Vulnerability Summary for the Week of June 29, 2020

The vulnerabilities are based on the CVE vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores: • High - Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0 • Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0 - 6.9 • Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9 Entries may include additional information provided by organizations and efforts sponsored by Ug-CERT. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletins is compiled from external, open source reports and is not a direct result of Ug-CERT analysis.

High Vulnerabilities

CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

CVE- Adobe Bridge versions 10.0.1 and 2020- earlier version have an use after free 2020- adobe -- bridge 9.3 9566 vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution . RM

Adobe Bridge versions 10.0.1 and CVE- earlier version have an out-of-bounds 2020- 2020- adobe -- bridge write vulnerability. Successful 9.3 9564 06-26 exploitation could lead to arbitrary code CONFI execution . RM

CVE- Adobe Bridge versions 10.0.1 and 2020- earlier version have a heap overflow 2020- adobe -- bridge 9.3 9562 vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution. RM

Adobe Bridge versions 10.0.1 and CVE- 2020- adobe -- bridge earlier version have an out-of-bounds 9.3 2020- 06-26 write vulnerability. Successful 9569 CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

exploitation could lead to arbitrary code CONFI execution . RM

Adobe Bridge versions 10.0.1 and CVE- earlier version have a memory 2020- 2020- adobe -- bridge corruption vulnerability. Successful 9.3 9568 06-26 exploitation could lead to arbitrary code CONFI execution . RM

Adobe Bridge versions 10.0.1 and CVE- earlier version have an out-of-bounds 2020- 2020- adobe -- bridge write vulnerability. Successful 9.3 9565 06-26 exploitation could lead to arbitrary code CONFI execution . RM

CVE- Adobe Bridge versions 10.0.1 and 2020- earlier version have an use after free 2020- adobe -- bridge 9.3 9567 vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution . RM

CVE- Adobe Bridge versions 10.0.1 and 2020- earlier version have a heap overflow 2020- adobe -- bridge 9.3 9563 vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution. RM

Adobe Bridge versions 10.0.1 and CVE- earlier version have an out-of-bounds 2020- 2020- adobe -- bridge write vulnerability. Successful 9.3 9559 06-26 exploitation could lead to arbitrary code CONFI execution . RM

Adobe Bridge versions 10.0.1 and CVE- earlier version have an out-of-bounds 2020- 2020- adobe -- bridge write vulnerability. Successful 9.3 9560 06-26 exploitation could lead to arbitrary code CONFI execution . RM CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

Adobe Bridge versions 10.0.1 and CVE- earlier version have an out-of-bounds 2020- 2020- adobe -- bridge write vulnerability. Successful 9.3 9556 06-26 exploitation could lead to arbitrary code CONFI execution . RM

Adobe Bridge versions 10.0.1 and CVE- earlier version have a stack-based buffer 2020- 2020- adobe -- bridge overflow vulnerability. Successful 9.3 9555 06-26 exploitation could lead to arbitrary code CONFI execution. RM

Adobe Bridge versions 10.0.1 and CVE- earlier version have an out-of-bounds 2020- 2020- adobe -- bridge write vulnerability. Successful 9.3 9554 06-26 exploitation could lead to arbitrary code CONFI execution . RM

Adobe Bridge versions 10.0.1 and CVE- earlier version have an out-of-bounds 2020- 2020- adobe -- bridge write vulnerability. Successful 9.3 9561 06-26 exploitation could lead to arbitrary code CONFI execution . RM

CVE- Adobe Character Animator versions 3.2 2020- adobe -- and earlier have a buffer overflow 2020- 9.3 9586 character_animator vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution. RM

Adobe DNG Software Development Kit CVE- adobe -- (SDK) 1.5 and earlier versions have a 2020- 2020- dng_software_developm heap overflow vulnerability. Successful 9.3 9589 06-26 ent_kit exploitation could lead to arbitrary code CONFI execution. RM adobe -- Adobe DNG Software Development Kit CVE- 2020- dng_software_developm (SDK) 1.5 and earlier versions have a 9.3 2020- 06-26 ent_kit heap overflow vulnerability. Successful 9590 CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

exploitation could lead to arbitrary code CONFI execution. RM

Adobe DNG Software Development Kit CVE- adobe -- (SDK) 1.5 and earlier versions have a 2020- 2020- dng_software_developm heap overflow vulnerability. Successful 9.3 9620 06-26 ent_kit exploitation could lead to arbitrary code CONFI execution. RM

Adobe DNG Software Development Kit CVE- adobe -- (SDK) 1.5 and earlier versions have a 2020- 2020- dng_software_developm heap overflow vulnerability. Successful 9.3 9621 06-26 ent_kit exploitation could lead to arbitrary code CONFI execution. RM

CVE- Adobe Illustrator versions 24.0.2 and 2020- earlier have a memory corruption 2020- adobe -- illustrator 9.3 9573 vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution. RM

CVE- Adobe Illustrator versions 24.0.2 and 2020- earlier have a memory corruption 2020- adobe -- illustrator 9.3 9574 vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution . RM

CVE- Adobe Illustrator versions 24.0.2 and 2020- earlier have a memory corruption 2020- adobe -- illustrator 9.3 9572 vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution. RM

CVE- Adobe Illustrator versions 24.0.2 and 2020- earlier have a memory corruption 2020- adobe -- illustrator 9.3 9571 vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution. RM CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

CVE- Adobe Illustrator versions 24.0.2 and 2020- earlier have a memory corruption 2020- adobe -- illustrator 9.3 9570 vulnerability. Successful exploitation 06-26 CONFI could lead to arbitrary code execution . RM

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 7.5 9585 a defense-in-depth security mitigation 06-26 CONFI vulnerability. Successful exploitation RM could lead to arbitrary code execution.

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 7.5 9576 a command injection vulnerability. 06-26 CONFI Successful exploitation could lead to RM arbitrary code execution.

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 7.5 9582 a command injection vulnerability. 06-26 CONFI Successful exploitation could lead to RM arbitrary code execution.

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 7.5 9583 a command injection vulnerability. 06-26 CONFI Successful exploitation could lead to RM arbitrary code execution.

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 7.5 9580 a security mitigation bypass 06-26 CONFI vulnerability. Successful exploitation RM could lead to arbitrary code execution. CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 10 9631 a security mitigation bypass 06-26 CONFI vulnerability. Successful exploitation RM could lead to arbitrary code execution.

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 7.5 9578 a command injection vulnerability. 06-26 CONFI Successful exploitation could lead to RM arbitrary code execution.

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 7.5 9630 a business logic error vulnerability. 06-26 CONFI Successful exploitation could lead to RM privilege escalation.

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 10 9632 a security mitigation bypass 06-26 CONFI vulnerability. Successful exploitation RM could lead to arbitrary code execution.

Magento versions 2.3.4 and earlier, CVE- 2.2.11 and earlier (see note), 1.14.4.4 2020- and earlier, and 1.9.4.4 and earlier have 2020- adobe -- magento 7.5 9579 a security mitigation bypass 06-26 CONFI vulnerability. Successful exploitation RM could lead to arbitrary code execution.

On DrayTek Vigor3900, Vigor2960, and CVE- Vigor300B devices before 1.5.1, cgi- 2020- draytek -- bin/mainfunction.cgi/cvmcfgupload 2020- 7.5 15415 multiple_devices allows remote command execution via 06-30 MISC shell metacharacters in a filename when MISC the text/x-python-script content type is CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

used, a different issue than CVE-2020- 14472.

In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0- 12.1.5.1, and 11.6.1-11.6.5.1, the Traffic CVE- Management User Interface (TMUI), 2020- 2020- f5 -- big-ip 10 also referred to as the Configuration 07-01 5902 utility, has a Remote Code Execution MISC (RCE) vulnerability in undisclosed pages.

An issue was discovered in MK-AUTH CVE- 19.01. The web login functionality 2020- allows an attacker to bypass 2020- mk-auth -- mk-auth 7.5 14068 authentication and gain client privileges 06-29 MISC via SQL injection in MISC central/executar_login.php.

CVE- An issue was discovered in MK-AUTH 2020- 19.01. It allows command execution as 2020- mk-auth -- mk-auth 10 14072 root via shell metacharacters to /auth 06-29 MISC admin scripts. MISC

An issue was discovered in MK-AUTH CVE- 19.01. There is authentication bypass in 2020- the web login functionality because 2020- mk-auth -- mk-auth 10 14070 guessable credentials to 06-29 MISC admin/executar_login.php result in MISC admin access.

CVE- 2020- openSIS through 7.4 allows SQL 2020- opensis -- opensis 7.5 13381 Injection. 07-01 MISC MISC

openSIS before 7.4 allows SQL 2020- CVE- opensis -- opensis 7.5 Injection. 07-01 2020- CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

13380 CONFI RM MISC

CVE- In PrestaShop from version 1.6.0.1 and 2020- before version 1.7.6.6, the dashboard 2020- 15082 prestashop -- prestashop allows rewriting all configuration 7.5 07-02 MISC variables. The problem is fixed in CONFI 1.7.6.6 RM

In PrestaShop from version 1.5.0.0 and CVE- before version 1.7.7.6, the authentication 2020- system is malformed and an attacker is 2020- 4074 prestashop -- prestashop 10 able to forge requests and execute admin 07-02 MISC commands. The problem is fixed in CONFI 1.7.7.6. RM

CVE- In SQLite before 3.32.3, select.c 2020- mishandles query-flattener optimization, 2020- 15358 sqlite -- sqlite leading to a multiSelectOrderBy heap 7.5 06-27 MISC overflow because of misuse of transitive MISC properties for constant propagation. MISC

CVE- Stash 1.0.3 allows SQL Injection via the 2020- 2020- stash -- stash 7.5 downloadmp3.php download parameter. 06-26 15311 MISC

CVE- Zyxel CloudCNM SecuManager 3.1.0 2020- zyxel -- 2020- and 3.1.1 has the axiros password for the 7.5 15320 cloudcnm_secumanager 06-29 root account. MISC MISC

Zyxel CloudCNM SecuManager 3.1.0 CVE- zyxel -- 2020- and 3.1.1 has a world-readable 7.5 2020- cloudcnm_secumanager 06-29 axess/opt/axXMPPHandler/config/xmpp 15324 CVS Source Primary Publish S Description & Patch Vendor -- Product ed Scor Info e

_config.py file that stores hardcoded MISC credentials. MISC

Medium Vulnerabilities

CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

Adobe After Effects versions 17.0.1 and earlier have an out-of- CVE- bounds read 2020- 2020-06- adobe -- after_effects vulnerability. 4.3 3809 26 Successful exploitation CONFIR could lead to M information disclosure .

Adobe Bridge versions 10.0.1 and earlier CVE- version have an out-of- 2020- bounds read 2020-06- adobe -- bridge 4.3 9553 vulnerability. 26 CONFIR Successful exploitation M could lead to information disclosure.

Adobe Bridge versions 10.0.1 and earlier CVE- version have an out-of- 2020- bounds read 2020-06- adobe -- bridge 4.3 9557 vulnerability. 26 CONFIR Successful exploitation M could lead to information disclosure. CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

Adobe Bridge versions 10.0.1 and earlier CVE- version have an out-of- 2020- bounds read 2020-06- adobe -- bridge 4.3 9558 vulnerability. 26 CONFIR Successful exploitation M could lead to information disclosure.

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have CVE- an improper access 2020- 2020-06- adobe -- coldfusion control vulnerability. 4.3 3796 26 Successful exploitation CONFIR could lead to system M file structure disclosure.

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have CVE- an insufficient input 2020- validation 2020-06- adobe -- coldfusion 4.3 3767 vulnerability. 26 CONFIR Successful exploitation M could lead to application-level denial-of-service (dos).

ColdFusion versions ColdFusion 2016, and CVE- ColdFusion 2018 have 2020- a dll search-order 2020-06- adobe -- coldfusion 4.4 3768 hijacking vulnerability. 26 CONFIR Successful exploitation M could lead to privilege escalation.

Adobe Digital Editions CVE- 2020-06- adobe -- digital_editions versions 4.5.11.187212 4.3 2020- 26 and below have a file 3798 CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

enumeration (host or CONFIR local network) M vulnerability. Successful exploitation could lead to information disclosure.

Adobe DNG Software Development Kit (SDK) 1.5 and earlier CVE- versions have an out- 2020- adobe -- 2020-06- of-bounds read 5 9627 dng_software_development_kit 26 vulnerability. CONFIR Successful exploitation M could lead to information disclosure.

Adobe DNG Software Development Kit (SDK) 1.5 and earlier CVE- versions have an out- 2020- adobe -- 2020-06- of-bounds read 4.3 9622 dng_software_development_kit 26 vulnerability. CONFIR Successful exploitation M could lead to information disclosure.

Adobe DNG Software Development Kit (SDK) 1.5 and earlier CVE- versions have an out- 2020- adobe -- 2020-06- of-bounds read 4.3 9624 dng_software_development_kit 26 vulnerability. CONFIR Successful exploitation M could lead to information disclosure.

Adobe DNG Software CVE- Development Kit 2020- adobe -- 2020-06- (SDK) 1.5 and earlier 5 9628 dng_software_development_kit 26 versions have an out- CONFIR of-bounds read M CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

vulnerability. Successful exploitation could lead to information disclosure.

Adobe DNG Software Development Kit (SDK) 1.5 and earlier CVE- versions have an out- 2020- adobe -- 2020-06- of-bounds read 4.3 9626 dng_software_development_kit 26 vulnerability. CONFIR Successful exploitation M could lead to information disclosure.

Adobe DNG Software Development Kit (SDK) 1.5 and earlier CVE- versions have an out- 2020- adobe -- 2020-06- of-bounds read 5 9625 dng_software_development_kit 26 vulnerability. CONFIR Successful exploitation M could lead to information disclosure.

Adobe DNG Software Development Kit (SDK) 1.5 and earlier CVE- versions have an out- 2020- adobe -- 2020-06- of-bounds read 4.3 9629 dng_software_development_kit 26 vulnerability. CONFIR Successful exploitation M could lead to information disclosure.

Adobe DNG Software Development Kit CVE- (SDK) 1.5 and earlier 2020- adobe -- 2020-06- versions have an out- 5 9623 dng_software_development_kit 26 of-bounds read CONFIR vulnerability. M Successful exploitation CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

could lead to information disclosure.

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier CVE- have a defense-in- 2020- 2020-06- adobe -- magento depth security 5 9591 26 mitigation CONFIR vulnerability. M Successful exploitation could lead to unauthorized access to admin panel.

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, CVE- and 1.9.4.4 and earlier 2020- 2020-06- adobe -- magento have an observable 6.5 9588 26 timing discrepancy CONFIR vulnerability. M Successful exploitation could lead to signature verification bypass.

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, CVE- and 1.9.4.4 and earlier 2020- 2020-06- adobe -- magento have a stored cross-site 4.3 9577 26 scripting vulnerability. CONFIR Successful exploitation M could lead to sensitive information disclosure . CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), CVE- 1.14.4.4 and earlier, 2020- and 1.9.4.4 and earlier 2020-06- adobe -- magento 4.3 9581 have a stored cross-site 26 CONFIR scripting vulnerability. M Successful exploitation could lead to sensitive information disclosure.

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, CVE- and 1.9.4.4 and earlier 2020- have an authorization 2020-06- adobe -- magento 5 9587 bypass vulnerability. 26 CONFIR Successful exploitation M could lead to potentially unauthorized product discounts.

Adobe Premiere Pro versions 14.1 and CVE- earlier have an out-of- 2020- bounds read 2020-06- adobe -- premiere_pro 4.3 9616 vulnerability. 26 CONFIR Successful exploitation M could lead to information disclosure.

Adobe Premiere Rush versions 1.5.8 and CVE- earlier have an out-of- 2020- bounds read 2020-06- adobe -- premiere_rush 4.3 9617 vulnerability. 26 CONFIR Successful exploitation M could lead to information disclosure. CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

CVE- 2020- A specially crafted 11996 sequence of HTTP/2 MLIST requests sent to Apache CONFIR Tomcat 10.0.0-M1 to M 10.0.0-M5, 9.0.0.M1 to MLIST 9.0.35 and 8.5.0 to MLIST 8.5.55 could trigger 2020-06- MLIST apache -- tomcat high CPU usage for 5 26 MLIST several seconds. If a MLIST sufficient number of MLIST such requests were MLIST made on concurrent MLIST HTTP/2 connections, MLIST the server could MLIST become unresponsive. MLIST MLIST

Path traversal vulnerability in Cybozu CVE- Garoon 4.0.0 to 5.0.1 2020- allows remote 2020-06- cybozu -- garoon 4 5581 authenticated attackers 30 MISC to obtain unintended MISC information via unspecified vectors.

Path traversal vulnerability in Cybozu CVE- Garoon 5.0.0 to 5.0.1 2020- allows attacker with 2020-06- cybozu -- garoon 4 5588 administrator rights to 30 MISC obtain unintended MISC information via unspecified vectors.

CVE- com.docker.vmnetd in 2020- Docker Desktop 2020-06- docker -- docker_desktop 4.6 15360 2.3.0.3 allows privilege 27 MISC escalation because of a MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

lack of client verification.

IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses CVE- weaker than expected 2020- cryptographic 2020-06- 4452 ibm -- api_connect algorithms that could 5 29 XF allow an attacker to CONFIR decrypt highly M sensitive information. IBM X-Force ID: 181324.

IBM Maximo Asset Management 7.6.1.1 is vulnerable to SQL injection. A remote attacker could send CVE- specially-crafted SQL 2019- statements, which 2020-06- 4650 ibm -- maximo_asset_management 6.5 could allow the 26 XF attacker to view, add, CONFIR modify or delete M information in the back-end database. IBM X-Force ID: 170961.

IBM Security Identity Manager Virtual Appliance 7.0.2 CVE- discloses sensitive 2019- ibm -- information to 2020-07- 4705 security_identity_manager_virtual_appl unauthorized users. 4 01 XF iance The information can be CONFIR used to mount further M attacks on the system. IBM X-Force ID: 172015. CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

IBM Security Identity Manager Virtual Appliance 7.0.2 writes CVE- information to log files 2019- ibm -- which can be of a 2020-07- 4706 security_identity_manager_virtual_appl sensitive nature and 4 01 XF iance give valuable guidance CONFIR to an attacker or expose M sensitive user information. IBM X- Force ID: 172016.

IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an CVE- attacker to obtain 2020- sensitive information 2020-06- 4565 ibm -- spectrum_protect_plus due to insecure 4.3 26 XF communications being CONFIR used between the M application and server. IBM X-Force ID: 183935.

In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a CVE- denial of service 2020-06- 2020- jiangmin -- jiangmin_antivirus 4.9 (BSOD) or possibly 26 14955 have unspecified other MISC impact because of not validating input values from IOCtl 0x220440.

An issue was discovered in CVE- Mattermost Mobile 2020- 2020-06- mattermost -- mattermost_mobile_app Apps before 1.31.2 on 5 13891 26 iOS. Unintended third- CONFIR party servers could M sometimes obtain CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

authorization tokens, aka MMSA-2020- 0022.

In MediaInfoLib in MediaArea MediaInfo 20.03, there is a stack- based buffer over-read CVE- in 2020- 2020-06- mediaarea -- mediainfo Streams_Fill_PerStrea 6.8 15395 30 m in MISC Multiple/File_MpegPs. MISC cpp (aka an off-by-one during MpegPs parsing).

IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able CVE- to get the cookie values 2019- by sending a http:// link 2020-07- 4704 mk-auth -- mk-auth 4.3 to a user or by planting 01 XF this link in a site the CONFIR user goes to. The M cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.

An issue was CVE- discovered in MK- 2020- 2020-06- mk-auth -- mk-auth AUTH 19.01. XSS 4.3 14071 29 vulnerabilities in admin MISC and client scripts allow MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

an attacker to execute arbitrary JavaScript code.

An issue was discovered in MK- AUTH 19.01. There are SQL injection issues in mkt/ PHP CVE- scripts, as 2020- 2020-06- mk-auth -- mk-auth demonstrated by 4.6 14069 29 arp.php, dhcp.php, MISC hotspot.php, ip.php, MISC pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php.

NeDi 1.9C is vulnerable to reflected cross-site scripting. The Other- Converter.php file CVE- improperly validates 2020-06- 2020- nedi_consulting -- nedi 4.3 user input. An attacker 26 15016 can exploit this MISC vulnerability by crafting arbitrary JavaScript in the txt GET parameter.

NeDi 1.9C is vulnerable to reflected cross-site scripting. The Devices- CVE- Config.php file 2020-06- 2020- nedi_consulting -- nedi 4.3 improperly validates 26 15017 user input. An attacker MISC can exploit this vulnerability by crafting arbitrary CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

JavaScript in the sta GET parameter.

CVE- openSIS through 7.4 2020- 2020-07- opensis -- opensis allows Directory 5 13383 01 Traversal. MISC MISC

CVE- openSIS through 7.4 2020- 2020-07- opensis -- opensis has Incorrect Access 6.4 13382 01 Control. MISC MISC

In PrestaShop from version 1.7.0.0 and CVE- before version 1.7.6.6, 2020- if a target sends a 2020-07- 15083 prestashop -- prestashop 4.3 corrupted file, it leads 02 MISC to a reflected XSS. The CONFIR problem is fixed in M 1.7.6.6

In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is CVE- information exposure 2020- in the upload directory. 2020-07- 15081 prestashop -- prestashop The problem is fixed in 5 02 MISC version 1.7.6.6. A CONFIR possible workaround is M to add an empty index.php file in the upload directory.

The Nexos theme CVE- through 1.7 for 2020- 2020-06- wordpress -- wordpress WordPress allows top- 4.3 15364 28 map/?search_location= MISC reflected XSS. MISC CVS Source & Primary Publishe S Description Patch Vendor -- Product d Scor Info e

The Nexos theme CVE- through 1.7 for 2020- 2020-06- wordpress -- wordpress WordPress allows side- 5 15363 28 map/?search_order= MISC SQL Injection. MISC

Zyxel CloudCNM SecuManager 3.1.0 and CVE- 3.1.1 has a hardcoded 2020- 2020-06- zyxel -- cloudcnm_secumanager RSA SSH key for the 4.3 15319 29 root account within the MISC /opt/mysql chroot MISC directory tree.

Zyxel CloudCNM CVE- SecuManager 3.1.0 and 2020- 2020-06- zyxel -- cloudcnm_secumanager 3.1.1 has a hardcoded 4.3 15314 29 RSA SSH key for the MISC root account. MISC

Zyxel CloudCNM CVE- SecuManager 3.1.0 and 2020- 2020-06- zyxel -- cloudcnm_secumanager 3.1.1 has a hardcoded 4.3 15313 29 ECDSA SSH key for MISC the root account. MISC

Zyxel CloudCNM CVE- SecuManager 3.1.0 and 2020- 2020-06- zyxel -- cloudcnm_secumanager 3.1.1 has a hardcoded 4.3 15312 29 DSA SSH key for the MISC root account. MISC

Low Vulnerabilities CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), CVE- 1.14.4.4 and earlier, and 1.9.4.4 and 2020- 2020- adobe -- magento earlier have a stored cross-site 3.5 9584 06-26 scripting vulnerability. Successful CONFI exploitation could lead to sensitive RM information disclosure.

Form Builder 2.1.0 for Magento has CVE- multiple XSS issues that can be 2020- exploited against Magento 2 admin 2020- 13423 adobe -- magento 3.5 accounts via the Current_url or 06-29 MISC email field, or the User-Agent MISC HTTP header. MISC

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 CVE- before 8.8.2, and from 8.9.0 before atlassian -- 2020- 2020- 8.9.1 allows remote attackers to 3.5 jira_server_and_data_center 07-01 4024 inject arbitrary HTML or JavaScript MISC via a Cross-Site Scripting (XSS) vulnerability issue attachments with a vnd.wap.xhtml+xml content type.

An elevation of privilege CVE- vulnerability exists in Avast Free 2020- Antivirus and AVG AntiVirus Free 13657 2020- avast -- avast_antivirus before 20.4 due to improperly 2.1 CONFI 06-29 handling hard links. The RM vulnerability allows local users to CONFI take control of arbitrary files. RM

Cross-site scripting vulnerability in CVE- Cybozu Garoon 5.0.0 to 5.0.1 2020- 2020- cybozu -- garoon allows attacker with administrator 3.5 5585 06-30 rights to inject an arbitrary script MISC via unspecified vectors. MISC

Cross-site scripting vulnerability in 2020- CVE- cybozu -- garoon 3.5 Cybozu Garoon 4.10.3 to 5.0.1 06-30 2020- CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

allows attacker with administrator 5586 rights to inject an arbitrary script MISC via unspecified vectors. MISC

IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This CVE- vulnerability allows users to embed 2020- ibm -- arbitrary JavaScript code in the 2020- 4223 3.5 maximo_asset_management Web UI thus altering the intended 06-26 XF functionality potentially leading to CONFI credentials disclosure within a RM trusted session. IBM X-Force ID: 175121.

CVE- IBM Security Identity Manager 2019- ibm -- Virtual Appliance 7.0.2 stores user 2020- 4676 security_identity_manager_virt credentials in plain in clear text 2.1 07-01 XF ual_appliance which can be read by a local user. CONFI IBM X-Force ID: 171512. RM

In the Linux kernel through 5.7.6, CVE- usbtest_disconnect in 2020- 2020- linux -- linux_kernel drivers/usb/misc/usbtest.c has a 2.1 15393 06-29 memory leak, aka CID- MISC 28ebeb8db770. MISC

An issue was discovered in CVE- OpenEXR before 2.5.2. An invalid 2020- tiled input file could cause invalid 15304 memory access in 2020- openexr -- openexr 2.1 MISC TiledInputFile::TiledInputFile() in 06-26 MISC IlmImf/ImfTiledInputFile.cpp, as MISC demonstrated by a NULL pointer MISC dereference.

An issue was discovered in CVE- OpenEXR before 2.5.2. Invalid 2020- 2020- openexr -- openexr 2.1 input could cause a use-after-free in 06-26 15305 DeepScanLineInputFile::DeepScan MISC CV Source Primary Publis SS & Description Vendor -- Product hed Sco Patch re Info

LineInputFile() in MISC IlmImf/ImfDeepScanLineInputFile. MISC cpp. MISC

CVE- An issue was discovered in 2020- OpenEXR before v2.5.2. Invalid 15306 chunkCount attributes could cause a 2020- openexr -- openexr 2.1 MISC heap buffer overflow in 06-26 MISC getChunkOffsetTableSize() in MISC IlmImf/ImfMisc.cpp. MISC

CVE- In PrestaShop from version 1.5.3.0 2020- and before version 1.7.7.6, there is 2020- 11074 prestashop -- prestashop a stored XSS when using the name 3.5 07-02 MISC of a quick access item. The problem CONFI is fixed in 1.7.7.6. RM

Severity Not Yet Assigned

Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Uncontrolled resource consumption vulnerability in Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration CVE- not Tool Ver. 1.94Y and earlier, CW 2020- mitsubishi_electric -- 2020- yet Configurator Ver. 1.010L and 5603 multiple_fa_engineering_software_ 06-30 calcul earlier, EM Software MISC products ated Development Kit (EM MISC Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, M_CommDTM-HART Ver. 1.00A, M_CommDTM-IO-Link Ver. 1.02C and earlier, MELFA- Works Ver. 4.3 and earlier, MELSEC-L Flexible High- Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to cause a denial of service (DoS) condition attacks via unspecified vectors.

An issue was discovered in Activision Infinity Ward Call of Duty Modern Warfare 2 through 2019-12-11. PartyHost_HandleJoinPartyReq not CVE- activision -- uest has a buffer overflow 2020- yet 2019- call_of_duty_modern_warfare_2 vulnerability and can be 06-30 calcul 20893 exploited by using a crafted ated MISC joinParty packet. This can be utilized to conduct arbitrary code execution on a victim's machine. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Apache Guacamole 1.1.0 and older may mishandle pointers involved inprocessing data received via RDP static virtual CVE- channels. If a userconnects to a not 2020- malicious or compromised RDP 2020- yet 9498 apache -- guacamole server, a series ofspecially- 07-02 calcul MLIS crafted PDUs could result in ated T memory corruption, MISC possiblyallowing arbitrary code to be executed with the privileges of therunning guacd process.

Apache Guacamole 1.1.0 and CVE- older do not properly validate 2020- datareceived from RDP servers 9497 via static virtual channels. If a not MLIS userconnects to a malicious or 2020- yet T apache -- guacamole compromised RDP server, 07-02 calcul MLIS specially-craftedPDUs could ated T result in disclosure of MLIS information within the memory T ofthe guacd process handling the MISC connection.

AsrDrv103.sys in the ASRock RGB Driver does not properly not CVE- restrict access from user space, 2020- yet 2020- asrock -- rgb_driver as demonstrated by triggering a 06-29 calcul 15368 triple fault via a request to zero ated MISC CR3.

Atlassian Confluence Server and Data Center before version 7.5.1 allowed remote attackers with not CVE- atlassian -- system administration 2020- yet 2020- confluence_server_and_data_center permissions to bypass velocity 07-01 calcul 4027 template injection mitigations ated MISC via an injection vulnerability in custom user macros. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

The /plugins/servlet/gadgets/makeRe quest resource in Jira before version 8.7.0 allows remote not CVE- attackers to access the content of 2020- yet 2019- atlassian -- jira internal network resources via a 07-01 calcul 20408 Server Side Request Forgery ated MISC (SSRF) vulnerability due to a logic bug in the JiraWhitelist class.

The /servicedesk/customer/portals resource in Jira Service Desk Server and Data Center before not CVE- version 4.10.0 allows remote atlassian -- 2020- yet 2020- attackers with project jira_desk_server_and_data_center 07-01 calcul 14166 administrator privileges to inject ated MISC arbitrary HTML or JavaScript names via an Cross Site Scripting (XSS) vulnerability by uploading a html file.

The /rest/project- templates/1.0/createshared resource in Atlassian Jira Server and Data Center before version not CVE- atlassian -- 8.5.5, from 8.6.0 before 8.7.2, 2020- yet 2020- jira_server_and_data_center and from 8.8.0 before 8.8.1 07-01 calcul 4029 allows remote attackers to ated MISC enumerate project names via an improper authorization vulnerability.

The file upload feature in Atlassian Jira Server and Data Center in affected versions not CVE- atlassian -- allows remote attackers to inject 2020- yet 2020- jira_server_and_data_center arbitrary HTML or JavaScript 07-03 calcul 14173 via a cross site scripting (XSS) ated MISC vulnerability. The affected versions are before version Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to impact the application's availability via not CVE- atlassian -- a Denial of Service (DoS) 2020- yet 2019- jira_server_and_data_center vulnerability on the 06-29 calcul 20413 UserPickerBrowser.jspa page. ated N/A The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

The attachment download resource in Atlassian Jira Server and Data Center The attachment download resource in Atlassian Jira Server and Data Center not CVE- before 8.5.5, and from 8.6.0 atlassian -- 2020- yet 2020- before 8.8.2, and from 8.9.0 jira_server_and_data_center 07-01 calcul 4025 before 8.9.1 allows remote ated MISC attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability issue attachments with a rdf content type.

The quick search component in Atlassian Jira Server and Data not CVE- Center before 8.9.1 allows atlassian -- 2020- yet 2020- remote attackers to inject jira_server_and_data_center 07-01 calcul 14169 arbitrary HTML or JavaScript ated MISC via a Cross-Site Scripting (XSS) vulnerability

The MessageBundleResource not CVE- resource in Jira Server and Data atlassian -- 2020- yet 2020- Center before version 7.13.4, jira_server_and_data_center 07-01 calcul 14167 from 8.5.0 before 8.5.5, from ated MISC 8.8.0 before 8.8.2, and from Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

8.9.0 before 8.9.1 allows remote attackers to impact the application's availability via an Denial of Service (DoS) vulnerability.

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, and not CVE- from 8.9.0 before 8.9.1 allows atlassian -- 2020- yet 2020- remote attackers to inject jira_server_and_data_center 07-01 calcul 4022 arbitrary HTML or JavaScript ated MISC via a Cross-Site Scripting (XSS) vulnerability issue attachments with a mixed multipart content type.

Affected versions of Atlassian Jira Server and Data Center not CVE- allow remote attackers to atlassian -- 2020- yet 2020- achieve template injection via jira_server_and_data_center 07-03 calcul 14172 the Web Resources Manager. ated MISC The affected versions are before version 8.8.1.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate internal services via not CVE- atlassian -- an Information Disclosure 2020- yet 2019- jira_server_and_data_center vulnerability. The vulnerability 07-02 calcul 20417 is only exploitable if WebSudo ated MISC is disabled in Jira. The affected versions are before version 8.4.2.

The email client in Jira Server not CVE- and Data Center before version atlassian -- 2020- yet 2020- 7.13.16, from 8.5.0 before 8.5.7, jira_server_and_data_center 07-01 calcul 14168 from 8.8.0 before 8.8.2, and ated MISC from 8.9.0 before 8.9.1 allows Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle (MITM) vulnerability.

The Convert Sub-Task to Issue page in affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate the following information via an Improper not CVE- atlassian -- Authentication vulnerability: 2020- yet 2019- jira_server_and_data_center Workflow names; Project Key, 06-29 calcul 20412 if it is part of the workflow ated MISC name; Issue Keys; Issue Types; Status Types. The affected versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject not CVE- arbitrary HTML or JavaScript atlassian -- 2020- yet 2019- via a cross site scripting (XSS) jira_server_and_data_center 06-30 calcul 20416 vulnerability in the project ated N/A configuration feature. The affected versions are before version 8.3.0.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to not CVE- atlassian -- execute arbitrary code via a DLL 2020- yet 2019- jira_server_and_data_center hijacking vulnerability in 07-03 calcul 20419 Tomcat. The affected versions ated MISC are before version 8.5.5, and from version 8.6.0 before 8.7.2. atlassian -- Affected versions of Atlassian 2020- not CVE- jira_server_and_data_center Jira Server and Data Center 07-03 yet 2019- Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

allow remote attackers to calcul 20418 prevent users from accessing the ated N/A instance via an Application Denial of Service vulnerability in the /rendering/wiki endpoint. The affected versions are before version 8.8.0.

Atlassian Jira Server and Data Center in affected versions allows remote attackers to not CVE- modify logging and profiling atlassian -- 2020- yet 2019- settings via a cross-site request jira_server_and_data_center 06-30 calcul 20415 forgery (CSRF) vulnerability. ated MISC The affected versions are before version 7.13.3, and from version 8.0.0 before 8.1.0.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript not CVE- atlassian -- via a cross site scripting (XSS) 2020- yet 2019- jira_server_and_data_center vulnerability in Issue Navigator 06-29 calcul 20414 Basic Search. The affected ated MISC versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

The WYSIWYG editor resource in Jira Server and Data Center before version 8.8.2 allows not CVE- remote attackers to inject atlassian -- 2020- yet 2020- arbitrary HTML or JavaScript jira_server_and_data_center 07-01 calcul 14164 names via an Cross Site ated MISC Scripting (XSS) vulnerability by pasting javascript code into the editor field.

The atlassian -- 2020- not CVE- UniversalAvatarResource.getAv jira_server_and_data_center 07-01 yet 2020- atars resource in Jira Server and Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Data Center before version 8.9.0 calcul 14165 allows remote attackers to obtain ated MISC information about custom project avatars names via an Improper authorization vulnerability.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify not CVE- Wallboard settings via a Cross- atlassian -- 2020- yet 2019- site request forgery (CSRF) jira_server_and_data_center 06-29 calcul 20411 vulnerability. The affected ated MISC versions are before version 7.13.9, and from version 8.0.0 before 8.4.2.

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view sensitive information via an not CVE- Information Disclosure atlassian -- 2020- yet 2019- vulnerability in the comment jira_server_and_data_center 06-29 calcul 20410 restriction feature. The affected ated MISC versions are before version 7.6.17, from version 7.7.0 before 7.13.9, and from version 8.0.0 before 8.4.2.

Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative not CVE- baxter -- users from gaining access to the 2020- yet 2020- exactamix_em2400_and_em1200_d operating system and editing the 06-29 calcul 12020 evices application startup script. ated MISC Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The PrismaFlex device contains a hard-coded service password not CVE- baxter -- that provides access to 2020- yet 2020- exactamix_em2400_and_em1200_d biomedical information, device 06-29 calcul 12035 evices settings, calibration settings, and ated MISC network configuration. This could allow an attacker to modify device settings and calibration.

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems store device not CVE- baxter -- data with sensitive information 2020- yet 2020- exactamix_em2400_and_em1200_d in an unencrypted database. This 06-29 calcul 12032 evices could allow an attacker with ated MISC network access to view or modify sensitive data including PHI.

Baxter ExactaMix EM 2400 versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 does not restrict access to the USB interface from an unauthorized user with physical access. Successful exploitation not CVE- baxter -- of this vulnerability may allow 2020- yet 2020- exactamix_em2400_and_em1200_d an attacker with physical access 06-29 calcul 12024 evices to the system the ability to load ated MISC an unauthorized payload or unauthorized access to the hard drive by booting a live USB OS. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Baxter ExactaMix EM 2400 Versions 1.10, 1.11 and ExactaMix EM1200 Versions 1.1, 1.2 systems use cleartext not CVE- baxter -- messages to communicate order 2020- yet 2020- exactamix_em_2400_and_em1200_ information with an order entry 06-29 calcul 12008 devices system. This could allow an ated MISC attacker with network access to view sensitive data including PHI.

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, 1.13, 1.14, ExactaMix EM1200 Versions 1.1, 1.2, 1.4, 1.5, Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13, and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 have hard-coded administrative not CVE- baxter -- account credentials for the 2020- yet 2020- multiple_exactamix_devices ExactaMix application. 06-29 calcul 12012 Successful exploitation of this ated MISC vulnerability may allow an attacker with physical access to gain unauthorized access to view/update system configuration or data. This could impact confidentiality and integrity of the system and risk exposure of sensitive information including PHI.

Baxter ExactaMix EM 2400 & EM 1200, Versions ExactaMix EM2400 Versions 1.10, 1.11, not CVE- 1.13, 1.14, ExactaMix EM1200 baxter -- 2020- yet 2020- Versions 1.1, 1.2, 1.4, 1.5, multiple_exactamix_devices 06-29 calcul 12016 Baxter ExactaMix EM 2400 ated MISC Versions 1.10, 1.11, 1.13, 1.14 and ExactaMix EM1200 Versions 1.1, 1.2, 1.4 and 1.5 Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

have hard-coded administrative account credentials for the ExactaMix operating system. Successful exploitation of this vulnerability may allow an attacker who has gained unauthorized access to system resources, including access to execute software or to view/update files, directories, or system configuration. This could allow an attacker with network access to view sensitive data including PHI.

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when used in not CVE- baxter -- conjunction with a Baxter 2020- yet 2020- multiple_sigma_spectrum_with_wir Spectrum v8.x (model 06-29 calcul 12045 eless_battery 35700BAX2), operates a Telnet ated MISC service on Port 1023 with hard- coded credentials.

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) telnet Command- Line Interface, grants access to sensitive data stored on the not CVE- baxter -- WBM that permits temporary 2020- yet 2020- multiple_sigma_spectrum_with_wir configuration changes to 06-29 calcul 12041 eless_battery network settings of the WBM, ated MISC and allows the WBM to be rebooted. Temporary configuration changes to network settings are removed upon reboot.

The Baxter Spectrum WBM not CVE- baxter -- (v17, v20D29, v20D30, v20D31, 2020- yet 2020- multiple_sigma_spectrum_with_wir and v22D24) when configured 06-29 calcul 12043 eless_battery for wireless networking the FTP ated MISC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

service operating on the WBM remains operational until the WBM is rebooted.

The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24), when used with a not CVE- baxter -- Baxter Spectrum v8.x (model 2020- yet 2020- multiple_sigma_spectrum_with_wir 35700BAX2) in a factory- 06-29 calcul 12047 eless_battery default wireless configuration ated MISC enables an FTP service with hard-coded credentials.

Phoenix Hemodialysis Delivery System SW 3.36 and 3.40, The Phoenix Hemodialysis device does not support data-in-transit encryption (e.g., TLS/SSL) when transmitting treatment and not CVE- baxter -- prescription data on the network 2020- yet 2020- phoenix_hemodialysis_delivery_sys between the Phoenix system and 06-29 calcul 12048 tem the Exalis dialysis data ated MISC management tool. An attacker with access to the network could observe sensitive treatment and prescription data sent between the Phoenix system and the Exalis tool.

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) not CVE- when configured to send 2020- yet 2020- baxter -- prismaflex_devices treatment data to a PDMS 06-29 calcul 12036 (Patient Data Management ated MISC System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Baxter PrismaFlex all versions, PrisMax all versions prior to 3.x, The affected devices do not implement data-in-transit encryption (e.g., TLS/SSL) not CVE- when configured to send 2020- yet 2020- baxter -- prismaflex_devices treatment data to a PDMS 06-29 calcul 12037 (Patient Data Management ated MISC System) or an EMR (Electronic Medical Record) system. An attacker could observe sensitive data sent from the device.

Baxter Sigma Spectrum Infusion Pumps Sigma Spectrum Infusion System v's6.x model 35700BAX & Baxter Spectrum Infusion System v's8.x model not CVE- baxter -- 35700BAX2 contain hardcoded 2020- yet 2020- sigma_spectrum_infusion_pumps_3 passwords when physically 06-29 calcul 12039 5700bax_and_35700bax2 entered on the keypad provide ated MISC access to biomedical menus including device settings, view calibration values, network configuration of Sigma Spectrum WBM if installed.

Sigma Spectrum Infusion System v's6.x (model 35700BAX) and Baxter Spectrum Infusion System Version(s) 8.x (model 35700BAX2) at the application layer uses an unauthenticated not CVE- baxter -- clear-text communication 2020- yet 2020- sigma_spectrum_infusion_pumps_3 channel to send and receive 06-29 calcul 12040 5700bax_and_35700bax2 system status and operational ated MISC data. This could allow an attacker that has circumvented network security measures to view sensitive non-private data or to perform a man-in-the- middle attack. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

CVE- 2020- not 7689 Data is truncated wrong when its 2020- yet bcrypt -- bcrypt MISC length is greater than 255 bytes. 07-01 calcul MISC ated MISC MISC

iBall WRB303N devices allow CVE- CSRF attacks, as demonstrated not 2020- by enabling remote 2020- yet best_it_world -- wrb303n_devices 15043 management, enabling DHCP, 06-29 calcul MISC or modifying the subnet range ated MISC for IP addresses.

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an not CVE- encrypted communication 2020- yet 2019- biotronik -- cardiomessengerii channel. An attacker can 06-29 calcul 18248 disclose the product’s client ated MISC credentials for connecting to the BIOTRONIK Remote Communication infrastructure.

BIOTRONIK CardioMessenger II, The affected products allow credential reuse for multiple authentication purposes. An not CVE- attacker with adjacent access to 2020- yet 2019- biotronik -- cardiomessengerii the CardioMessenger can 06-29 calcul 18252 disclose its credentials used for ated MISC connecting to the BIOTRONIK Remote Communication infrastructure.

BIOTRONIK CardioMessenger not CVE- II, The affected products do not 2020- yet 2019- biotronik -- cardiomessengerii encrypt sensitive information 06-29 calcul 18254 while at rest. An attacker with ated MISC physical access to the Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

CardioMessenger can disclose medical measurement data and the serial number from the implanted cardiac device the CardioMessenger is paired with.

BIOTRONIK CardioMessenger II, The affected products use individual per-device credentials that are stored in a recoverable not CVE- format. An attacker with 2020- yet 2019- biotronik -- cardiomessengerii physical access to the 06-29 calcul 18256 CardioMessenger can use these ated MISC credentials for network authentication and decryption of local data in transit.

BIOTRONIK CardioMessenger II, The affected products do not not CVE- properly enforce mutual 2020- yet 2019- biotronik -- cardiomessengerii_ authentication with the 06-29 calcul 18246 BIOTRONIK Remote ated MISC Communication infrastructure.

A vulnerability in Brocade Network Advisor Version Before 14.3.1 could allow an unauthenticated, remote attacker not CVE- broadcom -- to log in to the JBoss 2020- yet 2018- brocade_network_advisor Administration interface of an 06-29 calcul 6446 affected system using an ated MISC undocumented user credentials and install additional JEE applications.

Reportexpress ProPlus contains CVE- not a vulnerability that could allow 2019- cabsoftware -- 2020- yet an arbitrary code execution by 19160 reportexpress_proplus 06-29 calcul inserted VBscript into the MISC ated configure file(rxp). MISC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

CakePHP before 4.0.6 not CVE- mishandles CSRF token cake_software_foundation -- 2020- yet 2020- generation. This might be cakephp 06-30 calcul 15400 remotely exploitable in ated MISC conjunction with XSS.

The Cellebrite UFED physical device 5.0 through 7.5.0.845 relies on key material hardcoded within both the executable code supporting the decryption process, and within the encrypted files themselves by CVE- using a key enveloping not 2020- technique. The recovered key 2020- yet 14474 cellebrite -- ufed material is the same for every 06-30 calcul MISC device running the same version ated MISC of the software, and does not MISC appear to be changed with each new build. It is possible to reconstruct the decryption process using the hardcoded key material and obtain easy access to otherwise protected data.

A vulnerability in Cisco Digital Network Architecture (DNA) Center could allow an authenticated, remote attacker to view sensitive information in clear text. The vulnerability is due to insecure storage of certain CVE- unencrypted credentials on an not 2020- cisco -- affected device. An attacker 2020- yet 3391 digital_network_architecture_center could exploit this vulnerability 07-02 calcul CISC by viewing the network device ated O configuration and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to use those credentials to discover and manage network devices. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross- site scripting (XSS) attack against a user of the interface. These vulnerabilities are due to insufficient validation of user- CVE- not supplied input that is processed 2020- 2020- yet cisco -- identity_services_engine by the web-based management 3340 07-02 calcul interface. An attacker could CISC ated exploit these vulnerabilities by O injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit these vulnerabilities, an attacker would need valid administrative credentials.

A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications CVE- Manager IM & Presence not 2020- Service, and Cisco Unity 2020- yet cisco -- multiple_products 3282 Connection could allow an 07-02 calcul CISC unauthenticated, remote attacker ated O to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.

A vulnerability in session management for the web-based interface of Cisco Small Business Smart and Managed Switches could allow an unauthenticated, remote attacker to defeat authentication protections and gain unauthorized access to the management interface. The attacker could obtain the privileges of the highjacked CVE- not cisco -- session account, which could 2020- 2020- yet small_business_smart_and_manage include administrator privileges 3297 07-02 calcul d_switches on the device. The vulnerability CISC ated is due to the use of weak entropy O generation for session identifier values. An attacker could exploit this vulnerability to determine a current session identifier through brute force and reuse that session identifier to take over an ongoing session. In this way, an attacker could take actions within the management interface with privileges up to the level of the administrative user.

A vulnerability in the Java not CVE- cisco -- Remote Method Invocation 2020- yet 2020- unified_customer_voice_portal (RMI) interface of Cisco Unified 07-02 calcul 3402 Customer Voice Portal (CVP) ated Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

could allow an unauthenticated, CISC remote attacker to access O sensitive information on an affected device. The vulnerability exists because certain RMI listeners are not properly authenticated. An attacker could exploit this vulnerability by sending a crafted request to the affected listener. A successful exploit could allow the attacker to access sensitive information on an affected device.

A Vulnerability in the firmware of COMMAX WallPad(CDP- CVE- not 1020MB) allow an 2019- 2020- yet commax -- cdp_1020mb_wallpad unauthenticated adjacent 19163 06-30 calcul attacker to execute arbitrary MISC ated code, because of a using the old MISC version of MySQL.

Traefik 2.x, in certain configurations, allows HTTPS sessions to proceed without not CVE- mutual TLS verification in a 2020- yet 2019- containous -- traefik situation where 07-02 calcul 20894 ERR_BAD_SSL_CLIENT_AU ated MISC TH_CERT should have occurred.

In coturn before version 4.5.1.3, CVE- there is an issue whereby 2020- STUN/TURN response buffer is 4067 not initialized properly. There is not MISC a leak of information between 2020- yet coturn -- coturn MISC different client connections. One 06-29 calcul CONF client (an attacker) could use ated IRM their connection to intelligently MLIS query coturn to get interesting T bytes in the padding bytes from Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

the connection of another client. DEBI This has been fixed in 4.5.1.3. AN

Cybozu Garoon 4.0.0 to 5.0.1 CVE- not allow remote authenticated 2020- 2020- yet cybozu -- garoon attackers to obtain unintended 5587 06-30 calcul information via unspecified MISC ated vectors. MISC

CVE- Cybozu Garoon 4.0.0 to 5.0.1 not 2020- allow remote attackers to obtain 2020- yet cybozu -- garoon 5584 unintended information via 06-30 calcul MISC unspecified vectors. ated MISC

Cybozu Garoon 4.0.0 to 5.0.1 CVE- allows remote authenticated not 2020- attackers to bypass access 2020- yet cybozu -- garoon 5583 restriction to obtain 06-30 calcul MISC unauthorized Multi-Report's data ated MISC via unspecified vectors.

Cybozu Garoon 4.0.0 to 5.0.1 CVE- allows remote authenticated not 2020- attackers to bypass access 2020- yet cybozu -- garoon 5582 restriction to alter the data for 06-30 calcul MISC the file attached to Report via ated MISC unspecified vectors.

Cybozu Garoon 4.0.0 to 5.0.1 CVE- allows remote authenticated not 2020- attackers to bypass access 2020- yet cybozu -- garoon 5580 restriction to view and/or alter 06-30 calcul MISC Single sign-on settings via ated MISC unspecified vectors.

Delta Industrial Automation not CVE- delta_electronics -- DOPSoft, Version 4.00.08.15 2020- yet 2020- delta_industrial_automation_dopsof and prior. Opening a specially 06-30 calcul 14482 t crafted project file may overflow ated MISC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.

Ledger Live before 2.7.0 does not handle Bitcoin's Replace- By-Fee (RBF). It increases the user's balance with the value of an unconfirmed transaction as CVE- soon as it is received (before the not 2020- transaction is confirmed) and 2020- yet donjon -- ledger_live 12119 does not decrease the balance 07-02 calcul CONF when it is canceled. As a result, ated IRM users are exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent.

CVE- Envoy version 1.14.2, 1.13.2, not 2020- 1.12.4 or earlier may exhaust file 2020- yet 8663 envoy -- envoy descriptors and/or memory when 07-01 calcul CONF accepting too many connections. ated IRM MISC

Envoy version 1.14.2, 1.13.2, CVE- 1.12.4 or earlier may consume not 2020- excessive amounts of memory 2020- yet 12605 envoy_proxy -- envoy when processing HTTP/1.1 07-01 calcul CONF headers with long field names or ated IRM requests with long URLs. MISC

Envoy version 1.14.2, 1.13.2, CVE- 1.12.4 or earlier may consume not 2020- excessive amounts of memory 2020- yet 12603 envoy_proxy -- envoy when proxying HTTP/2 requests 07-01 calcul CONF or responses with many small ated IRM (i.e. 1 byte) data frames. MISC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier is susceptible to CVE- increased memory usage in the not 2020- case where an HTTP/2 client 2020- yet 12604 envoy_proxy -- envoy requests a large payload but does 07-01 calcul MISC not send enough window ated CONF updates to consume the entire IRM stream and does not reset the stream.

In express-jwt (NPM package) up and including version 5.3.3, the algorithms entry to be specified in the configuration is not being enforced. When algorithms is not specified in the configuration, with the combination of jwks-rsa, it may lead to authorization bypass. CVE- You are affected by this not 2020- vulnerability if all of the 2020- yet 15084 express-jwt -- express-jwt following conditions apply: - 06-30 calcul MISC You are using express-jwt - You ated CONF do not have **algorithms** IRM configured in your express-jwt configuration. - You are using libraries such as jwks-rsa as the **secret**. You can fix this by specifying **algorithms** in the express-jwt configuration. See linked GHSA for example. This is also fixed in version 6.0.0.

In BIG-IP versions 15.0.0- 15.1.0.3, 14.1.0-14.1.2.5, 13.1.0- 13.1.3.3, 12.1.0-12.1.5.1, a not CVE- cross-site request forgery 2020- yet 2020- f5 -- big-ip (CSRF) vulnerability in the 07-01 calcul 5904 Traffic Management User ated MISC Interface (TMUI), also referred to as the Configuration utility, exists in an undisclosed page. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

In versions bundled with BIG-IP not CVE- APM 12.1.0-12.1.5 and 11.6.1- 2020- yet 2020- f5 -- big-ip 11.6.5.2, Edge Client for Linux 07-01 calcul 5908 exposes full session ID in the ated MISC local log files.

In version 11.6.1-11.6.5.2 of the BIG-IP system Configuration not CVE- utility Network > WCCP page, 2020- yet 2020- f5 -- big-ip the system does not sanitize all 07-01 calcul 5905 user-provided data before ated MISC display.

In BIG-IP versions 15.0.0- 15.1.0.3, 14.1.0-14.1.2.5, 13.1.0- not CVE- 13.1.3.3, 12.1.0-12.1.5.1, a 2020- yet 2020- f5 -- big-ip Cross-Site Scripting (XSS) 07-01 calcul 5903 vulnerability exists in an ated MISC undisclosed page of the BIG-IP Configuration utility.

In BIG-IP versions 15.0.0- 15.1.0.3, 14.1.0-14.1.2.3, 13.1.0- 13.1.3.3, 12.1.0-12.1.5.1, and not CVE- 11.6.1-11.6.5.1, an authorized 2020- yet 2020- f5 -- big-ip user provided with access only 07-01 calcul 5907 to the TMOS Shell (tmsh) may ated MISC be able to conduct arbitrary file read/writes via the built-in sftp functionality.

In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1- 11.6.5.2, the BIG-IP system does not properly enforce the not CVE- access controls for the 2020- yet 2020- f5 -- big-ip scp.blacklist files. This allows 07-01 calcul 5906 Admin and Resource Admin ated MISC users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

OCS Inventory NG 2.7 allows CVE- Remote Command Execution 2020- via shell metacharacters to not 14947 require/commandLine/Comman 2020- yet factorfx -- ocs_inventory MISC dLine.php because mib_file in 06-30 calcul MISC plugins/main_sections/ms_confi ated MISC g/ms_snmp_config.php is MISC mishandled in get_mib_oid.

not CVE- ffjpeg through 2020-02-24 has a 2020- yet 2020- ffjpeg -- ffjpeg heap-based buffer overflow in 07-01 calcul 15470 jfif_decode in jfif.c. ated MISC

The table extension in GitHub Flavored Markdown before version 0.29.0.gfm.1 takes O(n * n) time to parse certain inputs. CVE- An attacker could craft a not 2020- markdown table which would 2020- yet 5238 github -- github take an unreasonably long time 07-01 calcul MISC to process, causing a denial of ated CONF service. This issue does not IRM affect the upstream cmark project. The issue has been fixed in version 0.29.0.gfm.1.

"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's not CVE- Oracle Threat (ROBOT) attack. 2020- yet 2017- hcl -- domino An attacker could iteratively 07-01 calcul 1712 query a server running a ated MISC vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions." Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) not CVE- Vulnerability. An attacker could 2020- yet 2017- hcl -- inotes use this vulnerability to steal the 07-01 calcul 1659 victim's cookie-based ated MISC authentication credentials."

HCL Notes is vulnerable to an information leakage vulnerability through its support CVE- for the 'mailto' protocol. This not 2020- vulnerability could result in files 2020- yet hcl -- notes 4089 from the user's filesystem or 06-26 calcul CONF connected network filesystems ated IRM being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected.

A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could allow an unauthenticated, remote attacker CVE- not human_talk -- to cause an arbitrary code 2020- 2020- yet daview_indy_and_dava+_and_daoff execution on an affected 7816 06-30 calcul ice_softwares device.nThe vulnerability is due CONF ated to a stack overflow read. An IRM attacker could exploit this vulnerability by sending a crafted PDF file to an affected device.

IBM Business Automation Workflow 18.0, 19.0, and 20.0 and IBM Business Process CVE- Manager 8.5 and 8.6 are not 2020- ibm -- vulnerable to cross-site 2020- yet 4557 business_automation_workflow scripting. This vulnerability 06-29 calcul XF allows users to embed arbitrary ated CONF JavaScript code in the Web UI IRM thus altering the intended functionality potentially leading Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

to credentials disclosure within a trusted session. IBM X-Force ID: 183611.

IBM DB2 for Linux, UNIX and Windows (includes DB2 CVE- Connect Server) 9.7, 10.1, 10.5, not 2020- ibm -- 11.1, and 11.5 could allow a 2020- yet 4386 db2_for_linux_and_unix_and_wind local user to obtain sensitive 07-01 calcul XF ows information using a race ated CONF condition of a symbolic link. IRM IBM X-Force ID: 179268.

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform CVE- unauthorized actions on the not 2020- ibm -- system, caused by improper 2020- yet 4414 db2_for_linux_and_unix_and_wind usage of shared memory. By 07-01 calcul XF ows sending a specially-crafted ated CONF request, an attacker could exploit IRM this vulnerability to obtain sensitive information or cause a denial of service. IBM X-Force ID: 179989.

IBM DB2 for Linux, UNIX and Windows (includes DB2 CVE- Connect Server) 9.7, 10.1, 10.5, not 2020- ibm -- 11.1, and 11.5 could allow an 2020- yet 4420 db2_for_linux_and_unix_and_wind unauthenticated attacker to cause 07-01 calcul XF ows a denial of service due a hang in ated CONF the execution of a terminate IRM command. IBM X-Force ID: 180076.

IBM DB2 for Linux, UNIX and not CVE- ibm -- Windows (includes DB2 2020- yet 2020- db2_for_linux_and_unix_and_wind Connect Server) 9.7, 10.1, 10.5, 07-01 calcul 4387 ows 11.1, and 11.5 could allow a ated XF Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

local user to obtain sensitive CONF information using a race IRM condition of a symbolic link. IBM X-Force ID: 179269.

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service, caused by CVE- improper handling of Secure not 2020- ibm -- Sockets Layer (SSL) 2020- yet 4355 db2_for_linux_and_unix_and_wind renegotiation requests. By 07-01 calcul XF ows sending specially-crafted ated CONF requests, a remote attacker could IRM exploit this vulnerability to increase the resource usage on the system. IBM X-Force ID: 178507.

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, CVE- 11.1, and 11.5 is vulnerable to a not 2020- ibm -- buffer overflow, caused by 2020- yet 4363 db2_for_linux_and_unix_and_wind improper bounds checking 07-01 calcul XF ows which could allow a local ated CONF attacker to execute arbitrary IRM code on the system with root privileges. IBM X-Force ID: 178960.

IBM MQ, IBM MQ Appliance, CVE- IBM MQ for HPE NonStop not 2020- ibm -- 8.0.4 and 8.1.0 could allow an 2020- yet 4376 mq_and_mq_appliance_and_mq_fo attacker to cause a denial of 07-01 calcul XF r_hpe_nonstop service caused by an error within ated CONF the pubsub logic. IBM X-Force IRM ID: 179081. ifax_solutions -- In HylaFAX+ through 7.0.2 and 2020- not CVE- hylafax+_and_hylafax_enterprise HylaFAX Enterprise, the 06-30 yet 2020- Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

faxsetup utility calls chown on calcul 15396 files in user-owned directories. ated MISC By winning a race, a local MISC attacker could use this to escalate his privileges to root.

HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by CVE- unprivileged users (e.g., not 2020- ifax_solutions -- locations under 2020- yet 15397 hylafax+_and_hylafax_enterprise /var/spool/hylafax that are 06-30 calcul MISC writable by the uucp account). ated MISC This allows these users to execute code in the context of the user calling these binaries (often root).

IOBit Malware Fighter Pro 8.0.2.547 allows local users to not CVE- gain privileges for file deletion 2020- yet 2020- iobit -- malware_fighter_pro by manipulating malicious 06-30 calcul 15401 flagged file locations with an ated MISC NTFS junction and an Object Manager symbolic link.

CVE- Jenkins Link Column Plugin 1.0 2020- and earlier does not filter URLs not 2219 of links created by users with 2020- yet jenkins -- jenkins MLIS View/Configure permission, 07-02 calcul T resulting in a stored cross-site ated CONF scripting vulnerability. IRM

CVE- Jenkins Sonargraph Integration 2020- Plugin 3.0.0 and earlier does not not 2201 escape the file path for the Log 2020- yet jenkins -- jenkins MLIS file field form validation, 07-02 calcul T resulting in a stored cross-site ated CONF scripting vulnerability. IRM Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

A cross-site request forgery CVE- vulnerability in Jenkins Zephyr 2020- for JIRA Test Management not 2215 Plugin 1.5 and earlier allows 2020- yet jenkins -- jenkins MLIS attackers to connect to an 07-02 calcul T attacker-specified HTTP server ated CONF using attacker-specified IRM username and password.

A missing permission check in Jenkins Zephyr for JIRA Test CVE- Management Plugin 1.5 and 2020- not earlier allows attackers with 2216 2020- yet jenkins -- jenkins Overall/Read permission to MLIS 07-02 calcul connect to an attacker-specified T ated HTTP server using attacker- CONF specified username and IRM password.

Jenkins Compatibility Action CVE- Storage Plugin 1.0 and earlier 2020- does not escape the content not 2217 coming from the MongoDB in 2020- yet jenkins -- jenkins MLIS the testConnection form 07-02 calcul T validation endpoint, resulting in ated CONF a reflected cross-site scripting IRM (XSS) vulnerability.

Jenkins TestComplete support CVE- Plugin 2.4.1 and earlier stores a 2020- password unencrypted in job not 2209 config.xml files on the Jenkins 2020- yet jenkins -- jenkins MLIS master where it can be viewed 07-02 calcul T by users with Extended Read ated CONF permission, or access to the IRM master file system.

Jenkins Slack Upload Plugin 1.7 CVE- not and earlier stores a secret 2020- 2020- yet jenkins -- jenkins unencrypted in job config.xml 2208 07-02 calcul files on the Jenkins master MLIS ated where it can be viewed by users T Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

with Extended Read permission, CONF or access to the master file IRM system.

A missing permission check in CVE- Jenkins Fortify on Demand 2020- not Plugin 6.0.0 and earlier in form- 2202 2020- yet jenkins -- jenkins related methods allowed users MLIS 07-02 calcul with Overall/Read access to T ated enumerate credentials ID of CONF credentials stored in Jenkins. IRM

Jenkins HP ALM Quality Center CVE- Plugin 1.6 and earlier stores a 2020- not password unencrypted in its 2218 2020- yet jenkins -- jenkins global configuration file on the MLIS 07-02 calcul Jenkins master where it can be T ated viewed by users with access to CONF the master file system. IRM

Jenkins Stash Branch Parameter CVE- Plugin 0.3.0 and earlier 2020- not transmits configured passwords 2210 2020- yet jenkins -- jenkins in plain text as part of its global MLIS 07-02 calcul Jenkins configuration form, T ated potentially resulting in their CONF exposure. IRM

Jenkins VncRecorder Plugin CVE- 1.25 and earlier does not escape 2020- a tool path in the not 2205 `checkVncServ` form validation 2020- yet jenkins -- jenkins MLIS endpoint, resulting in a stored 07-02 calcul T cross-site scripting (XSS) ated CONF vulnerability exploitable by IRM Jenkins administrators.

Jenkins GitHub Coverage not CVE- Reporter Plugin 1.8 and earlier 2020- yet 2020- jenkins -- jenkins stores secrets unencrypted in its 07-02 calcul 2212 global configuration file on the ated MLIS Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Jenkins master where they can T be viewed by users with access CONF to the master file system or read IRM permissions on the system configuration.

Jenkins ZAP Pipeline Plugin 1.9 CVE- and earlier programmatically 2020- not disables Content-Security-Policy 2214 2020- yet jenkins -- jenkins protection for user-generated MLIS 07-02 calcul content in workspaces, archived T ated artifacts, etc. that Jenkins offers CONF for download. IRM

Jenkins White Source Plugin 19.1.1 and earlier stores CVE- credentials unencrypted in its 2020- global configuration file and in not 2213 job config.xml files on the 2020- yet jenkins -- jenkins MLIS Jenkins master where they can 07-02 calcul T be viewed by users with ated CONF Extended Read permission IRM (config.xml), or access to the master file system.

Jenkins ElasticBox Jenkins CVE- Kubernetes CI/CD Plugin 1.3 2020- not and earlier does not configure its 2211 2020- yet jenkins -- jenkins YAML parser to prevent the MLIS 07-02 calcul instantiation of arbitrary types, T ated resulting in a remote code CONF execution vulnerability. IRM

Jenkins VncViewer Plugin 1.7 CVE- and earlier does not escape a 2020- not parameter value in the 2207 2020- yet jenkins -- jenkins checkVncServ form validation MLIS 07-02 calcul endpoint, resulting in a reflected T ated cross-site scripting (XSS) CONF vulnerability. IRM Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Jenkins VncRecorder Plugin CVE- 1.25 and earlier does not escape 2020- not a parameter value in the 2206 2020- yet jenkins -- jenkins checkVncServ form validation MLIS 07-02 calcul endpoint, resulting in a reflected T ated cross-site scripting (XSS) CONF vulnerability. IRM

A cross-site request forgery CVE- vulnerability in Jenkins Fortify 2020- on Demand Plugin 5.0.1 and not 2203 earlier allows attackers to 2020- yet jenkins -- jenkins MLIS connect to the globally 07-02 calcul T configured Fortify on Demand ated CONF endpoint using attacker- IRM specified credentials IDs.

A missing permission check in Jenkins Fortify on Demand CVE- Plugin 5.0.1 and earlier allows 2020- not attackers with Overall/Read 2204 2020- yet jenkins -- jenkins permission to connect to the MLIS 07-02 calcul globally configured Fortify on T ated Demand endpoint using CONF attacker-specified credentials IRM IDs.

CVE- not 2020- The Journal theme before 3.1.0 2020- yet 15478 journal -- journal for OpenCart allows exposure of 07-01 calcul MISC sensitive data via SQL errors. ated MISC MISC

An issue was discovered in server.js in TileServer GL through 3.0.0. The content of the not CVE- key GET parameter is reflected 2020- yet 2020- klokan_technologies -- tileserver_gl unsanitized in an HTTP 07-01 calcul 15500 response for the application's ated MISC main page, causing reflected XSS. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

A cross-site scripting vulnerability exists in koa- CVE- shopify-auth v3.1.61-v3.1.62 not 2020- koa-shopify-auth -- koa-shopify- that allows an attacker to inject 2020- yet 8176 auth JS payloads into the `shop` 07-02 calcul MISC parameter on the ated MISC `/shopify/auth/enable_cookies` endpoint.

An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools not CVE- 20. A specially crafted ANI file 2020- yet 2020- lead_technologies -- leadtools can cause a buffer overflow 07-01 calcul 6089 resulting in remote code ated MISC execution. An attacker can provide a malicious file to trigger this vulnerability.

LibRaw before 0.20-Beta3 has CVE- an out-of-bounds write in not 2020- parse_exif() in 2020- yet libraw -- libraw 15365 metadata\exif_gps.cpp via an 06-28 calcul MISC unrecognized AtomName and a ated MISC zero value of tiff_nifds.

LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects CVE- decoders/unpack_thumb.cpp, not 2020- postprocessing/mem_image.cpp, 2020- yet 15503 libraw -- libraw and utils/thumb_utils.cpp. For 07-02 calcul MISC example, ated MISC malloc(sizeof(libraw_processed MISC _image_t)+T.tlength) occurs without validating T.tlength.

It was discovered that CVE- not websockets.c in LibVNCServer 2017- 2020- yet libvncserver -- libvncserver prior to 0.9.12 did not properly 18922 06-30 calcul decode certain WebSocket MLIS ated frames. A malicious attacker T Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

could exploit this by sending MISC specially crafted WebSocket MISC frames to a server, causing a MISC heap-based buffer overflow.

An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code execution without user interaction. An attacker could retrieve the AWS key from the firmware and obtain full control CVE- over Linkplay's AWS estate, not 2019- including S3 buckets containing linkplay_technology -- 2020- yet 15310 device firmware. When multiple_devices 07-01 calcul MISC combined with an OS command ated MISC injection vulnerability within the MISC XML Parsing logic of the firmware update process, an attacker would be able to gain code execution on any device that attempted to update. Note that by default all devices tested had automatic updates enabled.

CVE- php/exec/escapeshellarg in not 2020- Locutus PHP through 2.0.11 2020- yet 13619 locutus -- locutus allows an attacker to achieve 07-01 calcul MISC code execution. ated MISC MISC

CVE- not XSS exists in the WebForms Pro 2020- 2020- yet magento -- magento M2 extension before 2.9.17 for 12635 06-29 calcul Magento 2 via the textarea field. MISC ated MISC

The web interface of Maipu not CVE- MP1800X-50 7.5.3.14(R) 2020- yet 2020- maipu -- mp_1800x_50_devices devices allows remote attackers 06-29 calcul 13896 to obtain sensitive information ated MISC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime. This is similar to CVE-2019-1653.

This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform CVE- not encryption to improve transfer 2020- mavlink -- 2020- yet (and reception speed) and 10281 micro_air_vehicle_link_protocol 07-03 calcul efficiency by design. The CONF ated increasing popularity of the IRM protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic.

The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) CVE- whichs leads to a variety of not 2020- mavlink -- attacks including identity 2020- yet 10282 micro_air_vehicle_link_protocol spoofing, unauthorized access, 07-03 calcul CONF PITM attacks and more. ated IRM According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable.

Exposure of Sensitive Information in McAfee Network Security Management (NSM) not CVE- prior to 10.1.7.7 allows local mcafee -- 2020- yet 2020- users to gain unauthorised network_security_management 07-03 calcul 7284 access to the root account via ated MISC execution of carefully crafted commands from the restricted command line interface (CLI).

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to CVE- delete files the user would not 2020- otherwise not have access to via 2020- yet mcafee -- total_protection 7281 manipulating symbolic links to 07-03 calcul CONF redirect a McAfee delete action ated IRM to an unintended file. This is achieved through running a malicious script or program on the target machine.

Privilege Escalation CVE- not vulnerability in McAfee Total 2020- 2020- yet mcafee -- total_protection Protection (MTP) before 7282 07-03 calcul 16.0.R26 allows local users to CONF ated delete files the user would IRM Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to CVE- not create and edit files via symbolic 2020- 2020- yet mcafee -- total_protection link manipulation in a location 7283 07-03 calcul they would otherwise not have CONF ated access to. This is achieved IRM through running a malicious script or program on the target machine.

In Saleor Storefront before version 2.10.3, request data used to authenticate customers was inadvertently cached in the browser's local storage mechanism, including CVE- credentials. A malicious user 2020- not with direct access to the browser 15085 2020- yet mirumee -- saleor_storefront could extract the email and MISC 06-30 calcul password. In versions prior to MISC ated 2.10.0 persisted the cache even CONF after the user logged out. This is IRM fixed in version 2.10.3. A workaround is to manually clear application data (browser's local storage) after logging into Saleor Storefront.

An issue was discovered in not CVE- MISP 2.4.128. 2020- yet 2020- misp -- misp app/Controller/EventsController. 06-30 calcul 15412 php lacks an event ACL check ated MISC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

before proceeding to allow a user to send an event contact form.

An issue was discovered in MISP 2.4.128. not CVE- app/Controller/AttributesControl 2020- yet 2020- misp -- misp ler.php has insufficient ACL 06-30 calcul 15411 checks in the attachment ated MISC downloader.

Mitsubishi Electoric FA Engineering Software (CPU Module Logging Configuration Tool Ver. 1.94Y and earlier, CW Configurator Ver. 1.010L and earlier, EM Software Development Kit (EM Configurator) Ver. 1.010L and earlier, GT Designer3 (GOT2000) Ver. 1.221F and earlier, GX LogViewer Ver. 1.96A and earlier, GX Works2 Ver. 1.586L and earlier, GX Works3 Ver. 1.058L and earlier, CVE- M_CommDTM-HART Ver. not mitsubishi_electric -- 2020- 1.00A, M_CommDTM-IO-Link 2020- yet multiple_fa_engineering_software_ 5602 Ver. 1.02C and earlier, MELFA- 06-30 calcul products MISC Works Ver. 4.3 and earlier, ated MISC MELSEC-L Flexible High- Speed I/O Control Module Configuration Tool Ver.1.004E and earlier, MELSOFT FieldDeviceConfigurator Ver. 1.03D and earlier, MELSOFT iQ AppPortal Ver. 1.11M and earlier, MELSOFT Navigator Ver. 2.58L and earlier, MI Configurator Ver. 1.003D and earlier, Motion Control Setting Ver. 1.005F and earlier, MR Configurator2 Ver. 1.72A and earlier, MT Works2 Ver. 1.156N Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

and earlier, RT ToolBox2 Ver. 3.72A and earlier, and RT ToolBox3 Ver. 1.50C and earlier) allows an attacker to conduct XML External Entity (XXE) attacks via unspecified vectors.

Monsta FTP 2.10.1 or below allows external control of paths CVE- used in filesystem operations. not 2020- This allows attackers to read and 2020- yet monsta -- monsta_ftp 14057 write arbitrary local files, 07-01 calcul MISC allowing an attacker to gain ated MISC remote code execution in common deployments.

Monsta FTP 2.10.1 or below is prone to a server-side request CVE- forgery vulnerability due to not 2020- insufficient restriction of the 2020- yet monsta -- monsta_ftp 14056 web fetch functionality. This 07-01 calcul MISC allows attackers to read arbitrary ated MISC local files and interact with arbitrary third-party services.

Monsta FTP 2.10.1 or below is CVE- not prone to a stored cross-site 2020- 2020- yet monsta -- monsta_ftp scripting vulnerability in the 14055 07-01 calcul language setting due to MISC ated insufficient output encoding. MISC

CVE- The issue occurs because not 2020- tagName user input is formatted 2020- yet 7688 mversion -- mversion inside the exec function is 07-01 calcul MISC executed without any checks. ated MISC MISC

Chrome Extension for e-Tax 2020- not CVE- national_tax_agency -- e-tax Reception System Ver1.0.0.0 06-30 yet 2020- Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

allows remote attackers to calcul 5601 execute an arbitrary command ated MISC via unspecified vectors. MISC

NeDi 1.9C is vulnerable to Remote Command Execution. System-Snapshot.php improperly escapes shell metacharacters from a POST not CVE- request. An attacker can exploit 2020- yet 2020- nedi_consulting -- nedi this by crafting an arbitrary 06-29 calcul 14412 payload (any system commands) ated MISC that contains shell metacharacters via a POST request with a psw parameter. (This can also be exploited via CSRF.)

NeDi 1.9C is vulnerable to Remote Command Execution. pwsec.php improperly escapes shell metacharacters from a POST request. An attacker can not CVE- exploit this by crafting an 2020- yet 2020- nedi_consulting -- nedi arbitrary payload (any system 06-29 calcul 14414 commands) that contains shell ated MISC metacharacters via a POST request with a pw parameter. (This can also be exploited via CSRF.)

NeDi 1.9C is vulnerable to XSS because of an incorrect implementation of sanitize() in inc/libmisc.php. This function not CVE- attempts to escape the SCRIPT 2020- yet 2020- nedi_consulting -- nedi tag from user-controllable 06-29 calcul 14413 values, but can be easily ated MISC bypassed, as demonstrated by an onerror attribute of an IMG element as a Devices- Config.php?sta= value. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

The NetApp HCI H610S Baseboard Management Controller (BMC) is shipped with a documented default account and password that not CVE- netapp -- should be changed during the 2020- yet 2020- hci_h610s_baseboard_management initial node setup. During 06-29 calcul 8573 _controller upgrades to Element 11.8 and ated MISC 12.0 the H610S BMC account password is reset to the default documented value which allows remote attackers to cause a Denial of Service (DoS).

CVE- Improper access control in not 2020- Nextcloud Deck 1.0.0 allowed 2020- yet nextcloud -- nextcloud_deck 8179 an attacker to inject tasks into 07-02 calcul MISC other users decks. ated MISC

In NGINX Controller 3.0.0- 3.4.0, recovery code required to change a user's password is transmitted and stored in the database in plain text, which not CVE- allows an attacker who can 2020- yet 2020- nginx -- nginx intercept the database 07-01 calcul 5899 connection or have read access ated MISC to the database, to request a password reset using the email address of another registered user then retrieve the recovery code.

In versions 3.0.0-3.4.0, 2.0.0- 2.9.0, and 1.0.1, there is not CVE- insufficient cross-site request 2020- yet 2020- nginx -- nginx forgery (CSRF) protections for 07-01 calcul 5900 the NGINX Controller user ated MISC interface. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

In NGINX Controller 3.3.0- 3.4.0, undisclosed API endpoints may allow for a reflected Cross not CVE- Site Scripting (XSS) attack. If 2020- yet 2020- nginx -- nginx the victim user is logged in as 07-01 calcul 5901 admin this could result in a ated MISC complete compromise of the system.

In versions 3.0.0-3.5.0, 2.0.0- 2.9.0, and 1.0.1, when users run not CVE- the command displayed in 2020- yet 2020- nginx -- nginx NGINX Controller user interface 07-02 calcul 5909 (UI) to fetch the agent installer, ated MISC the server TLS certificate is not verified.

In versions 3.0.0-3.5.0, 2.0.0- 2.9.0, and 1.0.1, the Neural Autonomic Transport System not CVE- (NATS) messaging services in 2020- yet 2020- nginx -- nginx use by the NGINX Controller do 07-02 calcul 5910 not require any form of ated MISC authentication, so any successful connection would be authorized.

In versions 3.0.0-3.5.0, 2.0.0- 2.9.0, and 1.0.1, the NGINX not CVE- Controller installer starts the 2020- yet 2020- nginx -- nginx download of Kubernetes 07-02 calcul 5911 packages from an HTTP URL ated MISC On Debian/Ubuntu system.

Nozomi Guardian before 19.0.4 allows attackers to achieve not CVE- stored XSS (in the web front 2020- yet 2020- nozomi_networks -- guardian end) by leveraging the ability to 06-30 calcul 15307 create a custom field with a ated MISC crafted field name. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Nozomi Networks OS before not CVE- 19.0.4 allows 2020- yet 2020- nozomi_networks -- guardian_os /#/network?tab=network_node_l 06-30 calcul 7049 ist.html CSV Injection. ated MISC

In nDPI through 3.2, the Oracle CVE- not protocol dissector has a heap- 2020- 2020- yet ntop -- ndpi based buffer over-read in 15476 07-01 calcul ndpi_search_oracle in MISC ated lib/protocols/oracle.c. MISC

In nDPI through 3.2, the packet not CVE- parsing code is vulnerable to a 2020- yet 2020- ntop -- ndpi heap-based buffer over-read in 07-01 calcul 15471 ndpi_parse_packet_line_info in ated MISC lib/ndpi_main.c.

In nDPI through 3.2, not CVE- ndpi_reset_packet_line_info in 2020- yet 2020- ntop -- ndpi lib/ndpi_main.c omits certain 07-01 calcul 15475 reinitialization, leading to a use- ated MISC after-free.

In nDPI through 3.2, there is a not CVE- stack overflow in 2020- yet 2020- ntop -- ndpi extractRDNSequence in 07-01 calcul 15474 lib/protocols/tls.c. ated MISC

In nDPI through 3.2, the OpenVPN dissector is not CVE- vulnerable to a heap-based 2020- yet 2020- ntop -- ndpi buffer over-read in 07-01 calcul 15473 ndpi_search_openvpn in ated MISC lib/protocols/openvpn.c.

In nDPI through 3.2, the H.323 not CVE- dissector is vulnerable to a heap- 2020- yet 2020- ntop -- ndpi based buffer over-read in 07-01 calcul 15472 ndpi_search_h323 in ated MISC lib/protocols/h323.c, as Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

demonstrated by a payload packet length that is too short.

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software does not restrict or incorrectly restricts operations within the boundaries of a CVE- not resource that is accessed by 2020- 2020- yet nvidia -- virtual_gpu_manager using an index or pointer, such 5968 06-30 calcul as memory or files, which may CONF ated lead to code execution, denial of IRM service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input CVE- not data size is not validated, which 2020- 2020- yet nvidia -- virtual_gpu_manager may lead to tampering or denial 5970 06-30 calcul of service. This affects vGPU CONF ated version 8.x (prior to 8.4), IRM version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which it validates a shared resource CVE- not before using it, creating a race 2020- 2020- yet nvidia -- virtual_gpu_manager condition which may lead to 5969 06-30 calcul denial of service or information CONF ated disclosure. This affects vGPU IRM version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which local pointer variables are not CVE- not initialized and may be freed 2020- 2020- yet nvidia -- virtual_gpu_manager later, which may lead to 5972 06-30 calcul tampering or denial of service. CONF ated This affects vGPU version 8.x IRM (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms CVE- such as indexes or pointers that not 2020- reference memory locations after 2020- yet nvidia -- virtual_gpu_manager 5971 the targeted buffer, which may 06-30 calcul CONF lead to code execution, denial of ated IRM service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).

NVIDIA Virtual GPU Manager CVE- and the guest drivers contain a 2020- vulnerability in vGPU plugin, in 5973 which there is the potential to not CONF execute privileged operations, 2020- yet nvidia -- virtual_gpu_manager IRM which may lead to denial of 06-30 calcul UBU service. This affects vGPU ated NTU version 8.x (prior to 8.4), UBU version 9.x (prior to 9.4) and NTU version 10.x (prior to 10.3).

In OAuth2 Proxy from version not CVE- 5.1.1 and less than version 6.0.0, 2020- yet 2020- oauth2_proxy -- oauth2_proxy users can provide a redirect 06-29 calcul 4037 address for the proxy to send the ated MISC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

authenticated user to at the end CONF of the authentication flow. This IRM is expected to be the original URL that the user was trying to access. This redirect URL is checked within the proxy and validated before redirecting the user to prevent malicious actors providing redirects to potentially harmful sites. This has been fixed in version 6.0.0.

Little Snitch version 4.5.1 and older changed ownership of a not CVE- directory path controlled by the objective_development_software -- 2020- yet 2020- user. This allowed the user to little_snitch 06-30 calcul 13095 escalate to root by linking the ated MISC path to a directory containing code executed by root.

In October from version 1.0.319 CVE- and before version 1.0.467, 2020- not pasting content copied from 4061 2020- yet october -- october_cms malicious websites into the MISC 07-02 calcul Froala richeditor could result in CONF ated a successful self-XSS attack. IRM This has been fixed in 1.0.467. MISC

The client side in OpenSSH 5.7 through 8.3 has an Observable Discrepancy leading to an CVE- information leak in the not 2020- algorithm negotiation. This 2020- yet openbsd -- openssh 14145 allows man-in-the-middle 06-29 calcul MISC attackers to target initial ated MISC connection attempts (where no host key for the server has been cached by the client).

jp2/opj_decompress.c in CVE- 2020- not openjpeg -- openjpeg OpenJPEG through 2.3.1 has a 2020- 06-29 yet use-after-free that can be 15389 Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

triggered if there is a mix of calcul MISC valid and invalid files in a ated MISC directory operated on by the decompressor. Triggering a double-free may also be possible. This is related to calling opj_image_destroy twice.

When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS CVE- not 9.0 versions earlier than PAN- 2020- 2020- yet palo_alto_networks -- pan-os OS 9.0.9; PAN-OS 8.1 versions 2021 06-29 calcul earlier than PAN-OS 8.1.15, and CONF ated all versions of PAN-OS 8.0 IRM (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM- Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/U I:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/U I:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/U I:N/S:C/C:H/I:H/A:H). Palo Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Alto Networks is not aware of any malicious attempts to exploit this vulnerability.

not CVE- Persian VIP Download Script persian_vip_download_script -- 2020- yet 2020- 1.0 allows SQL Injection via the persian_vip_download_script 07-01 calcul 15468 cart_edit.php active parameter. ated MISC

mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier CVE- not is vulnerable to out-of-bounds 2020- phoenix_contact -- 2020- yet read remote code execution. 12498 pc_worx_and_pc_worx_express 07-01 calcul Manipulated PC Worx projects CONF ated could lead to a remote code IRM execution due to insufficient input data validation.

PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 CVE- not and earlier can lead to a stack- 2020- phoenix_contact -- 2020- yet based overflow. Manipulated PC 12497 pc_worx_and_pc_worx_express 07-01 calcul Worx projects could lead to a CONF ated remote code execution due to IRM insufficient input data validation.

CVE- In PowerDNS Recursor versions 2020- not up to and including 4.3.1, 4.2.2 14196 2020- yet powerdns -- recursor and 4.1.16, the ACL restricting CONF 07-01 calcul access to the internal web server IRM ated is not properly enforced. CONF IRM

In PrestaShop from version not CVE- 1.7.4.0 and before version 2020- yet 2020- prestashop -- prestashop 1.7.6.6, some files should not be 07-02 calcul 15080 in the release archive, and others ated MISC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

should not be accessible. The CONF problem is fixed in version IRM 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.

In PrestaShop from version CVE- 1.5.0.0 and before version not 2020- 1.7.6.6, there is improper access 2020- yet 15079 prestashop -- prestashop control in Carrier page, Module 07-02 calcul MISC Manager and Module Positions. ated CONF The problem is fixed in version IRM 1.7.6.6

In Presto before version 337, authenticated users can bypass authorization checks by directly accessing internal APIs. This impacts Presto server installations with secure internal communication configured. This does not affect installations that CVE- have not configured secure not 2020- internal communication, as these 2020- yet 15087 presto -- presto installations are inherently 06-30 calcul CONF insecure. This only affects ated IRM Presto server installations. This MISC does NOT affect clients such as the CLI or JDBC driver. This vulnerability has been fixed in version 337. Additionally, this issue can be mitigated by blocking network access to internal APIs on the coordinator and workers.

PuTTY 0.68 through 0.73 has an not CVE- Observable Discrepancy leading 2020- yet 2020- putty -- putty to an information leak in the 06-29 calcul 14002 algorithm negotiation. This ated MISC allows man-in-the-middle Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

attackers to target initial MISC connection attempts (where no MISC host key for the server has been cached by the client).

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is CVE- embedded in a native not 2020- application. This occurs because 2020- yet python -- python 15523 python3X.dll may use an invalid 07-04 calcul MISC search path for python3.dll ated MISC loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.

CVE- In QEMU 4.2.0, a not 2020- MemoryRegionOps object may 2020- yet 15469 qemu -- qemu lack read/write callback 07-02 calcul CONF methods, leading to a NULL ated IRM pointer dereference. MISC

This improper access control vulnerability in Helpdesk allows attackers to get control of QNAP Kayako service. Attackers can CVE- not access the sensitive data on 2020- 2020- yet qnap -- kayako_service QNAP Kayako server with API 2500 07-01 calcul keys. We have replaced the API CONF ated key to mitigate the vulnerability, IRM and already fixed the issue in Helpdesk 3.0.1 and later versions. Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

A directory traversal vulnerability exists in rack < CVE- 2.2.0 that allows an attacker not 2020- perform directory traversal 2020- yet rack -- rack 8161 vulnerability in the 07-02 calcul MISC Rack::Directory app that is ated MISC bundled with Rack which could result in information disclosure.

A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The CVE- vulnerability is related to the 2020- injection of HTTP headers via a not 10753 CORS ExposeHeader tag. The 2020- yet SUSE red_hat -- ceph_storage_radosgw newline character in the 06-26 calcul CONF ExposeHeader tag in the CORS ated IRM configuration file generates a FEDO header injection in the response RA when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue.

The is a code injection CVE- vulnerability in versions of Rails not 2020- prior to 5.0.1 that wouldallow an 2020- yet ruby_on_rails -- ruby_on_rails 8163 attacker who controlled the 07-02 calcul MISC `locals` argument of a `render` ated MISC call to perform a RCE.

A denial of service vulnerability CVE- not exists in Rails <6.0.3.2 that 2020- 2020- yet ruby_on_rails -- ruby_on_rails allowed an untrusted user to run 8185 07-02 calcul any pending migrations on a MISC ated Rails app running in production. MISC

A CSRF forgery vulnerability CVE- exists in rails < 5.2.5, rails < not 2020- 6.0.4 that makes it possible for 2020- yet ruby_on_rails -- ruby_on_rails 8166 an attacker to, given a global 07-02 calcul MISC CSRF token such as the one ated MISC present in the authenticity_token Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

meta tag, forge a per-form CSRF token.

SAP Solution Manager (Trace Analysis), version 7.20, allows CVE- not an attacker to perform a log 2020- 2020- yet sap -- solution_manager injection into the trace file, due 6261 07-01 calcul to Incomplete XML Validation. MISC ated The readability of the trace file MISC is impaired.

Sophos XG Firewall 17.x through v17.5 MR12 allows a CVE- Buffer Overflow and remote not 2020- code execution via the HTTP/S 2020- yet sophos -- xg_firewall 15069 Bookmarks feature for clientless 06-29 calcul CONF access. Hotfix HF062020.1 was ated IRM published for all firewalls running v17.x.

An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and CVE- the default certificate validation 2020- helper are vulnerable to a Denial not 14058 of Service when opening a TLS 2020- yet squid -- squid CONF connection to an attacker- 06-30 calcul IRM controlled server for HTTPS. ated MISC This occurs because MISC unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string.

An issue was discovered in CVE- Squid 5.x before 5.0.3. Due to not 2020- an Incorrect Synchronization, a 2020- yet 14059 squid -- squid Denial of Service can occur 06-30 calcul CONF when processing objects in an ated IRM SMP cache because of an MISC Ipc::Mem::PageStack::pop ABA Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

problem during access to the memory page/slot management list.

An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x CVE- before 5.0.3. A Request 2020- Smuggling and Poisoning attack not 15049 can succeed against the HTTP 2020- yet squid -- squid MISC cache. The client sends an HTTP 06-30 calcul MISC request with a Content-Length ated CONF header containing "+\ "-" or an IRM uncommon shell whitespace character prefix to the length field-value.

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of kopano-spamd of openSUSE Leap 15.1, openSUSE CVE- Tumbleweed allowed local not 2020- attackers with the privileges of 2020- yet suse -- multiple_products 8014 the kopano user to escalate to 06-29 calcul CONF root. This issue affects: ated IRM openSUSE Leap 15.1 kopano- spamd versions prior to 10.0.5- lp151.4.1. openSUSE Tumbleweed kopano-spamd versions prior to 10.0.5-1.1.

A UNIX Symbolic Link (Symlink) Following vulnerability in the packaging of CVE- syslog-ng of SUSE Linux not 2020- Enterprise Debuginfo 11-SP3, 2020- yet suse -- multiple_products 8019 SUSE Linux Enterprise 06-29 calcul CONF Debuginfo 11-SP4, SUSE Linux ated IRM Enterprise Module for Legacy Software 12, SUSE Linux Enterprise Point of Sale 11-SP3, Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Linux Enterprise Server for SAP 12- SP1; openSUSE Backports SLE- 15-SP1, openSUSE Leap 15.1 allowed local attackers controlling the user news to escalate their privileges to root. This issue affects: SUSE Linux Enterprise Debuginfo 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Debuginfo 11-SP4 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Module for Legacy Software 12 syslog-ng versions prior to 3.6.4-12.8.1. SUSE Linux Enterprise Point of Sale 11-SP3 syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server 11-SP4- LTSS syslog-ng versions prior to 2.0.9-27.34.40.5.1. SUSE Linux Enterprise Server for SAP 12-SP1 syslog-ng versions prior to 3.6.4-12.8.1. openSUSE Backports SLE-15-SP1 syslog- ng versions prior to 3.19.1- bp151.4.6.1. openSUSE Leap 15.1 syslog-ng versions prior to 3.19.1-lp151.3.6.1.

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise CVE- Storage 5, SUSE Linux not 2020- Enterprise Server 12-SP2-BCL, 2020- yet 8022 suse -- multiple_products SUSE Linux Enterprise Server 06-29 calcul SUSE 12-SP2-LTSS, SUSE Linux ated CONF Enterprise Server 12-SP3-BCL, IRM SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12- SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2- LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53- 29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12- SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12- SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35- 3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user CVE- not uucp to users calling hylafax 2020- 2020- yet suse -- multiple_products binaries. This issue affects: 8024 06-29 calcul openSUSE Leap 15.2 hylafax+ CONF ated versions prior to 7.0.2-lp152.2.1. IRM openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2- 2.1.

A External Control of File Name or Path vulnerability in osc of SUSE Linux Enterprise Module for Development Tools 15, SUSE Linux Enterprise Software Development Kit 12- SP5, SUSE Linux Enterprise Software Development Kit 12- CVE- SP4; openSUSE Leap 15.1, not 2019- openSUSE Factory allowed 2020- yet suse -- multiple_products 3681 remote attackers that can change 06-29 calcul CONF downloaded packages to ated IRM overwrite arbitrary files. This issue affects: SUSE Linux Enterprise Module for Development Tools 15 osc versions prior to 0.169.1-3.20.1. SUSE Linux Enterprise Software Development Kit 12- SP5 osc versions prior to Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

0.162.1-15.9.1. SUSE Linux Enterprise Software Development Kit 12-SP4 osc versions prior to 0.162.1-15.9.1. openSUSE Leap 15.1 osc versions prior to 0.169.1- lp151.2.15.1. openSUSE Factory osc versions prior to 0.169.0 .

An XSS vulnerability exists in the Webmail component of CVE- Zimbra Collaboration Suite 2020- before 8.8.15 Patch 11. It allows not 13653 synacor -- an attacker to inject executable 2020- yet MISC zimbra_collaboration_suite JavaScript into the account name 07-02 calcul CONF of a user's profile. The injected ated IRM code can be reflected and MISC executed when changing an e- MISC mail signature.

TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run CVE- for some time and restart it 2020- not (**without changing 15091 2020- yet tendermint -- tendermint chainID**). A malicious block MISC 07-02 calcul proposer (even with a minimal MISC ated amount of stake) can use this CONF vulnerability to completely halt IRM the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit.

wifiscanner.js in thingsSDK not CVE- WiFi Scanner 1.0.1 allows Code 2020- yet 2020- thingsdk -- wifi_scanner Injection because it can be used 06-29 calcul 15362 with options to overwrite the ated MISC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

default executable/binary path and its arguments. An attacker can abuse this functionality to execute arbitrary code.

The MFT Browser file transfer client and MFT Browser admin client components of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer Internet Server contain a vulnerability that theoretically allows an attacker to craft an URL that will execute arbitrary CVE- commands on the affected not 2020- system. If the attacker convinces 2020- yet tibco_software -- multiple_products 9413 an authenticated user with a 06-30 calcul CONF currently active session to enter ated IRM or click on the URL the commands will be executed on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

The MFT admin service component of TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center and TIBCO Managed File Transfer CVE- not Internet Server contains a 2020- 2020- yet tibco_software -- multiple_products vulnerability that theoretically 9414 06-30 calcul allows an authenticated user CONF ated with specific permissions to IRM obtain the session identifier of another user. The session identifier when replayed could provide administrative rights or Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

file transfer permissions to the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Managed File Transfer Command Center: versions 8.2.1 and below and TIBCO Managed File Transfer Internet Server: versions 8.2.1 and below.

CyMiInstaller322 ActiveX which runs MIPLATFORM downloads files required to run applications. A vulnerability in CVE- not downloading files by 2019- 2020- yet tobesoft -- cymiinstaller322 CyMiInstaller322 ActiveX 19161 06-30 calcul caused by an attacker to MISC ated download randomly generated MISC DLL files and MIPLATFORM to load those DLLs due to insufficient verification.

Nexacro14/17 ExtCommonApiV13 Library CVE- under 2019.9.6 version contain a 2020- vulnerability that could allow not 7820 tobesoft -- remote attacker to execute 2020- yet CONF nexacro14/17_excommonapiv13 arbitrary code by setting the 07-02 calcul IRM arguments to the vulnerable API. ated CONF This can be leveraged for code IRM execution by rebooting the victim’s PC

Nexacro14/17 ExtCommonApiV13 Library CVE- under 2019.9.6 version contain a 2020- not vulnerability that could allow 7821 tobesoft -- 2020- yet remote attacker to execute CONF nexacro14/17_excommonapiv13 07-02 calcul arbitrary code by modifying the IRM ated value of registry path. This can CONF be leveraged for code execution IRM by rebooting the victim’s PC Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine CVE- Pro/UNVR respectively that not 2020- fixes vulnerabilities found on 2020- yet 8188 unifi -- protect Protect firmware v1.13.2, 07-02 calcul MISC v1.14.9 and prior according to ated MISC the description below:View only MISC users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.

VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication not CVE- veeam_software -- before 10 has no device object 2020- yet 2020- veeam_availability_suite DACL, which allows 07-03 calcul 15518 unprivileged users to achieve ated MISC total control over filesystem I/O requests.

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 not CVE- devices. Multiple shell 2020- yet 2020- wavlink -- wl-wn530hg4_devices metacharacter injection 07-01 calcul 15489 vulnerabilities exist in CGI ated MISC scripts, leading to remote code execution with root privileges.

An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 not CVE- devices. Multiple buffer 2020- yet 2020- wavlink -- wl-wn530hg4_devices overflow vulnerabilities exist in 07-01 calcul 15490 CGI scripts, leading to remote ated MISC code execution with root privileges. (The set of affected Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

scripts is similar to CVE-2020- 12266.)

In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) CVE- allows local users to cause a not 2020- windows_cleaning_assistant -- denial of service (BSOD) or 2020- yet 14957 windows_cleaning_assistant possibly have unspecified other 06-30 calcul MISC impact because of not validating ated MISC input values from IOCtl 0x223CCD.

In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) CVE- allows local users to cause a not 2020- windows_cleaning_assistant -- denial of service (BSOD) or 2020- yet 14956 windows_cleaning_assistant possibly have unspecified other 06-30 calcul MISC impact because of not validating ated MISC input values from IOCtl 0x223CCA.

CVE- The CodePeople Payment Form not 2020- for PayPal Pro plugin before 2020- yet 14092 wordpress -- wordpress 1.1.65 for WordPress allows 07-02 calcul MISC SQL Injection. ated MISC MISC

The xrdp-sesman service before version 0.9.13.1 can be crashed by connecting over port 3350 and supplying a malicious CVE- payload. Once the xrdp-sesman 2020- process is dead, an unprivileged not 4044 attacker on the server could then 2020- yet xrdp-sesman -- xrdp-sesman MISC proceed to start their own 06-30 calcul MISC imposter sesman service ated CONF listening on port 3350. This will IRM allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials. For Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well.

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is a Zolo Halo DNS rebinding attack. The CVE- device was found to be not 2019- vulnerable to DNS rebinding. 2020- yet 15312 zolo -- halo_devices Combined with one of the many 07-01 calcul MISC /httpapi.asp endpoint command- ated MISC execution security issues, the MISC DNS rebinding attack could allow an attacker to compromise the victim device from the Internet.

An issue was discovered on Zolo Halo devices via the Linkplay firmware. There is Zolo Halo CVE- LAN remote code execution. not 2019- The Zolo Halo Bluetooth 2020- yet 15311 zolo -- halo_devices speaker had a GoAhead web 07-01 calcul MISC server listening on the port 80. ated MISC The /httpapi.asp endpoint of the MISC GoAhead web server was also vulnerable to multiple command execution vulnerabilities.

Zyxel CloudCNM SecuManager CVE- not 3.1.0 and 3.1.1 has a hardcoded 2020- 2020- yet zyxel -- cloudcnm_secumanager DSA SSH key for the root 15315 06-29 calcul account within the /opt/axess MISC ated chroot directory tree. MISC

Zyxel CloudCNM SecuManager CVE- 2020- not zyxel -- cloudcnm_secumanager 3.1.0 and 3.1.1 has the 2020- 06-29 yet cloud1234 password for the 15323 Sourc CVS Primary Publi e & Description S Vendor -- Product shed Patch Score Info

a1@chopin account default calcul MISC credentials. ated MISC

Zyxel CloudCNM SecuManager CVE- not 3.1.0 and 3.1.1 has a hardcoded 2020- 2020- yet zyxel -- cloudcnm_secumanager DSA SSH key for the root 15318 06-29 calcul account within the /opt/mysql MISC ated chroot directory tree. MISC

Zyxel CloudCNM SecuManager CVE- not 3.1.0 and 3.1.1 has a hardcoded 2020- 2020- yet zyxel -- cloudcnm_secumanager ECDSA SSH key for the root 15316 06-29 calcul account within the /opt/axess MISC ated chroot directory tree. MISC

Zyxel CloudCNM SecuManager CVE- not 3.1.0 and 3.1.1 has a hardcoded 2020- 2020- yet zyxel -- cloudcnm_secumanager RSA SSH key for the root 15317 06-29 calcul account within the /opt/axess MISC ated chroot directory tree. MISC

CVE- Zyxel CloudCNM SecuManager not 2020- 3.1.0 and 3.1.1 has the axzyxel 2020- yet zyxel -- cloudcnm_secumanager 15321 password for the livedbuser 06-29 calcul MISC account. ated MISC

Zyxel CloudCNM SecuManager CVE- not 3.1.0 and 3.1.1 has the 2020- 2020- yet zyxel -- cloudcnm_secumanager wbboEZ4BN3ssxAfM 15322 06-29 calcul hardcoded password for the MISC ated debian-sys-maint account. MISC