Weekly Vulnerabilities Reports > December 14 to 20, 2020

Overview

395 new vulnerabilities reported during this period, including 51 critical vulnerabilities and 62 high severity vulnerabilities. This weekly summary report vulnerabilities in 383 products from 126 vendors including Google, Debian, Fedoraproject, Siemens, and XEN. Vulnerabilities are notably categorized as "Cross-site Scripting", "Out-of-bounds Read", "Missing Authentication for Critical Function", "Out-of-bounds Write", and "Information Exposure".

  • 272 reported vulnerabilities are remotely exploitables.
  • 4 reported vulnerabilities have public exploit available.
  • 103 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 322 reported vulnerabilities are exploitable by an anonymous user.
  • Google has the most reported vulnerabilities, with 105 reported vulnerabilities.
  • Docker has the most reported critical vulnerabilities, with 7 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

51 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-12-18 CVE-2020-14224 Hcltech Out-of-bounds Write vulnerability in Hcltech Notes 9.0/9.0.1

A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.

10.0
2020-12-18 CVE-2020-27780 Linux PAM Improper Authentication vulnerability in Linux-Pam 1.5.0

A flaw was found in Linux-Pam in versions prior to 1.5.1 in the way it handle empty passwords for non-existing users.

10.0
2020-12-17 CVE-2020-12522 Wago OS Command Injection vulnerability in Wago products

The reported vulnerability allows an attacker who has network access to the device to execute code with specially crafted packets in WAGO Series PFC 100 (750-81xx/xxx-xxx), Series PFC 200 (750-82xx/xxx-xxx), Series Wago Touch Panel 600 Standard Line (762-4xxx), Series Wago Touch Panel 600 Advanced Line (762-5xxx), Series Wago Touch Panel 600 Marine Line (762-6xxx) with firmware versions <=FW10.

10.0
2020-12-17 CVE-2020-12519 Phoenixcontact Improper Privilege Management vulnerability in Phoenixcontact Plcnext Firmware

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use this vulnerability i.e.

10.0
2020-12-17 CVE-2020-8465 Trendmicro Improper Authentication vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to manipulate system updates using a combination of CSRF bypass (CVE-2020-8461) and authentication bypass (CVE-2020-8464) to execute code as user root.

10.0
2020-12-17 CVE-2020-35489 Rocklobster Unrestricted Upload of File with Dangerous Type vulnerability in Rocklobster Contact Form 7

The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.

10.0
2020-12-17 CVE-2020-25094 Logrhythm Injection vulnerability in Logrhythm Platform Manager 7.4.9

LogRhythm Platform Manager 7.4.9 allows Command Injection.

10.0
2020-12-17 CVE-2020-35197 Docker Missing Authentication for Critical Function vulnerability in Docker Memcached Docker Image

The official memcached docker images before 1.5.11-alpine (Alpine specific) contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35196 Docker Missing Authentication for Critical Function vulnerability in Docker Rabbitmq Docker Image

The official rabbitmq docker images before 3.7.13-beta.1-management-alpine (Alpine specific) contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35195 Docker Missing Authentication for Critical Function vulnerability in Docker Haproxy Docker Image

The official haproxy docker images before 1.8.18-alpine (Alpine specific) contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35192 Hashicorp Missing Authentication for Critical Function vulnerability in Hashicorp Vault

The official vault docker images before 0.11.6 contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35191 Drupal Missing Authentication for Critical Function vulnerability in Drupal Docker Images 8.3.0Fpmalpine

The official drupal docker images before 8.5.10-fpm-alpine (Alpine specific) contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35190 Plone Missing Authentication for Critical Function vulnerability in Plone

The official plone Docker images before version of 4.3.18-alpine (Alpine specific) contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35186 Docker Missing Authentication for Critical Function vulnerability in Docker Adminer

The official adminer docker images before 4.7.0-fastcgi contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35184 Docker Missing Authentication for Critical Function vulnerability in Docker Composer Docker Image

The official composer docker images before 1.8.3 contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35189 Kong Missing Authentication for Critical Function vulnerability in Kong Alpine Docker Image

The official kong docker images before 1.0.2-alpine (Alpine specific) contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35187 Influxdata Missing Authentication for Critical Function vulnerability in Influxdata Telegraf

The official telegraf docker images before 1.9.4-alpine (Alpine specific) contain a blank password for a root user.

10.0
2020-12-17 CVE-2020-35185 Docker Missing Authentication for Critical Function vulnerability in Docker Ghost Alpine Docker Image

The official ghost docker images before 2.16.1-alpine (Alpine specific) contain a blank password for a root user.

10.0
2020-12-16 CVE-2019-14482 Adremsoft Use of Hard-coded Credentials vulnerability in Adremsoft Netcrunch 10.6.0.4587

AdRem NetCrunch 10.6.0.4587 has a hardcoded SSL private key vulnerability in the NetCrunch web client.

10.0
2020-12-16 CVE-2020-35469 Softwareag Missing Authentication for Critical Function vulnerability in Softwareag Terracotta Server OSS 5.4.1

The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user.

10.0
2020-12-16 CVE-2020-35468 Appbase Missing Authentication for Critical Function vulnerability in Appbase Streams 2.1.2

The Appbase streams Docker image 2.1.2 contains a blank password for the root user.

10.0
2020-12-16 CVE-2020-35193 Sonarsource Missing Authentication for Critical Function vulnerability in Sonarsource Sonarqube Docker Image

The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user.

10.0
2020-12-15 CVE-2020-35467 Docker Missing Authentication for Critical Function vulnerability in Docker Docs

The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user.

10.0
2020-12-15 CVE-2020-35465 Fullarmor Missing Authentication for Critical Function vulnerability in Fullarmor Hapi File Share Mount

The FullArmor HAPI File Share Mount Docker image through 2020-12-14 contains a blank password for the root user.

10.0
2020-12-15 CVE-2020-35464 Weave Missing Authentication for Critical Function vulnerability in Weave Cloud Agent 1.3.0

Version 1.3.0 of the Weave Cloud Agent Docker image contains a blank password for the root user.

10.0
2020-12-15 CVE-2020-35463 Instana Missing Authentication for Critical Function vulnerability in Instana Dynamic APM 1.0.0

Version 1.0.0 of the Instana Dynamic APM Docker image contains a blank password for the root user.

10.0
2020-12-15 CVE-2020-35462 Coscale Agent Project Missing Authentication for Critical Function vulnerability in Coscale Agent Project Coscale Agent 3.16.0

Version 3.16.0 of the CoScale agent Docker image contains a blank password for the root user.

10.0
2020-12-14 CVE-2020-25228 Siemens Missing Authentication for Critical Function vulnerability in Siemens Logo! 8 BM Firmware

A vulnerability has been identified in LOGO! 8 BM (incl.

10.0
2020-12-14 CVE-2020-25187 Medtronic Out-of-bounds Write vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware

Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack.

10.0
2020-12-14 CVE-2020-14268 Hcltech Out-of-bounds Write vulnerability in Hcltech Notes

A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.

10.0
2020-12-14 CVE-2020-14244 Hcltech Out-of-bounds Write vulnerability in Hcltech Domino 10.0.1/9.0.1

A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.

10.0
2020-12-14 CVE-2020-5639 Soliton Path Traversal vulnerability in Soliton Filezen

Directory traversal vulnerability in FileZen versions from V3.0.0 to V4.2.2 allows remote attackers to upload an arbitrary file in a specific directory via unspecified vectors.

10.0
2020-12-18 CVE-2020-11974 Apache Unspecified vulnerability in Apache Dolphinscheduler 1.2.0/1.2.1

In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database.

9.8
2020-12-18 CVE-2020-20277 Troglobit Path Traversal vulnerability in Troglobit Uftpd

There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution.

9.8
2020-12-18 CVE-2020-13931 Apache Unspecified vulnerability in Apache Tomee

If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication.

9.8
2020-12-17 CVE-2020-22083 Jsonpickle Project Deserialization of Untrusted Data vulnerability in Jsonpickle Project Jsonpickle

jsonpickle through 1.4.1 allows remote code execution during deserialization of a malicious payload through the decode() function.

9.8
2020-12-16 CVE-2020-35476 Opentsdb OS Command Injection vulnerability in Opentsdb

A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter.

9.8
2020-12-15 CVE-2020-35466 Blackfire Missing Authentication for Critical Function vulnerability in Blackfire Docker Image 20201214

The Blackfire Docker image through 2020-12-14 contains a blank password for the root user.

9.8
2020-12-15 CVE-2020-27068 Google Unspecified vulnerability in Google Android

Product: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel

9.8
2020-12-14 CVE-2020-0458 Google Integer Overflow or Wraparound vulnerability in Google Android

In SPDIFEncoder::writeBurstBufferBytes and related methods of SPDIFEncoder.cpp, there is a possible out of bounds write due to an integer overflow.

9.3
2020-12-14 CVE-2020-0099 Google Improper Privilege Management vulnerability in Google Android

In addWindow of WindowManagerService.java, there is a possible window overlay attack due to an insecure default value.

9.3
2020-12-14 CVE-2020-27252 Medtronic Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware

Medtronic MyCareLink Smart 25000 all versions are vulnerable to a race condition in the MCL Smart Patient Reader software update system, which allows unsigned firmware to be uploaded and executed on the Patient Reader.

9.3
2020-12-18 CVE-2020-14232 Hcltech Unspecified vulnerability in Hcltech Notes 9.0/9.0.1

A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow.

9.0
2020-12-16 CVE-2019-14479 Adremsoft Incorrect Permission Assignment for Critical Resource vulnerability in Adremsoft Netcrunch 10.6.0.4587

AdRem NetCrunch 10.6.0.4587 allows Remote Code Execution.

9.0
2020-12-16 CVE-2019-14483 Adremsoft Insufficiently Protected Credentials vulnerability in Adremsoft Netcrunch

AdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure.

9.0
2020-12-16 CVE-2020-25618 Solarwinds OS Command Injection vulnerability in Solarwinds N-Central 12.3.0.670

An issue was discovered in SolarWinds N-Central 12.3.0.670.

9.0
2020-12-16 CVE-2020-25617 Solarwinds Path Traversal vulnerability in Solarwinds N-Central 12.3.0.670

An issue was discovered in SolarWinds N-Central 12.3.0.670.

9.0
2020-12-15 CVE-2020-25759 Dlink Improper Input Validation vulnerability in Dlink products

An issue was discovered on D-Link DSR-250 3.17 devices.

9.0
2020-12-15 CVE-2020-25758 Dlink Improper Validation of Integrity Check Value vulnerability in Dlink products

An issue was discovered on D-Link DSR-250 3.17 devices.

9.0
2020-12-14 CVE-2020-8283 Citrix Improper Privilege Management vulnerability in Citrix Virtual Apps and Desktops, Xenapp and Xendesktop

An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.

9.0
2020-12-14 CVE-2020-29669 Macally Improper Authentication vulnerability in Macally Wifisd2-2A82 Firmware 2.000.010

In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password.

9.0

62 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-12-15 CVE-2020-29481 XEN
Debian
Fedoraproject
Improper Privilege Management vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

8.8
2020-12-15 CVE-2020-29479 XEN
Debian
Fedoraproject
Missing Authorization vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

8.8
2020-12-15 CVE-2020-29569 XEN
Linux
Netapp
Debian
Use After Free vulnerability in multiple products

An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x.

8.8
2020-12-14 CVE-2020-35235 Themexa Unspecified vulnerability in Themexa Secure File Manager 2.5

vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control.

8.8
2020-12-18 CVE-2020-5803 Marvell Path Traversal vulnerability in Marvell Qconvergeconsole 5.5.00.74

Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root.

8.5
2020-12-15 CVE-2020-25757 Dlink Improper Input Validation vulnerability in Dlink products

A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges.

8.3
2020-12-18 CVE-2020-28052 Bouncycastle
Apache
Oracle
An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66.
8.1
2020-12-18 CVE-2020-35553 Google Improper Restriction of Power Consumption vulnerability in Google Android 10.0/11.0

An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software.

7.8
2020-12-15 CVE-2020-25195 Hosteng Improper Input Validation vulnerability in Hosteng products

The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device.

7.8
2020-12-15 CVE-2020-29487 XEN Allocation of Resources Without Limits or Throttling vulnerability in XEN Xapi

An issue was discovered in Xen XAPI before 2020-12-15.

7.8
2020-12-14 CVE-2020-35457 Gnome Integer Overflow or Wraparound vulnerability in Gnome Glib

GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries.

7.8
2020-12-14 CVE-2020-8177 Haxx
Debian
Fujitsu
Siemens
Splunk
Injection vulnerability in multiple products

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

7.8
2020-12-16 CVE-2020-26258 Xstream Project
Debian
Fedoraproject
Server-Side Request Forgery (SSRF) vulnerability in multiple products

XStream is a Java library to serialize objects to XML and back again.

7.7
2020-12-18 CVE-2020-7203 HP Unspecified vulnerability in HP ILO Amplifier Pack 1.70

A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70.

7.5
2020-12-18 CVE-2020-7200 HP Unspecified vulnerability in HP Systems Insight Manager 7.6

A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version 7.6.

7.5
2020-12-18 CVE-2020-20300 Weiphp SQL Injection vulnerability in Weiphp 5.0

SQL injection vulnerability in the wp_where function in WeiPHP 5.0.

7.5
2020-12-18 CVE-2020-20298 Zzzcms Unspecified vulnerability in Zzzcms Zzzphp 1.7.2

Eval injection vulnerability in the parserCommom method in the ParserTemplate class in zzz_template.php in zzzphp 1.7.2 allows remote attackers to execute arbitrary commands.

7.5
2020-12-18 CVE-2020-20276 Troglobit Out-of-bounds Write vulnerability in Troglobit Uftpd

An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution.

7.5
2020-12-18 CVE-2020-25494 Xinuos Argument Injection or Modification vulnerability in Xinuos Openserver 5.0.7/6.0

Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.

7.5
2020-12-18 CVE-2020-35551 Google Authentication Bypass by Capture-replay vulnerability in Google Android

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software.

7.5
2020-12-18 CVE-2020-35550 Google Unspecified vulnerability in Google Android

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software.

7.5
2020-12-18 CVE-2020-35475 Mediawiki
Debian
Fedoraproject
Cross-site Scripting vulnerability in multiple products

In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML.

7.5
2020-12-17 CVE-2020-8466 Trendmicro Command Injection vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, with the improved password hashing method enabled, could allow an unauthenticated attacker to execute certain commands by providing a manipulated password.

7.5
2020-12-17 CVE-2020-35545 Spotweb Project SQL Injection vulnerability in Spotweb Project Spotweb 1.4.9

Time-based SQL injection exists in Spotweb 1.4.9 via the query string.

7.5
2020-12-17 CVE-2020-29652 Golang NULL Pointer Dereference vulnerability in Golang SSH 0.0.02020062221362375B288015Ac9/0.0.020201203163018Be400Aefbc4C

A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers.

7.5
2020-12-17 CVE-2020-25010 Kyland Unrestricted Upload of File with Dangerous Type vulnerability in Kyland Kps2204 6 Port Managed Din-Rail Programmable Serial Device Firmware R0002.P05

An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to upload a malicious script file by constructing a POST type request and writing a payload in the request parameters as an instruction to write a file.

7.5
2020-12-16 CVE-2020-28929 Epson Insufficiently Protected Credentials vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11

Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to remotely retrieve administrative hashed credentials via the maintenance/troubleshoot.php?download=1 URI.

7.5
2020-12-16 CVE-2020-26274 Systeminformation OS Command Injection vulnerability in Systeminformation

In systeminformation (npm package) before version 4.31.1 there is a command injection vulnerability.

7.5
2020-12-16 CVE-2020-7781 Connection Tester Project Command Injection vulnerability in Connection-Tester Project Connection-Tester

This affects the package connection-tester before 0.2.1.

7.5
2020-12-16 CVE-2019-14480 Adremsoft Improper Authentication vulnerability in Adremsoft Netcrunch

AdRem NetCrunch 10.6.0.4587 has an Improper Session Handling vulnerability in the NetCrunch web client, which can lead to an authentication bypass or escalation of privileges.

7.5
2020-12-16 CVE-2020-29361 P11 KIT Project
Debian
Integer Overflow or Wraparound vulnerability in multiple products

An issue was discovered in p11-kit 0.21.1 through 0.23.21.

7.5
2020-12-16 CVE-2020-28458 Datatables Unspecified vulnerability in Datatables Datatables.Net

All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.

7.5
2020-12-15 CVE-2020-35381 Jsonparser Project
Fedoraproject
jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
7.5
2020-12-15 CVE-2020-4747 IBM Improper Authentication vulnerability in IBM Connect:Direct

IBM Connect:Direct for UNIX 6.1.0, 6.0.0, 4.3.0, and 4.2.0 can allow a local or remote user to obtain an authenticated CLI session due to improper authentication methods.

7.5
2020-12-15 CVE-2020-28442 JS Data Unspecified vulnerability in Js-Data

All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.

7.5
2020-12-14 CVE-2020-0456 Google Out-of-bounds Write vulnerability in Google Android

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170378843

7.5
2020-12-14 CVE-2020-0457 Google Out-of-bounds Write vulnerability in Google Android

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170367562

7.5
2020-12-14 CVE-2020-0455 Google Out-of-bounds Write vulnerability in Google Android

There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-170372514

7.5
2020-12-14 CVE-2020-20189 Newpk Project SQL Injection vulnerability in Newpk Project Newpk 1.1

SQL Injection vulnerability in NewPK 1.1 via the title parameter to admin\newpost.php.

7.5
2020-12-14 CVE-2020-8286 Haxx
Fedoraproject
Debian
Netapp
Apple
Siemens
Oracle
Splunk
Improper Certificate Validation vulnerability in multiple products

curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.

7.5
2020-12-14 CVE-2020-8285 Haxx
Debian
Fedoraproject
Netapp
Apple
Oracle
Fujitsu
Siemens
Splunk
Uncontrolled Recursion vulnerability in multiple products

curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.

7.5
2020-12-14 CVE-2020-8257 Citrix Improper Privilege Management vulnerability in Citrix Gateway Plug-In

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks

7.5
2020-12-14 CVE-2020-8231 Haxx
Siemens
Debian
Oracle
Splunk
Use After Free vulnerability in multiple products

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.

7.5
2020-12-14 CVE-2020-8169 Haxx
Siemens
Debian
Splunk
Information Exposure vulnerability in multiple products

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

7.5
2020-12-14 CVE-2020-20184 Liftoffsoftware Unspecified vulnerability in Liftoffsoftware Gateone

GateOne allows remote attackers to execute arbitrary commands via shell metacharacters in the port field when attempting an SSH connection.

7.5
2020-12-14 CVE-2020-20136 Quantconnect Deserialization of Untrusted Data vulnerability in Quantconnect Lean 2.3.0.0/2.4.0.1

QuantConnect Lean versions from 2.3.0.0 to 2.4.0.1 are affected by an insecure deserialization vulnerability due to insecure configuration of TypeNameHandling property in Json.NET library.

7.5
2020-12-14 CVE-2020-35338 Mobileviewpoint Use of Hard-coded Credentials vulnerability in Mobileviewpoint Wireless Multiplex Terminal Playout Server 20.2.8

The Web Administrative Interface in Mobile Viewpoint Wireless Multiplex Terminal (WMT) Playout Server 20.2.8 and earlier has a default account with a password of "pokon."

7.5
2020-12-14 CVE-2020-25179 Gehealthcare Information Exposure vulnerability in Gehealthcare products

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

7.5
2020-12-14 CVE-2020-35378 Online BUS Ticket Reservation Project SQL Injection vulnerability in Online BUS Ticket Reservation Project Online BUS Ticket Reservation 1.0

SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.

7.5
2020-12-14 CVE-2020-29227 CAR Rental Management System Project Unspecified vulnerability in CAR Rental Management System Project CAR Rental Management System 1.0

An issue was discovered in Car Rental Management System 1.0.

7.5
2020-12-18 CVE-2020-13535 Kepware Incorrect Default Permissions vulnerability in Kepware Linkmaster 3.0.94.0

A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0.

7.2
2020-12-18 CVE-2020-13519 Nzxt Missing Authorization vulnerability in Nzxt CAM 4.8.0

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0.

7.2
2020-12-18 CVE-2020-13515 Nzxt Missing Authorization vulnerability in Nzxt CAM 4.8.0

A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0.

7.2
2020-12-18 CVE-2020-13514 Nzxt Missing Authorization vulnerability in Nzxt CAM 4.8.0

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0.

7.2
2020-12-18 CVE-2020-13513 Nzxt Missing Authorization vulnerability in Nzxt CAM 4.8.0

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0.

7.2
2020-12-18 CVE-2020-13512 Nzxt Missing Authorization vulnerability in Nzxt CAM 4.8.0

A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0.

7.2
2020-12-14 CVE-2020-0016 Google Use of Hard-coded Credentials vulnerability in Google Android

In the Broadcom Nexus firmware, there is an insecure default password.

7.2
2020-12-14 CVE-2020-0466 Google Use After Free vulnerability in Google Android

In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error.

7.2
2020-12-14 CVE-2020-0465 Google Out-of-bounds Write vulnerability in Google Android

In various methods of hid-multitouch.c, there is a possible out of bounds write due to a missing bounds check.

7.2
2020-12-14 CVE-2020-0444 Google Improper Privilege Management vulnerability in Google Android

In audit_free_lsm_field of auditfilter.c, there is a possible bad kfree due to a logic error in audit_data_to_entry.

7.2
2020-12-14 CVE-2020-0440 Google Missing Authorization vulnerability in Google Android 11.0

In createVirtualDisplay of DisplayManagerService.java, there is a possible way to create a trusted virtual display due to a missing permission check.

7.2
2020-12-18 CVE-2020-27781 Redhat
Fedoraproject
Insufficiently Protected Credentials vulnerability in multiple products

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation.

7.1

200 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-12-18 CVE-2020-7201 HP Cross-Site Request Forgery (CSRF) vulnerability in HP products

A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and HPE StoreEver 1/8 G2 Tape Autoloaders.

6.8
2020-12-18 CVE-2020-27687 Thingsboard Injection vulnerability in Thingsboard

ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails.

6.8
2020-12-18 CVE-2020-7838 Onstove Improper Input Validation vulnerability in Onstove Stove 0.0.4.10/0.0.4.71

A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value.

6.8
2020-12-17 CVE-2020-8461 Trendmicro Cross-Site Request Forgery (CSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to get a victim's browser to send a specifically encoded request without requiring a valid CSRF token.

6.8
2020-12-17 CVE-2020-26276 Fleetdm Authentication Bypass by Spoofing vulnerability in Fleetdm Fleet 3.3.0/3.4.0/3.5.0

Fleet is an open source osquery manager.

6.8
2020-12-17 CVE-2020-35491 Fasterxml
Netapp
Debian
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.

6.8
2020-12-17 CVE-2020-35490 Fasterxml
Netapp
Debian
Oracle
Deserialization of Untrusted Data vulnerability in multiple products

FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.

6.8
2020-12-17 CVE-2020-25095 Logrhythm Cross-Site Request Forgery (CSRF) vulnerability in Logrhythm Platform Manager 7.4.9

LogRhythm Platform Manager (PM) 7.4.9 allows CSRF.

6.8
2020-12-16 CVE-2020-28931 Epson Cross-Site Request Forgery (CSRF) vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11

Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website.

6.8
2020-12-16 CVE-2020-7837 Polarisoffice Out-of-bounds Write vulnerability in Polarisoffice Polaris ML Report 2.18.723.6228

An issue was discovered in ML Report Program.

6.8
2020-12-16 CVE-2020-25622 Solarwinds Cross-Site Request Forgery (CSRF) vulnerability in Solarwinds N-Central 12.3.0.670

An issue was discovered in SolarWinds N-Central 12.3.0.670.

6.8
2020-12-16 CVE-2020-26259 Xstream Project
Debian
Fedoraproject
OS Command Injection vulnerability in multiple products

XStream is a Java library to serialize objects to XML and back again.

6.8
2020-12-15 CVE-2020-35121 Keysight Code Injection vulnerability in Keysight Database Connector

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence.

6.8
2020-12-15 CVE-2020-27051 Google Integer Overflow or Wraparound vulnerability in Google Android 11.0

In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow.

6.8
2020-12-15 CVE-2020-27050 Google Out-of-bounds Write vulnerability in Google Android 11.0

In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possible out of bounds write due to a heap buffer overflow.

6.8
2020-12-15 CVE-2020-27049 Google Out-of-bounds Write vulnerability in Google Android 11.0

In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check.

6.8
2020-12-15 CVE-2020-27048 Google Out-of-bounds Write vulnerability in Google Android 11.0

In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check.

6.8
2020-12-15 CVE-2020-27045 Google Out-of-bounds Write vulnerability in Google Android 11.0

In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overflow.

6.8
2020-12-15 CVE-2020-0489 Google Out-of-bounds Write vulnerability in Google Android 11.0

In Parse_data of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check.

6.8
2020-12-15 CVE-2020-0480 Google Incorrect Authorization vulnerability in Google Android 11.0

In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass due to a missing permission check.

6.8
2020-12-15 CVE-2020-0479 Google Incorrect Authorization vulnerability in Google Android 11.0

In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass.

6.8
2020-12-15 CVE-2020-0478 Google Out-of-bounds Write vulnerability in Google Android 11.0

In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check.

6.8
2020-12-15 CVE-2020-0475 Google Missing Authorization vulnerability in Google Android 11.0

In createInputConsumer of WindowManagerService.java, there is a possible way to block and intercept input events due to a missing permission check.

6.8
2020-12-14 CVE-2019-19289 Siemens Cross-Site Request Forgery (CSRF) vulnerability in Siemens XHQ 6.0.0.0/6.0.0.2

A vulnerability has been identified in XHQ (All Versions < 6.1).

6.8
2020-12-14 CVE-2020-8282 UI Cross-Site Request Forgery (CSRF) vulnerability in UI products

A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.

6.8
2020-12-14 CVE-2020-29510 Golang
Netapp
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
6.8
2020-12-14 CVE-2020-28858 Openasset Cross-Site Request Forgery (CSRF) vulnerability in Openasset Digital Asset Management

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.

6.8
2020-12-15 CVE-2020-27777 Linux
Redhat
Missing Authorization vulnerability in multiple products

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication.

6.7
2020-12-18 CVE-2020-26174 Tangro Unrestricted Upload of File with Dangerous Type vulnerability in Tangro Business Workflow

tangro Business Workflow before 1.18.1 requests a list of allowed filetypes from the server and restricts uploads to the filetypes contained in this list.

6.5
2020-12-18 CVE-2020-27154 Mitel Improper Input Validation vulnerability in Mitel Businesscti Enterprise

The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation.

6.5
2020-12-18 CVE-2020-25608 Mitel SQL Injection vulnerability in Mitel Micollab

The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due to improper input validation, aka SQL Injection.

6.5
2020-12-18 CVE-2020-13509 Nzxt Unspecified vulnerability in Nzxt CAM 4.8.0

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0.

6.5
2020-12-17 CVE-2020-25096 Logrhythm Unspecified vulnerability in Logrhythm Platform Manager 7.4.9

LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control.

6.5
2020-12-16 CVE-2020-29607 Pluck CMS Unrestricted Upload of File with Dangerous Type vulnerability in Pluck-Cms Pluck

A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged user to gain access in the host through the "manage files" functionality, which may result in remote code execution.

6.5
2020-12-15 CVE-2020-28072 Alumni Management System Project Unrestricted Upload of File with Dangerous Type vulnerability in Alumni Management System Project Alumni Management System 1.0

A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0.

6.5
2020-12-15 CVE-2020-29483 XEN
Debian
Fedoraproject
Use After Free vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

6.5
2020-12-15 CVE-2020-27147 Tibco Unspecified vulnerability in Tibco Partnerexpress 6.2.0

The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API.

6.5
2020-12-14 CVE-2019-19286 Siemens SQL Injection vulnerability in Siemens XHQ 6.0.0.0/6.0.0.2

A vulnerability has been identified in XHQ (All Versions < 6.1).

6.5
2020-12-14 CVE-2020-28860 Openasset SQL Injection vulnerability in Openasset Digital Asset Management

OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.

6.5
2020-12-14 CVE-2020-16104 Gallagher SQL Injection vulnerability in Gallagher Command Centre

SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database.

6.5
2020-12-14 CVE-2020-16103 Gallagher Type Confusion vulnerability in Gallagher Command Centre

Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution.

6.5
2020-12-14 CVE-2020-35382 Classroombookings SQL Injection vulnerability in Classroombookings

SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user.

6.5
2020-12-18 CVE-2020-26172 Tangro Authentication Bypass by Capture-replay vulnerability in Tangro Business Workflow

Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows an attacker to reuse the token when a session is active.

6.4
2020-12-17 CVE-2020-12523 Phoenixcontact Missing Initialization of Resource vulnerability in Phoenixcontact products

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration.

6.4
2020-12-15 CVE-2020-29663 Icinga Improper Certificate Validation vulnerability in Icinga

Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal will automatically be renewed, ignoring the CRL.

6.4
2020-12-14 CVE-2020-16102 Gallagher Missing Authentication for Critical Function vulnerability in Gallagher Command Centre

Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart.

6.4
2020-12-15 CVE-2020-29571 XEN
Debian
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

6.2
2020-12-15 CVE-2020-29570 XEN
Debian
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

6.2
2020-12-15 CVE-2020-29567 XEN
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in Xen 4.14.x.

6.2
2020-12-18 CVE-2020-35479 Mediawiki
Debian
Fedoraproject
Cross-site Scripting vulnerability in multiple products

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.

6.1
2020-12-18 CVE-2020-35478 Mediawiki
Fedoraproject
Cross-site Scripting vulnerability in multiple products

MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php.

6.1
2020-12-18 CVE-2020-35474 Mediawiki
Fedoraproject
Cross-site Scripting vulnerability in multiple products

In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that the output is raw HTML.

6.1
2020-12-17 CVE-2020-12521 Phoenixcontact Improper Input Validation vulnerability in Phoenixcontact Plcnext Firmware

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS a specially crafted LLDP packet may lead to a high system load in the PROFINET stack.

6.1
2020-12-17 CVE-2020-12517 Phoenixcontact Cross-site Scripting vulnerability in Phoenixcontact Plcnext Firmware

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an authenticated low privileged user could embed malicious Javascript code to gain admin rights when the admin user visits the vulnerable website (local privilege escalation).

6.0
2020-12-15 CVE-2020-29486 XEN
Debian
Fedoraproject
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

6.0
2020-12-15 CVE-2020-29484 XEN
Debian
Fedoraproject
NULL Pointer Dereference vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

6.0
2020-12-15 CVE-2020-29482 XEN
Debian
Fedoraproject
Untrusted Search Path vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

6.0
2020-12-18 CVE-2020-25901 Spiceworks Open Redirect vulnerability in Spiceworks 7.5.7.0

Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.

5.8
2020-12-18 CVE-2020-27340 Mitel Open Redirect vulnerability in Mitel Micollab

The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control.

5.8
2020-12-16 CVE-2019-14481 Adremsoft Cross-Site Request Forgery (CSRF) vulnerability in Adremsoft Netcrunch 10.6.0.4587

AdRem NetCrunch 10.6.0.4587 has a Cross-Site Request Forgery (CSRF) vulnerability in the NetCrunch web client.

5.8
2020-12-15 CVE-2020-4849 IBM Open Redirect vulnerability in IBM Tivoli Netcool/Impact

IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw.

5.8
2020-12-15 CVE-2020-35470 Envoyproxy Unspecified vulnerability in Envoyproxy Envoy

Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header.

5.8
2020-12-14 CVE-2020-25183 Medtronic Improper Authentication vulnerability in Medtronic Mycarelink Smart Model 25000 Firmware

Medtronic MyCareLink Smart 25000 all versions contain an authentication protocol vuln where the method used to auth between MCL Smart Patient Reader and MyCareLink Smart mobile app is vulnerable to bypass.

5.8
2020-12-14 CVE-2020-5635 Necplatforms OS Command Injection vulnerability in Necplatforms Aterm Sa3500G Firmware

Aterm SA3500G firmware versions prior to Ver.

5.8
2020-12-14 CVE-2020-29511 Golang
Netapp
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
5.6
2020-12-14 CVE-2020-29509 Golang
Netapp
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.
5.6
2020-12-17 CVE-2020-29436 Sonatype XXE vulnerability in Sonatype Nexus Repository Manager

Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability.

5.5
2020-12-15 CVE-2020-29485 XEN
Debian
Fedoraproject
Memory Leak vulnerability in multiple products

An issue was discovered in Xen 4.6 through 4.14.x.

5.5
2020-12-15 CVE-2020-29566 XEN
Debian
Fedoraproject
Uncontrolled Recursion vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

5.5
2020-12-18 CVE-2020-35480 Mediawiki
Debian
Fedoraproject
Information Exposure Through Discrepancy vulnerability in multiple products

An issue was discovered in MediaWiki before 1.35.1.

5.3
2020-12-18 CVE-2020-35477 Mediawiki
Debian
Fedoraproject
Always-Incorrect Control Flow Implementation vulnerability in multiple products

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations.

5.3
2020-12-18 CVE-2020-13528 Lantronix Cleartext Transmission of Sensitive Information vulnerability in Lantronix Xport Edge Firmware

An information disclosure vulnerability exists in the Web Manager and telnet CLI functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7.

5.3
2020-12-15 CVE-2020-10770 Redhat Server-Side Request Forgery (SSRF) vulnerability in Redhat Keycloak

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri.

5.3
2020-12-14 CVE-2020-5637 Necplatforms Improper Validation of Integrity Check Value vulnerability in Necplatforms Aterm Sa3500G Firmware

Improper validation of integrity check value vulnerability in Aterm SA3500G firmware versions prior to Ver.

5.2
2020-12-14 CVE-2020-5636 Necplatforms OS Command Injection vulnerability in Necplatforms Aterm Sa3500G Firmware

Aterm SA3500G firmware versions prior to Ver.

5.2
2020-12-20 CVE-2020-35579 Subconverter Project Unspecified vulnerability in Subconverter Project Subconverter 0.6.4

tindy2013 subconverter 0.6.4 has a /sub?target=%TARGET%&url=%URL%&config=%CONFIG% API endpoint that accepts an arbitrary %URL% value and launches a GET request for it, but does not consider that the external request target may indirectly redirect back to this original /sub endpoint.

5.0
2020-12-20 CVE-2020-35573 Postsrsd Project
Debian
Excessive Iteration vulnerability in multiple products

srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.

5.0
2020-12-18 CVE-2020-20299 Weiphp Information Exposure vulnerability in Weiphp 5.0

WeiPHP 5.0 does not properly restrict access to pages, related to using POST.

5.0
2020-12-18 CVE-2020-26178 Tangro Authorization Bypass Through User-Controlled Key vulnerability in Tangro Business Workflow

In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download workitem attachments without being authenticated.

5.0
2020-12-18 CVE-2020-35552 Google Unspecified vulnerability in Google Android

An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software.

5.0
2020-12-18 CVE-2020-25610 Mitel Incorrect Authorization vulnerability in Mitel Micollab

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes.

5.0
2020-12-17 CVE-2020-12518 Phoenixcontact Information Exposure vulnerability in Phoenixcontact Plcnext Firmware

On Phoenix Contact PLCnext Control Devices versions before 2021.0 LTS an attacker can use the knowledge gained by reading the insufficiently protected sensitive information to plan further attacks.

5.0
2020-12-17 CVE-2020-8464 Trendmicro Server-Side Request Forgery (SSRF) vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access.

5.0
2020-12-17 CVE-2020-8463 Trendmicro Incorrect Authorization vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to bypass a global authorization check for anonymous users by manipulating request paths.

5.0
2020-12-17 CVE-2020-35453 Hashicorp Improper Input Validation vulnerability in Hashicorp Vault

HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces.

5.0
2020-12-17 CVE-2020-35177 Hashicorp Information Exposure vulnerability in Hashicorp Vault

HashiCorp Vault and Vault Enterprise 1.4.1 and newer allowed the enumeration of users via the LDAP auth method.

5.0
2020-12-17 CVE-2020-27199 Magic Home PRO Project Improper Authentication vulnerability in Magic Home PRO Project Magic Home PRO 1.5.1

The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass.

5.0
2020-12-17 CVE-2020-25011 Kyland Insufficiently Protected Credentials vulnerability in Kyland Kps2204 6 Port Managed Din-Rail Programmable Serial Device Firmware R0002.P05

A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser.

5.0
2020-12-16 CVE-2020-4908 IBM Information Exposure vulnerability in IBM Financial Transaction Manager for Multiplatform 3.2.4

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog.

5.0
2020-12-16 CVE-2020-4907 IBM Information Exposure Through an Error Message vulnerability in IBM Financial Transaction Manager for Multiplatform 3.2.4

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

5.0
2020-12-16 CVE-2020-35133 Irfanview Unrestricted Upload of File with Dangerous Type vulnerability in Irfanview 4.56

irfanView 4.56 contains an error processing parsing files of type .pcx.

5.0
2020-12-16 CVE-2020-5360 Dell
Oracle
Out-of-bounds Read vulnerability in multiple products

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability.

5.0
2020-12-16 CVE-2020-5359 Dell
Oracle
Unchecked Return Value vulnerability in multiple products

Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to an Unchecked Return Value Vulnerability.

5.0
2020-12-16 CVE-2020-14248 Hcltech Cleartext Transmission of Sensitive Information vulnerability in Hcltech Bigfix Platform

BigFix Inventory up to v10.0.2 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.

5.0
2020-12-16 CVE-2020-29363 P11 KIT Project
Debian
Oracle
Out-of-bounds Write vulnerability in multiple products

An issue was discovered in p11-kit 0.23.6 through 0.23.21.

5.0
2020-12-16 CVE-2020-29362 P11 KIT Project Out-of-bounds Read vulnerability in P11-Kit Project P11-Kit

An issue was discovered in p11-kit 0.21.1 through 0.23.21.

5.0
2020-12-16 CVE-2020-5683 Weseek Path Traversal vulnerability in Weseek Growi

Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.

5.0
2020-12-16 CVE-2020-5682 Weseek Improper Input Validation vulnerability in Weseek Growi

Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors.

5.0
2020-12-15 CVE-2020-35380 Gjson Project Unspecified vulnerability in Gjson Project Gjson

GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.

5.0
2020-12-15 CVE-2020-27055 Google Missing Encryption of Sensitive Data vulnerability in Google Android 11.0

In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation.

5.0
2020-12-15 CVE-2020-27024 Google Out-of-bounds Read vulnerability in Google Android 11.0

In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check.

5.0
2020-12-15 CVE-2020-35471 Envoyproxy Unspecified vulnerability in Envoyproxy Envoy

Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.

5.0
2020-12-14 CVE-2020-35460 Mpxj
Oracle
Path Traversal vulnerability in multiple products

common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations.

5.0
2020-12-14 CVE-2020-0463 Google Out-of-bounds Read vulnerability in Google Android

In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check.

5.0
2020-12-14 CVE-2020-0460 Google Unspecified vulnerability in Google Android 11.0

In createNameCredentialDialog of CertInstaller.java, there exists the possibility of improperly installed certificates due to a logic error.

5.0
2020-12-14 CVE-2020-25235 Siemens Insufficiently Protected Credentials vulnerability in Siemens Logo! 8 BM Firmware

A vulnerability has been identified in LOGO! 8 BM (incl.

5.0
2020-12-14 CVE-2020-25232 Siemens Use of a Broken or Risky Cryptographic Algorithm vulnerability in Siemens Logo! 8 BM Firmware

A vulnerability has been identified in LOGO! 8 BM (incl.

5.0
2020-12-14 CVE-2020-25230 Siemens Use of a Broken or Risky Cryptographic Algorithm vulnerability in Siemens Logo! 8 BM Firmware

A vulnerability has been identified in LOGO! 8 BM (incl.

5.0
2020-12-14 CVE-2020-25229 Siemens Use of Hard-coded Credentials vulnerability in Siemens Logo! 8 BM Firmware

A vulnerability has been identified in LOGO! 8 BM (incl.

5.0
2020-12-14 CVE-2020-15796 Siemens Uncaught Exception vulnerability in Siemens products

A vulnerability has been identified in SIMATIC ET 200SP Open Controller (incl.

5.0
2020-12-14 CVE-2019-19283 Siemens Information Exposure vulnerability in Siemens XHQ 6.0.0.0/6.0.0.2

A vulnerability has been identified in XHQ (All Versions < 6.1).

5.0
2020-12-14 CVE-2020-8258 Citrix Improper Privilege Management vulnerability in Citrix Gateway Plug-In

Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.

5.0
2020-12-14 CVE-2020-28861 Openasset Improper Neutralization of Formula Elements in a CSV File vulnerability in Openasset Digital Asset Management

OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application.

5.0
2020-12-14 CVE-2020-20183 Zyxel Missing Authorization vulnerability in Zyxel P1302-T10 V3 Firmware 2.00

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.

5.0
2020-12-14 CVE-2020-28856 Openasset Authentication Bypass by Spoofing vulnerability in Openasset Digital Asset Management

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.

5.0
2020-12-14 CVE-2020-25175 Gehealthcare Insufficiently Protected Credentials vulnerability in Gehealthcare products

GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network.

5.0
2020-12-14 CVE-2020-17513 Apache Server-Side Request Forgery (SSRF) vulnerability in Apache Airflow

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old (Flask-admin based) UI were vulnerable for SSRF attack.

5.0
2020-12-14 CVE-2020-35236 Amazee Missing Authorization vulnerability in Amazee Lagoon

The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.

5.0
2020-12-14 CVE-2020-35234 WP Ecommerce Information Exposure Through Log Files vulnerability in Wp-Ecommerce Easy WP Smtp

The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020.

5.0
2020-12-15 CVE-2020-29568 XEN
Debian
Allocation of Resources Without Limits or Throttling vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

4.9
2020-12-14 CVE-2020-28396 Siemens Protection Mechanism Failure vulnerability in Siemens products

A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16).

4.9
2020-12-18 CVE-2020-27640 Mitel Unspecified vulnerability in Mitel Mivoice 6930 Firmware and Mivoice 6940 Firmware

The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism.

4.8
2020-12-18 CVE-2020-27639 Mitel Unspecified vulnerability in Mitel products

The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism.

4.8
2020-12-18 CVE-2020-35554 Google Unspecified vulnerability in Google Android

An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software.

4.6
2020-12-16 CVE-2020-25620 Solarwinds Use of Hard-coded Credentials vulnerability in Solarwinds N-Central 12.3.0.670

An issue was discovered in SolarWinds N-Central 12.3.0.670.

4.6
2020-12-15 CVE-2020-27066 Google Use After Free vulnerability in Google Android

In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking.

4.6
2020-12-15 CVE-2020-27054 Google Improper Privilege Management vulnerability in Google Android 11.0

In onFactoryReset of BluetoothManagerService.java, there is a missing permission check.

4.6
2020-12-15 CVE-2020-27052 Google Improper Privilege Management vulnerability in Google Android 11.0

In getLockTaskLaunchMode of ActivityRecord.java, there is a possible way for any app to start in Lock Task Mode due to a permissions bypass.

4.6
2020-12-15 CVE-2020-27044 Google Use After Free vulnerability in Google Android 11.0

In restartWrite of Parcel.cpp, there is a possible memory corruption due to a use after free.

4.6
2020-12-15 CVE-2020-27036 Google Out-of-bounds Read vulnerability in Google Android 11.0

In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check.

4.6
2020-12-15 CVE-2020-25712 X ORG
Redhat
Heap-based Buffer Overflow vulnerability in multiple products

A flaw was found in xorg-x11-server before 1.20.10.

4.6
2020-12-15 CVE-2020-27030 Google Improper Privilege Management vulnerability in Google Android 11.0

In onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy.

4.6
2020-12-15 CVE-2020-0486 Google Incorrect Default Permissions vulnerability in Google Android 11.0

In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value.

4.6
2020-12-15 CVE-2020-0485 Google Missing Authorization vulnerability in Google Android 11.0

In areFunctionsSupported of UsbBackend.java, there is a possible access to tethering from a guest account due to a missing permission check.

4.6
2020-12-15 CVE-2020-0484 Google Use After Free vulnerability in Google Android 11.0

In destroyResources of ComposerClient.h, there is possible memory corruption due to a use after free.

4.6
2020-12-15 CVE-2020-0483 Google Double Free vulnerability in Google Android 11.0

In DrmManagerService::~DrmManagerService() of DrmManagerService.cpp, there is a possible memory corruption due to a use after free.

4.6
2020-12-15 CVE-2020-8935 Google Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Asylo

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make an Ecall_restore function call to reallocate untrusted code and overwrite sections of the Enclave memory address.

4.6
2020-12-14 CVE-2020-14368 Eclipse Cross-Site Request Forgery (CSRF) vulnerability in Eclipse CHE

A flaw was found in Eclipse Che in versions prior to 7.14.0 that impacts CodeReady Workspaces.

4.6
2020-12-18 CVE-2020-13527 Lantronix Cross-Site Request Forgery (CSRF) vulnerability in Lantronix SGX Firmware and Xport Edge Firmware

An authentication bypass vulnerability exists in the Web Manager functionality of Lantronix XPort EDGE 3.0.0.0R11, 3.1.0.0R9, 3.4.0.0R12 and 4.2.0.0R7.

4.5
2020-12-18 CVE-2020-35555 Google Unspecified vulnerability in Google Android 10.0

An issue was discovered on LG mobile devices with Android OS 10 software.

4.4
2020-12-17 CVE-2020-15294 Bitdefender Unspecified vulnerability in Bitdefender Hypervisor Introspection

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer.

4.4
2020-12-15 CVE-2020-27067 Google Use After Free vulnerability in Google Android

In the l2tp subsystem, there is a possible use after free due to a race condition.

4.4
2020-12-15 CVE-2020-0474 Google Use After Free vulnerability in Google Android 11.0

In HalCamera::requestNewFrame of HalCamera.cpp, there is a possible use-after-free due to a race condition.

4.4
2020-12-18 CVE-2020-14271 Hcltech Cross-site Scripting vulnerability in Hcltech HCL Inotes 10.0.1/11.0.0/11.0.1

HCL iNotes v9, v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content.

4.3
2020-12-18 CVE-2020-4080 Hcltech Cross-site Scripting vulnerability in Hcltech Domino

HCL Verse v10 and v11 is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to improper handling of message content.

4.3
2020-12-18 CVE-2020-26251 Openzaak Origin Validation Error vulnerability in Openzaak Open Zaak

Open Zaak is a modern, open-source data- and services-layer to enable zaakgericht werken, a Dutch approach to case management.

4.3
2020-12-18 CVE-2020-4764 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Planning Analytics 2.0

IBM Planning Analytics 2.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

4.3
2020-12-18 CVE-2020-25495 Xinuos Cross-site Scripting vulnerability in Xinuos Openserver 5.0.7/6.0

A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.

4.3
2020-12-18 CVE-2020-25611 Mitel Cross-site Scripting vulnerability in Mitel Micollab

The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference information by sending arbitrary code due to improper input validation, aka XSS.

4.3
2020-12-18 CVE-2020-25606 Mitel Cross-site Scripting vulnerability in Mitel Micollab

The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by sending arbitrary code due to improper input validation, aka XSS.

4.3
2020-12-17 CVE-2020-20142 Flexmonster Cross-site Scripting vulnerability in Flexmonster Pivot Table & Charts 2.7.17

Cross Site Scripting (XSS) vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17.

4.3
2020-12-17 CVE-2020-20141 Flexmonster Cross-site Scripting vulnerability in Flexmonster Pivot Table & Charts 2.7.17

Cross Site Scripting (XSS) vulnerability in the To OLAP (XMLA) component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.

4.3
2020-12-17 CVE-2020-20140 Flexmonster Cross-site Scripting vulnerability in Flexmonster Pivot Table & Charts 2.7.17

Cross Site Scripting (XSS) vulnerability in Remote Report component under the Open menu in Flexmonster Pivot Table & Charts 2.7.17.

4.3
2020-12-17 CVE-2020-20139 Flexmonster Cross-site Scripting vulnerability in Flexmonster Pivot Table & Charts 2.7.17

Cross Site Scripting (XSS) vulnerability in the Remote JSON component Under the Connect menu in Flexmonster Pivot Table & Charts 2.7.17.

4.3
2020-12-17 CVE-2020-20138 Cmsmadesimple Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.4

Cross Site Scripting (XSS) vulnerability in the Showtime2 Slideshow module in CMS Made Simple (CMSMS) 2.2.4.

4.3
2020-12-16 CVE-2020-4905 IBM Information Exposure vulnerability in IBM Financial Transaction Manager for Multiplatform 3.2.4

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack.

4.3
2020-12-16 CVE-2020-4904 IBM Cross-Site Request Forgery (CSRF) vulnerability in IBM Financial Transaction Manager for Multiplatform 3.2.4

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

4.3
2020-12-16 CVE-2020-4658 IBM Cross-site Scripting vulnerability in IBM Sterling File Gateway

IBM Sterling File Gateway 2.2.0.0 through 6.0.3.2 is vulnerable to cross-site scripting.

4.3
2020-12-16 CVE-2020-4657 IBM Cross-site Scripting vulnerability in IBM Sterling B2B Integrator

IBM Sterling B2B Integrator 5.2.0.0 through 6.0.3.2 Standard Edition is vulnerable to cross-site scripting.

4.3
2020-12-16 CVE-2020-26198 Dell Cross-site Scripting vulnerability in Dell Idrac9 Firmware

Dell EMC iDRAC9 versions prior to 4.32.10.00 and 4.40.00.00 contain a reflected cross-site scripting vulnerability in the iDRAC9 web application.

4.3
2020-12-16 CVE-2020-14254 Hcltech Missing Encryption of Sensitive Data vulnerability in Hcltech Bigfix Platform

TLS-RSA cipher suites are not disabled in HCL BigFix Inventory up to v10.0.2.

4.3
2020-12-15 CVE-2020-35416 Onlineonly Cross-site Scripting vulnerability in Onlineonly PHPjabbers Appointment Scheduler 2.3

Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.

4.3
2020-12-15 CVE-2020-23957 Pega Cross-site Scripting vulnerability in Pega Platform 8.4/8.4.1/8.4.2

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.

4.3
2020-12-15 CVE-2020-27047 Google Out-of-bounds Read vulnerability in Google Android 11.0

In ce_t4t_update_binary of ce_t4t.cc, there is a possible out of bounds read due to a missing bounds check.

4.3
2020-12-15 CVE-2020-27038 Google Memory Leak vulnerability in Google Android 11.0

In process of C2SoftVorbisDec.cpp, there is a possible resource exhaustion due to a memory leak.

4.3
2020-12-15 CVE-2020-35396 Egavilanmedia Cross-site Scripting vulnerability in Egavilanmedia Barcodes Generator 1.0

EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php.

4.3
2020-12-15 CVE-2020-35395 Egavilanmedia Cross-site Scripting vulnerability in Egavilanmedia Expense Management System 1.0

XSS in the Add Expense Component of EGavilan Media Expense Management System 1.0 allows an attacker to permanently store malicious JavaScript code via the 'description' field

4.3
2020-12-15 CVE-2020-28456 S Cart Cross-site Scripting vulnerability in S-Cart

The package s-cart/core before 4.4 are vulnerable to Cross-site Scripting (XSS) via the admin panel.

4.3
2020-12-15 CVE-2020-27029 Google Improper Input Validation vulnerability in Google Android 11.0

In TextView of TextView.java, there is a possible app hang due to improper input validation.

4.3
2020-12-15 CVE-2020-27026 Google Information Exposure vulnerability in Google Android 11.0

During boot, the device unlock interface behaves differently depending on if a fingerprint registered to the device is present.

4.3
2020-12-15 CVE-2020-0499 Google
Debian
Fedoraproject
Out-of-bounds Read vulnerability in multiple products

In FLAC__bitreader_read_rice_signed_block of bitreader.c, there is a possible out of bounds read due to a heap buffer overflow.

4.3
2020-12-15 CVE-2020-0498 Google Information Exposure vulnerability in Google Android 11.0

In decode_packed_entry_number of codebook.c, there is a possible out of bounds read due to a heap buffer overflow.

4.3
2020-12-15 CVE-2020-0494 Google Out-of-bounds Read vulnerability in Google Android 11.0

In ih264d_parse_ave of ih264d_sei.c, there is a possible out of bounds read due to a heap buffer overflow.

4.3
2020-12-15 CVE-2020-0492 Google Out-of-bounds Read vulnerability in Google Android 11.0

In BitstreamFillCache of bitstream.cpp, there is a possible out of bounds read due to a heap buffer overflow.

4.3
2020-12-15 CVE-2020-0491 Google Resource Exhaustion vulnerability in Google Android 11.0

In readBlock of MatroskaExtractor.cpp, there is a possible denial of service due to resource exhaustion.

4.3
2020-12-15 CVE-2020-0490 Google Out-of-bounds Read vulnerability in Google Android 11.0

In floor1_info_unpack of floor1.c, there is a possible out of bounds read due to a missing bounds check.

4.3
2020-12-15 CVE-2020-0488 Google Access of Uninitialized Pointer vulnerability in Google Android 11.0

In ihevc_inter_pred_chroma_copy_ssse3 of ihevc_inter_pred_filters_ssse3_intr.c, there is a possible information disclosure due to uninitialized data.

4.3
2020-12-15 CVE-2020-0244 Google Out-of-bounds Read vulnerability in Google Android 11.0

In writeBurstBufferBytes of SPDIFEncoder.cpp, there is a possible out of bounds read due to an incorrect bounds check.

4.3
2020-12-15 CVE-2020-28203 Foxitsoftware NULL Pointer Dereference vulnerability in Foxitsoftware Foxit Reader

An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier.

4.3
2020-12-14 CVE-2020-0470 Google Out-of-bounds Write vulnerability in Google Android 10.0/11.0

In extend_frame_highbd of restoration.c, there is a possible out of bounds write due to a heap buffer overflow.

4.3
2020-12-14 CVE-2019-19288 Siemens Cross-site Scripting vulnerability in Siemens XHQ 6.0.0.0/6.0.0.2

A vulnerability has been identified in XHQ (All Versions < 6.1).

4.3
2020-12-14 CVE-2020-29304 Directoriespro Cross-site Scripting vulnerability in Directoriespro Directories PRO

A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin version 1.3.45 and previous, allows attackers who have convinced a site administrator to import a specially crafted CSV file to inject arbitrary web script or HTML as the victim is proceeding through the file import workflow.

4.3
2020-12-14 CVE-2020-29303 Directoriespro Cross-site Scripting vulnerability in Directoriespro Directories PRO 1.3.45

A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPress allows remote attackers to inject arbitrary web script or HTML via a POST to /wp-admin/admin.php?page=drts/directories&q=%2F with _drts_form_build_id parameter containing the XSS payload and _t_ parameter set to an invalid or non-existent CSRF token.

4.3
2020-12-14 CVE-2020-28859 Openasset Cross-site Scripting vulnerability in Openasset Digital Asset Management

OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.

4.3
2020-12-14 CVE-2020-28857 Openasset Cross-site Scripting vulnerability in Openasset Digital Asset Management

OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.

4.3
2020-12-14 CVE-2020-15733 Bitdefender Origin Validation Error vulnerability in Bitdefender Antivirus Plus

An Origin Validation Error vulnerability in the SafePay component of Bitdefender Antivirus Plus allows a web resource to misrepresent itself in the URL bar.

4.3
2020-12-18 CVE-2020-17520 Apache Incorrect Permission Assignment for Critical Resource vulnerability in Apache Pulsar Manager 0.1.0

In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.

4.0
2020-12-18 CVE-2020-26177 Tangro Incorrect Permission Assignment for Critical Resource vulnerability in Tangro Business Workflow 1.17.5

In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed out and thus are not intended to be edited by regular users.

4.0
2020-12-18 CVE-2020-26176 Tangro Insecure Storage of Sensitive Information vulnerability in Tangro Business Workflow

An issue was discovered in tangro Business Workflow before 1.18.1.

4.0
2020-12-18 CVE-2020-26175 Tangro Incorrect Permission Assignment for Critical Resource vulnerability in Tangro Business Workflow 1.17.5

In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in requests to /api/profile in order to change profile information of other users.

4.0
2020-12-18 CVE-2020-26173 Tangro Improper Authentication vulnerability in Tangro Business Workflow 1.17.5

An incorrect access control implementation in Tangro Business Workflow before 1.18.1 allows an attacker to download documents (PDF) by providing a valid document ID and token.

4.0
2020-12-18 CVE-2020-26171 Tangro Incorrect Permission Assignment for Critical Resource vulnerability in Tangro Business Workflow 1.17.5

In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document/attachments/upload can be manipulated.

4.0
2020-12-18 CVE-2020-25612 Mitel Incorrect Authorization vulnerability in Mitel Micollab

The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control.

4.0
2020-12-17 CVE-2020-4846 IBM Information Exposure Through an Error Message vulnerability in IBM Security KEY Lifecycle Manager

IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser.

4.0
2020-12-17 CVE-2020-35123 Zimbra XXE vulnerability in Zimbra Collaboration 8.8.15/9.0.0

In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks.

4.0
2020-12-16 CVE-2019-14476 Adremsoft Server-Side Request Forgery (SSRF) vulnerability in Adremsoft Netcrunch 10.6.0.4587

AdRem NetCrunch 10.6.0.4587 has a Server-Side Request Forgery (SSRF) vulnerability in the NetCrunch server.

4.0
2020-12-15 CVE-2020-35122 Keysight SQL Injection vulnerability in Keysight Database Connector

An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence.

4.0
2020-12-15 CVE-2020-14302 Redhat Authentication Bypass by Capture-replay vulnerability in Redhat Keycloak

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter.

4.0
2020-12-14 CVE-2019-19287 Siemens Relative Path Traversal vulnerability in Siemens XHQ 6.0.0.0/6.0.0.2

A vulnerability has been identified in XHQ (All Versions < 6.1).

4.0
2020-12-14 CVE-2020-17511 Apache Cleartext Storage of Sensitive Information vulnerability in Apache Airflow

In Airflow versions prior to 1.10.13, when creating a user using airflow CLI, the password gets logged in plain text in the Log table in Airflow Metadatase.

4.0

82 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2020-12-14 CVE-2020-8284 Haxx
Fedoraproject
Debian
Netapp
Apple
Oracle
Fujitsu
Siemens
Splunk
A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.
3.7
2020-12-16 CVE-2020-25619 Solarwinds Unspecified vulnerability in Solarwinds N-Central 12.3.0.670

An issue was discovered in SolarWinds N-Central 12.3.0.670.

3.6
2020-12-16 CVE-2020-26273 Linuxfoundation Command Injection vulnerability in Linuxfoundation Osquery

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework.

3.6
2020-12-14 CVE-2020-25234 Siemens Use of Hard-coded Cryptographic Key vulnerability in Siemens Logo! 8 BM Firmware

A vulnerability has been identified in LOGO! 8 BM (incl.

3.6
2020-12-18 CVE-2020-26280 Openslides Cross-site Scripting vulnerability in Openslides 3.2

OpenSlides is a free, Web-based presentation and assembly system for managing and projecting agenda, motions, and elections of assemblies.

3.5
2020-12-18 CVE-2020-20285 Zzcms Cross-site Scripting vulnerability in Zzcms 2019

There is a XSS in the user login page in zzcms 2019.

3.5
2020-12-18 CVE-2019-16957 Solarwinds Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0

SolarWinds Web Help Desk 12.7.0 allows XSS via the First Name field of a User Account.

3.5
2020-12-18 CVE-2019-16955 Solarwinds Cross-site Scripting vulnerability in Solarwinds Webhelpdesk 12.7.0

SolarWinds Web Help Desk 12.7.0 allows XSS via an uploaded SVG document in a request.

3.5
2020-12-18 CVE-2020-25609 Mitel Cross-site Scripting vulnerability in Mitel Micollab

The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS.

3.5
2020-12-17 CVE-2020-8462 Trendmicro Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product.

3.5
2020-12-17 CVE-2020-27010 Trendmicro Cross-site Scripting vulnerability in Trendmicro Interscan web Security Virtual Appliance 6.5

A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to tamper with the web interface of the product in a manner separate from the similar CVE-2020-8462.

3.5
2020-12-17 CVE-2020-4845 IBM Cross-site Scripting vulnerability in IBM Security KEY Lifecycle Manager

IBM Security Key Lifecycle Manager 3.0.1 and 4.0 is vulnerable to cross-site scripting.

3.5
2020-12-16 CVE-2020-28930 Epson Cross-site Scripting vulnerability in Epson EPS TSE Server 8 Firmware 21.0.11

A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in settings/users.php in EPSON EPS TSE Server 8 (21.0.11) allows an authenticated attacker to inject a JavaScript payload in the user management page that is executed by an administrator.

3.5
2020-12-16 CVE-2019-14478 Adremsoft Cross-site Scripting vulnerability in Adremsoft Netcrunch 10.6.0.4587

AdRem NetCrunch 10.6.0.4587 has a stored Cross-Site Scripting (XSS) vulnerability in the NetCrunch web client.

3.5
2020-12-15 CVE-2018-16243 Solarwinds Cross-site Scripting vulnerability in Solarwinds Database Performance Analyzer 11.1.468/12.0.3074

SolarWinds Database Performance Analyzer (DPA) 11.1.468 and 12.0.3074 have several persistent XSS vulnerabilities, related to logViewer.iwc, centralManage.cen, userAdministration.iwc, database.iwc, alertManagement.iwc, eventAnnotations.iwc, and central.cen.

3.5
2020-12-15 CVE-2020-28457 S Cart Cross-site Scripting vulnerability in S-Cart

This affects the package s-cart/core before 4.4.

3.5
2020-12-14 CVE-2019-19285 Siemens Cross-site Scripting vulnerability in Siemens XHQ 6.0.0.0/6.0.0.2

A vulnerability has been identified in XHQ (All Versions < 6.1).

3.5
2020-12-14 CVE-2019-19284 Siemens Cross-site Scripting vulnerability in Siemens XHQ 6.0.0.0/6.0.0.2

A vulnerability has been identified in XHQ (All Versions < 6.1).

3.5
2020-12-16 CVE-2020-4008 Vmware Unspecified vulnerability in VMWare Carbon Black Cloud

The installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way.

3.3
2020-12-14 CVE-2020-5665 Mitsubishielectric Improper Handling of Exceptional Conditions vulnerability in Mitsubishielectric Melsec Iq-F Fx5U CPU Firmware 1.060

Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet.

3.3
2020-12-15 CVE-2020-29480 XEN
Debian
Fedoraproject
Missing Authorization vulnerability in multiple products

An issue was discovered in Xen through 4.14.x.

2.3
2020-12-18 CVE-2020-35549 Google Unspecified vulnerability in Google Android

An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software.

2.1
2020-12-18 CVE-2020-35548 Google Unspecified vulnerability in Google Android 10.0

An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software.

2.1
2020-12-18 CVE-2020-24693 Mitel Unspecified vulnerability in Mitel Micontact Center Business 8.0/9.0.0.0/9.0.1.0

The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.

2.1
2020-12-18 CVE-2020-13518 Nzxt Unspecified vulnerability in Nzxt CAM 4.8.0

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0.

2.1
2020-12-18 CVE-2020-13517 Nzxt Unspecified vulnerability in Nzxt CAM 4.8.0

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0.

2.1
2020-12-18 CVE-2020-13516 Nzxt Unspecified vulnerability in Nzxt CAM 4.8.0

An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0.

2.1
2020-12-18 CVE-2020-13511 Nzxt Unspecified vulnerability in Nzxt CAM 4.8.0

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0.

2.1
2020-12-18 CVE-2020-13510 Nzxt Unspecified vulnerability in Nzxt CAM 4.8.0

An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0.

2.1
2020-12-17 CVE-2020-15293 Bitdefender Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection 1.132.2

Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions.

2.1
2020-12-17 CVE-2020-15292 Bitdefender Improper Input Validation vulnerability in Bitdefender Hypervisor Introspection

Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.

2.1
2020-12-16 CVE-2020-4906 IBM Insecure Storage of Sensitive Information vulnerability in IBM Financial Transaction Manager for Multiplatform 3.2.4

IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 allows web pages to be stored locally which can be read by another user on the system.

2.1
2020-12-16 CVE-2019-14477 Adremsoft Insufficiently Protected Credentials vulnerability in Adremsoft Netcrunch 10.6.0.4587/11.0.0.5282

AdRem NetCrunch 10.6.0.4587 has Improper Credential Storage since the internal user database is readable by low-privileged users and passwords in the database are weakly encoded or encrypted.

2.1
2020-12-16 CVE-2020-25621 Solarwinds Improper Authentication vulnerability in Solarwinds N-Central 12.3.0.670

An issue was discovered in SolarWinds N-Central 12.3.0.670.

2.1
2020-12-15 CVE-2020-27057 Google Incorrect Default Permissions vulnerability in Google Android 11.0

In getGpuStatsGlobalInfo and getGpuStatsAppInfo of GpuService.cpp, there is a possible permission bypass due to a missing permission check.

2.1
2020-12-15 CVE-2020-27056 Google Incorrect Default Permissions vulnerability in Google Android 11.0

In SELinux policies of mls, there is a missing permission check.

2.1
2020-12-15 CVE-2020-27053 Google Incorrect Default Permissions vulnerability in Google Android 11.0

In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check.

2.1
2020-12-15 CVE-2020-27046 Google Out-of-bounds Read vulnerability in Google Android 11.0

In nfc_ncif_proc_ee_action of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-12-15 CVE-2020-27043 Google Out-of-bounds Read vulnerability in Google Android 11.0

In nfc_enabled of nfc_main.cc, there is a possible out of bounds read due to an incorrect increment.

2.1
2020-12-15 CVE-2020-27041 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 11.0

In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent.

2.1
2020-12-15 CVE-2020-27040 Google Out-of-bounds Read vulnerability in Google Android 11.0

In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-12-15 CVE-2020-27039 Google Incorrect Default Permissions vulnerability in Google Android 11.0

In postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent.

2.1
2020-12-15 CVE-2020-27037 Google Out-of-bounds Read vulnerability in Google Android 11.0

In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-12-15 CVE-2020-27035 Google Improper Locking vulnerability in Google Android 11.0

In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking.

2.1
2020-12-15 CVE-2020-27034 Google Incorrect Permission Assignment for Critical Resource vulnerability in Google Android 11.0

In createSimSelectNotification of SimSelectNotification.java, there is a possible permission bypass due to an unsafe PendingIntent.

2.1
2020-12-15 CVE-2020-27033 Google Out-of-bounds Read vulnerability in Google Android 11.0

In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-12-15 CVE-2020-27032 Google Information Exposure vulnerability in Google Android 11.0

In getRadioAccessFamily of PhoneInterfaceManager.java, there is a possible read of privileged data due to a missing permission check.

2.1
2020-12-15 CVE-2020-27031 Google Out-of-bounds Read vulnerability in Google Android 11.0

In nfc_data_event of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-12-15 CVE-2020-27028 Google Out-of-bounds Read vulnerability in Google Android 11.0

In filter_incoming_event of hci_layer.cc, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-12-15 CVE-2020-27027 Google Out-of-bounds Read vulnerability in Google Android 11.0

In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-12-15 CVE-2020-27025 Google Information Exposure vulnerability in Google Android 11.0

In EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent.

2.1
2020-12-15 CVE-2020-27023 Google Information Exposure vulnerability in Google Android 11.0

In setErrorPlaybackState of BluetoothMediaBrowserService.java, there is a possible permission bypass due to an unsafe PendingIntent.

2.1
2020-12-15 CVE-2020-27021 Google Out-of-bounds Read vulnerability in Google Android 11.0

In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check.

2.1
2020-12-15 CVE-2020-0500 Google Information Exposure vulnerability in Google Android 11.0

In startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent.

2.1
2020-12-15 CVE-2020-0497 Google Information Exposure vulnerability in Google Android 11.0

In canUseBiometric of BiometricServiceBase, there is a missing permission check.

2.1
2020-12-15 CVE-2020-0496 Google Use After Free vulnerability in Google Android 11.0

In CPDF_RenderStatus::LoadSMask of cpdf_renderstatus.cpp, there is a possible memory corruption due to a use-after free.

2.1
2020-12-15 CVE-2020-0495 Google Integer Overflow or Wraparound vulnerability in Google Android 11.0

In decode_Huffman of JBig2_SddProc.cpp, there is a possible out of bounds write due to an integer overflow.

2.1
2020-12-15 CVE-2020-0493 Google Out-of-bounds Read vulnerability in Google Android 11.0

In CPDF_SampledFunc::v_Call of cpdf_sampledfunc.cpp, there is a possible out of bounds read due to improper input validation.

2.1
2020-12-15 CVE-2020-0482 Google Out-of-bounds Read vulnerability in Google Android 11.0

In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check.

2.1
2020-12-15 CVE-2020-0481 Google Incorrect Authorization vulnerability in Google Android 11.0

In AndroidManifest.xml, there is a possible permissions bypass.

2.1
2020-12-15 CVE-2020-0477 Google Incorrect Authorization vulnerability in Google Android 11.0

In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information disclosure due to a missing permission check.

2.1
2020-12-15 CVE-2020-0476 Google Information Exposure Through Log Files vulnerability in Google Android 11.0

In onNotificationRemoved of Assistant.java, there is a possible leak of sensitive information to logs.

2.1
2020-12-15 CVE-2020-0473 Google Incorrect Authorization vulnerability in Google Android 11.0

In updateIncomingFileConfirmNotification of BluetoothOppNotification.java, there is a possible permissions bypass.

2.1
2020-12-15 CVE-2020-0368 Google Improper Input Validation vulnerability in Google Android 11.0

In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation.

2.1
2020-12-15 CVE-2020-8944 Google Out-of-bounds Write vulnerability in Google Asylo

An arbitrary memory write vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to ecall_restore using the attribute output which fails to check the range of a pointer.

2.1
2020-12-15 CVE-2020-8943 Google Out-of-bounds Read vulnerability in Google Asylo

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvfrom whose return size was not validated against the requested size.

2.1
2020-12-15 CVE-2020-8942 Google Out-of-bounds Read vulnerability in Google Asylo

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_read whose return size was not validated against the requrested size.

2.1
2020-12-15 CVE-2020-8941 Google Out-of-bounds Read vulnerability in Google Asylo

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_inet_pton using an attacker controlled klinux_addr_buffer parameter.

2.1
2020-12-15 CVE-2020-8940 Google Out-of-bounds Read vulnerability in Google Asylo

An arbitrary memory read vulnerability in Asylo versions up to 0.6.0 allows an untrusted attacker to make a call to enc_untrusted_recvmsg using an attacker controlled result parameter.

2.1
2020-12-15 CVE-2020-8939 Google Out-of-bounds Read vulnerability in Google Asylo

An out of bounds read on the enc_untrusted_inet_ntop function allows an attack to extend the result size that is used by memcpy() to read memory from within the enclave heap.

2.1
2020-12-15 CVE-2020-8938 Google Out-of-bounds Write vulnerability in Google Asylo

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to FromkLinuxSockAddr with attacker controlled content and size of klinux_addr which allows an attacker to write memory values from within the enclave.

2.1
2020-12-15 CVE-2020-8937 Google Out-of-bounds Write vulnerability in Google Asylo

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to enc_untrusted_create_wait_queue that uses a pointer queue that relies on UntrustedLocalMemcpy, which fails to validate where the pointer is located.

2.1
2020-12-15 CVE-2020-8936 Google Out-of-bounds Read vulnerability in Google Asylo

An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allows an attacker to make a host call to UntrustedCall.

2.1
2020-12-14 CVE-2020-0019 Google Use of Hard-coded Credentials vulnerability in Google Android

In the Broadcom Nexus firmware, there is an insecure default password.

2.1
2020-12-14 CVE-2020-0469 Google Unspecified vulnerability in Google Android 11.0

In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error.

2.1
2020-12-14 CVE-2020-0468 Google Incorrect Default Permissions vulnerability in Google Android 10.0/11.0

In listen() and related functions of TelephonyRegistry.java, there is a possible permissions bypass of location permissions due to a missing permission check.

2.1
2020-12-14 CVE-2020-0467 Google Unspecified vulnerability in Google Android

In onUserStopped of Vpn.java, there is a possible resetting of user preferences due to a logic issue.

2.1
2020-12-14 CVE-2020-0464 Google Information Exposure Through Discrepancy vulnerability in Google Android 10.0

In resolv_cache_lookup of res_cache.cpp, there is a possible side channel information disclosure.

2.1
2020-12-14 CVE-2020-0459 Google Incorrect Default Permissions vulnerability in Google Android

In sendConfiguredNetworkChangedBroadcast of WifiConfigManager.java, there is a possible leak of sensitive WiFi configuration data due to a missing permission check.

2.1
2020-12-14 CVE-2020-25233 Siemens Use of Hard-coded Cryptographic Key vulnerability in Siemens Logo! 8 BM Firmware

A vulnerability has been identified in LOGO! 8 BM (incl.

2.1
2020-12-14 CVE-2020-25231 Siemens Use of Hard-coded Cryptographic Key vulnerability in Siemens Logo! 8 BM Firmware and Logo! Soft Comfort

A vulnerability has been identified in LOGO! 8 BM (incl.

2.1
2020-12-15 CVE-2020-0280 Google Out-of-bounds Read vulnerability in Google Android 11.0

In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check.

1.9