

5.0
2020-11-27 CVE-2019-19878 BR Automation Improper Authentication vulnerability in Br-Automation Industrial Automation Aprol

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08.

5.0
2020-11-27 CVE-2019-19877 BR Automation Path Traversal vulnerability in Br-Automation Industrial Automation Aprol

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08.

5.0
2020-11-27 CVE-2019-19873 BR Automation Improper Authentication vulnerability in Br-Automation Industrial Automation Aprol

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08.

5.0
2020-11-27 CVE-2019-19869 BR Automation Unspecified vulnerability in Br-Automation Industrial Automation Aprol

An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08.

5.0
2020-11-26 CVE-2020-29043 Bigbluebutton Missing Authorization vulnerability in Bigbluebutton

An issue was discovered in BigBlueButton through 2.2.29.

5.0
2020-11-26 CVE-2020-27207 Zetetic Use After Free vulnerability in Zetetic Sqlcipher 4.0

Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c.

5.0
2020-11-26 CVE-2020-13886 Intelbras Path Traversal vulnerability in Intelbras products

Intelbras TIP 200 60.61.75.15, TIP 200 LITE 60.61.75.15, and TIP 300 65.61.75.22 devices allow cgi-bin/cgiServer.exx?page=../ Directory Traversal.

5.0
2020-11-26 CVE-2020-7779 Djvalidator Project Expression Language Injection vulnerability in Djvalidator Project Djvalidator

All versions of package djvalidator are vulnerable to Regular Expression Denial of Service (ReDoS) by sending crafted invalid emails - for example, --@------------------------------------------------------------------------------------------------------------------------!.

5.0
2020-11-26 CVE-2020-27255 Rockwellautomation Heap-based Buffer Overflow vulnerability in Rockwellautomation Factorytalk Linx 6.00/6.10/6.11

A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior.

5.0
2020-11-25 CVE-2020-14190 Atlassian Missing Authorization vulnerability in Atlassian Crucible

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to achieve Regex Denial of Service via user-supplied regex in EyeQL.

5.0
2020-11-25 CVE-2020-14191 Atlassian Missing Authorization vulnerability in Atlassian Crucible

Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets.

5.0
2020-11-25 CVE-2020-26242 Ethereum Unspecified vulnerability in Ethereum GO Ethereum

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol.

5.0
2020-11-25 CVE-2020-26240 Ethereum Incorrect Calculation vulnerability in Ethereum GO Ethereum

Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol.

5.0
2020-11-24 CVE-2020-29063 Cdatatec Inadequate Encryption Strength vulnerability in Cdatatec products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

5.0
2020-11-24 CVE-2020-29058 Cdatatec Insufficiently Protected Credentials vulnerability in Cdatatec products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

5.0
2020-11-24 CVE-2020-29054 Cdatatec Insufficiently Protected Credentials vulnerability in Cdatatec products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

5.0
2020-11-24 CVE-2015-9550 Totolink Exposure of Resource to Wrong Sphere vulnerability in Totolink products

An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices.

5.0
2020-11-24 CVE-2020-28331 Barco Unspecified vulnerability in Barco Wepresent Wipg-1600W Firmware 2.5.1.8

Barco wePresent WiPG-1600W devices have Improper Access Control.

5.0
2020-11-24 CVE-2020-15928 Ortussolutions Path Traversal vulnerability in Ortussolutions Testbox

In Ortus TestBox 2.4.0 through 4.1.0, unvalidated query string parameters to test-browser/index.cfm allow directory traversal.

5.0
2020-11-23 CVE-2020-26228 Typo3 Cleartext Storage of Sensitive Information vulnerability in Typo3

TYPO3 is an open source PHP based web content management system.

5.0
2020-11-23 CVE-2020-24227 Playgroundsessions Insufficiently Protected Credentials vulnerability in Playgroundsessions Playground Sessions

Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password.

5.0
2020-11-23 CVE-2020-15246 Octobercms Path Traversal vulnerability in Octobercms October

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.

5.0
2020-11-23 CVE-2020-4771 IBM Improper Authentication vulnerability in IBM Spectrum Protect Operations Center

IBM Spectrum Protect Operations Center 8.1.0.000 through 8.1.10.and 7.1.0.000 through 7.1.11 could allow a remote attacker to obtain sensitive information, caused by improper authentication of a websocket endpoint.

5.0
2020-11-23 CVE-2019-14559 Tianocore Memory Leak vulnerability in Tianocore Edk2

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access.

5.0
2020-11-23 CVE-2020-15437 Linux NULL Pointer Dereference vulnerability in Linux Kernel

The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized.

4.9
2020-11-28 CVE-2020-27218 Eclipse
Netapp
Oracle
Apache
Debian
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body.
4.8
2020-11-28 CVE-2020-29372 Linux
Canonical
Race Condition vulnerability in multiple products

An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8.

4.7
2020-11-24 CVE-2020-29040 XEN Off-by-one Error vulnerability in XEN

An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error.

4.6
2020-11-23 CVE-2018-16723 V Secure Improper Input Validation vulnerability in V-Secure Jingyun Antivirus 2.4.2.39

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12364020.

4.6
2020-11-23 CVE-2018-16722 V Secure Improper Input Validation vulnerability in V-Secure Jingyun Antivirus 2.4.2.39

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360094, a related issue to CVE-2018-16305.

4.6
2020-11-23 CVE-2018-16721 V Secure Improper Input Validation vulnerability in V-Secure Jingyun Antivirus 2.4.2.39

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x12360090, a related issue to CVE-2018-16306.

4.6
2020-11-23 CVE-2018-16720 V Secure Improper Input Validation vulnerability in V-Secure Jingyun Antivirus 2.4.2.39

In Jingyun Antivirus v2.4.2.39, the driver file (ZySandbox.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x1236001c, a related issue to CVE-2018-16304.

4.6
2020-11-23 CVE-2018-16719 V Secure Improper Input Validation vulnerability in V-Secure Jingyun Antivirus 2.4.2.39

In Jingyun Antivirus v2.4.2.39, the driver file (hookbody.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x00221482.

4.6
2020-11-23 CVE-2020-15248 Octobercms Improper Privilege Management vulnerability in Octobercms October

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.

4.6
2020-11-23 CVE-2019-14575 Tianocore
Debian
Logic issue in DxeImageVerificationHandler() for EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.
4.6
2020-11-23 CVE-2019-14563 Tianocore
Debian
Incorrect Conversion between Numeric Types vulnerability in multiple products

Integer truncation in EDK II may allow an authenticated user to potentially enable escalation of privilege via local access.

4.6
2020-11-23 CVE-2020-28421 Broadcom Improper Privilege Management vulnerability in Broadcom Unified Infrastructure Management

CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges.

4.6
2020-11-24 CVE-2020-5674 Epson Untrusted Search Path vulnerability in Epson products

Untrusted search path vulnerability in the installers of multiple SEIKO EPSON products allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.

4.4
2020-11-23 CVE-2020-26231 Octobercms Missing Authorization vulnerability in Octobercms October 1.0.469/1.1.0

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.

4.4
2020-11-23 CVE-2020-15247 Octobercms Unspecified vulnerability in Octobercms October

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.

4.4
2020-11-29 CVE-2020-29380 Vsolcn Cleartext Transmission of Sensitive Information vulnerability in Vsolcn products

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices.

4.3
2020-11-27 CVE-2020-27746 Schedmd
Debian
Race Condition vulnerability in multiple products

Slurm before 19.05.8 and 20.x before 20.02.6 exposes Sensitive Information to an Unauthorized Actor because xauth for X11 magic cookies is affected by a race condition in a read operation on the /proc filesystem.

4.3
2020-11-27 CVE-2017-15686 Craftercms Cross-site Scripting vulnerability in Craftercms Crafter CMS 3.0.0

Crafter CMS Crafter Studio 3.0.1 is affected by: Cross Site Scripting (XSS), which allows remote attackers to steal users’ cookies.

4.3
2020-11-27 CVE-2017-15682 Craftercms Cross-site Scripting vulnerability in Craftercms Crafter CMS 3.0.0

In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.

4.3
2020-11-27 CVE-2020-29137 Cpanel Cross-site Scripting vulnerability in Cpanel

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).

4.3
2020-11-27 CVE-2020-29133 Coremail XT Project Cross-site Scripting vulnerability in Coremail XT Project Coremail XT 5.0

jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by a .jpg.html filename in the signImgFile parameter.

4.3
2020-11-26 CVE-2020-29130 Libslirp Project
Debian
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

4.3
2020-11-26 CVE-2020-29129 Libslirp Project
Fedoraproject
Debian
Out-of-bounds Read vulnerability in multiple products

ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of header data even if that exceeds the total packet length.

4.3
2020-11-26 CVE-2020-29042 Bigbluebutton Improper Restriction of Excessive Authentication Attempts vulnerability in Bigbluebutton

An issue was discovered in BigBlueButton through 2.2.29.

4.3
2020-11-25 CVE-2020-26243 Nanopb Project Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Nanopb Project Nanopb

Nanopb is a small code-size Protocol Buffers implementation.

4.3
2020-11-25 CVE-2020-29072 Liquidfiles Cross-site Scripting vulnerability in Liquidfiles

A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19.

4.3
2020-11-24 CVE-2020-29055 Cdatatec Cleartext Transmission of Sensitive Information vulnerability in Cdatatec products

An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices.

4.3
2020-11-24 CVE-2020-29053 Hrsale Cross-site Scripting vulnerability in Hrsale 2.0.0

HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.

4.3
2020-11-24 CVE-2020-25474 Newsscriptphp Cross-site Scripting vulnerability in Newsscriptphp News Script PHP PRO 2.3

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability via the editor_name parameter.

4.3
2020-11-24 CVE-2020-25472 Newsscriptphp Cross-Site Request Forgery (CSRF) vulnerability in Newsscriptphp News Script PHP PRO 2.3

SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerability, which allows attackers to add new users.

4.3
2020-11-24 CVE-2020-5641 Netgear Cross-Site Request Forgery (CSRF) vulnerability in Netgear Gs108Ev3 Firmware

Cross-site request forgery (CSRF) vulnerability in GS108Ev3 firmware version 2.06.10 and earlier allows remote attackers to hijack the authentication of administrators and the product's settings may be changed without the user's intention or consent via unspecified vectors.

4.3
2020-11-23 CVE-2020-26227 Typo3 Cross-site Scripting vulnerability in Typo3

TYPO3 is an open source PHP based web content management system.

4.3
2020-11-23 CVE-2020-28927 Magicpin Cross-site Scripting vulnerability in Magicpin 2.1

There is a Stored XSS in Magicpin v2.1 in the User Registration section.

4.3
2020-11-23 CVE-2020-4783 IBM Information Exposure vulnerability in IBM Spectrum Protect Plus

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security.

4.3
2020-11-29 CVE-2020-29375 Vsolcn Use of Hard-coded Credentials vulnerability in Vsolcn products

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices.

4.0
2020-11-27 CVE-2020-29136 Cpanel Improper Restriction of Excessive Authentication Attempts vulnerability in Cpanel

In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).

4.0
2020-11-26 CVE-2020-27663 Glpi Project Insecure Storage of Sensitive Information vulnerability in Glpi-Project Glpi

In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.).

4.0
2020-11-26 CVE-2020-27662 Glpi Project Insecure Storage of Sensitive Information vulnerability in Glpi-Project Glpi

In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.).

4.0
2020-11-25 CVE-2020-26212 Glpi Project Missing Authorization vulnerability in Glpi-Project Glpi

GLPI stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing.

4.0
2020-11-24 CVE-2020-28330 Barco Insufficiently Protected Credentials vulnerability in Barco Wepresent Wipg-1600W Firmware 2.5.1.8

Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials.

4.0
2020-11-24 CVE-2020-24815 Microstrategy Server-Side Request Forgery (SSRF) vulnerability in Microstrategy 10.4/2019/2020

A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before Update 6, and 2020 before Update 2 allows authenticated users to access the content of internal network resources or leak files from the local system via HTML containers embedded in a dossier/dashboard document.

4.0
2020-11-24 CVE-2020-4003 Vmware SQL Injection vulnerability in VMWare Sd-Wan Orchestrator

VMware SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 was found to be vulnerable to SQL-injection attacks allowing for potential information disclosure.

4.0
2020-11-24 CVE-2020-3984 Vmware SQL Injection vulnerability in VMWare Sd-Wan Orchestrator 3.3.2/3.4.0/3.4.4

The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 does not apply correct input validation which allows for SQL-injection.

4.0
2020-11-23 CVE-2020-1778 Otrs Improper Authentication vulnerability in Otrs

When OTRS uses multiple backends for user authentication (with LDAP), agents are able to login even if the account is set to invalid.

4.0
2020-11-23 CVE-2019-14553 Tianocore Improper Authentication vulnerability in Tianocore Edk2

Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure via network access.

4.0

25 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-11-28 CVE-2020-29374 Linux
Debian
Netapp
Incorrect Authorization vulnerability in multiple products

An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c.

3.6
2020-11-23 CVE-2020-26229 Typo3 XXE vulnerability in Typo3

TYPO3 is an open source PHP based web content management system.

3.6
2020-11-27 CVE-2020-29145 Ericsson Cross-site Scripting vulnerability in Ericsson products

In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulnerable to stored XSS via the name or description field to a solutionUnitServlet?SuName=UserReferenceDataSU Access Rights Group.

3.5
2020-11-27 CVE-2020-29144 Ericsson Cross-site Scripting vulnerability in Ericsson products

In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerable to stored XSS via an Alert Dashboard comment.

3.5
2020-11-27 CVE-2020-29135 Cpanel Injection vulnerability in Cpanel

cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).

3.5
2020-11-27 CVE-2020-12262 Intelbras Cross-site Scripting vulnerability in Intelbras products

Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS.

3.5
2020-11-25 CVE-2020-29070 Oscommerce Cross-site Scripting vulnerability in Oscommerce 2.3.4.1

osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into the title section of newsletters.

3.5
2020-11-24 CVE-2020-26235 Time Project NULL Pointer Dereference vulnerability in Time Project Time

In Rust time crate from version 0.2.7 and before version 0.2.23, unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances.

3.5
2020-11-24 CVE-2020-29003 Mediawiki Cross-site Scripting vulnerability in Mediawiki

The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.

3.5
2020-11-24 CVE-2020-29002 Mediawiki Cross-site Scripting vulnerability in Mediawiki

includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.

3.5
2020-11-23 CVE-2020-15249 Octobercms Cross-site Scripting vulnerability in Octobercms October

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework.

3.5
2020-11-23 CVE-2020-26239 Scratchaddons Cross-site Scripting vulnerability in Scratchaddons Scratch Addons

Scratch Addons is a WebExtension that supports both Chrome and Firefox.

3.5
2020-11-23 CVE-2020-12352 Linux Unspecified vulnerability in Linux Kernel

Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access.

3.3
2020-11-23 CVE-2019-14587 Tianocore
Debian
Logic issue EDK II may allow an unauthenticated user to potentially enable denial of service via adjacent access.
3.3
2020-11-23 CVE-2020-25688 Redhat Use of Hard-coded Credentials vulnerability in Redhat Advanced Cluster Management for Kubernetes

A flaw was found in rhacm versions before 2.0.5 and before 2.1.0.

2.7
2020-11-23 CVE-2020-28896 Mutt
Neomutt
Debian
Insufficiently Protected Credentials vulnerability in multiple products

Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if an IMAP server's initial server response was invalid.

2.6
2020-11-29 CVE-2020-29383 Vsolcn Use of Hard-coded Credentials vulnerability in Vsolcn V1600D-Mini Firmware and V1600D4L Firmware

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices.

2.1
2020-11-29 CVE-2020-29382 Vsolcn Use of Hard-coded Credentials vulnerability in Vsolcn V1600D Firmware, V1600G1 Firmware and V1600G2 Firmware

An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices.

2.1
2020-11-29 CVE-2020-29379 Vsolcn Improper Authentication vulnerability in Vsolcn V1600D-Mini Firmware and V1600D4L Firmware

An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices.

2.1
2020-11-28 CVE-2020-29373 Linux Path Traversal vulnerability in Linux Kernel

An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6.

2.1
2020-11-28 CVE-2020-29371 Linux Use of Uninitialized Resource vulnerability in Linux Kernel

An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4.

2.1
2020-11-25 CVE-2020-29069 Modern Honey Network Project Unspecified vulnerability in Modern Honey Network Project Modern Honey Network 20201123

_get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string.

2.1
2020-11-24 CVE-2020-10763 Heketi Project
Redhat
Information Exposure Through Log Files vulnerability in multiple products

An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information.

2.1
2020-11-23 CVE-2019-14562 Tianocore
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in DxeImageVerificationHandler() EDK II may allow an authenticated user to potentially enable denial of service via local access.

2.1
2020-11-27 CVE-2020-25738 Cyberark Uncontrolled Search Path Element vulnerability in Cyberark Endpoint Privilege Manager 11.1.0.173

CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft protection mechanism by injecting a DLL into a process that normally has credential access, such as a Chrome process that reads credentials from a SQLite database.

1.9