Security Technology: September 2020

Google Fotos não consegue fazer backup de Motion Photos da Samsung

Após receber muitos elogios pelas recentes atualizações rápidas da interface One UI 2.5, a Samsung pode ter que lidar com críticas, visto que essa versão está causando um problema relacionado a fotos.Ao que parece, as fotos em movimento capturadas em celulares Samsung com One UI 2.5 estão sendo carregadas como imagens estáticas quando transferidas para o Google Fotos. O recurso Motion Photos foi lançado em 2016 pela Samsung para que os usuários tenham vídeos de poucos segundos gravados antes do momento em que o obturador é de fato pressionado. Dessa forma, além de fotos, os usuários registram uma espécie de GIF, do qual é possível extrair diversas outras imagens também.ReproduçãoUsuários da One UI 2.5 não devem utilizar o Google Fotos para fazer o backup de fotos capturadas com o recurso Motion Photos. Imagem: Dennizn/ShutterstockRecursos como o Motion Photos já se tornaram padrão em smartphones recentes - o Live Photos, da Apple, é um exemplo disso. No entanto, a One UI 2.5 otimizou essa função para que seja capturado, além de um pequeno vídeo, o áudio que corresponde às cenas antes da foto. A intenção foi boa e realmente agradou aos usuários, mas o problema com o Google Fotos pode ser um grande obstáculo. Afinal, muitos utilizam o aplicativo do Google para backup e perder esses momentos não está nos planos de ninguém.Por isso, surgiram reclamações online afirmando que, quando as fotos em movimento são copiadas para o Google Fotos, a mágica desaparece - algo que não acontecia na versão anterior da One UI. A culpa não é do Google, que adicionou um suporte oficial ao formato já no ano passado.Por ora, enquanto a Samsung não resolve o problema, o mais recomendado é que, se você tem um smartphone Samsung atualizado com One UI 2.5, o backup de fotos em movimento seja feito sem o auxílio do Google Fotos.Via: 9to5Google

from Olhar Digital :: Segurança https://ift.tt/34aDfAw

Trump Pushed 11 False Claims About Voting in 8 Minutes During the Debate

The president's assault on electoral integrity threatens to undermine the democratic process. We unpack each falsehood, mischaracterization, and lie.

from Security Latest https://ift.tt/36kPIV9

CISA and MS-ISAC Release Ransomware Guide

Original release date: September 30, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have released a joint Ransomware Guide that details practices that organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The in-depth guide provides actionable best practices for ransomware prevention as well as a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.

CISA encourages users and administrators to review the Ransomware Guide and CISA’s Ransomware webpage for additional information.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/2GlkUbK

Ataques de ransomware estão cada vez mais rápidos, alerta a Microsoft

Ransonware, um tipo de malware que criptografa arquivos e documentos de um ou de vários computadores de uma rede e depois exige um resgate da vítima, foi o tipo de ciberataque mais comum no último ano. Ataques se tornarem mais sofisticados e hackers estão com um foco cada vez maior em dispositivos de Internet das Coisas.Essas são algumas das tendências apontadas pelo relatório anual da Microsoft, "Digital Defense Report", que cobre as tendências de segurança cibernética dos últimos doze meses. O documento ainda destaca o papel de agentes patrocinado por países e grupos criminosos que mudaram sua infraestrutura para a nuvem para se esconder entre os serviços legítimos.De acordo com a Microsoft, os hackers ainda exploraram a crise causada pela Covid-19 para reduzir seu tempo de permanência no sistema de uma vítima de ransomware. A ideia é aproveitar que as empresas estão com uma maior disposição de pagar o resgate e se livrar logo do problema. "Em alguns casos, os cibercriminosos passaram da invasão inicial ao resgate de toda a rede em menos de 45 minutos", afirma o relatório.Os padrões de ataque demonstram que os cibercriminosos sabem quando as empresas estarão mais vulneráveis – como em feriados. "Eles estão cientes de quando as organizações estarão mais dispostas a pagar resgates do que a incorrer em períodos de inatividade, como durante os ciclos de faturamento nos setores de saúde, finanças e jurídico", explica o documento.Diversas frentes de batalha"As ameaças de IoT estão em constante expansão e evolução", afirma o relatório. No primeiro semestre de 2020, houve um aumento de 35% no volume total de ataques nessas plataformas em comparação com o segundo semestre de 2019.Ainda no ano passado, o sistema de defesa digital da Microsoft bloqueou mais de 13 bilhões de e-mails maliciosos e suspeitos, dos quais mais de 1 bilhão eram URLs configuradas com o propósito explícito de lançar um ataque de phishing para roubar credenciais. "Os invasores são oportunistas e trocam os temas das iscas diariamente para se alinhar aos ciclos de notícias, como visto no uso da pandemia Covid-19", afirmam os pesquisadores da Microsoft.Microsoft/ReproduçãoGráfico mostra como os ataques de phising relacionados à Covid-19 cresceram durante a pandemia e caíram nos últimos meses. Imagem: Microsoft/ReproduçãoApesar do receio causado pela doença, o volume geral de malware do último ano permaneceu "relativamente consistente" – só o tema que foi mais direcionado, aproveitando a "enxurrada de informações associadas à pandemia". Mas de acordo com a empresa, nos últimos meses, o volume de ataques de phishing com o tema Covid-19 diminuiu.A pandemia também foi utilizada por agentes à serviço de estados e nações. "Ataques com o tema 'Covid' tinham como alvo importantes organizações governamentais de saúde. Organizações acadêmicas e comerciais envolvidas na pesquisa de vacinas também foram visadas", afirma a Microsoft. A maior parte da atividade originou-se de grupos na Rússia, Irã, China e Coréia do Norte.O documento ainda alerta que organizações - sejam agências governamentais ou empresas – devem investir em pessoas e tecnologia para ajudar a impedir esses ataques. "As pessoas devem se concentrar no básico, incluindo a aplicação regular de atualizações de segurança, políticas de backup abrangentes e, especialmente, habilitar a autenticação multifator", que, de acordo com a Microsoft, por si só teria evitado a grande maioria dos ataques bem-sucedidos.Via: Microsoft Blog

from Olhar Digital :: Segurança https://ift.tt/3l12a0m

Cisco Issues Patches For 2 High-Severity IOS XR Flaws Under Active Attacks

Cisco yesterday released security patches for two high-severity vulnerabilities affecting its IOS XR software that were found exploited in the wild a month ago.Tracked as CVE-2020-3566 and CVE-2020-3569, details for both zero-day unauthenticated DoS vulnerabilities were made public by Cisco late last month when the company found hackers actively exploiting Cisco IOS XR Software that is installed

from The Hacker News https://ift.tt/2SgGZuA

Trump and the Limits of Content Moderation

The president’s televised encouragement of white supremacy and political violence was a reminder that social media didn’t create these problems.

from Security Latest https://ift.tt/3cRJNbm

CISA Releases Telework Essentials Toolkit

Original release date: September 30, 2020

The Cybersecurity and Infrastructure Security Agency (CISA) has released the Telework Essentials Toolkit, a comprehensive resource of telework best practices. The Toolkit provides three personalized modules for executive leaders, IT professionals, and teleworkers. Each module outlines distinctive security considerations appropriate for their role:

Actions for executive leaders that drive cybersecurity strategy, investment and culture
Actions for IT professionals that develop security awareness and vigilance
Actions for teleworkers to develop their home network security awareness and vigilance

CISA encourages users and administrators to review the Telework Essentials Toolkit and the CISA Telework page for more information.

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/2Gc3jDs

Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis

We’ve all been spending more of our time online since the crisis hit. Whether it’s ordering food for delivery, livestreaming concerts, holding virtual parties, or engaging in a little retail therapy, the digital interactions of many Americans are on the rise. This means we’re also sharing more of our personal and financial information online, with each other and the organizations we interact with. Unfortunately, as ever, there are bad guys around every digital corner looking for a piece of the action.

The bottom line is that personally identifiable information (PII) is the currency of internet crime. And cyber-criminals will do whatever they can to get their hands on it. When they commit identity theft with this data, it can be a messy business, potentially taking months for banks and businesses to investigate before you get your money and credit rating back. At a time of extreme financial hardship, this is the last thing anyone needs.

It therefore pays to be careful about how you use your data and how you protect it. Even more: it’s time to get proactive and monitor it—to try and spot early on if it has been stolen. Here’s what you need to know to protect your identity data.

How identity theft works

First, some data on the scope of the problem. In the second quarter of 2020 alone 349,641 identity theft reports were filed with the FTC. To put that in perspective, it’s over half of the number for the whole of 2019 (650,572), when consumers reported losing more than $1.9 billion to fraud. What’s driving this huge industry? A cybercrime economy estimated to be worth as much as $1.5 trillion annually.

Specialized online marketplaces and private forums provide a user-friendly way for cyber-criminals and fraudsters to easily buy and sell stolen identity data. Many are on the so-called dark web, which is hidden from search engines and requires a specialized anonymizing browser like Tor to access. However, plenty of this criminal activity also happens in plain sight, on social media sites and messaging platforms. This underground industry is an unstoppable force: as avenues are closed down by law enforcement or criminal in-fighting, other ones appear.

At-risk personal data could be anything from email and account log-ins to medical info, SSNs, card and bank details, insurance details and much more. It all has a value on the cybercrime underground and the price fraudsters are prepared to pay will depend on supply and demand, just like in the ‘real’ world.

There are various ways for attackers to get your data. The main ones are:

Phishing: usually aimed at stealing your log-ins or tricking you into downloading keylogging or other info-stealing malware. Phishing mainly happens via email but could also occur via web, text, or phone. Around $667m was lost in imposter scams last year, according to the FTC.
Malicious mobile apps disguised as legitimate software.
Eavesdropping on social media: If you overshare even innocuous personal data (pet names, birth dates, etc.,) it could be used by fraudsters to access your accounts.
Public Wi-Fi eavesdropping: If you’re using it, the bad guys may be too.
Dumpster diving and shoulder surfing: Sometimes the old ways are still popular.
Stealing devices or finding lost/misplaced devices in public places.
Attacking the organizations you interact with: Unfortunately this is out of your control somewhat, but it’s no less serious. There were 1,473 reported corporate breaches in 2019, up 17% year-on-year.
Harvesting card details covertly from the sites you shop with. Incidents involving this kind of “web skimming” increased 26% in March as more users flocked to e-commerce sites during lockdown.

The COVID-19 challenge

As if this weren’t enough, consumers are especially exposed to risk during the current pandemic. Hackers are using the COVID-19 threat as a lure to infect your PC or steal identity data via the phishing tactics described above. They often impersonate trustworthy institutions/officials and emails may claim to include new information on outbreaks, or vaccines. Clicking through or divulging your personal info will land you in trouble. Other fraud attempts will try to sell counterfeit or non-existent medical or other products to help combat infection, harvesting your card details in the process. In March, Interpol seized 34,000 counterfeit COVID goods like surgical masks and $14m worth of potentially dangerous pharmaceuticals.

Phone-based attacks are also on the rise, especially those impersonating government officials. The aim here is to steal your identity data and apply for government emergency stimulus funds in your name. Of the 349,641 identity theft reports filed with the FTC in Q2 2020, 77,684 were specific to government documents or benefits fraud.

What do cybercriminals do with my identity data?

Once your PII is stolen, it’s typically sold on the dark web to those who use it for malicious purposes. It could be used to:

Crack open other accounts that share the same log-ins (via credential stuffing). There were 30 billion such attempts in 2018.
Log-in to your online bank accounts to drain it of funds.
Open bank accounts/credit lines in your name (this can affect your credit rating).
Order phones in your name or port your SIM to a new device (this impacts 7,000 Verizon customers per month).
Purchase expensive items in your name, such as a new watch or television, for criminal resale. This is often done by hijacking your online accounts with e-tailers. E-commerce fraud is said to be worth around $12 billion per year.
File fraudulent tax returns to collect refunds on your behalf.
Claim medical care using your insurance details.
Potentially crack work accounts to attack your employer.

How do I protect my identity online?

The good news among all this bad is that if you remain skeptical about what you see online, are cautious about what you share, and follow some other simple rules, you’ll stand a greater chance of keeping your PII under lock and key. Best practices include:

Using strong, long and unique passwords for all accounts, managed with a password manager.
Enable two-factor authentication (2FA) if possible on all accounts.
Don’t overshare on social media.
Freeze credit immediately if you suspect data has been misused.
Remember that if something looks too good to be true online it usually is.
Don’t use public Wi-Fi when out-and-about, especially not for sensitive log-ins, without a VPN.
Change your password immediately if a provider tells you your data may have been breached.
Only visit/enter payment details into HTTPS sites.
Don’t click on links or open attachments in unsolicited emails.
Only download apps from official app stores.
Invest in AV from a reputable vendor for all your desktop and mobile devices.
Ensure all operating systems and applications are on the latest version (i.e., patch frequently).
Keep an eye on your bank account/credit card for any unusual spending activity.
Consider investing in a service to monitor the dark web for your personal data.

How Trend Micro can help

Trend Micro offers solutions that can help to protect your digital identity.

Trend Micro ID Security is the best way to get proactive about data protection. It works 24/7 to monitor dark web sites for your PII and will sound the alarm immediately if it finds any sign your accounts or personal data have been stolen. It features

Dark Web Personal Data Manager to scour underground sites and alert if it finds personal info like bank account numbers, driver’s license numbers, SSNs and passport information.
Credit Card Checker will do the same as the above but for your credit card information.
Email Checker will alert you if any email accounts have been compromised and end up for sale on the dark web, allowing you to immediately change the password.
Password Checker will tell you if any passwords you’re using have appeared for sale on the dark web, enabling you to improve password security.

Trend Micro Password Manager enables you to manage all your website and app log-ins from one secure location. Because Password Manager remembers and recalls your credentials on-demand, you can create long, strong and unique passwords for each account. As you’re not sharing easy-to-remember passwords across multiple accounts, you’ll be protected from popular credential stuffing and similar attacks.

Finally, Trend Micro WiFi Protection will protect you if you’re out and about connecting to WiFi hotspots. It automatically detects when a WiFi connection isn’t secure and enables a VPN—making your connection safer and helping keep your identity data private.

In short, it’s time to take an active part in protecting your personal identity data—as if your digital life depended on it. In large part, it does.

The post Identity Fraud: How to Protect Your Identity Data, Accounts and Money During the Coronavirus Crisis appeared first on .

from Trend Micro Simply Security https://ift.tt/2GqyCdC

Chinese APT Group Targets Media, Finance, and Electronics Sectors

Cybersecurity researchers on Tuesday uncovered a new espionage campaign targeting media, construction, engineering, electronics, and finance sectors in Japan, Taiwan, the U.S., and China. Linking the attacks to Palmerworm (aka BlackTech) — likely a China-based advanced persistent threat (APT) — Symantec's Threat Hunter Team said the first wave of activity associated with this campaign began last

from The Hacker News https://ift.tt/36kNeWQ

Google Mensagens poderá apagar senhas de acesso via SMS em 24h

O aplicativo Google Mensagens, em breve, poderá receber um recurso específico para excluir rapidamente mensagens com senhas de uso único (OTPs, 'One-time password') e códigos de segurança. Tais senhas são geradas para autenticar o acesso de usuários a contas de e-mails, redes sociais e outros serviços. Para isso, é preciso também associar um número de telefone válido.A descoberta foi feita pelo site XDA Developers na versão '6.7.067' do Google Mensagens usando um software de engenharia reversa profissional para aplicativos Android. Eles encontraram linhas de código que fazem menção a um banner com texto e quatro supostas opções. Entre elas, o usuário poderá deletar as OTPs depois de 24 horas ou somente categorizá-las como tal.Não ficou claro, no momento, se as mensagens com senhas descartáveis serão separadas das outras recebidas pelos usuários. A ideia, entretanto, é trazer um pouco mais de organização à caixa de entrada dos celulares e evitar o acúmulo de mensagens antigas com códigos já utilizados anteriormente.Em algumas interfaces, as fabricantes costumam separar mensagens com OTPs em uma caixa de entrada "secundária". Já o aplicativo do Google, até então, ainda não liberou a função para os usuários. O app Mensagens vem pré-instalado em smartphones da linha Pixel, da própria empresa, mas também em dispositivos de outras fabricantes, como Motorola e LG.Senhas descartáveisReproduçãoAplicativo Google Mensagens deverá liberar, em breve, função para apagar senhas descartáveis em 24 horas. Imagem: Google/Reprodução.Como as senhas são descartáveis e enviadas via SMS, normalmente, a opção viria para limpar o acúmulo de mensagens com senhas que não podem mais ser usadas. Elas também costumam ser informadas via ligação de voz ou por e-mail, dependendo do serviço.A maioria das OTPs, pela sua própria natureza, tem vida útil bastante curta, de poucos minutos. Depois do prazo de validade, elas perdem utilidade pois já não podem mais ser usadas para autenticar acessos ou confirmar contas.Elas são usadas, por exemplo, em aplicativos como o WhatsApp para autenticar contas em novos dispositivos. O recurso, inclusive, é explorado por usuários mal intencionados na prática de clonagem das contas usando o phishing como forma de enganar as vítimas.Fonte: XDA Developers

from Olhar Digital :: Segurança https://ift.tt/34phw8j

Pilhas Duracell ganham revestimento amargo para desencorajar seu consumo

Aparentemente, crianças têm um gosto peculiar por comer pilhas e baterias. A inclinação é tanta que a Duracell, uma das principais empresas do segmento, está tentando tornar suas pilhas tipo moedas menos atraentes ao paladar. Como? Adicionando um novo revestimento amargo às peças.As novas baterias de lítio em formato de moeda com os tamanhos 2016, 2025 e 2032 apresentam um revestimento interior que reage quando em contato com a saliva para liberar um sabor amargo que deve desencorajar crianças que estão prestes a engolir a pilha. É importante ressaltar, como explicou a Duracell, que a ingestão de uma peça de lítio pode causar "reação química prejudicial em apenas duas horas" - daí a preocupação da empresa.ReproduçãoNovas baterias de lítio apresentam um revestimento interior que reage quando em contato com a saliva para liberar um sabor amargo. Imagem: Duracell/Divulgação Ainda segundo a fabricante, o aumento do uso de pilhas tipo moeda está relacionado aos dispositivos eletrônicos, como controles remotos e rastreadores Bluetooth, que estão cada vez menores. Se esse tipo de bateria é um chamariz para crianças, para os adultos não passa de um formato irritante e preocupante, justamente por conta do tamanho reduzido.Cartuchos de jogos amargosA ideia de usar um agente amargo para desencorajar o consumo acidental de gadgets por crianças não é de autoria da Duracell: a Nintendo, por exemplo, já emprega um método semelhante nos cartuchos físicos de jogos para o Switch.Ainda não se sabe se a Duracell está usando o mesmo agente que a Nintendo para fabricar suas pilhas, mas, se for, a empresa está fazendo um bom trabalho, visto que, segundo relatos, os cartuchos para Switch têm um "gosto de inseticida" que é "literalmente a pior coisa". Os pais agradecem. As crianças, nem tanto.As novas baterias começaram a ser distribuídas ao mercado no início de setembro. Via: The Verge

from Olhar Digital :: Segurança https://ift.tt/2Sc621X

LIVE Webinar on Zerologon Vulnerability: Technical Analysis and Detection

I am sure that many of you have by now heard of a recently disclosed critical Windows server vulnerability—called Zerologon—that could let hackers completely take over enterprise networks. For those unaware, in brief, all supported versions of the Windows Server operating systems are vulnerable to a critical privilege escalation bug that resides in the Netlogon Remote Control Protocol for Domain

from The Hacker News https://ift.tt/3kZ1yIA

Hacker apresenta novo dispositivo open source para desenvolvedores

O segmento de dispositivos IoT (Internet of Things, ou internet das coisas) continua despertando o interesse de profissionais e entusiastas de tecnologia. Esse nicho se destaca pela possibilidade de adaptar uma série de sensores e componentes eletrônicos para criar diferentes conjuntos de hardware.O novo membro dessa família de dispositivos é o Precursor. O aparelho criado pelo hacker norte-americano Andrew "bunnie" Huang é voltado para desenvolvedores e é totalmente baseado em código aberto. Diferente de outros gadgets da categoria que entregam apenas uma placa de circuito eletrônico, o Precursor se destaca pelo design compacto e pela lista de especificações. O dispositivo pesa apenas 96 g, e conta com bateria recarregável, um pequeno display LCD, teclado físico e carcaça de proteção de 7.2 mm feita em alumínio.Totalmente modularEm termos de hardware, o Precursor possui um chip de processamento proprietário; 128 MB de memória interna; tela com resolução 536 x 336 pixels; um alto faltante de 0,7 W; entrada para fones de ouvido; Wi-Fi; uma porta USB tipo C e bateria de 1.100 mAh. Huang afirma que a autonomia de bateria fica em torno de 5 horas e meia de uso contínuo.Imagem: Bunnie Studios/ReproduçãoDisplay pode ser trocado por um OLED e a bateria pode dar espaço para outro componente. Imagem: Bunnie Studios/ReproduçãoQuem pretende interligar peças e outras placas ao gadget não deve se decepcionar. Apesar do tamanho compacto, o Precursor pode abrigar diferentes sensores, desde câmeras até chips de conexão 4G LTE. Outros circuitos integrados também podem ser adaptados usando uma impressora 3D ou soldados diretamente no compartimento de bateria do aparelho.Por enquanto, o Precursor é apenas um protótipo. A ideia é oferecer para os desenvolvedores uma plataforma segura e portátil baseada em Linux. Para manter o gadget funcionando, Huang promete liberar uma série de patches e atualizações no futuro.Para ter acesso à novidade, é preciso acessar o link do projeto de financiamento coletivo e se cadastrar. O gadget é resultado de mais de dois anos de estudo por parte dos criadores, nos próximos meses a promessa é de que mais detalhes da plataforma sejam revelados.Via: Bunnie Studios/Linux Smartphones

from Olhar Digital :: Segurança https://ift.tt/3ibEnJ1

Google Play remove mais 17 aplicativos Android com malware espião

O Google removeu da sua loja oficial mais 17 aplicativos para Android infectados com o malware 'Joker', também conhecido como 'Bread'. O malware espião (spyware) foi detectado nos apps por pesquisadores da empresa de segurança Zscaler. A lista foi publicada na loja do Android em setembro e, no total, teria recebido mais de 120 mil downloads antes de ser descoberta.Os membros da Zscaler ThreatLabZ notificaram o Google, que agiu rapidamente na remoção dos títulos. O 'Joker' é um malware projetado para monitorar e "roubar mensagens SMS, listas de contato e informações do dispositivo". Os pesquisadores ainda citam que ele é capaz "de inscrever silenciosamente a vítima em serviços premium de protocolo de aplicações sem fio (WAP, Wireless Application Protocol)".Na publicação, eles citam que o malware tem obtido sucesso ao "contornar o processo de verificação do Google Play". Outras características incluem as mudanças de código, os variados métodos de execução e, também, as técnicas de injeção de carga útil.ReproduçãoAplicativos maliciosos, carregados com o malware espião 'Joker', foram reportados ao Google e removidos da loja do Android. Imagem: Zscaler/Divulgação. Desinstale os seguintes appsA lista contém aplicativos utilitários como scanners de PDF, e outros de teclado, fotos e tradução. Se você, recentemente, instalou algum dos aplicativos da lista a seguir, o mais recomendado é removê-lo do dispositivo e sempre estar atento às permissões solicitadas pelos apps instalados. Estes são os títulos que foram removidos da loja do Android recentemente:All Good PDF ScannerMint Leaf Message-Your Private MessageUnique Keyboard - Fancy Fonts & Free EmoticonsTangram App LockDirect MessengerPrivate SMSOne Sentence Translator - Multifunctional TranslatorStyle Photo CollageMeticulous ScannerDesire TranslateTalent Photo Editor - Blur focusCare MessagePart MessagePaper Doc ScannerBlue ScannerHummingbird PDF Converter - Photo to PDFAll Good PDF Scanner (aparentemente, uma segunda versão)Além de removê-los da loja, o Google também usou o 'Play Protect' para desabilitar os apps em dispositivos infectados. O malware 'Joker' também pode ser encontrado em lojas de aplicativos de terceiros. Segundo a empresa, já foram removidos mais de 1.700 apps infectados.Estima-se que a ameaça vem sendo difundida, pelo menos, desde 2017. Em 2019, o Google removeu uma lista com 24 apps infectados espalhados em 37 países. Mais recentemente, em julho, a companhia removeu outros 11 apps maliciosos da loja.Fonte: Zscaler

from Olhar Digital :: Segurança https://ift.tt/36fPEG7

'Where Law Ends' Review: How the Mueller Investigation Fell Flat

Prosecutor Andrew Weissmann's Where Law Ends doesn't fill the hole at the center of the Trump-Russia probe, but does help explain why it's there.

from Security Latest https://ift.tt/3cDu93a

Ataque de ransomware afeta rede de hospitais nos EUA

A United Health Services, um dos maiores provedores de serviços de saúde dos EUA, foi vítima de um ataque de ransomware que tirou do ar várias de suas unidades. Segundo o TechCrunch, o ataque começou na manhã deste domingo (27) e desabilitou sistemas de computador e de telefonia da empresa em várias partes do país, como a Califórnia e a Flórida.Um funcionário disse que no momento do ataque os computadores mostraram na tela uma mensagem fazendo referência a um "universo sombrio", caracteristica de um malware conhecido como Ryuk e ligado a um grupo de cybercriminosos russo conhecido como Wizard Spider.Segundo a NBC News, algumas unidades estão recorrendo a papel e caneta para anotar dados de pacientes. A UHS publicou um comunicado onde afirma: "implementamos extensivos protocolos de segurança de TI e estamos trabalhando diligentemente com nossos parceiros de segurança da informação para restaurar nossa operação de TI o mais rápido possível"."Enquanto isso, nossas unidades estão usando processos estabelecidos de backup, incluindo documentação offline. O cuidado aos pacientes continua a ser dispensado de forma segura e eficaz. Nenhum dado de pacientes ou funcionários parece ter sido acessado, copiado ou comprometido de outra forma", disse.Outros casosEm março deste ano, vários grupos responsáveis por ataques de ransomware declararam que iriam suspender os ataques a hospitais e instituições de saúde durante a pandemia de Covid-19. O Wizard Spider, responsável pelo Ryuk, não foi um deles.Em meados de setembro um hospital em Duesseldorf, na Alemanha, sofreu na semana passada um ataque de ransomware que causou a interrupção de suas operações. Como consequência, uma mulher que seria atendida no local morreu ao aguardar sua transferência para uma unidade médica a mais de 30 km de distância.As autoridades alemãs estão investigando o caso, que agora, além de ser um crime cibernético, também trará aos responsáveis a acusação de homicídio culposo - quando não há a intenção de matar.O episódio ocorreu na noite do dia 10 de setembro, com a morte da vítima registrada cerca de um dia depois. O ataque criptografou cerca de 30 servidores do hospital e seus dados armazenados, deixando uma mensagem com instruções de contato destinada à Universidade Heinrich Heine, entidade à qual o hospital é afiliado.As autoridades eventualmente contataram os hackers, informando-os de que o ataque havia incapacitado o hospital e não a universidade. Segundo relatos, os hackers então cancelaram o pedido de resgate e entregaram uma chave criptográfica para liberar os arquivos sequestrados. Desde então, deixaram de responder a tentativas de contato.Fonte: TechCrunch

from Olhar Digital :: Segurança https://ift.tt/3ieWqy0

Falha de segurança expõe caixa de entrada de anfitriões do Airbnb

Anfitriões do Airbnb relataram que estão conseguindo acessar caixas de entrada privadas que não estão relacionadas às suas contas e isso pode significar que uma grave falha de segurança está afetando a plataforma.Tudo começou na última quinta-feira (24), quando anfitriões do Airbnb inundaram o Reddit de fóruns que questionavam o aparecimento incomum de caixas de entrada de mensagens que não lhes diziam respeito. Em uma publicação no Reddit com alguns prints que ilustram a ocorrência, um usuário registrado como "Autocasa" contou que não possui "nenhuma associação com essas pessoas ou com os nomes de seus apartamentos".Embora nenhum convidado tenha relatado o mesmo problema, os anfitriões alegam que podem ver os endereços e outras informações importantes - como códigos necessários para acessar uma propriedade, fotos de perfil e ganhos - de outros usuários. Por expor pessoas ao perigo, a falha de segurança pode ser considerada extremamente grave."Estive no limbo de suporte a tarde toda sem nenhuma resolução à vista", disse o usuário "Flashover212" no Reddit. "Não consigo acessar minha própria caixa de entrada para me comunicar com os convidados, mas posso acessar centenas de outros anfitriões", explicou.Outro usuário do Reddit afirmou que, ao ligar para o suporte do Airbnb, foi instruído a limpar seus cookies ou tentar um navegador diferente. Em alguns casos, sair da conta e ingressar novamente foi o suficiente para que problema desaparecesse, mas a orientação não foi unânime na resolução.ReproduçãoO aplicativo do Airbnb não foi afetado pelo problema de segurança. Imagem: Daniel Krason"É vital para o Airbnb consertar o que quer que esteja causando o problema imediatamente. Os primeiros relatórios parecem indicar que o Airbnb está dizendo aos anfitriões para limpar seus cookies a fim de corrigir o problema", disse Ray Walsh, especialista em privacidade digital da ProPrivacy, empresa cibersegurança. "Esta não é uma resposta adequada porque o ônus não deve recair sobre os consumidores para consertar o erro do Airbnb. Na verdade, alguns anfitriões estão relatando ter acesso a uma caixa de entrada diferente cada vez que eles se conectam novamente, o que significa que o conselho de suporte ao cliente do Airbnb está na verdade aumentando a questão", completou.No dia seguinte ao problema, uma sexta-feira (25), o Airbnb revelou que uma falha técnica ocorreu às 9h30 (horário local do Pacífico) do dia 24. A intercorrência, que afetou apenas a plataforma para web móvel e desktop, deixando o aplicativo ileso, foi resolvida às 12h30 da própria quinta-feira."Na quinta-feira, um problema técnico resultou em um pequeno subconjunto de usuários visualizando inadvertidamente quantidades limitadas de informações de contas de outros usuários", notificou o Airbnb. "Corrigimos o problema rapidamente e estamos implementando controles adicionais para garantir que isso não aconteça novamente. Não acreditamos que nenhuma informação pessoal foi usada indevidamente e em nenhum momento as informações de pagamento foram acessíveis", concluiu.Via: ZDNet

from Olhar Digital :: Segurança https://ift.tt/36gYhQS

Serviço de recuperação de dados ajuda famílias de vítimas da pandemia

O volume de informações compartilhadas na web acabou gerando uma demanda para a criação de diferentes soluções de gerenciamento de dados. Uma situação em que serviços como esse podem ser de grande ajuda é justamente quando um parente ou conhecido acaba falecendo. Fato que infelizmente se tornou recorrente durante a pandemia.Além de lidar com a perda, os familiares também precisam decidir em algum momento o que será feito com relação as contas de redes sociais, fotografias e serviços financeiros. Pensando nisso, o executivo Rikard Steiber criou a 'GoodTrust'. A empresa promete cuidar de todas essas pendências digitais em nome de quem contrata o serviço.Segundo Steiber, a GoodTrust está pronta para cuidar de contas de e-mail, documentos, assinatura de serviços online, contas bancárias, seguros e todo conteúdo salvo nas redes sociais. É importante lembrar que uma parcela considerável de transações financeiras e troca de dados acontece na internet, sendo assim, se trata de uma solução inteligente que pode recuperar informações importantes.Imagem: GoodTrust/ReproduçãoPrincipal objetivo da empresa sediada no Vale do Silício é proteger as lembranças de quem já se foi. Imagem: GoodTrust/ReproduçãoQuem contrata o serviço poderá contar com a criação de uma página memorial no Facebook, cancelamento de cobranças mensais de serviços como Netflix e Spotify e fechamento de contas em outras redes sociais. Uma vantagem fica por conta da possibilidade de recuperar fotos e vídeos importantes durante o processo, algo que poderia acabar se perdendo com o passar do tempo.A empresa oferta um plano mais básico que custa U$ 40 (R$ 225). O serviço conta a possibilidade de acessar e deletar dados em mais de 100 sites diferentes. A companhia também oferece assessoria jurídica para obter acesso em caso de contas atreladas ao Google, Apple ou Facebook.Segurança em primeiro lugarSegundo o criador do serviço, a empresa não tem acesso a nenhuma informação pessoal dos clientes. Todo o processo funciona utilizando uma série de ferramentas de automação responsáveis por recuperar ou apagar dados.Uma pesquisa encomendada pela GoodTrust em 2020 revelou um dado preocupante. Os números do estudo mostram que 90% dos americanos não sabem o que acontece com suas informações compartilhadas na web depois da morte.Por fim, Steiber ressalta que o serviço também protege seus clientes de ameaças e golpes em potencial. A empresa pode apenas deletar ou controlar totalmente os acessos a serviços e redes sociais. Essa prática impede que hackers roubem contas ou até utilizem dados dos falecidos para tentarem se passar por outra pessoa.Fonte: Venturebeat

from Olhar Digital :: Segurança https://ift.tt/349oi1t

A Ransomware Attack Has Struck a Major US Hospital Chain

“All computers are completely shut down,” one Universal Health Services employee told WIRED.

from Security Latest https://ift.tt/33bFaW9

Vulnerability Summary for the Week of September 21, 2020

Original release date: September 28, 2020

High Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
aveva -- edna_enterprise_data_historian	An SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter AliasName in Alias.asmx is vulnerable to unauthenticated SQL injection attacks. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.	2020-09-24	7.5	CVE-2020-13508 MISC
aveva -- edna_enterprise_data_historian	Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.	2020-09-24	7.5	CVE-2020-13505 MISC
aveva -- edna_enterprise_data_historian	Parameter AttFilterName in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.	2020-09-24	7.5	CVE-2020-13503 MISC
aveva -- edna_enterprise_data_historian	An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.	2020-09-24	7.5	CVE-2020-13501 MISC
aveva -- edna_enterprise_data_historian	SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.	2020-09-24	7.5	CVE-2020-13500 MISC
aveva -- edna_enterprise_data_historian	An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx is vulnerable to unauthenticated SQL injection attacks.	2020-09-24	7.5	CVE-2020-13499 MISC
aveva -- edna_enterprise_data_historian	An SQL injection vulnerability exists in the Alias.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Parameter OrigID in Alias.asmx is vulnerable to unauthenticated SQL injection attacks An attacker can send unauthenticated HTTP requests to trigger this vulnerability.	2020-09-24	7.5	CVE-2020-13507 MISC
gogogate -- ismartgate_pro_firmware	ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php.	2020-09-24	7.5	CVE-2020-12838 MISC MISC
gogogate -- ismartgate_pro_firmware	ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used.	2020-09-24	7.5	CVE-2020-12843 MISC MISC
gogogate -- ismartgate_pro_firmware	ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php.	2020-09-24	7.5	CVE-2020-12842 MISC MISC
gogogate -- ismartgate_pro_firmware	ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php.	2020-09-24	7.5	CVE-2020-12839 MISC MISC
google -- android	In Bluetooth, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143604331	2020-09-18	7.5	CVE-2020-0354 MISC
google -- chrome	Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	9.3	CVE-2020-6551 MISC MISC FEDORA
google -- chrome	Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	9.3	CVE-2020-6549 MISC MISC FEDORA
google -- chrome	Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	9.3	CVE-2020-6550 MISC MISC FEDORA
google -- chrome	Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	9.3	CVE-2020-6548 MISC MISC FEDORA
google -- chrome	Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	9.3	CVE-2020-6552 MISC MISC FEDORA
google -- chrome	Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	9.3	CVE-2020-6553 MISC MISC FEDORA
google -- chrome	Heap buffer overflow in SwiftShader in Google Chrome prior to 84.0.4147.135 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	9.3	CVE-2020-6556 MISC MISC FEDORA
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to upload a malicious file, which could allow the attacker to execute arbitrary code on the vulnerable system. IBM X-Force ID: 184979.	2020-09-22	9	CVE-2020-4620 XF CONFIRM
ozeki -- ozeki_ng_sms_gateway	An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files).	2020-09-22	9	CVE-2020-14031 MISC MISC
ozeki -- ozeki_ng_sms_gateway	An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges.	2020-09-22	9	CVE-2020-14028 MISC MISC
ozeki -- ozeki_ng_sms_gateway	Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application.	2020-09-22	9	CVE-2020-14022 MISC MISC MISC
ozeki -- ozeki_ng_sms_gateway	CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export.	2020-09-22	9.3	CVE-2020-14026 MISC MISC MISC

Medium Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
adobe -- media_encoder	Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.	2020-09-18	5.8	CVE-2020-9745 MISC
adobe -- media_encoder	Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.	2020-09-18	5.8	CVE-2020-9744 MISC
adobe -- media_encoder	Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.	2020-09-18	5.8	CVE-2020-9739 MISC
buffalo -- airstation_whr-g54s_firmware	Directory traversal vulnerability in WHR-G54S firmware 1.43 and earlier allows an attacker to access sensitive information such as setting values via unspecified vectors.	2020-09-18	4	CVE-2020-5605 MISC MISC
buffalo -- airstation_whr-g54s_firmware	Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page.	2020-09-18	4.3	CVE-2020-5606 MISC MISC
corephp -- pago_commerce	The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter.	2020-09-18	6.5	CVE-2020-25751 MISC MISC
cpanel -- cpanel	cPanel before 90.0.10 allows self XSS via the Cron Editor interface (SEC-574).	2020-09-25	4.3	CVE-2020-26115 MISC
cpanel -- cpanel	cPanel before 90.0.10 allows self XSS via the Cron Jobs interface (SEC-573).	2020-09-25	4.3	CVE-2020-26114 MISC
gogogate -- ismartgate_pro_firmware	iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php.	2020-09-24	4.3	CVE-2020-12280 MISC MISC
gogogate -- ismartgate_pro_firmware	ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used.	2020-09-24	5	CVE-2020-12837 MISC MISC
gogogate -- ismartgate_pro_firmware	iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.)	2020-09-24	6.8	CVE-2020-12282 MISC MISC
gogogate -- ismartgate_pro_firmware	iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php.	2020-09-24	4.3	CVE-2020-12281 MISC MISC
gogogate -- ismartgate_pro_firmware	ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload sound files via /index.php	2020-09-24	4.3	CVE-2020-12840 MISC MISC
gogogate -- ismartgate_pro_firmware	ismartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to upload imae files via /index.php	2020-09-24	4.3	CVE-2020-12841 MISC MISC
gogogate -- ismartgate_pro_firmware	ismartgate PRO 1.5.9 is vulnerable to clickjacking.	2020-09-24	4.3	CVE-2020-13119 MISC MISC
google -- android	In iptables, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136658008	2020-09-18	4.6	CVE-2020-0347 MISC
google -- android	In NFC, there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148736216	2020-09-18	5	CVE-2020-0300 MISC
google -- android	In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137868765	2020-09-18	6.8	CVE-2020-0319 MISC
google -- android	In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139424089	2020-09-18	4.6	CVE-2020-0350 MISC
google -- android	In the Settings app, there is an insecure default value. This could lead to local escalation of privilege and tapjacking with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144507081	2020-09-18	4.4	CVE-2020-0271 MISC
google -- android	In NFC, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-148294643	2020-09-18	4.4	CVE-2020-0268 MISC
google -- android	In NetworkStackNotifier, there is a possible permissions bypass due to an unsafe implicit PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157475111	2020-09-18	4.6	CVE-2020-0405 MISC
google -- android	In Bluetooth, there is a possible spoofing of bluetooth device metadata due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145130119	2020-09-18	4.6	CVE-2020-0299 MISC
google -- android	In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147995915	2020-09-18	4.6	CVE-2020-0334 MISC
google -- android	In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over NFC with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188582	2020-09-18	4	CVE-2020-0348 MISC
google -- android	In Bluetooth, there is a possible control over Bluetooth enabled state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145129266	2020-09-18	4.6	CVE-2020-0298 MISC
google -- android	In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-122361504	2020-09-18	4.6	CVE-2020-0335 MISC
google -- android	In WiFi tethering, there is a possible attacker controlled intent due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156353008	2020-09-18	4.6	CVE-2020-0262 MISC
google -- android	In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603	2020-09-18	4.6	CVE-2020-0089 MISC
google -- android	In the System UI, there is a possible system crash due to an uncaught exception. This could lead to local permanent denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-33646131	2020-09-18	4.9	CVE-2020-0318 MISC
google -- android	In the Bluetooth server, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147227320	2020-09-18	4.6	CVE-2020-0309 MISC
google -- chrome	Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.	2020-09-21	4.3	CVE-2020-6555 MISC MISC FEDORA
google -- chrome	Insufficient data validation in Omnibox in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to perform domain spoofing via IDN homographs via a crafted domain name.	2020-09-21	4.3	CVE-2020-6571 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Information leakage in WebRTC in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information via a crafted WebRTC interaction.	2020-09-21	4.3	CVE-2020-6570 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2020-09-21	4.3	CVE-2020-6562 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Insufficient policy enforcement in iOSWeb in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.	2020-09-21	4.3	CVE-2020-6558 SUSE SUSE SUSE MISC MISC
google -- chrome	Insufficient policy validation in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.	2020-09-21	6.8	CVE-2020-15961 SUSE SUSE SUSE MISC MISC
google -- chrome	Inappropriate implementation in WebView in Google Chrome on Android prior to 84.0.4147.105 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2020-09-21	4.3	CVE-2020-6538 MISC MISC FEDORA
google -- chrome	Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.	2020-09-21	6.8	CVE-2020-15960 SUSE SUSE SUSE MISC MISC
google -- chrome	Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information via a crafted Chrome Extension.	2020-09-21	4.3	CVE-2020-15966 SUSE SUSE SUSE MISC MISC
google -- chrome	Insufficient policy enforcement in networking in Google Chrome prior to 85.0.4183.102 allowed an attacker who convinced the user to enable logging to obtain potentially sensitive information from process memory via social engineering.	2020-09-21	4.3	CVE-2020-15959 SUSE SUSE SUSE MISC MISC
google -- chrome	Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6544 MISC MISC FEDORA
google -- chrome	Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6543 MISC MISC FEDORA
google -- chrome	Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page.	2020-09-21	4.3	CVE-2020-6547 MISC MISC FEDORA
google -- chrome	Insufficient policy enforcement in extensions in Google Chrome prior to 85.0.4183.121 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension.	2020-09-21	6.8	CVE-2020-15963 SUSE SUSE SUSE MISC MISC
google -- chrome	Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6541 MISC MISC FEDORA
google -- chrome	Insufficient policy validation in serial in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.	2020-09-21	6.8	CVE-2020-15962 SUSE SUSE SUSE MISC MISC
google -- chrome	Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6545 MISC MISC FEDORA
google -- chrome	Use after free in extensions in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially perform a sandbox escape via a crafted Chrome Extension.	2020-09-21	6.8	CVE-2020-6554 MISC MISC FEDORA
google -- chrome	Use after free in video in Google Chrome on Android prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6573 SUSE SUSE SUSE MISC MISC
google -- chrome	Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6542 MISC MISC FEDORA
google -- chrome	Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	6.8	CVE-2020-15964 SUSE SUSE SUSE MISC MISC
google -- chrome	Buffer overflow in Skia in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6540 MISC MISC FEDORA
google -- chrome	Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem.	2020-09-21	4.6	CVE-2020-6546 MISC MISC FEDORA
google -- chrome	Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6539 MISC MISC FEDORA
google -- chrome	Type confusion in V8 in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6537 MISC MISC FEDORA
google -- chrome	Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	6.8	CVE-2020-6532 MISC MISC FEDORA
google -- chrome	Type confusion in V8 in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.	2020-09-21	6.8	CVE-2020-15965 SUSE SUSE SUSE MISC MISC
gradle -- enterprise	An issue was discovered in Gradle Enterprise 2017.1 - 2020.2.4. Unrestricted access to a high-level system-usage summary allows an attacker to obtain project names and usage metrics.	2020-09-18	5	CVE-2020-15775 MISC CONFIRM
gradle -- enterprise	An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. CSRF mitigation can be bypassed because cross-site transmission of a cookie (containing a CSRF token) can occur.	2020-09-18	5	CVE-2020-15771 MISC CONFIRM
gradle -- enterprise	An issue was discovered in Gradle Enterprise 2017.3 - 2020.2.4 and Gradle Enterprise Build Cache Node 1.0 - 9.2. Unrestricted HTTP header reflection allows remote attackers to obtain authentication cookies (if an XSS issue exists) via the /info/headers, /cache-info/headers, /admin-info/headers, /distribution-broker-info/headers, or /cache-node-info/headers path.	2020-09-18	5	CVE-2020-15768 MISC CONFIRM
gradle -- enterprise	An issue was discovered in Gradle Enterprise 2018.5. There is a lack of lock-out after excessive failed login attempts. This allows a remote attacker to conduct brute-force guessing of a local user's password.	2020-09-18	5	CVE-2020-15770 MISC CONFIRM
gradle -- enterprise	An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.	2020-09-18	4.3	CVE-2020-15769 MISC CONFIRM
gradle -- enterprise	An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. Because of implicitly remembered user-login information, physically proximate attackers can use a user session after browser closure.	2020-09-18	4.6	CVE-2020-15774 MISC CONFIRM
gradle -- enterprise	An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API.	2020-09-18	4	CVE-2020-15773 MISC CONFIRM
gradle -- enterprise	An issue was discovered in Gradle Enterprise 2018.5 - 2020.2.4. There is XXE with resultant SSRF via an uploaded SAML IDP configuration.	2020-09-18	4	CVE-2020-15772 MISC CONFIRM
gradle -- enterprise	An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. CSRF mitigation can be bypassed because the anti-CSRF token is in a cleartext cookie.	2020-09-18	6.8	CVE-2020-15776 MISC CONFIRM
gradle -- enterprise	An issue was discovered in Gradle Enterprise before 2020.2.5. Lack of the secure attribute on the anti-CSRF cookie allows an attacker (with the ability to read HTTP traffic) to obtain a user's anti-CSRF token if the user initiates a cleartext HTTP request.	2020-09-18	4.3	CVE-2020-15767 MISC CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 184983.	2020-09-22	5	CVE-2020-4622 XF CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929.	2020-09-22	5	CVE-2020-4616 XF CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 184930.	2020-09-22	5.8	CVE-2020-4617 XF CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt sensitive information. IBM X-Force ID: 184927.	2020-09-22	5	CVE-2020-4614 XF CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184925.	2020-09-22	5	CVE-2020-4613 XF CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924.	2020-09-22	4	CVE-2020-4612 XF CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 could allow a privileged user to cause a denial of service due to improper input validation. IBM X-Force ID: 184937.	2020-09-22	4	CVE-2020-4618 XF CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 stores user credentials in plain in clear text which can be read by an authenticated user. IBM X-Force ID: 184976.	2020-09-22	4	CVE-2020-4619 XF CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to escalate their privileges to administrator due to insufficient authorization checks. IBM X-Force ID: 184981.	2020-09-22	6.5	CVE-2020-4621 XF CONFIRM
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922.	2020-09-22	6.5	CVE-2020-4611 XF CONFIRM
ibm -- datapower_gateway	IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: 184439.	2020-09-21	5	CVE-2020-4580 XF CONFIRM
ibm -- datapower_gateway	IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: 184438.	2020-09-21	5	CVE-2020-4579 XF CONFIRM
ibm -- datapower_gateway	IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.	2020-09-21	5	CVE-2020-4581 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information. IBM X-Force ID: 185590.	2020-09-21	5	CVE-2020-4643 XF CONFIRM
misp -- misp	An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page.	2020-09-18	5	CVE-2020-25766 MISC MISC
nvidia -- geforce_now	NVIDIA GeForce NOW, versions prior to 2.0.23 (Windows, macOS) and versions prior to 5.31 (Android, Shield TV), contains a vulnerability in the application software where the network test component transmits sensitive information insecurely, which may lead to information disclosure.	2020-09-18	5	CVE-2020-5976 CONFIRM
nvidia -- geforce_now	NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure.	2020-09-18	5	CVE-2020-5975 CONFIRM
ozeki -- ozeki_ng_sms_gateway	Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password.	2020-09-22	6.8	CVE-2020-14025 MISC MISC
ozeki -- ozeki_ng_sms_gateway	An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges.	2020-09-18	4	CVE-2020-14021 MISC MISC MISC
ozeki -- ozeki_ng_sms_gateway	Ozeki NG SMS Gateway through 4.17.6 allows SSRF via SMS WCF or RSS To SMS.	2020-09-22	4	CVE-2020-14023 MISC MISC
ozeki -- ozeki_ng_sms_gateway	An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The RSS To SMS module processes XML files in an unsafe manner. This opens the application to an XML External Entity attack that can be used to perform SSRF or read arbitrary local files.	2020-09-18	5	CVE-2020-14029 MISC MISC
ozeki -- ozeki_ng_sms_gateway	Ozeki NG SMS Gateway through 4.17.6 has multiple authenticated stored and/or reflected XSS vulnerabilities via the (1) Receiver or Recipient field in the Mailbox feature, (2) OZFORM_GROUPNAME field in the Group configuration of addresses, (3) listname field in the Defining address lists configuration, or (4) any GET Parameter in the /default URL of the application.	2020-09-22	4.3	CVE-2020-14024 MISC MISC
philips -- clinical_collaboration_platform	Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties required to process the data safely and correctly.	2020-09-18	4.3	CVE-2020-14506 MISC
philips -- clinical_collaboration_platform	Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. When an attacker claims to have a given identity, the software does not prove or insufficiently proves the claim is correct.	2020-09-18	5.8	CVE-2020-16198 MISC
rust-lang -- rust	An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>.	2020-09-19	5	CVE-2020-25793 MISC MISC
rust-lang -- rust	An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with pair().	2020-09-19	5	CVE-2020-25792 MISC MISC
rust-lang -- rust	An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit().	2020-09-19	5	CVE-2020-25791 MISC MISC
rust-lang -- rust	An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, insert_from can have a memory-safety issue upon a panic.	2020-09-19	5	CVE-2020-25795 MISC MISC
rust-lang -- rust	An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement.	2020-09-19	5	CVE-2020-25796 MISC MISC
rust-lang -- rust	An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, clone can have a memory-safety issue upon a panic.	2020-09-19	5	CVE-2020-25794 MISC MISC
safervpn -- safervpn	SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed.	2020-09-18	5.5	CVE-2020-25744 MISC MISC
uniqlo -- uniqlo	UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.	2020-09-18	4.3	CVE-2020-5629 MISC
uniqlo -- uniqlo	UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.	2020-09-18	4.3	CVE-2020-5628 MISC
webtareas_project -- webtareas	webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php.	2020-09-18	4.3	CVE-2020-25735 MISC MISC MISC
webtareas_project -- webtareas	webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.	2020-09-18	5	CVE-2020-25733 MISC MISC MISC
webtareas_project -- webtareas	webTareas through 2.1 allows files/Default/ Directory Listing.	2020-09-18	5	CVE-2020-25734 MISC MISC MISC

Low Vulnerabilities

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
google -- android	In netd, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137346580	2020-09-18	2.1	CVE-2020-0365 MISC
google -- android	In Telecom, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155650969	2020-09-18	2.1	CVE-2020-0295 MISC
google -- android	In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224	2020-09-18	3.5	CVE-2020-0282 MISC
google -- android	In the Accessibility service, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154913130	2020-09-18	2.1	CVE-2020-0263 MISC
google -- android	In Telephony, there are possible leaks of sensitive data due to missing permission checks. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150155839	2020-09-18	2.1	CVE-2020-0265 MISC
google -- android	In Android Auto Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645626	2020-09-18	2.1	CVE-2020-0269 MISC
google -- android	In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253784	2020-09-18	2.1	CVE-2020-0284 MISC
google -- android	In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-156253479	2020-09-18	2.1	CVE-2020-0285 MISC
google -- android	In the wallpaper manager, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154915372	2020-09-18	2.1	CVE-2020-0294 MISC
google -- android	In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151646375	2020-09-18	2.1	CVE-2020-0302 MISC
google -- android	In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778	2020-09-18	3.5	CVE-2020-0281 MISC
google -- android	In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645695	2020-09-18	2.1	CVE-2020-0304 MISC
google -- android	In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151645867	2020-09-18	2.1	CVE-2020-0307 MISC
google -- android	In Settings, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153356468	2020-09-18	2.1	CVE-2020-0310 MISC
google -- android	In InputManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153878642	2020-09-18	2.1	CVE-2020-0311 MISC
google -- android	In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989	2020-09-18	2.1	CVE-2020-0313 MISC
google -- android	In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026	2020-09-18	2.1	CVE-2020-0315 MISC
google -- android	In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919	2020-09-18	2.1	CVE-2020-0316 MISC
google -- android	In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309	2020-09-18	2.1	CVE-2020-0325 MISC
google -- android	In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310	2020-09-18	2.1	CVE-2020-0331 MISC
google -- android	In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779	2020-09-18	2.1	CVE-2020-0349 MISC
ibm -- data_risk_manager	IBM Data Risk Manager (iDNA) 2.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 184928.	2020-09-22	3.5	CVE-2020-4615 XF CONFIRM
ozeki -- ozeki_ng_sms_gateway	An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The database connection strings accept custom unsafe arguments, such as ENABLE_LOCAL_INFILE, that can be leveraged by attackers to enable MySQL Load Data Local (rogue MySQL server) attacks.	2020-09-22	3.5	CVE-2020-14027 MISC MISC
philips -- clinical_collaboration_platform	Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a webpage that is served to other users.	2020-09-18	2.7	CVE-2020-14525 MISC
philips -- clinical_collaboration_platform	Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an attacker to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.	2020-09-18	3.3	CVE-2020-16200 MISC
philips -- clinical_collaboration_platform	Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.	2020-09-18	3.6	CVE-2020-16247 MISC

Severity Not Yet Assigned

Primary Vendor -- Product	Description	Published	CVSS Score	Source & Patch Info
acronis -- cyber_backup	An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.	2020-09-21	not yet calculated	CVE-2020-16171 MISC MISC
actfax_communication_software_gmbh -- actfax	ActFax Version 7.10 Build 0335 (2020-05-25) is susceptible to a privilege escalation vulnerability due to insecure folder permissions on %PROGRAMFILES%\ActiveFax\Client\, %PROGRAMFILES%\ActiveFax\Install\ and %PROGRAMFILES%\ActiveFax\Terminal\. The folder permissions allow "Full Control" to "Everyone". An authenticated local attacker can exploit this to replace the TSClientB.exe binary in the Terminal directory, which is executed on logon for every user. Alternatively, the attacker can replace any of the binaries in the Client or Install directories. The latter requires additional user interaction, for example starting the client.	2020-09-24	not yet calculated	CVE-2020-15843 MISC
advantech -- webaccess_node	WebAccess Node (All versions prior to 9.0.1) has incorrect permissions set for resources used by specific services, which may allow code execution with system privileges.	2020-09-22	not yet calculated	CVE-2020-16202 MISC
arista -- cloudvision_portal	A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.	2020-09-22	not yet calculated	CVE-2020-24333 MISC CONFIRM
aruba -- multiple_cx_switches	Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000.	2020-09-23	not yet calculated	CVE-2020-7122 MISC
aruba -- multiple_cx_switches	Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021.	2020-09-23	not yet calculated	CVE-2020-7121 MISC
atlassian -- jira_server_and_data_center	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via a Regex-based Denial of Service (DoS) vulnerability in JQL version searching. The affected versions are before version 7.13.16; from version 7.14.0 before 8.5.7; from version 8.6.0 before 8.10.2; and from version 8.11.0 before 8.11.1.	2020-09-21	not yet calculated	CVE-2020-14177 N/A
atlassian -- jira_server_and_data_center	Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and from version 8.6.0 before 8.11.1.	2020-09-21	not yet calculated	CVE-2020-14179 MISC
atlassian -- jira_service_desk_server_and_data_center	Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0.	2020-09-21	not yet calculated	CVE-2020-14180 MISC
aveva -- edna_enterprise_data_historian	Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.	2020-09-24	not yet calculated	CVE-2020-13504 MISC
aveva -- edna_enterprise_data_historian	An exploitable SQL injection vulnerability exists in the DNAPoints.asmx web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.	2020-09-24	not yet calculated	CVE-2020-13502 MISC
aveva -- edna_enterprise_data_historian	Parameter psAttribute in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks.Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this vulnerability.	2020-09-24	not yet calculated	CVE-2020-13521 MISC
aveva -- edna_enterprise_data_historian	An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. A specially crafted SOAP web request can cause an SQL injection resulting in data compromise. An attacker can send an unauthenticated HTTP request to trigger this vulnerability.	2020-09-24	not yet calculated	CVE-2020-6153 MISC
bhyve -- bhyve	bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.	2020-09-25	not yet calculated	CVE-2020-24718 MISC CONFIRM
broadcom -- brocade_fabric_os	Brocade Fabric OS versions before Brocade Fabric OS v7.4.2g could allow an authenticated, remote attacker to view a user password in cleartext. The vulnerability is due to incorrectly logging the user password in log files.	2020-09-25	not yet calculated	CVE-2020-15370 MISC
broadcom -- brocade_fabric_os	Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host.	2020-09-25	not yet calculated	CVE-2020-15369 MISC
broadcom -- brocade_fabric_os	Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, contains code injection and privilege escalation vulnerability.	2020-09-25	not yet calculated	CVE-2020-15371 MISC
broadcom -- brocade_fabric_os	A vulnerability in the command-line interface in Brocade Fabric OS before Brocade Fabric OS v8.2.2a1, 8.2.2c, v7.4.2g, v8.2.0_CBN3, v8.2.1e, v8.1.2k, v9.0.0, could allow a local authenticated attacker to modify shell variables, which may lead to an escalation of privileges or bypassing the logging.	2020-09-25	not yet calculated	CVE-2020-15372 MISC
broadcom -- brocade_fabric_os	Multiple buffer overflow vulnerabilities in REST API in Brocade Fabric OS versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c could allow remote unauthenticated attackers to perform various attacks.	2020-09-25	not yet calculated	CVE-2020-15373 MISC
broadcom -- brocade_fabric_os	Rest API in Brocade Fabric OS v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c is vulnerable to multiple instances of reflected input.	2020-09-25	not yet calculated	CVE-2020-15374 MISC
broadcom -- brocade_sannav	A vulnerability in Brocade SANnav versions before v2.1.0 could allow a remote authenticated attacker to conduct an LDAP injection. The vulnerability could allow a remote attacker to bypass the authentication process.	2020-09-25	not yet calculated	CVE-2019-16212 MISC
broadcom -- brocade_sannav	Brocade SANnav versions before v2.1.0, contain a Plaintext Password Storage vulnerability.	2020-09-25	not yet calculated	CVE-2019-16211 MISC
broadcom -- brocade_fabric_os	A vulnerability in the management interface in Brocade Fabric OS Versions before Brocade Fabric OS v9.0.0 could allow a remote attacker to perform a denial of service attack on the vulnerable host.	2020-09-25	not yet calculated	CVE-2018-6448 MISC
broadcom -- brocade_fabric_os	Host Header Injection vulnerability in the http management interface in Brocade Fabric OS versions before v9.0.0 could allow a remote attacker to exploit this vulnerability by injecting arbitrary HTTP headers	2020-09-25	not yet calculated	CVE-2018-6449 MISC
broadcom -- brocade_fabric_os	A Reflective XSS Vulnerability in HTTP Management Interface in Brocade Fabric OS versions before Brocade Fabric OS v9.0.0, v8.2.2c, v8.2.1e, v8.1.2k, v8.2.0_CBN3, v7.4.2g could allow authenticated attackers with access to the web interface to hijack a user’s session and take over the account.	2020-09-25	not yet calculated	CVE-2018-6447 MISC
cabot -- cabot	All versions of package cabot are vulnerable to Cross-site Scripting (XSS) via the Endpoint column.	2020-09-22	not yet calculated	CVE-2020-7734 CONFIRM CONFIRM CONFIRM CONFIRM
check_point -- ica_management_portal	Check Point Security Management's Internal CA web management before Jumbo HFAs R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator.	2020-09-24	not yet calculated	CVE-2020-6020 MISC
cisco -- 4461_integrated_services_routers	A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to incorrect processing of IPv4 or IPv6 traffic to or through an affected device. An attacker could exploit this vulnerability by sending IP traffic to or through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.	2020-09-24	not yet calculated	CVE-2020-3414 CISCO
cisco -- 800_series_industrial_integrated_services_routers_and_1000_series_connected_grid_routers	A vulnerability in the implementation of the Low Power, Wide Area (LPWA) subsystem of Cisco IOS Software for Cisco 800 Series Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker to gain unauthorized read access to sensitive data or cause a denial of service (DoS) condition. The vulnerability is due to a lack of input and validation checking mechanisms for virtual-LPWA (VLPWA) protocol modem messages. An attacker could exploit this vulnerability by supplying crafted packets to an affected device. A successful exploit could allow the attacker to gain unauthorized read access to sensitive data or cause the VLPWA interface of the affected device to shut down, resulting in DoS condition.	2020-09-24	not yet calculated	CVE-2020-3426 CISCO
cisco -- adaptive_security_appliance_and_firepower_threat_defense	A vulnerability in the implementation of the Lua interpreter integrated in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to execute arbitrary code with root privileges on the underlying Linux operating system of an affected device. The vulnerability is due to insufficient restrictions on the allowed Lua function calls within the context of user-supplied Lua scripts. A successful exploit could allow the attacker to trigger a heap overflow condition and execute arbitrary code with root privileges on the underlying Linux operating system of an affected device.	2020-09-23	not yet calculated	CVE-2019-15992 CISCO
cisco -- aironet_access_point_software	A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by sending a series of crafted UDP packets to a specific port on an affected device. A successful exploit could either allow the attacker to tear down the connection between the AP and the wireless LAN controller, resulting in the affected device not being able to process client traffic, or cause the vulnerable device to reload, triggering a DoS condition. After the attack, the affected device should automatically recover its normal functions without manual intervention.	2020-09-24	not yet calculated	CVE-2020-3560 CISCO
cisco -- aironet_access_point_software	A vulnerability in Cisco Aironet Access Point (AP) Software could allow an unauthenticated, remote attacker to cause an affected device to reload. The vulnerability is due to improper handling of clients that are trying to connect to the AP. An attacker could exploit this vulnerability by sending authentication requests from multiple clients to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.	2020-09-24	not yet calculated	CVE-2020-3559 CISCO
cisco -- aironet_access_points_software	A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points (APs) Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting as a wired client to the Ethernet interface of an affected device and sending a series of specific packets within a short time frame. A successful exploit could allow the attacker to cause a NULL pointer access that results in a reload of the affected device.	2020-09-24	not yet calculated	CVE-2020-3552 CISCO
cisco -- anyconnect_secure_mobility_client	A vulnerability in the inter-service communication of Cisco AnyConnect Secure Mobility Client for Android could allow an unauthenticated, local attacker to perform a service hijack attack on an affected device or cause a denial of service (DoS) condition. The vulnerability is due to the use of implicit service invocations. An attacker could exploit this vulnerability by persuading a user to install a malicious application. A successful exploit could allow the attacker to access confidential user information or cause a DoS condition on the AnyConnect application.	2020-09-23	not yet calculated	CVE-2019-16007 CISCO
cisco -- asr_1000_series_aggregation_services_routers	A vulnerability in the IP Address Resolution Protocol (ARP) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers with a 20-Gbps Embedded Services Processor (ESP) installed could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service condition. The vulnerability is due to insufficient error handling when an affected device has reached platform limitations. An attacker could exploit this vulnerability by sending a malicious series of IP ARP messages to an affected device. A successful exploit could allow the attacker to exhaust system resources, which would eventually cause the affected device to reload.	2020-09-24	not yet calculated	CVE-2020-3508 CISCO
cisco -- asr_900_series_aggregation_services_routers	Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.	2020-09-24	not yet calculated	CVE-2020-3513 CISCO
cisco -- asr_900_series_aggregation_services_routers	Multiple vulnerabilities in the initialization routines that are executed during bootup of Cisco IOS XE Software for Cisco ASR 900 Series Aggregation Services Routers with a Route Switch Processor 3 (RSP3) installed could allow an authenticated, local attacker with high privileges to execute persistent code at bootup and break the chain of trust. These vulnerabilities are due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit these vulnerabilities by copying a specific file to the local file system of an affected device and defining specific ROMMON variables. A successful exploit could allow the attacker to run arbitrary code on the underlying operating system (OS) with root privileges. To exploit these vulnerabilities, an attacker would need to have access to the root shell on the device or have physical access to the device.	2020-09-24	not yet calculated	CVE-2020-3416 CISCO
cisco -- asyncos_software	A vulnerability in the email message scanning of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass configured filters on the device. The vulnerability is due to improper validation of incoming emails. An attacker could exploit this vulnerability by sending a crafted email message to a recipient protected by the ESA. A successful exploit could allow the attacker to bypass the configured content filters, which could allow malicious content to pass through the device.	2020-09-23	not yet calculated	CVE-2020-3133 CISCO
cisco -- asyncos_software	A vulnerability in the API Framework of Cisco AsyncOS for Cisco Web Security Appliance (WSA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to inject crafted HTTP headers in the web server's response. The vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user to access a crafted URL and receive a malicious HTTP response. A successful exploit could allow the attacker to inject arbitrary HTTP headers into valid HTTP responses sent to a user's browser.	2020-09-23	not yet calculated	CVE-2020-3117 CISCO
cisco -- catalyst_9200_series_switches	A vulnerability in the Polaris kernel of Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to crash the device. The vulnerability is due to insufficient packet size validation. An attacker could exploit this vulnerability by sending jumbo frames or frames larger than the configured MTU size to the management interface of this device. A successful exploit could allow the attacker to crash the device fully before an automatic recovery.	2020-09-24	not yet calculated	CVE-2020-3527 CISCO
cisco -- catalyst_9200_series_switches	A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error handling when parsing DNS requests. An attacker could exploit this vulnerability by sending a series of malicious DNS requests to an Umbrella Connector client interface of an affected device. A successful exploit could allow the attacker to cause a crash of the iosd process, which triggers a reload of the affected device.	2020-09-24	not yet calculated	CVE-2020-3510 CISCO
cisco -- catalyst_9800_series_routers	A vulnerability in Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9800 Series Routers could allow an unauthenticated, adjacent attacker to send ICMPv6 traffic prior to the client being placed into RUN state. The vulnerability is due to an incomplete access control list (ACL) being applied prior to RUN state. An attacker could exploit this vulnerability by connecting to the associated service set identifier (SSID) and sending ICMPv6 traffic. A successful exploit could allow the attacker to send ICMPv6 traffic prior to RUN state.	2020-09-24	not yet calculated	CVE-2020-3418 CISCO
cisco -- catalyst_9800_series_wireless_controllers	Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.	2020-09-24	not yet calculated	CVE-2020-3488 CISCO
cisco -- catalyst_9800_series_wireless_controllers	Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.	2020-09-24	not yet calculated	CVE-2020-3493 CISCO
cisco -- catalyst_9800_series_wireless_controllers	A vulnerability in the multicast DNS (mDNS) feature of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper validation of mDNS packets. An attacker could exploit this vulnerability by sending a crafted mDNS packet to an affected device. A successful exploit could cause a device to reload, resulting in a DoS condition.	2020-09-24	not yet calculated	CVE-2020-3359 CISCO
cisco -- catalyst_9800_series_wireless_controllers	Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.	2020-09-24	not yet calculated	CVE-2020-3497 CISCO
cisco -- catalyst_9800_series_wireless_controllers	A vulnerability in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition of an affected device. The vulnerability is due to insufficient input validation during CAPWAP packet processing. An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device, resulting in a buffer over-read. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.	2020-09-24	not yet calculated	CVE-2020-3399 CISCO
cisco -- catalyst_9800_series_wireless_controllers	Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.	2020-09-24	not yet calculated	CVE-2020-3494 CISCO
cisco -- catalyst_9800_series_wireless_controllers	Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.	2020-09-24	not yet calculated	CVE-2020-3487 CISCO
cisco -- catalyst_9800_series_wireless_controllers	Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.	2020-09-24	not yet calculated	CVE-2020-3486 CISCO
cisco -- catalyst_9800_series_wireless_controllers	Multiple vulnerabilities in the Control and Provisioning of Wireless Access Points (CAPWAP) protocol processing of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of an affected device. These vulnerabilities are due to insufficient validation of CAPWAP packets. An attacker could exploit these vulnerabilities by sending a malformed CAPWAP packet to an affected device. A successful exploit could allow the attacker to cause the affected device to crash and reload, resulting in a DoS condition on the affected device.	2020-09-24	not yet calculated	CVE-2020-3489 CISCO
cisco -- catalyst_9800_series_wireless_controllers_and_and_wireless_LAN_controllers	A vulnerability in the Flexible NetFlow Version 9 packet processor of Cisco IOS XE Software for Cisco Catalyst 9800 Series Wireless Controllers and Cisco AireOS Software for Cisco Wireless LAN Controllers (WLC) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient validation of certain parameters in a Flexible NetFlow Version 9 record. An attacker could exploit this vulnerability by spoofing the address of an existing Access Point on the network and sending a Control and Provisioning of Wireless Access Points (CAPWAP) packet that includes a crafted Flexible NetFlow Version 9 record to an affected device. A successful exploit could allow the attacker to cause a process crash that would lead to a reload of the device.	2020-09-24	not yet calculated	CVE-2020-3492 CISCO
cisco -- cbr-8_converged_broadband_routers	A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error handling when DHCP version 4 (DHCPv4) messages are parsed. An attacker could exploit this vulnerability by sending a malicious DHCPv4 message to or through a WAN interface of an affected device. A successful exploit could allow the attacker to cause a reload of the affected device. Note: On Cisco cBR-8 Converged Broadband Routers, all of the following are considered WAN interfaces: 10 Gbps Ethernet interfaces 100 Gbps Ethernet interfaces Port channel interfaces that include multiple 10 and/or 100 Gbps Ethernet interfaces	2020-09-24	not yet calculated	CVE-2020-3509 CISCO
cisco -- cbr-8_converged_broadband_routers	A vulnerability in the Common Open Policy Service (COPS) engine of Cisco IOS XE Software on Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to crash a device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a malformed COPS message to the device. A successful exploit could allow the attacker to crash the device.	2020-09-24	not yet calculated	CVE-2020-3526 CISCO
cisco -- email_security_appliance	A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization to increase to 100 percent, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to improper handling of email messages that contain large attachments. An attacker could exploit this vulnerability by sending a malicious email message through the targeted device. A successful exploit could allow the attacker to cause a permanent DoS condition due to high CPU utilization. This vulnerability may require manual intervention to recover the ESA.	2020-09-23	not yet calculated	CVE-2019-1947 CISCO
cisco -- email_security_appliance	A vulnerability in the web-based management interface of Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability exists because the web-based management interface of the affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information.	2020-09-23	not yet calculated	CVE-2020-3137 CISCO
cisco -- email_security_appliance_and_content_security_management_appliance	A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) and Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to cause repeated crashes in some internal processes that are running on the affected devices, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation of email attachments. An attacker could exploit this vulnerability by sending an email message with a crafted attachment through an affected device. A successful exploit could allow the attacker to cause specific processes to crash repeatedly, resulting in the complete unavailability of both the Cisco Advanced Malware Protection (AMP) and message tracking features and in severe performance degradation while processing email. After the affected processes restart, the software resumes filtering for the same attachment, causing the affected processes to crash and restart again. A successful exploit could also allow the attacker to cause a repeated DoS condition. Manual intervention may be required to recover from this situation.	2020-09-23	not yet calculated	CVE-2019-1983 CISCO
cisco -- emergency_responder	A vulnerability in the web framework of Cisco Emergency Responder could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of some parameters that are passed to the web server of the affected software. An attacker could exploit this vulnerability by persuading a user to access a malicious link or by intercepting a user request for the affected web interface and injecting malicious code into that request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected web-based management interface or access sensitive, browser-based information.	2020-09-23	not yet calculated	CVE-2019-16025 CISCO
cisco -- firepower_management_center	A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. The vulnerability is due to improper handling of Lightweight Directory Access Protocol (LDAP) authentication responses from an external authentication server. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to gain administrative access to the web-based management interface of the affected device.	2020-09-23	not yet calculated	CVE-2019-16028 CISCO
cisco -- hosted_collaboration_mediation_fulfillment	A vulnerability in the web-based interface of Cisco Hosted Collaboration Mediation Fulfillment (HCM-F) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections by the affected software. An attacker could exploit this vulnerability by persuading a targeted user to click a malicious link. A successful exploit could allow the attacker to send arbitrary requests that could change the password of a targeted user. An attacker could then take unauthorized actions on behalf of the targeted user.	2020-09-23	not yet calculated	CVE-2020-3124 CISCO
cisco -- ios_and_ios_xe_software	A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to incorrect processing of Border Gateway Protocol (BGP) update messages that contain crafted EVPN attributes. An attacker could exploit this vulnerability by sending BGP update messages with specific, malformed attributes to an affected device. A successful exploit could allow the attacker to cause an affected device to crash, resulting in a DoS condition.	2020-09-24	not yet calculated	CVE-2020-3479 CISCO
cisco -- ios_and_ios_xe_software	A vulnerability in the web UI of Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user. If the user has administrative privileges, the attacker could alter the configuration, execute commands, or reload an affected device.	2020-09-23	not yet calculated	CVE-2019-16009 CISCO
cisco -- ios_and_ios_xe_software	A vulnerability in the Split DNS feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The vulnerability occurs because the regular expression (regex) engine that is used with the Split DNS feature of affected releases may time out when it processes the DNS name list configuration. An attacker could exploit this vulnerability by trying to resolve an address or hostname that the affected device handles. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.	2020-09-24	not yet calculated	CVE-2020-3408 CISCO
cisco -- ios_and_ios_xe_software	A vulnerability in the ISDN subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a reload of an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation when the ISDN Q.931 messages are processed. An attacker could exploit this vulnerability by sending a malicious ISDN Q.931 message to an affected device. A successful exploit could allow the attacker to cause the process to crash, resulting in a reload of the affected device.	2020-09-24	not yet calculated	CVE-2020-3511 CISCO
cisco -- ios_and_ios_xe_software	A vulnerability in the PROFINET handler for Link Layer Discovery Protocol (LLDP) messages of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a crash on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to insufficient validation of LLDP messages in the PROFINET LLDP message handler. An attacker could exploit this vulnerability by sending a malicious LLDP message to an affected device. A successful exploit could allow the attacker to cause the affected device to reload.	2020-09-24	not yet calculated	CVE-2020-3512 CISCO
cisco -- ios_and_ios_xe_software	A vulnerability in the PROFINET feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause an affected device to crash and reload, resulting in a denial of service (DoS) condition on the device. The vulnerability is due to insufficient processing logic for crafted PROFINET packets that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted PROFINET packets to an affected device for processing. A successful exploit could allow the attacker to cause the device to crash and reload, resulting in a DoS condition on the device.	2020-09-24	not yet calculated	CVE-2020-3409 CISCO
cisco -- ios_and_ios_xe_software	A vulnerability in the CLI parser of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, local attacker to access files from the flash: filesystem. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain read-only access to files that are located on the flash: filesystem that otherwise might not have been accessible.	2020-09-24	not yet calculated	CVE-2020-3477 CISCO
cisco -- ios_xe_software	Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.	2020-09-24	not yet calculated	CVE-2020-3480 CISCO
cisco -- ios_xe_software	Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.	2020-09-24	not yet calculated	CVE-2020-3474 CISCO
cisco -- ios_xe_software	Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to gain unauthorized read access to sensitive data or cause the web management software to hang or crash, resulting in a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory.	2020-09-24	not yet calculated	CVE-2020-3475 CISCO
cisco -- ios_xe_software	A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability.	2020-09-24	not yet calculated	CVE-2020-3393 CISCO
cisco -- ios_xe_software	A vulnerability in the file system permissions of Cisco IOS XE Software could allow an authenticated, local attacker to obtain read and write access to critical configuration or system files. The vulnerability is due to insufficient file system permissions on an affected device. An attacker could exploit this vulnerability by connecting to an affected device's guest shell, and accessing or modifying restricted files. A successful exploit could allow the attacker to view or modify restricted information or configurations that are normally not accessible to system administrators.	2020-09-24	not yet calculated	CVE-2020-3503 CISCO
cisco -- ios_xe_software	A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker to inject a command to the underlying operating system that will execute with root privileges upon the next reboot of the device. The authenticated user must have privileged EXEC permissions on the device. The vulnerability is due to insufficient protection of values passed to a script that executes during device startup. An attacker could exploit this vulnerability by writing values to a specific file. A successful exploit could allow the attacker to execute commands with root privileges each time the affected device is restarted.	2020-09-24	not yet calculated	CVE-2020-3403 CISCO
cisco -- ios_xe_software	A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to utilize parts of the web UI for which they are not authorized.The vulnerability is due to insufficient authorization of web UI access requests. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web UI. A successful exploit could allow the attacker to utilize parts of the web UI for which they are not authorized. This could allow a Read-Only user to perform actions of an Admin user.	2020-09-24	not yet calculated	CVE-2020-3400 CISCO
cisco -- ios_xe_software	Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2020-09-24	not yet calculated	CVE-2020-3141 CISCO
cisco -- ios_xe_software	A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system (OS) of an affected device. The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.	2020-09-24	not yet calculated	CVE-2020-3423 CISCO
cisco -- ios_xe_software	Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.	2020-09-24	not yet calculated	CVE-2020-3425 CISCO
cisco -- ios_xe_software	A vulnerability in the persistent Telnet/Secure Shell (SSH) CLI of Cisco IOS XE Software could allow an authenticated, local attacker to gain shell access on an affected device and execute commands on the underlying operating system (OS) with root privileges. The vulnerability is due to insufficient enforcement of the consent token in authorizing shell access. An attacker could exploit this vulnerability by authenticating to the persistent Telnet/SSH CLI on an affected device and requesting shell access. A successful exploit could allow the attacker to gain shell access on the affected device and execute commands on the underlying OS with root privileges.	2020-09-24	not yet calculated	CVE-2020-3404 CISCO
cisco -- ios_xe_software	A vulnerability in the web server authentication of Cisco IOS XE Software could allow an authenticated, remote attacker to crash the web server on the device. The vulnerability is due to insufficient input validation during authentication. An attacker could exploit this vulnerability by entering unexpected characters during a valid authentication. A successful exploit could allow the attacker to crash the web server on the device, which must be manually recovered by disabling and re-enabling the web server.	2020-09-24	not yet calculated	CVE-2020-3516 CISCO
cisco -- ios_xe_software	A vulnerability in the file system on the pluggable USB 3.0 Solid State Drive (SSD) for Cisco IOS XE Software could allow an authenticated, physical attacker to remove the USB 3.0 SSD and modify sensitive areas of the file system, including the namespace container protections. The vulnerability occurs because the USB 3.0 SSD control data is not stored on the internal boot flash. An attacker could exploit this vulnerability by removing the USB 3.0 SSD, modifying or deleting files on the USB 3.0 SSD by using another device, and then reinserting the USB 3.0 SSD on the original device. A successful exploit could allow the attacker to remove container protections and perform file actions outside the namespace of the container with root privileges.	2020-09-24	not yet calculated	CVE-2020-3396 CISCO
cisco -- ios_xe_software	A vulnerability in the RESTCONF and NETCONF-YANG access control list (ACL) function of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect processing of the ACL that is tied to the RESTCONF or NETCONF-YANG feature. An attacker could exploit this vulnerability by accessing the device using RESTCONF or NETCONF-YANG. A successful exploit could allow an attacker to cause the device to reload, resulting in a denial of service (DoS) condition.	2020-09-24	not yet calculated	CVE-2020-3407 CISCO
cisco -- ios_xe_software	A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker to execute persistent code at boot time and break the chain of trust. This vulnerability is due to incorrect validations by boot scripts when specific ROM monitor (ROMMON) variables are set. An attacker could exploit this vulnerability by installing code to a specific directory in the underlying operating system (OS) and setting a specific ROMMON variable. A successful exploit could allow the attacker to execute persistent code on the underlying OS. To exploit this vulnerability, the attacker would need access to the root shell on the device or have physical access to the device.	2020-09-24	not yet calculated	CVE-2020-3417 CISCO
cisco -- ios_xe_software	A vulnerability in Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a device to reload. The vulnerability is due to incorrect handling of certain valid, but not typical, Ethernet frames. An attacker could exploit this vulnerability by sending the Ethernet frames onto the Ethernet segment. A successful exploit could allow the attacker to cause the device to reload, resulting in a denial of service (DoS) condition.	2020-09-24	not yet calculated	CVE-2020-3465 CISCO
cisco -- ios_xe_software	Multiple vulnerabilities in the Zone-Based Firewall feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload or stop forwarding traffic through the firewall. The vulnerabilities are due to incomplete handling of Layer 4 packets through the device. An attacker could exploit these vulnerabilities by sending a certain sequence of traffic patterns through the device. A successful exploit could allow the attacker to cause the device to reload or stop forwarding traffic through the firewall, resulting in a denial of service. For more information about these vulnerabilities, see the Details section of this advisory.	2020-09-24	not yet calculated	CVE-2020-3421 CISCO
cisco -- ios_xe_software	A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition.	2020-09-24	not yet calculated	CVE-2020-3422 CISCO
cisco -- ios_xe_software	A vulnerability in the CLI implementation of a specific command of Cisco IOS XE Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying host file system. The vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system.	2020-09-24	not yet calculated	CVE-2020-3476 CISCO
cisco -- ios_xe_wireless_controller_software	A vulnerability in the WPA2 and WPA3 security implementation of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect packet processing during the WPA2 and WPA3 authentication handshake when configured for dot1x or pre-shared key (PSK) authentication key management (AKM) with 802.11r BSS Fast Transition (FT) enabled. An attacker could exploit this vulnerability by sending a crafted authentication packet to an affected device. A successful exploit could cause an affected device to reload, resulting in a DoS condition.	2020-09-24	not yet calculated	CVE-2020-3429 CISCO
cisco -- ios_xe_wireless_controller_software	A vulnerability in Simple Network Management Protocol (SNMP) trap generation for wireless clients of the Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause the device to unexpectedly reload, causing a denial of service (DoS) condition on an affected device. The vulnerability is due to the lack of input validation of the information used to generate an SNMP trap in relation to a wireless client connection. An attacker could exploit this vulnerability by sending an 802.1x packet with crafted parameters during the wireless authentication setup phase of a connection. A successful exploit could allow the attacker to cause the device to reload, causing a DoS condition.	2020-09-24	not yet calculated	CVE-2020-3390 CISCO
cisco -- ios_xe_wireless_controller_software	A vulnerability in the WLAN Local Profiling feature of Cisco IOS XE Wireless Controller Software for the Cisco Catalyst 9000 Family could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to incorrect parsing of HTTP packets while performing HTTP-based endpoint device classifications. An attacker could exploit this vulnerability by sending a crafted HTTP packet to an affected device. A successful exploit could cause an affected device to reboot, resulting in a DoS condition.	2020-09-24	not yet calculated	CVE-2020-3428 CISCO
cisco -- ios_xr_software	Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.	2020-09-23	not yet calculated	CVE-2019-16023 CISCO
cisco -- ios_xr_software	Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.	2020-09-23	not yet calculated	CVE-2019-16021 CISCO
cisco -- ios_xr_software	Multiple vulnerabilities in the Distance Vector Multicast Routing Protocol (DVMRP) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to either immediately crash the Internet Group Management Protocol (IGMP) process or make it consume available memory and eventually crash. The memory consumption may negatively impact other processes that are running on the device. These vulnerabilities are due to the incorrect handling of IGMP packets. An attacker could exploit these vulnerabilities by sending crafted IGMP traffic to an affected device. A successful exploit could allow the attacker to immediately crash the IGMP process or cause memory exhaustion, resulting in other processes becoming unstable. These processes may include, but are not limited to, interior and exterior routing protocols. Cisco will release software updates that address these vulnerabilities.	2020-09-23	not yet calculated	CVE-2020-3569 CISCO
cisco -- ios_xr_software	Multiple vulnerabilities in the implementation of Border Gateway Protocol (BGP) Ethernet VPN (EVPN) functionality in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerabilities are due to incorrect processing of BGP update messages that contain crafted EVPN attributes. An attacker could exploit these vulnerabilities by sending BGP EVPN update messages with malformed attributes to be processed by an affected system. A successful exploit could allow the attacker to cause the BGP process to restart unexpectedly, resulting in a DoS condition. The Cisco implementation of BGP accepts incoming BGP traffic only from explicitly defined peers. To exploit these vulnerabilities, the malicious BGP update message would need to come from a configured, valid BGP peer, or would need to be injected by the attacker into the victim's BGP network on an existing, valid TCP connection to a BGP peer.	2020-09-23	not yet calculated	CVE-2019-16019 CISCO
cisco -- managed_services_accelerator	A vulnerability in the web interface of Cisco Managed Services Accelerator (MSX) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. A successful exploit could allow the attacker to redirect a user to a malicious web page. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.	2020-09-23	not yet calculated	CVE-2019-15974 CISCO
cisco -- multiple_products	A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software, Cisco TelePresence Codec (TC) Software, and Cisco RoomOS Software could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. The vulnerability is due to insufficient validation of user-supplied input to the xAPI of the affected software. An attacker could exploit this vulnerability by sending a crafted request to the xAPI. A successful exploit could allow the attacker to read and write arbitrary files in the system. To exploit this vulnerability, an attacker would need either an In-Room Control or administrator account.	2020-09-23	not yet calculated	CVE-2020-3143 CISCO
cisco -- multiple_routers	A vulnerability in the Cisco IOS XE ROM Monitor (ROMMON) Software for Cisco 4000 Series Integrated Services Routers, Cisco ASR 920 Series Aggregation Services Routers, Cisco ASR 1000 Series Aggregation Services Routers, and Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, physical attacker to break the chain of trust and load a compromised software image on an affected device. The vulnerability is due to the presence of a debugging configuration option in the affected software. An attacker could exploit this vulnerability by connecting to an affected device through the console, forcing the device into ROMMON mode, and writing a malicious pattern using that specific option on the device. A successful exploit could allow the attacker to break the chain of trust and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.	2020-09-24	not yet calculated	CVE-2020-3524 CISCO
cisco -- network_recording_player_and_webex_player	Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.	2020-09-23	not yet calculated	CVE-2019-15287 CISCO
cisco -- network_recording_player_and_webex_player	Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.	2020-09-23	not yet calculated	CVE-2019-15285 CISCO
cisco -- small_business_rv_series_routers	A vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an authenticated, remote attacker with administrative privileges to inject arbitrary commands into the underlying operating system. When processed, the commands will be executed with root privileges. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by providing malicious input to a specific field in the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying Linux operating system as the root user.	2020-09-23	not yet calculated	CVE-2019-15957 CISCO
cisco -- small_business_spa500_series_ip_phones	A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by accessing the physical interface of a device and inserting a USB storage device. A successful exploit could allow the attacker to execute scripts on the device in an elevated security context.	2020-09-23	not yet calculated	CVE-2019-15959 CISCO
cisco -- small_business_switches	A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.	2020-09-23	not yet calculated	CVE-2019-15993 CISCO
cisco -- telepresence_collaboration_endpoint_and_roomos_software	Multiple vulnerabilities in the video service of Cisco TelePresence Collaboration Endpoint (CE) and Cisco RoomOS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabilities are due to insufficient input validation. An attacker could exploit these vulnerabilities by sending crafted traffic to the video service of an affected endpoint. A successful exploit could allow the attacker to cause the video service to crash, resulting in a DoS condition on an affected device.	2020-09-23	not yet calculated	CVE-2019-15289 CISCO
cisco -- ucs_c-series_rack_servers	A vulnerability in the firmware of the Cisco UCS C-Series Rack Servers could allow an authenticated, physical attacker to bypass Unified Extensible Firmware Interface (UEFI) Secure Boot validation checks and load a compromised software image on an affected device. The vulnerability is due to improper validation of the server firmware upgrade images. An attacker could exploit this vulnerability by installing a server firmware version that would allow the attacker to disable UEFI Secure Boot. A successful exploit could allow the attacker to bypass the signature validation checks that are done by UEFI Secure Boot technology and load a compromised software image on the affected device. A compromised software image is any software image that has not been digitally signed by Cisco.	2020-09-23	not yet calculated	CVE-2019-1736 CISCO
cisco -- umbrella_roaming_client	A vulnerability in the automatic update process of Cisco Umbrella Roaming Client for Windows could allow an authenticated, local attacker to install arbitrary, unapproved applications on a targeted device. The vulnerability is due to insufficient verification of the Windows Installer. An attacker could exploit this vulnerability by placing a file in a specific location in the Windows file system. A successful exploit could allow the attacker to bypass configured policy and install unapproved applications.	2020-09-23	not yet calculated	CVE-2019-16000 CISCO
cisco -- unified_communications_manager	A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to view sensitive information in the web-based management interface of the affected software. The vulnerability is due to insufficient protection of user-supplied input by the web-based management interface of the affected service. An attacker could exploit this vulnerability by accessing the interface and viewing restricted portions of the software configuration. A successful exploit could allow the attacker to gain access to sensitive information or conduct further attacks.	2020-09-23	not yet calculated	CVE-2019-15963 CISCO
cisco -- unified_comunications_manager	A vulnerability in the web-based management interface of Cisco Unified Communications Manager (UCM) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected device. The vulnerability is due to insufficient CSRF protections for the web-based management interface on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the targeted user.	2020-09-23	not yet calculated	CVE-2020-3135 CISCO
cisco -- unified_contact_center_express	A vulnerability in the Administration Web Interface of Cisco Unified Contact Center Express (Unified CCX) could allow an authenticated, remote attacker to upload arbitrary files and execute commands on the underlying operating system. To exploit this vulnerability, an attacker needs valid Administrator credentials. The vulnerability is due to insufficient restrictions for the content uploaded to an affected system. An attacker could exploit this vulnerability by uploading arbitrary files containing operating system commands that will be executed by an affected system. A successful exploit could allow the attacker to execute arbitrary commands with the privileges of the web interface and then elevate their privileges to root.	2020-09-23	not yet calculated	CVE-2019-1888 CISCO
cisco -- unified_customer_voice_portal	A vulnerability in the Operations, Administration, Maintenance and Provisioning (OAMP) OpsConsole Server for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to execute Insecure Direct Object Reference actions on specific pages within the OAMP application. The vulnerability is due to insufficient input validation on specific pages of the OAMP application. An attacker could exploit this vulnerability by authenticating to Cisco Unified CVP and sending crafted HTTP requests. A successful exploit could allow an attacker with administrator or read-only privileges to learn information outside of their expected scope. An attacker with administrator privileges could modify certain configuration details of resources outside of their defined scope, which could result in a denial of service (DoS) condition.	2020-09-23	not yet calculated	CVE-2019-16017 CISCO
cisco -- unity_connection	A vulnerability in the web management interface of Cisco Unity Connection could allow an authenticated remote attacker to overwrite files on the underlying filesystem. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web management interface. A successful exploit could allow the attacker to overwrite files on the underlying filesystem of an affected system. Valid administrator credentials are required to access the system.	2020-09-23	not yet calculated	CVE-2020-3130 CISCO
cisco -- vision_dynamic_signage_director	A vulnerability in the REST API endpoint of Cisco Vision Dynamic Signage Director could allow an unauthenticated, remote attacker to bypass authentication on an affected device. The vulnerability is due to missing authentication on some of the API calls. An attacker could exploit this vulnerability by sending a request to one of the affected calls. A successful exploit could allow the attacker to interact with some parts of the API.	2020-09-23	not yet calculated	CVE-2019-16004 CISCO
cisco -- web_security_appliance	A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information.	2020-09-23	not yet calculated	CVE-2019-15969 CISCO
cisco -- webex	A vulnerability in the way Cisco Webex applications process Universal Communications Format (UCF) files could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of UCF media files. An attacker could exploit this vulnerability by sending a user a malicious UCF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit would cause the application to quit unexpectedly.	2020-09-23	not yet calculated	CVE-2020-3116 CISCO
cisco -- webex_network_recording_player_and_webex_player	Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities exist due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.	2020-09-23	not yet calculated	CVE-2019-15283 CISCO
citrix -- multiple_products	Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to escalation of privileges on the management interface.	2020-09-18	not yet calculated	CVE-2020-8247 MISC
citrix -- multiple_products	Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b are vulnerable to a denial of service attack originating from the management network.	2020-09-18	not yet calculated	CVE-2020-8246 MISC
citrix -- multiple_products	Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-WAN WANOP 11.1 before 11.1.2a, Citrix SD-WAN WANOP 11.0 before 11.0.3f, Citrix SD-WAN WANOP 10.2 before 10.2.7b leads to an HTML Injection attack against the SSL VPN web portal.	2020-09-18	not yet calculated	CVE-2020-8245 MISC
citrix -- storefront_server	Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.	2020-09-18	not yet calculated	CVE-2020-8200 MISC
citrix -- xenmobile_server	Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.	2020-09-18	not yet calculated	CVE-2020-8253 MISC
cpanel -- cpanel	cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558).	2020-09-25	not yet calculated	CVE-2020-26106 MISC
cpanel -- cpanel	chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497).	2020-09-25	not yet calculated	CVE-2020-26100 MISC
cpanel -- cpanel	In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549).	2020-09-25	not yet calculated	CVE-2020-26101 MISC
cpanel -- cpanel	cPanel before 90.0.10 allows self XSS via WHM Manage API Tokens interfaces (SEC-569).	2020-09-25	not yet calculated	CVE-2020-26113 MISC
cpanel -- cpanel	The email quota cache in cPanel before 90.0.10 allows overwriting of files.	2020-09-25	not yet calculated	CVE-2020-26112 MISC
cpanel -- cpanel	cPanel before 90.0.10 allows self XSS via the WHM Edit DNS Zone interface (SEC-566).	2020-09-25	not yet calculated	CVE-2020-26111 MISC
cpanel -- cpanel	cPanel before 88.0.13 allows self XSS via DNS Zone Manager DNSSEC interfaces (SEC-564).	2020-09-25	not yet calculated	CVE-2020-26110 MISC
cpanel -- cpanel	cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557).	2020-09-25	not yet calculated	CVE-2020-26109 MISC
cpanel -- cpanel	cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561).	2020-09-25	not yet calculated	CVE-2020-26107 MISC
cpanel -- cpanel	cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485).	2020-09-25	not yet calculated	CVE-2020-26098 MISC
cpanel -- cpanel	In cPanel before 88.0.3, insecure chkservd test credentials are used on a templated VM (SEC-554).	2020-09-25	not yet calculated	CVE-2020-26105 MISC
cpanel -- cpanel	cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488).	2020-09-25	not yet calculated	CVE-2020-26108 MISC
cpanel -- cpanel	In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552).	2020-09-25	not yet calculated	CVE-2020-26104 MISC
cpanel -- cpanel	In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551).	2020-09-25	not yet calculated	CVE-2020-26103 MISC
cpanel -- cpanel	cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491).	2020-09-25	not yet calculated	CVE-2020-26099 MISC
cpanel -- cpanel	In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550).	2020-09-25	not yet calculated	CVE-2020-26102 MISC
d-link -- multiple_devices	UNSUPPORTED WHEN ASSIGNED webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the HTTP Referer header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: this is typically not exploitable because of URL encoding (except in Internet Explorer) and because a web page cannot specify that a client should make an additional HTTP request with an arbitrary Referer header.	2020-09-19	not yet calculated	CVE-2020-25786 MISC MISC
f5 -- big-ip	In BIG-IP 15.0.0-15.1.0.4, 14.1.0-14.1.2.7, 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2 and BIG-IQ 5.2.0-7.1.0, unauthenticated attackers can cause disruption of service via undisclosed methods.	2020-09-25	not yet calculated	CVE-2020-5930 MISC
f5 -- big-ip	In versions 13.0.0-13.0.0 HF2, 12.1.0-12.1.2 HF1, and 11.6.1-11.6.2, BIG-IP platforms with Cavium Nitrox SSL hardware acceleration cards, a Virtual Server configured with a Client SSL profile, and using Anonymous (ADH) or Ephemeral (DHE) Diffie-Hellman key exchange and Single DH use option not enabled in the options list may be vulnerable to crafted SSL/TLS Handshakes that may result with a PMS (Pre-Master Secret) that starts in a 0 byte and may lead to a recovery of plaintext messages as BIG-IP TLS/SSL ADH/DHE sends different error messages acting as an oracle. Similar error messages when PMS starts with 0 byte coupled with very precise timing measurement observation may also expose this vulnerability.	2020-09-25	not yet calculated	CVE-2020-5929 MISC
fortiguard -- fortinac	An improper neutralization of input vulnerability in FortiNAC before 8.7.2 may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the UserID of Admin Users.	2020-09-24	not yet calculated	CVE-2020-12816 CONFIRM
fortiguard -- fortitester	An improper neutralization of input vulnerability in FortiTester before 3.9.0 may allow a remote authenticated attacker to inject script related HTML tags via IPv4/IPv6 address fields.	2020-09-24	not yet calculated	CVE-2020-12815 CONFIRM
fortiguard -- fortianalyzer	An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors.	2020-09-24	not yet calculated	CVE-2020-12817 CONFIRM
fortiguard -- fortigate	An insufficient logging vulnerability in FortiGate before 6.4.1 may allow the traffic from an unauthenticated attacker to Fortinet owned IP addresses to go unnoticed.	2020-09-24	not yet calculated	CVE-2020-12818 CONFIRM
fortiguard -- fortimanager_and_fortianalyzer	An improper neutralization of script-related HTML tags in a web page in FortiManager 6.2.0, 6.2.1, 6.2.2, and 6.2.3and FortiAnalyzer 6.2.0, 6.2.1, 6.2.2, and 6.2.3 may allow an attacker to execute a cross site scripting (XSS) via the Identify Provider name field.	2020-09-24	not yet calculated	CVE-2020-12811 CONFIRM
gemtek -- wrtm-127acn_and_wrtm-127x9_devices	An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.)	2020-09-24	not yet calculated	CVE-2020-24365 MISC
general_electric -- digital_apm_classic	GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downloaded in JavaScript object notation (JSON) format by users who should not have access to such functionality. An attacker can download sensitive data related to user accounts without having the proper privileges.	2020-09-23	not yet calculated	CVE-2020-16240 MISC
general_electric -- digital_apm_classic	GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords.	2020-09-23	not yet calculated	CVE-2020-16244 MISC
general_electric -- reason_s20_ethernet_switch	The affected product is vulnerable to cross-site scripting (XSS), which may allow an attacker to trick application users into performing critical application actions that include, but are not limited to, adding and updating accounts.	2020-09-25	not yet calculated	CVE-2020-16242 MISC
getsimple -- getsimple_cms	A Cross-Site Request Forgery (CSRF) vulnerability in the Multi User plugin 1.8.2 for GetSimple CMS allows remote attackers to add admin (or other) users after an authenticated admin visits a third-party site or clicks on a URL.	2020-09-25	not yet calculated	CVE-2020-23837 MISC MISC
glpi -- glpi	In GLPI before version 9.5.0, the encryption algorithm used is insecure. The security of the data encrypted relies on the password used, if a user sets a weak/predictable password, an attacker could decrypt data. This is fixed in version 9.5.0 by using a more secure encryption library. The library chosen is sodium.	2020-09-23	not yet calculated	CVE-2020-11031 MISC CONFIRM
gon_gem_for_ruby_on_rails -- gon_gem_for_ruby_on_rails	An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escape_mode parameter to escape fields as an XSS protection mechanism. To mitigate, json_dumper.rb in gon now does escaping for XSS by default without relying on MultiJson.	2020-09-23	not yet calculated	CVE-2020-25739 CONFIRM MLIST
google -- android	The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user.	2020-09-25	not yet calculated	CVE-2020-25203 MISC MISC
google -- chrome	Insufficient validation of untrusted input in command line handling in Google Chrome on Windows prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6567 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6576 SUSE SUSE SUSE MISC MISC
google -- chrome	Insufficient policy enforcement in media in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6566 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6569 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to obtain potentially sensitive information from disk via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6563 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Insufficient policy enforcement in intent handling in Google Chrome on Android prior to 85.0.4183.83 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6568 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Race in Mojo in Google Chrome prior to 85.0.4183.102 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6575 SUSE SUSE SUSE MISC MISC
google -- chrome	Inappropriate implementation in Content Security Policy in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6561 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Insufficient policy enforcement in installer in Google Chrome on OS X prior to 85.0.4183.102 allowed a local attacker to potentially achieve privilege escalation via a crafted binary.	2020-09-21	not yet calculated	CVE-2020-6574 SUSE SUSE SUSE MISC MISC
google -- chrome	Inappropriate implementation in Omnibox in Google Chrome on iOS prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6565 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Insufficient policy enforcement in autofill in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6560 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Inappropriate implementation in permissions in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to spoof the contents of a permission dialog via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6564 SUSE SUSE SUSE MISC MISC FEDORA
google -- chrome	Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	2020-09-21	not yet calculated	CVE-2020-6559 SUSE SUSE SUSE MISC MISC FEDORA
hak5 -- wifi_pineapple_mark_vii	A Directory Traversal issue was discovered on Hak5 WiFi Pineapple Mark VII 1.x before 1.0.1-beta.2020091914551 devices. An unauthenticated user can connect to the wireless management network, including the open wireless network, and access all files and subdirectories under /pineapple/ui, regardless of file permissions.	2020-09-25	not yet calculated	CVE-2020-25726 MISC MISC
hewlett_packard -- pay_per_use_utility_computing_service	Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.	2020-09-23	not yet calculated	CVE-2020-24624 MISC
hewlett_packard -- pay_per_use_utility_computing_service	Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.	2020-09-23	not yet calculated	CVE-2020-24625 MISC
hewlett_packard -- pay_per_use_utility_computing_service	Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9.	2020-09-23	not yet calculated	CVE-2020-24626 MISC
hewlett_packard -- universal_api_framework	A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API Framework. The vulnerability could be remotely exploited to allow SQL injection in HPE Universal API Framework for VMware Esxi v2.5.2 and HPE Universal API Framework for Microsoft Hyper-V (VHD).	2020-09-18	not yet calculated	CVE-2020-24623 MISC MISC
ibm -- aspera_web_application	IBM Aspera Web Application 1.9.14 PL1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188055.	2020-09-21	not yet calculated	CVE-2020-4731 XF CONFIRM
ibm -- business_automation_content_analyzer	IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177234.	2020-09-21	not yet calculated	CVE-2020-4315 XF CONFIRM
ibm -- business_automation_workflow_and_business_process_manager	IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 182715.	2020-09-25	not yet calculated	CVE-2020-4531 XF CONFIRM
ibm -- infosphere_information_server	IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim.	2020-09-25	not yet calculated	CVE-2020-4727 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server prior to 10.9 could allow an attacker to bypass SSL security due to improper certificate validation. IBM X-Force ID: 178180.	2020-09-23	not yet calculated	CVE-2020-4340 XF CONFIRM
ibm -- security_secret_server	IBM Security Secret Server proir to 10.9 could allow a remote attacker to bypass security restrictions, caused by improper input validation. IBM X-Force ID: 177515.	2020-09-23	not yet calculated	CVE-2020-4324 XF CONFIRM
ibm -- websphere_application_server	IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticated client. IBM X-Force ID: 184650.	2020-09-21	not yet calculated	CVE-2020-4590 XF CONFIRM
ignitenet -- helios_glinq	In IgniteNet HeliOS GLinq v2.2.1 r2961, the langSelection parameter is stored in the luci configuration file (/etc/config/luci) by the authenticator.htmlauth function. When modified with arbitrary javascript, this causes a denial-of-service condition for all other users.	2020-09-23	not yet calculated	CVE-2020-5781 MISC
ignitenet -- helios_glinq	In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection.	2020-09-23	not yet calculated	CVE-2020-5782 MISC
ignitenet -- helios_glinq	In IgniteNet HeliOS GLinq v2.2.1 r2961, the login functionality does not contain any CSRF protection mechanisms.	2020-09-23	not yet calculated	CVE-2020-5783 MISC
jenkins -- jenkins	A cross-site request forgery (CSRF) vulnerability in Jenkins Warnings Plugin 5.0.1 and earlier allows attackers to execute arbitrary code.	2020-09-23	not yet calculated	CVE-2020-2280 MLIST CONFIRM
jenkins -- jenkins	Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.	2020-09-23	not yet calculated	CVE-2020-2284 MLIST CONFIRM
jenkins -- jenkins	Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not escape changeset contents, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control changeset files evaluated by the plugin.	2020-09-23	not yet calculated	CVE-2020-2283 MLIST CONFIRM
jenkins -- jenkins	Jenkins Implied Labels Plugin 0.6 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to configure the plugin.	2020-09-23	not yet calculated	CVE-2020-2282 MLIST CONFIRM
jenkins -- jenkins	A cross-site request forgery (CSRF) vulnerability in Jenkins Lockable Resources Plugin 2.8 and earlier allows attackers to reserve, unreserve, unlock, and reset resources.	2020-09-23	not yet calculated	CVE-2020-2281 MLIST CONFIRM
jenkins -- jenkins	A sandbox bypass vulnerability in Jenkins Script Security Plugin 1.74 and earlier allows attackers with permission to define sandboxed scripts to provide crafted return values or script binding content that can result in arbitrary code execution on the Jenkins controller JVM.	2020-09-23	not yet calculated	CVE-2020-2279 MLIST CONFIRM
jenkins -- jenkins	A missing permission check in Jenkins Liquibase Runner Plugin 1.4.7 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.	2020-09-23	not yet calculated	CVE-2020-2285 MLIST CONFIRM
jerryscript -- jerryscript	vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register.	2020-09-24	not yet calculated	CVE-2020-13991 CONFIRM MISC MISC MISC MISC
joomla -- joomla!	SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.	2020-09-24	not yet calculated	CVE-2020-19447 MISC
joomla -- joomla!	SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter.	2020-09-25	not yet calculated	CVE-2020-19455 MISC
joomla -- joomla!	SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter.	2020-09-25	not yet calculated	CVE-2020-19450 MISC
joomla -- joomla!	SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter.	2020-09-25	not yet calculated	CVE-2020-19451 MISC
joplin -- joplin	An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.	2020-09-24	not yet calculated	CVE-2020-15930 MISC CONFIRM
json-bigint -- json-bigint	Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.	2020-09-18	not yet calculated	CVE-2020-8237 MISC
lenovo -- desktops_and_thinkstation	A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desktops and ThinkStation models may allow arbitrary code execution	2020-09-24	not yet calculated	CVE-2020-8333 CONFIRM
lenovo -- enterprise_network_disk	A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's browser if a crafted url is visited, possibly through phishing.	2020-09-24	not yet calculated	CVE-2020-8347 CONFIRM
lenovo -- enterprise_network_disk	A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk prior to version 6.1 patch 6 hotfix 4 that could allow execution of code in an authenticated user's current browser session if a crafted url is visited, possibly through phishing.	2020-09-24	not yet calculated	CVE-2020-8348 CONFIRM
libuv -- libuv	The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.	2020-09-18	not yet calculated	CVE-2020-8252 MISC MISC
liferay -- liferay_portal_and_liferay_dxp	In Liferay Portal before 7.3.1, Liferay Portal 6.2 EE, and Liferay DXP 7.2, DXP 7.1 and DXP 7.0, the property 'portlet.resource.id.banned.paths.regexp' can be bypassed with doubled encoded URLs.	2020-09-24	not yet calculated	CVE-2020-15840 CONFIRM MISC CONFIRM
liferay -- liferay_portal_and_liferay_dxp	Liferay Portal before 7.3.3, and Liferay DXP 7.1 before fix pack 18 and 7.2 before fix pack 6, does not restrict the size of a multipart/form-data POST action, which allows remote authenticated users to conduct denial-of-service attacks by uploading large files.	2020-09-22	not yet calculated	CVE-2020-15839 MISC MISC MISC CONFIRM
linux -- linux_kernel	A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.	2020-09-24	not yet calculated	CVE-2020-26088 MISC MISC
micro_focus -- operation_agent	Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system.	2020-09-18	not yet calculated	CVE-2020-11861 MISC
micro_focus -- operation_bridge_reporter	An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user	2020-09-22	not yet calculated	CVE-2020-11857 MISC MISC
micro_focus -- operation_bridge_reporter	Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR.	2020-09-22	not yet calculated	CVE-2020-11856 MISC MISC
micro_focus -- operation_bridge_reporter	An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.	2020-09-22	not yet calculated	CVE-2020-11855 MISC MISC
mitel -- micloud_management_portal	Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.	2020-09-25	not yet calculated	CVE-2020-24595 MISC CONFIRM
mitel -- micloud_management_portal	Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.	2020-09-25	not yet calculated	CVE-2020-24593 MISC CONFIRM
mitel -- micloud_management_portal	Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.	2020-09-25	not yet calculated	CVE-2020-24592 MISC CONFIRM
mitel -- micloud_management_portal	Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.	2020-09-25	not yet calculated	CVE-2020-24594 MISC CONFIRM
mitel -- micontact_center_business	The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.	2020-09-25	not yet calculated	CVE-2020-24692 MISC CONFIRM
nakivo -- backup_and_replication_director	Insecure permissions in Nakivo Backup & Replication Director version 9.4.0.r43656 on Linux allow local users to access the Nakivo Director web interface and gain root privileges. This occurs because the database containing the users of the web application and the password-recovery secret value is readable.	2020-09-24	not yet calculated	CVE-2020-15850 MISC
nakivo -- backup_and_replication_transporter	Lack of access control in Nakivo Backup & Replication Transporter version 9.4.0.r43656 allows remote users to access unencrypted backup repositories and the Nakivo Controller configuration via a network accessible transporter service. It is also possible to create or delete backup repositories.	2020-09-24	not yet calculated	CVE-2020-15851 MISC
nextcloud -- desktop_client	A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.	2020-09-18	not yet calculated	CVE-2020-8225 MISC MISC
ng-packagr -- ng-packagr	The package ng-packagr before 10.1.1 are vulnerable to Command Injection via the styleIncludePaths option.	2020-09-25	not yet calculated	CVE-2020-7735 CONFIRM CONFIRM
node.js -- node.js	Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests submission which can make the server unable to accept new connections.	2020-09-18	not yet calculated	CVE-2020-8251 MISC MISC
node.js -- node.js	Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious payloads to unsuspecting users. The payloads can be crafted by an attacker to hijack user sessions, poison cookies, perform clickjacking, and a multitude of other attacks depending on the architecture of the underlying system. The attack was possible due to a bug in processing of carrier-return symbols in the HTTP header names.	2020-09-18	not yet calculated	CVE-2020-8201 MISC MISC
oauth-ruby_gem_for_ruby_on_rails -- oauth-ruby_gem_for_ruby_on_rails	lib/oauth/consumer.rb in the oauth-ruby gem through 0.5.4 for Ruby does not verify server X.509 certificates if a certificate bundle cannot be found, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.	2020-09-24	not yet calculated	CVE-2016-11086 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending the improper variable type Array allows a bypass of core SQL Injection sanitization. Users are able to inject malicious statements in multiple functions. This vulnerability leads to full authentication bypass: any unauthorized user with access to the application is able to exploit this vulnerability. This can occur via the Cookie header to the default URI, within includes/authenticate.inc.php.	2020-09-25	not yet calculated	CVE-2020-25132 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /settings/?format=../ URIs to pages/settings.inc.php.	2020-09-25	not yet calculated	CVE-2020-25134 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via a /device/device=140/tab=wifi/view= URI.	2020-09-25	not yet calculated	CVE-2020-25141 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. this can occur via /iftype/type= because of pages/iftype.inc.php.	2020-09-25	not yet calculated	CVE-2020-25148 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=routing&proto=../ URIs to device/routing.inc.php.	2020-09-25	not yet calculated	CVE-2020-25136 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via username[0] to the default URI, because of includes/authenticate.inc.php.	2020-09-25	not yet calculated	CVE-2020-25147 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for edit_syslog_rule.	2020-09-25	not yet calculated	CVE-2020-25146 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=ports&view=../ URIs because of device/port.inc.php.	2020-09-25	not yet calculated	CVE-2020-25145 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. This can occur via /ajax/device_entities.php?entity_type=netscalervsvr&device_id[]= because of /ajax/device_entities.php.	2020-09-25	not yet calculated	CVE-2020-25143 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur in pages/contacts.inc.php.	2020-09-25	not yet calculated	CVE-2020-25140 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via la_id to the /syslog_rules URI for delete_syslog_rule, because of syslog_rules.inc.php.	2020-09-25	not yet calculated	CVE-2020-25139 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable if any links and forms lack an unpredictable CSRF token. Without such a token, attackers can forge malicious requests, such as for adding Device Settings via the /addsrv URI.	2020-09-25	not yet calculated	CVE-2020-25142 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the alert_name or alert_message parameter to the /alert_check URI.	2020-09-25	not yet calculated	CVE-2020-25137 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /device/device=345/?tab=health&metric=../ because of device/health.inc.php.	2020-09-25	not yet calculated	CVE-2020-25149 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the graph_title parameter to the graphs/ URI.	2020-09-25	not yet calculated	CVE-2020-25135 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /ports/?format=../ URIs to pages/ports.inc.php.	2020-09-25	not yet calculated	CVE-2020-25133 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via the role_name or role_descr parameter to the roles/ URI.	2020-09-25	not yet calculated	CVE-2020-25131 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to SQL Injection due to the fact that it is possible to inject malicious SQL statements in malformed parameter types. Sending an improper variable type of Array allows a bypass of core SQL Injection sanitization. Authenticated users are able to inject malicious SQL queries. This vulnerability leads to full database leak including ckeys that can be used in the authentication process without knowing the username and cleartext password. This can occur via the ajax/actions.php group_id field.	2020-09-25	not yet calculated	CVE-2020-25130 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to Cross-Site Scripting (XSS) due to the fact that it is possible to inject and store malicious JavaScript code within it. This can occur via /alert_check/action=delete_alert_checker/alert_test_id= because of pages/alert_check.inc.php.	2020-09-25	not yet calculated	CVE-2020-25138 MISC
observium -- multiple_products	An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerable to directory traversal and local file inclusion due to the fact that there is an unrestricted possibility of loading any file with an inc.php extension. Inclusion of other files (even though limited to the mentioned extension) can lead to Remote Code Execution. This can occur via /apps/?app=../ URIs.	2020-09-25	not yet calculated	CVE-2020-25144 MISC
openmrs -- openmrs	A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed.	2020-09-25	not yet calculated	CVE-2020-24621 MISC MISC MISC MISC MISC
ory -- fosite	In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0	2020-09-24	not yet calculated	CVE-2020-15223 MISC CONFIRM MISC
ory -- fosite	In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method "private_key_jwt", OpenId specification says the following about assertion `jti`: "A unique identifier for the token, which can be used to prevent reuse of the token. These tokens MUST only be used once, unless conditions for reuse were negotiated between the parties". Hydra does not seem to check the uniqueness of this `jti` value. This problem is fixed in version 0.31.0.	2020-09-24	not yet calculated	CVE-2020-15222 MISC CONFIRM MISC
pagure -- pagure	Pagure before 5.6 allows XSS via the templates/blame.html blame view.	2020-09-25	not yet calculated	CVE-2019-11556 CONFIRM CONFIRM MISC
pango -- hotspot_shield_vpn	Improper directory permissions in the Hotspot Shield VPN client software for Windows 10.3.0 and earlier may allow an authorized user to potentially enable escalation of privilege via local access. The vulnerability allows a local user to corrupt system files: a local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.	2020-09-24	not yet calculated	CVE-2020-17365 MISC
peg-markdown -- peg-markdown	UNSUPPORTED WHEN ASSIGNED peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.	2020-09-23	not yet calculated	CVE-2020-25821 MISC
pexip -- infinity	The client API authentication mechanism in Pexip Infinity before 10 allows remote attackers to gain privileges via a crafted request.	2020-09-24	not yet calculated	CVE-2015-4719 MISC
pexip -- infinity	Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323.	2020-09-25	not yet calculated	CVE-2020-13387 CONFIRM MISC
pexip -- infinity	Pexip Infinity before 20.1 allows privilege escalation by restoring a system backup.	2020-09-25	not yet calculated	CVE-2019-7178 MISC CONFIRM
pexip -- infinity	Pexip Infinity before 17 allows an unauthenticated remote attacker to achieve stored XSS via management web interface views.	2020-09-25	not yet calculated	CVE-2017-17477 CONFIRM CONFIRM
pexip -- infinity	Pexip Infinity before 18 allows Remote Denial of Service (TLS handshakes in RTMP).	2020-09-25	not yet calculated	CVE-2018-10432 CONFIRM MISC
pexip -- infinity	Pexip Infinity before 18 allows remote Denial of Service (XML parsing).	2020-09-25	not yet calculated	CVE-2018-10585 CONFIRM MISC
pexip -- infinity	Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP.	2020-09-25	not yet calculated	CVE-2020-24615 CONFIRM MISC
pexip -- infinity	Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP.	2020-09-25	not yet calculated	CVE-2020-12824 CONFIRM MISC
pexip -- infinity	Pexip Infinity before 20.1 allows Code Injection onto nodes via an admin.	2020-09-25	not yet calculated	CVE-2019-7177 MISC CONFIRM
pexip -- reverse_proxy_and_turn_server	Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN.	2020-09-25	not yet calculated	CVE-2020-11805 CONFIRM
phpgurukul -- zoo_management_system	PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php.	2020-09-22	not yet calculated	CVE-2020-25487 MISC MISC MISC
ping_identity -- pingid_integration_for_windows_login	PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe.	2020-09-23	not yet calculated	CVE-2020-25826 MISC MISC
podman -- podman	An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into subsequent containers. An attacker who has control over the subsequent containers could use this flaw to gain access to sensitive information stored in such variables.	2020-09-23	not yet calculated	CVE-2020-14370 MISC
prestashop -- prestashop	In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in version 1.7.6.8.	2020-09-24	not yet calculated	CVE-2020-15162 MISC MISC CONFIRM
prestashop -- prestashop	In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8	2020-09-24	not yet calculated	CVE-2020-15161 MISC MISC CONFIRM
prestashop -- prestashop	PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8	2020-09-24	not yet calculated	CVE-2020-15160 MISC MISC CONFIRM
qemu -- qemu	hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.	2020-09-25	not yet calculated	CVE-2020-25625 CONFIRM MISC
qemu -- qemu	QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not checked.	2020-09-25	not yet calculated	CVE-2020-25084 CONFIRM MISC
qemu -- qemu	QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case.	2020-09-25	not yet calculated	CVE-2020-25085 CONFIRM MISC MISC
red_hat -- ansible_engine	A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.	2020-09-23	not yet calculated	CVE-2020-14365 MISC
red_hat -- undertow	A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request smuggling related to CVE-2017-2666 is possible against HTTP/1.x and HTTP/2 due to permitting invalid characters in an HTTP request. This flaw allows an attacker to poison a web-cache, perform an XSS attack, or obtain sensitive information from request other than their own.	2020-09-23	not yet calculated	CVE-2020-10687 MISC
rubetek -- multiple_cameras	The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) could allow an remote attacker to take full control of the device with a high-privileged account. The vulnerability exists because a system account has a default and static password. The Telnet service cannot be disabled and this password cannot be changed via standard functionality.	2020-09-25	not yet calculated	CVE-2020-25749 MISC
rubetek -- multiple_cameras	A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values.	2020-09-25	not yet calculated	CVE-2020-25748 MISC
rubetek -- multiple_cameras	The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings.	2020-09-25	not yet calculated	CVE-2020-25747 MISC
shotcut -- shotcut	In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource.	2020-09-22	not yet calculated	CVE-2020-24619 MISC CONFIRM
sophos -- sg_utm	A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.607 MR7, and v9.511 MR11	2020-09-25	not yet calculated	CVE-2020-25223 MISC CONFIRM
sourcecodester -- simple_library_management_system	Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.	2020-09-22	not yet calculated	CVE-2020-25514 MISC MISC MISC
sourcecodester -- simple_library_management_system	Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.	2020-09-22	not yet calculated	CVE-2020-25515 MISC MISC MISC
spring -- framework	In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.	2020-09-19	not yet calculated	CVE-2020-5421 CONFIRM
telestream -- tektronix_medius_and_sentry	Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page).	2020-09-22	not yet calculated	CVE-2020-8887 MISC
telmat -- accesslog	The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.	2020-09-24	not yet calculated	CVE-2020-16148 MISC
telmat -- accesslog	The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.	2020-09-24	not yet calculated	CVE-2020-16147 MISC
tensorflow -- tensorflow	In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the `splits` tensor has the minimum required number of elements. Code uses this quantity to initialize a different data structure. Since `BatchedMap` is equivalent to a vector, it needs to have at least one element to not be `nullptr`. If user passes a `splits` tensor that is empty or has exactly one element, we get a `SIGABRT` signal raised by the operating system. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15199 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `SparseFillEmptyRowsGrad` implementation has incomplete validation of the shapes of its arguments. Although `reverse_index_map_t` and `grad_values_t` are accessed in a similar pattern, only `reverse_index_map_t` is validated to be of proper shape. Hence, malicious users can pass a bad `grad_values_t` to trigger an assertion failure in `vec`, causing denial of service in serving installations. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1."	2020-09-25	not yet calculated	CVE-2020-15194 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856b80, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15205 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `tf.raw_ops.Switch` operation takes as input a tensor and a boolean and outputs two tensors. Depending on the boolean value, one of the tensors is exactly the input tensor whereas the other one should be an empty tensor. However, the eager runtime traverses all tensors in the output. Since only one of the tensors is defined, the other one is `nullptr`, hence we are binding a reference to `nullptr`. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. In this case, this results in a segmentation fault The issue is patched in commit da8558533d925694483d2c136a9220d6d49d843c, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15190 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes an invalid argument to `dlpack.to_dlpack` the expected validations will cause variables to bind to `nullptr` while setting a `status` variable to the error condition. However, this `status` argument is not properly checked. Hence, code following these methods will bind references to null pointers. This is undefined behavior and reported as an error if compiling with `-fsanitize=null`. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15191 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 2.2.1 and 2.3.1, if a user passes a list of strings to `dlpack.to_dlpack` there is a memory leak following an expected validation failure. The issue occurs because the `status` argument during validation failures is not properly checked. Since each of the above methods can return an error status, the `status` value must be checked before continuing. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15192 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 2.2.1 and 2.3.1, the implementation of `dlpack.to_dlpack` can be made to use uninitialized memory resulting in further memory corruption. This is because the pybind11 glue code assumes that the argument is a tensor. However, there is nothing stopping users from passing in a Python object instead of a tensor. The uninitialized memory address is due to a `reinterpret_cast` Since the `PyObject` is a Python object, not a TensorFlow Tensor, the cast to `EagerTensor` fails. The issue is patched in commit 22e07fb204386768e5bcbea563641ea11f96ceb8 and is released in TensorFlow versions 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15193 MISC MISC CONFIRM
tensorflow -- tensorflow	In eager mode, TensorFlow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1 does not set the session state. Hence, calling `tf.raw_ops.GetSessionHandle` or `tf.raw_ops.GetSessionHandleV2` results in a null pointer dereference In linked snippet, in eager mode, `ctx->session_state()` returns `nullptr`. Since code immediately dereferences this, we get a segmentation fault. The issue is patched in commit 9a133d73ae4b4664d22bd1aa6d654fec13c52ee1, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15204 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the heap buffer allocated for the weights. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15196 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15198 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15195 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap` is equivalent to a vector where each element is a hashmap. However, if the first element of `splits_values` is not 0, `batch_idx` will never be 1, hence there will be no hashmap at index 0 in `per_batch_counts`. Trying to access that in the user code results in a segmentation fault. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15200 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `batch_idx` grows too large. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15201 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15202 MISC MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, by controlling the `fill` argument of tf.strings.as_string, a malicious attacker is able to trigger a format string vulnerability due to the way the internal format use in a `printf` call is constructed. This may result in segmentation fault. The issue is patched in commit 33be22c65d86256e6826666662e40dbdfe70ee83, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15203 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, changing the TensorFlow's `SavedModel` protocol buffer and altering the name of required keys results in segfaults and data corruption while loading the model. This can cause a denial of service in products using `tensorflow-serving` or other inference-as-a-service installments. Fixed were added in commits f760f88b4267d981e13f4b302c437ae800445968 and fcfef195637c6e365577829c4d67681695956e7d (both going into TensorFlow 2.2.0 and 2.3.0 but not yet backported to earlier versions). However, this was not enough, as #41097 reports a different failure mode. The issue is patched in commit adf095206f25471e864a8e63a0f1caef53a0e3a6, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15206 MISC MISC CONFIRM
tensorflow -- tensorflow	In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has rank 2. This tensor must be a matrix because code assumes its elements are accessed as elements of a matrix. However, malicious users can pass in tensors of different rank, resulting in a `CHECK` assertion failure and a crash. This can be used to cause denial of service in serving installations, if users are allowed to control the components of the input sparse tensor. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in TensorFlow version 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15197 MISC MISC CONFIRM
tensorflow -- tensorflow_lite	In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.	2020-09-25	not yet calculated	CVE-2020-15214 MISC MISC CONFIRM
tensorflow -- tensorflow_lite	In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a denial of service by causing an out of memory allocation in the implementation of segment sum. Since code uses the last element of the tensor holding them to determine the dimensionality of output tensor, attackers can use a very large value to trigger a large allocation. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to limit the maximum value in the segment ids tensor. This only handles the case when the segment ids are stored statically in the model, but a similar validation could be done if the segment ids are generated at runtime, between inference steps. However, if the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.	2020-09-25	not yet calculated	CVE-2020-15213 MISC MISC CONFIRM
tensorflow -- tensorflow_lite	In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code.	2020-09-25	not yet calculated	CVE-2020-15212 MISC MISC CONFIRM
tensorflow -- tensorflow_lite	In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one. The runtime assumes that these buffers are written to before a possible read, hence they are initialized with `nullptr`. However, by changing the buffer index for a tensor and implicitly converting that tensor to be a read-write one, as there is nothing in the model that writes to it, we get a null pointer dereference. The issue is patched in commit 0b5662bc, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15209 MISC MISC CONFIRM
tensorflow -- tensorflow_lite	In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and will release patch releases for all versions between 1.15 and 2.3. We recommend users to upgrade to TensorFlow 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15210 MISC MISC CONFIRM
tensorflow -- tensorflow_lite	In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can craft cases where this is larger than that of the second tensor. In turn, this would result in reads/writes outside of bounds since the interpreter will wrongly assume that there is enough data in both tensors. The issue is patched in commit 8ee24e7949a203d234489f9da2c5bf45a7d5157d, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15208 MISC MISC CONFIRM
tensorflow -- tensorflow_lite	In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, to mimic Python's indexing with negative values, TFLite uses `ResolveAxis` to convert negative values to positive indices. However, the only check that the converted index is now valid is only present in debug builds. If the `DCHECK` does not trigger, then code execution moves ahead with a negative index. This, in turn, results in accessing data out of bounds which results in segfaults and/or data corruption. The issue is patched in commit 2d88f470dea2671b430884260f3626b1fe99830a, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.	2020-09-25	not yet calculated	CVE-2020-15207 MISC MISC CONFIRM
tensorflow -- tensorflow_lite	In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices for the tensors, indexing into an array of tensors that is owned by the subgraph. This results in a pattern of double array indexing when trying to get the data of each tensor. However, some operators can have some tensors be optional. To handle this scenario, the flatbuffer model uses a negative `-1` value as index for these tensors. This results in special casing during validation at model loading time. Unfortunately, this means that the `-1` index is a valid tensor index for any operator, including those that don't expect optional inputs and including for output tensors. Thus, this allows writing and reading from outside the bounds of heap allocated arrays, although only at a specific offset from the start of these arrays. This results in both read and write gadgets, albeit very limited in scope. The issue is patched in several commits (46d5b0852, 00302787b7, e11f5558, cd31fd0ce, 1970c21, and fff2c83), and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that only operators which accept optional inputs use the `-1` special value and only for the tensors that they expect to be optional. Since this allow-list type approach is erro-prone, we advise upgrading to the patched code.	2020-09-25	not yet calculated	CVE-2020-15211 MISC MISC MISC MISC MISC MISC MISC CONFIRM
tiny -- tiny_rss	An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mishandles JavaScript inside an SVG document.	2020-09-19	not yet calculated	CVE-2020-25789 MISC MISC
tiny -- tiny_rss	An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_proxy_http/init.php mishandles $_REQUEST["url"] in an error message.	2020-09-19	not yet calculated	CVE-2020-25788 MISC MISC
tiny -- tiny_rss	An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all URLs before requesting them.	2020-09-19	not yet calculated	CVE-2020-25787 MISC MISC
trend_micro -- security_2019	An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified.	2020-09-24	not yet calculated	CVE-2020-15604 MISC MISC MISC MISC
trend_micro -- security_2019	An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-295: Improper server certificate verification in the communication with the update server.	2020-09-24	not yet calculated	CVE-2020-24560 MISC MISC MISC MISC
typeorm -- typeorm	Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.	2020-09-18	not yet calculated	CVE-2020-8158 MISC
typesetter -- typesetter	DISPUTED Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2.	2020-09-19	not yet calculated	CVE-2020-25790 MISC
u.s._airforce_research_lab -- sensor_data_management_system_website	U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer.	2020-09-25	not yet calculated	CVE-2020-13995 MISC
untis -- webuntis	Untis WebUntis before 2020.9.6 allows XSS in multiple functions that store information.	2020-09-24	not yet calculated	CVE-2020-22453 MISC MISC
verint -- workforce_optimization	Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API	2020-09-22	not yet calculated	CVE-2020-23446 MISC MISC MISC
vmware -- horizon_daas	VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of this issue may allow an attacker to bypass two-factor authentication process. In order to exploit this issue, an attacker must have a legitimate account on Horizon DaaS.	2020-09-22	not yet calculated	CVE-2020-3977 MISC
wildfly -- elytron	A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM authentication with a session ID in the URL, an attacker could perform a session fixation attack. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.	2020-09-23	not yet calculated	CVE-2020-10714 MISC
xen -- xen	An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when handling guest access to MSR_MISC_ENABLE. When a guest accesses certain Model Specific Registers, Xen first reads the value from hardware to use as the basis for auditing the guest access. For the MISC_ENABLE MSR, which is an Intel specific MSR, this MSR read is performed without error handling for a #GP fault, which is the consequence of trying to read this MSR on non-Intel hardware. A buggy or malicious PV guest administrator can crash Xen, resulting in a host Denial of Service. Only x86 systems are vulnerable. ARM systems are not vulnerable. Only Xen versions 4.11 and onwards are vulnerable. 4.10 and earlier are not vulnerable. Only x86 systems that do not implement the MISC_ENABLE MSR (0x1a0) are vulnerable. AMD and Hygon systems do not implement this MSR and are vulnerable. Intel systems do implement this MSR and are not vulnerable. Other manufacturers have not been checked. Only x86 PV guests can exploit the vulnerability. x86 HVM/PVH guests cannot exploit the vulnerability.	2020-09-23	not yet calculated	CVE-2020-25602 FEDORA MISC
xen -- xen	An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.	2020-09-23	not yet calculated	CVE-2020-25596 FEDORA MISC
xen -- xen	An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers between x86 HVM vCPUs. When migrating timers of x86 HVM guests between its vCPUs, the locking model used allows for a second vCPU of the same guest (also operating on the timers) to release a lock that it didn't acquire. The most likely effect of the issue is a hang or crash of the hypervisor, i.e., a Denial of Service (DoS). All versions of Xen are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only x86 HVM guests can leverage the vulnerability. x86 PV and PVH cannot leverage the vulnerability. Only guests with more than one vCPU can exploit the vulnerability.	2020-09-23	not yet calculated	CVE-2020-25604 FEDORA MISC
xen -- xen	An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allocating an event channel. Event channels control structures can be accessed lockless as long as the port is considered to be valid. Such a sequence is missing an appropriate memory barrier (e.g., smp_*mb()) to prevent both the compiler and CPU from re-ordering access. A malicious guest may be able to cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded. Systems running all versions of Xen are affected. Whether a system is vulnerable will depend on the CPU and compiler used to build Xen. For all systems, the presence and the scope of the vulnerability depend on the precise re-ordering performed by the compiler used to build Xen. We have not been able to survey compilers; consequently we cannot say which compiler(s) might produce vulnerable code (with which code generation options). GCC documentation clearly suggests that re-ordering is possible. Arm systems will also be vulnerable if the CPU is able to re-order memory access. Please consult your CPU vendor. x86 systems are only vulnerable if a compiler performs re-ordering.	2020-09-23	not yet calculated	CVE-2020-25603 FEDORA MISC
xen -- xen	An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable.	2020-09-23	not yet calculated	CVE-2020-25599 FEDORA MISC
xen -- xen	An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics.	2020-09-23	not yet calculated	CVE-2020-25601 FEDORA MISC
xen -- xen	An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit x86 domains. The so called 2-level event channel model imposes different limits on the number of usable event channels for 32-bit x86 domains vs 64-bit or Arm (either bitness) ones. 32-bit x86 domains can use only 1023 channels, due to limited space in their shared (between guest and Xen) information structure, whereas all other domains can use up to 4095 in this model. The recording of the respective limit during domain initialization, however, has occurred at a time where domains are still deemed to be 64-bit ones, prior to actually honoring respective domain properties. At the point domains get recognized as 32-bit ones, the limit didn't get updated accordingly. Due to this misbehavior in Xen, 32-bit domains (including Domain 0) servicing other domains may observe event channel allocations to succeed when they should really fail. Subsequent use of such event channels would then possibly lead to corruption of other parts of the shared info structure. An unprivileged guest may cause another domain, in particular Domain 0, to misbehave. This may lead to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only x86 32-bit domains servicing other domains are vulnerable. Arm systems, as well as x86 64-bit domains, are not vulnerable.	2020-09-23	not yet calculated	CVE-2020-25600 FEDORA MISC
xen -- xen	An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource error path. The RCU (Read, Copy, Update) mechanism is a synchronisation primitive. A buggy error path in the XENMEM_acquire_resource exits without releasing an RCU reference, which is conceptually similar to forgetting to unlock a spinlock. A buggy or malicious HVM stubdomain can cause an RCU reference to be leaked. This causes subsequent administration operations, (e.g., CPU offline) to livelock, resulting in a host Denial of Service. The buggy codepath has been present since Xen 4.12. Xen 4.14 and later are vulnerable to the DoS. The side effects are believed to be benign on Xen 4.12 and 4.13, but patches are provided nevertheless. The vulnerability can generally only be exploited by x86 HVM VMs, as these are generally the only type of VM that have a Qemu stubdomain. x86 PV and PVH domains, as well as ARM VMs, typically don't use a stubdomain. Only VMs using HVM stubdomains can exploit the vulnerability. VMs using PV stubdomains, or with emulators running in dom0, cannot exploit the vulnerability.	2020-09-23	not yet calculated	CVE-2020-25598 FEDORA MISC
xen -- xen	An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-valid event channels may not turn invalid. Logic in the handling of event channel operations in Xen assumes that an event channel, once valid, will not become invalid over the life time of a guest. However, operations like the resetting of all event channels may involve decreasing one of the bounds checked when determining validity. This may lead to bug checks triggering, crashing the host. An unprivileged guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. All Xen versions from 4.4 onwards are vulnerable. Xen versions 4.3 and earlier are not vulnerable. Only systems with untrusted guests permitted to create more than the default number of event channels are vulnerable. This number depends on the architecture and type of guest. For 32-bit x86 PV guests, this is 1023; for 64-bit x86 PV guests, and for all ARM guests, this number is 4095. Systems where untrusted guests are limited to fewer than this number are not vulnerable. Note that xl and libxl limit max_event_channels to 1023 by default, so systems using exclusively xl, libvirt+libxl, or their own toolstack based on libxl, and not explicitly setting max_event_channels, are not vulnerable.	2020-09-23	not yet calculated	CVE-2020-25597 FEDORA MISC
xen -- xen	An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register data. Code paths in Xen's MSI handling have been identified that act on unsanitized values read back from device hardware registers. While devices strictly compliant with PCI specifications shouldn't be able to affect these registers, experience shows that it's very common for devices to have out-of-spec "backdoor" operations that can affect the result of these reads. A not fully trusted guest may be able to crash Xen, leading to a Denial of Service (DoS) for the entire system. Privilege escalation and information leaks cannot be excluded. All versions of Xen supporting PCI passthrough are affected. Only x86 systems are vulnerable. Arm systems are not vulnerable. Only guests with passed through PCI devices may be able to leverage the vulnerability. Only systems passing through devices with out-of-spec ("backdoor") functionality can cause issues. Experience shows that such out-of-spec functionality is common; unless you have reason to believe that your device does not have such functionality, it's better to assume that it does.	2020-09-23	not yet calculated	CVE-2020-25595 FEDORA MISC
ygopro -- ygocore	An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory.	2020-09-23	not yet calculated	CVE-2020-24213 MISC
zoho -- manageengine_applications_manager	Zoho ManageEngine Applications Manager before 14 build 14730 has no protection against jsp/header.jsp Cross-site Scripting (XSS) .	2020-09-25	not yet calculated	CVE-2020-15521 MISC CONFIRM
zoho -- manageengine_applications_manager	The REST API in Zoho ManageEngine Applications Manager before build 14740 allows an unauthenticated SQL Injection via a crafted request, leading to Remote Code Execution.	2020-09-25	not yet calculated	CVE-2020-15394 MISC CONFIRM CONFIRM

This product is provided subject to this Notification and this Privacy & Use policy.

from CISA All NCAS Products https://ift.tt/2Hx6nKA