BULLETIN (SB20-188) VULNERABILITY SUMMARY FOR THE WEEK OF 29TH JUNE, 2020

Bulletin (SB20-188) Vulnerability Summary for the Week of June 29, 2020

Cybernetic GI Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team, is sponsored by The NVD. For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities are based on the CVE vulnerability naming standard and determined by the Common Vulnerability Scoring System (CVSS) standard. They are organized according to severity, by the division of high, medium and low severities correspond to the following scores: High- Vulnerabilities will be labeled High severity if they have a CVSS base score of 7.0 - 10.0. Medium - Vulnerabilities will be labeled Medium severity if they have a CVSS base score of 4.0. 6.9 - Low - Vulnerabilities will be labeled Low severity if they have a CVSS base score of 0.0 - 3.9. Entries may include additional information provided by organizations and efforts sponsored by Cybernetic GI. This data may include identifying information, values, definitions, and related links. The patch information is provided to users when available. Please note that some of the information in the bulletin is compiled from external, open source reports and is not a direct result of Cybernetic GI analysis . The NCCIC Weekly Vulnerability Summary Bulletin is created using information from the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD). In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.

High Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

adobe -- bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- use after free vulnerability. Successful exploitation could 9566 lead to arbitrary code execution . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- out-of-bounds write vulnerability. Successful exploitation 9564 could lead to arbitrary code execution . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have a 2020-06-26 9.3 CVE-2020- heap overflow vulnerability. Successful exploitation could 9562 lead to arbitrary code execution. CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- out-of-bounds write vulnerability. Successful exploitation 9569 could lead to arbitrary code execution . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have a 2020-06-26 9.3 CVE-2020- memory corruption vulnerability. Successful exploitation 9568 could lead to arbitrary code execution . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- out-of-bounds write vulnerability. Successful exploitation 9565 could lead to arbitrary code execution . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- use after free vulnerability. Successful exploitation could 9567 lead to arbitrary code execution . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have a 2020-06-26 9.3 CVE-2020- heap overflow vulnerability. Successful exploitation could 9563 lead to arbitrary code execution. CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- out-of-bounds write vulnerability. Successful exploitation 9559 could lead to arbitrary code execution . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- out-of-bounds write vulnerability. Successful exploitation 9560 could lead to arbitrary code execution . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- out-of-bounds write vulnerability. Successful exploitation 9556 could lead to arbitrary code execution . CONFIRM

High Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have a 2020-06-26 9.3 CVE-2020- stack-based buffer overflow vulnerability. Successful 9555 exploitation could lead to arbitrary code execution. CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- out-of-bounds write vulnerability. Successful exploitation 9554 could lead to arbitrary code execution . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06-26 9.3 CVE-2020- out-of-bounds write vulnerability. Successful exploitation 9561 could lead to arbitrary code execution . CONFIRM

adobe -- versions 3.2 and earlier have a 2020-06-26 9.3 CVE-2020- character_animator buffer overflow vulnerability. Successful exploitation could 9586 lead to arbitrary code execution. CONFIRM

adobe -- Adobe DNG Development Kit (SDK) 1.5 and earlier 2020-06-26 9.3 CVE-2020- dng_software_devel versions have a heap overflow vulnerability. Successful 9589 opment_kit exploitation could lead to arbitrary code execution. CONFIRM

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and earlier 2020-06-26 9.3 CVE-2020- dng_software_devel versions have a heap overflow vulnerability. Successful 9590 opment_kit exploitation could lead to arbitrary code execution. CONFIRM

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and earlier 2020-06-26 9.3 CVE-2020- dng_software_devel versions have a heap overflow vulnerability. Successful 9620 opment_kit exploitation could lead to arbitrary code execution. CONFIRM

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and earlier 2020-06-26 9.3 CVE-2020- dng_software_devel versions have a heap overflow vulnerability. Successful 9621 opment_kit exploitation could lead to arbitrary code execution. CONFIRM

adobe -- illustrator versions 24.0.2 and earlier have a 2020-06-26 9.3 CVE-2020- memory corruption vulnerability. Successful exploitation 9573 could lead to arbitrary code execution. CONFIRM

adobe -- illustrator Adobe Illustrator versions 24.0.2 and earlier have a 2020-06-26 9.3 CVE-2020- memory corruption vulnerability. Successful exploitation 9574 could lead to arbitrary code execution . CONFIRM

adobe -- illustrator Adobe Illustrator versions 24.0.2 and earlier have a 2020-06-26 9.3 CVE-2020- memory corruption vulnerability. Successful exploitation 9572 could lead to arbitrary code execution. CONFIRM

adobe -- illustrator Adobe Illustrator versions 24.0.2 and earlier have a 2020-06-26 9.3 CVE-2020- memory corruption vulnerability. Successful exploitation 9571 could lead to arbitrary code execution. CONFIRM

High Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

adobe -- illustrator Adobe Illustrator versions 24.0.2 and earlier have a 2020-06-26 9.3 CVE-2020- memory corruption vulnerability. Successful exploitation 9570 could lead to arbitrary code execution . CONFIRM

adobe -- Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 7.5 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9585 defense-in-depth security mitigation vulnerability. CONFIRM Successful exploitation could lead to arbitrary code execution.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 7.5 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9576 command injection vulnerability. Successful exploitation CONFIRM could lead to arbitrary code execution.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 7.5 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9582 command injection vulnerability. Successful exploitation CONFIRM could lead to arbitrary code execution.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 7.5 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9583 command injection vulnerability. Successful exploitation CONFIRM could lead to arbitrary code execution.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 7.5 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9580 security mitigation bypass vulnerability. Successful CONFIRM exploitation could lead to arbitrary code execution.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 10 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9631 security mitigation bypass vulnerability. Successful CONFIRM exploitation could lead to arbitrary code execution.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 7.5 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9578 command injection vulnerability. Successful exploitation CONFIRM could lead to arbitrary code execution.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 7.5 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9630 business logic error vulnerability. Successful exploitation CONFIRM could lead to privilege escalation.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 10 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9632 security mitigation bypass vulnerability. Successful CONFIRM exploitation could lead to arbitrary code execution.

High Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see 2020-06-26 7.5 CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 9579 security mitigation bypass vulnerability. Successful CONFIRM exploitation could lead to arbitrary code execution.

draytek -- On DrayTek Vigor3900, Vigor2960, and Vigor300B devices 2020-06-30 7.5 CVE-2020- multiple_devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows 15415 remote command execution via shell metacharacters in a MISC filename when the text/x-python-script content type is MISC used, a different issue than CVE-2020-14472.

f5 -- big-ip In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0- 2020-07-01 10 CVE-2020- 13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, the Traffic 5902 Management User Interface (TMUI), also referred to as the MISC Configuration utility, has a Remote Code Execution (RCE) vulnerability in undisclosed pages.

mk-auth -- mk-auth An issue was discovered in MK-AUTH 19.01. The web login 2020-06-29 7.5 CVE-2020- functionality allows an attacker to bypass authentication 14068 and gain client privileges via SQL injection in MISC central/executar_login.php. MISC

mk-auth -- mk-auth An issue was discovered in MK-AUTH 19.01. It allows 2020-06-29 10 CVE-2020- command execution as root via shell metacharacters to 14072 /auth admin scripts. MISC MISC

mk-auth -- mk-auth An issue was discovered in MK-AUTH 19.01. There is 2020-06-29 10 CVE-2020- authentication bypass in the web login functionality 14070 because guessable credentials to MISC admin/executar_login.php result in admin access. MISC

opensis -- opensis openSIS through 7.4 allows SQL Injection. 2020-07-01 7.5 CVE-2020- 13381 MISC MISC

opensis -- opensis openSIS before 7.4 allows SQL Injection. 2020-07-01 7.5 CVE-2020- 13380 CONFIRM MISC

prestashop -- In PrestaShop from version 1.6.0.1 and before version 2020-07-02 7.5 CVE-2020- prestashop 1.7.6.6, the dashboard allows rewriting all configuration 15082 variables. The problem is fixed in 1.7.6.6 MISC CONFIRM

prestashop -- In PrestaShop from version 1.5.0.0 and before version 2020-07-02 10 CVE-2020- prestashop 1.7.7.6, the authentication system is malformed and an 4074

High Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

attacker is able to forge requests and execute admin MISC commands. The problem is fixed in 1.7.7.6. CONFIRM

sqlite -- sqlite In SQLite before 3.32.3, select.c mishandles query-flattener 2020-06-27 7.5 CVE-2020- optimization, leading to a multiSelectOrderBy heap 15358 overflow because of misuse of transitive properties for MISC constant propagation. MISC MISC

stash -- stash Stash 1.0.3 allows SQL Injection via the downloadmp3.php 2020-06-26 7.5 CVE-2020- download parameter. 15311 MISC

zyxel -- Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the 2020-06-29 7.5 CVE-2020- cloudcnm_secuman axiros password for the root account. 15320 ager MISC MISC

zyxel -- Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world- 2020-06-29 7.5 CVE-2020- cloudcnm_secuman readable 15324 ager axess/opt/axXMPPHandler/config/xmpp_config.py file that MISC stores hardcoded credentials. MISC

Medium Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

adobe -- after_effects versions 17.0.1 and earlier have an 2020-06- 4.3 CVE-2020- out-of-bounds read vulnerability. Successful exploitation 26 3809 could lead to information disclosure . CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06- 4.3 CVE-2020- out-of-bounds read vulnerability. Successful exploitation 26 9553 could lead to information disclosure. CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06- 4.3 CVE-2020- out-of-bounds read vulnerability. Successful exploitation 26 9557 could lead to information disclosure. CONFIRM

adobe -- bridge Adobe Bridge versions 10.0.1 and earlier version have an 2020-06- 4.3 CVE-2020- out-of-bounds read vulnerability. Successful exploitation 26 9558 could lead to information disclosure. CONFIRM

adobe -- coldfusion ColdFusion versions ColdFusion 2016, and ColdFusion 2020-06- 4.3 CVE-2020- 2018 have an improper access control vulnerability. 26 3796 Successful exploitation could lead to system file structure CONFIRM disclosure.

adobe -- coldfusion ColdFusion versions ColdFusion 2016, and ColdFusion 2020-06- 4.3 CVE-2020- 2018 have an insufficient input validation vulnerability. 26 3767 Successful exploitation could lead to application-level CONFIRM denial-of-service (dos).

adobe -- coldfusion ColdFusion versions ColdFusion 2016, and ColdFusion 2020-06- 4.4 CVE-2020- 2018 have a dll search-order hijacking vulnerability. 26 3768 Successful exploitation could lead to privilege escalation. CONFIRM

adobe -- versions 4.5.11.187212 and below 2020-06- 4.3 CVE-2020- digital_editions have a file enumeration (host or local network) 26 3798 vulnerability. Successful exploitation could lead to CONFIRM information disclosure.

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and 2020-06- 5 CVE-2020- dng_software_develo earlier versions have an out-of-bounds read vulnerability. 26 9627 pment_kit Successful exploitation could lead to information CONFIRM disclosure.

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and 2020-06- 4.3 CVE-2020- dng_software_develo earlier versions have an out-of-bounds read vulnerability. 26 9622 pment_kit Successful exploitation could lead to information CONFIRM disclosure.

Medium Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and 2020-06- 4.3 CVE-2020- dng_software_develo earlier versions have an out-of-bounds read vulnerability. 26 9624 pment_kit Successful exploitation could lead to information CONFIRM disclosure.

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and 2020-06- 5 CVE-2020- dng_software_develo earlier versions have an out-of-bounds read vulnerability. 26 9628 pment_kit Successful exploitation could lead to information CONFIRM disclosure.

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and 2020-06- 4.3 CVE-2020- dng_software_develo earlier versions have an out-of-bounds read vulnerability. 26 9626 pment_kit Successful exploitation could lead to information CONFIRM disclosure.

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and 2020-06- 5 CVE-2020- dng_software_develo earlier versions have an out-of-bounds read vulnerability. 26 9625 pment_kit Successful exploitation could lead to information CONFIRM disclosure.

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and 2020-06- 4.3 CVE-2020- dng_software_develo earlier versions have an out-of-bounds read vulnerability. 26 9629 pment_kit Successful exploitation could lead to information CONFIRM disclosure.

adobe -- Adobe DNG Software Development Kit (SDK) 1.5 and 2020-06- 5 CVE-2020- dng_software_develo earlier versions have an out-of-bounds read vulnerability. 26 9623 pment_kit Successful exploitation could lead to information CONFIRM disclosure.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier 2020-06- 5 CVE-2020- (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier 26 9591 have a defense-in-depth security mitigation vulnerability. CONFIRM Successful exploitation could lead to unauthorized access to admin panel.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier 2020-06- 6.5 CVE-2020- (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier 26 9588 have an observable timing discrepancy vulnerability. CONFIRM Successful exploitation could lead to signature verification bypass.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier 2020-06- 4.3 CVE-2020- (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier 26 9577 have a stored cross-site scripting vulnerability. Successful CONFIRM exploitation could lead to sensitive information disclosure .

Medium Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier 2020-06- 4.3 CVE-2020- (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier 26 9581 have a stored cross-site scripting vulnerability. Successful CONFIRM exploitation could lead to sensitive information disclosure.

adobe -- magento Magento versions 2.3.4 and earlier, 2.2.11 and earlier 2020-06- 5 CVE-2020- (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier 26 9587 have an authorization bypass vulnerability. Successful CONFIRM exploitation could lead to potentially unauthorized product discounts.

adobe -- premiere_pro versions 14.1 and earlier have an 2020-06- 4.3 CVE-2020- out-of-bounds read vulnerability. Successful exploitation 26 9616 could lead to information disclosure. CONFIRM

adobe -- Adobe Premiere Rush versions 1.5.8 and earlier have an 2020-06- 4.3 CVE-2020- premiere_rush out-of-bounds read vulnerability. Successful exploitation 26 9617 could lead to information disclosure. CONFIRM

apache -- tomcat A specially crafted sequence of HTTP/2 requests sent to 2020-06- 5 CVE-2020- Apache Tomcat 10.0.0-M1 to 10.0.0-M5, 9.0.0.M1 to 26 11996 9.0.35 and 8.5.0 to 8.5.55 could trigger high CPU usage MLIST for several seconds. If a sufficient number of such CONFIRM requests were made on concurrent HTTP/2 connections, MLIST the server could become unresponsive. MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST MLIST

cybozu -- garoon Path traversal vulnerability in Cybozu Garoon 4.0.0 to 2020-06- 4 CVE-2020- 5.0.1 allows remote authenticated attackers to obtain 30 5581 unintended information via unspecified vectors. MISC MISC

cybozu -- garoon Path traversal vulnerability in Cybozu Garoon 5.0.0 to 2020-06- 4 CVE-2020- 5.0.1 allows attacker with administrator rights to obtain 30 5588 unintended information via unspecified vectors. MISC MISC

docker -- com.docker.vmnetd in Docker Desktop 2.3.0.3 allows 2020-06- 4.6 CVE-2020- docker_desktop privilege escalation because of a lack of client 27 15360 verification. MISC MISC

Medium Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

ibm -- api_connect IBM API Connect V2018.4.1.0 through 2018.4.1.11 uses 2020-06- 5 CVE-2020- weaker than expected cryptographic algorithms that 29 4452 could allow an attacker to decrypt highly sensitive XF information. IBM X-Force ID: 181324. CONFIRM

ibm -- IBM Maximo Asset Management 7.6.1.1 is vulnerable to 2020-06- 6.5 CVE-2019- maximo_asset_manag SQL injection. A remote attacker could send specially- 26 4650 ement crafted SQL statements, which could allow the attacker XF to view, add, modify or delete information in the back- CONFIRM end database. IBM X-Force ID: 170961.

ibm -- IBM Security Identity Manager Virtual Appliance 7.0.2 2020-07- 4 CVE-2019- security_identity_man discloses sensitive information to unauthorized users. 01 4705 ager_virtual_applianc The information can be used to mount further attacks on XF e the system. IBM X-Force ID: 172015. CONFIRM

ibm -- IBM Security Identity Manager Virtual Appliance 7.0.2 2020-07- 4 CVE-2019- security_identity_man writes information to log files which can be of a sensitive 01 4706 ager_virtual_applianc nature and give valuable guidance to an attacker or XF e expose sensitive user information. IBM X-Force ID: CONFIRM 172016.

ibm -- IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could 2020-06- 4.3 CVE-2020- spectrum_protect_plu allow an attacker to obtain sensitive information due to 26 4565 s insecure communications being used between the XF application and server. IBM X-Force ID: 183935. CONFIRM

jiangmin -- In Jiangmin Antivirus 16.0.13.129, the driver file 2020-06- 4.9 CVE-2020- jiangmin_antivirus (KVFG.sys) allows local users to cause a denial of service 26 14955 (BSOD) or possibly have unspecified other impact MISC because of not validating input values from IOCtl 0x220440.

mattermost -- An issue was discovered in Mattermost Mobile Apps 2020-06- 5 CVE-2020- mattermost_mobile_a before 1.31.2 on iOS. Unintended third-party servers 26 13891 pp could sometimes obtain authorization tokens, aka CONFIRM MMSA-2020-0022.

mediaarea -- In MediaInfoLib in MediaArea MediaInfo 20.03, there is a 2020-06- 6.8 CVE-2020- mediainfo stack-based buffer over-read in Streams_Fill_PerStream 30 15395 in Multiple/File_MpegPs.cpp (aka an off-by-one during MISC MpegPs parsing). MISC

mk-auth -- mk-auth IBM Security Identity Manager Virtual Appliance 7.0.2 2020-07- 4.3 CVE-2019- does not set the secure attribute on authorization tokens 01 4704 or session cookies. Attackers may be able to get the XF cookie values by sending a http:// link to a user or by CONFIRM planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X- Force ID: 172014.

Medium Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

mk-auth -- mk-auth An issue was discovered in MK-AUTH 19.01. XSS 2020-06- 4.3 CVE-2020- vulnerabilities in admin and client scripts allow an 29 14071 attacker to execute arbitrary JavaScript code. MISC MISC

mk-auth -- mk-auth An issue was discovered in MK-AUTH 19.01. There are 2020-06- 4.6 CVE-2020- SQL injection issues in mkt/ PHP scripts, as demonstrated 29 14069 by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, MISC pgcorte.php, pppoe.php, queues.php, and wifi.php. MISC

nedi_consulting -- NeDi 1.9C is vulnerable to reflected cross-site scripting. 2020-06- 4.3 CVE-2020- nedi The Other-Converter.php file improperly validates user 26 15016 input. An attacker can exploit this vulnerability by MISC crafting arbitrary JavaScript in the txt GET parameter.

nedi_consulting -- NeDi 1.9C is vulnerable to reflected cross-site scripting. 2020-06- 4.3 CVE-2020- nedi The Devices-Config.php file improperly validates user 26 15017 input. An attacker can exploit this vulnerability by MISC crafting arbitrary JavaScript in the sta GET parameter.

opensis -- opensis openSIS through 7.4 allows Directory Traversal. 2020-07- 5 CVE-2020- 01 13383 MISC MISC

opensis -- opensis openSIS through 7.4 has Incorrect Access Control. 2020-07- 6.4 CVE-2020- 01 13382 MISC MISC

prestashop -- In PrestaShop from version 1.7.0.0 and before version 2020-07- 4.3 CVE-2020- prestashop 1.7.6.6, if a target sends a corrupted file, it leads to a 02 15083 reflected XSS. The problem is fixed in 1.7.6.6 MISC CONFIRM

prestashop -- In PrestaShop from version 1.5.0.0 and before 1.7.6.6, 2020-07- 5 CVE-2020- prestashop there is information exposure in the upload directory. 02 15081 The problem is fixed in version 1.7.6.6. A possible MISC workaround is to add an empty index.php file in the CONFIRM upload directory.

wordpress -- The Nexos theme through 1.7 for WordPress allows top- 2020-06- 4.3 CVE-2020- wordpress map/?search_location= reflected XSS. 28 15364 MISC MISC

wordpress -- The Nexos theme through 1.7 for WordPress allows side- 2020-06- 5 CVE-2020- wordpress map/?search_order= SQL Injection. 28 15363 MISC MISC

Medium Vulnerabilities

Primary Description Published CVSS Source & Vendor -- Product Score Patch Info

zyxel -- Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a 2020-06- 4.3 CVE-2020- cloudcnm_secumanag hardcoded RSA SSH key for the root account within the 29 15319 er /opt/mysql chroot directory tree. MISC MISC

zyxel -- Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a 2020-06- 4.3 CVE-2020- cloudcnm_secumanag hardcoded RSA SSH key for the root account. 29 15314 er MISC MISC

zyxel -- Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a 2020-06- 4.3 CVE-2020- cloudcnm_secumanag hardcoded ECDSA SSH key for the root account. 29 15313 er MISC MISC

zyxel -- Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a 2020-06- 4.3 CVE-2020- cloudcnm_secumanag hardcoded DSA SSH key for the root account. 29 15312 er MISC MISC

Low Vulnerabilities

Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see CVE-2020- note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a 2020-06- adobe -- magento 3.5 9584 stored cross-site scripting vulnerability. Successful 26 CONFIRM exploitation could lead to sensitive information disclosure.

CVE-2020- Form Builder 2.1.0 for Magento has multiple XSS issues that 13423 2020-06- adobe -- magento can be exploited against Magento 2 admin accounts via the 3.5 MISC 29 Current_url or email field, or the User-Agent HTTP header. MISC MISC

The attachment download resource in Atlassian Jira Server and Data Center before 8.5.5, and from 8.6.0 before 8.8.2, atlassian -- CVE-2020- and from 8.9.0 before 8.9.1 allows remote attackers to inject 2020-07- jira_server_and_d 3.5 4024 arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) 01 ata_center MISC vulnerability issue attachments with a vnd.wap.xhtml+xml content type.

An elevation of privilege vulnerability exists in Avast Free CVE-2020- avast -- Antivirus and AVG AntiVirus Free before 20.4 due to 2020-06- 13657

2.1 avast_antivirus improperly handling hard links. The vulnerability allows local 29 CONFIRM users to take control of arbitrary files. CONFIRM

CVE-2020- Cross-site scripting vulnerability in Cybozu Garoon 5.0.0 to 2020-06- 5585 cybozu -- garoon 5.0.1 allows attacker with administrator rights to inject an 3.5 30 MISC arbitrary script via unspecified vectors. MISC

CVE-2020- Cross-site scripting vulnerability in Cybozu Garoon 4.10.3 to 2020-06- 5586 cybozu -- garoon 5.0.1 allows attacker with administrator rights to inject an 3.5 30 MISC arbitrary script via unspecified vectors. MISC

IBM Maximo Asset Management 7.6.0.10 and 7.6.1.1 is vulnerable to cross-site scripting. This vulnerability allows CVE-2020- ibm -- users to embed arbitrary JavaScript code in the Web UI thus 2020-06- 4223 maximo_asset_ma 3.5 altering the intended functionality potentially leading to 26 XF nagement credentials disclosure within a trusted session. IBM X-Force CONFIRM ID: 175121. ibm -- CVE-2019- IBM Security Identity Manager Virtual Appliance 7.0.2 stores security_identity_ 2020-07- 4676

user credentials in plain in clear text which can be read by a 2.1 manager_virtual_a 01 XF local user. IBM X-Force ID: 171512. ppliance CONFIRM

CVE-2020- In the Linux kernel through 5.7.6, usbtest_disconnect in linux -- 2020-06- 15393

drivers/usb/misc/usbtest.c has a memory leak, aka CID- 2.1 linux_kernel 29 MISC 28ebeb8db770. MISC

Low Vulnerabilities

Primary CVSS Source & Description Published Vendor -- Product Score Patch Info

CVE-2020- An issue was discovered in OpenEXR before 2.5.2. An invalid 15304 tiled input file could cause invalid memory access in openexr -- 2020-06- MISC

TiledInputFile::TiledInputFile() in 2.1 openexr 26 MISC IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL MISC pointer dereference. MISC

CVE-2020- An issue was discovered in OpenEXR before 2.5.2. Invalid 15305 openexr -- input could cause a use-after-free in 2020-06- MISC

2.1 openexr DeepScanLineInputFile::DeepScanLineInputFile() in 26 MISC IlmImf/ImfDeepScanLineInputFile.cpp. MISC MISC

CVE-2020- 15306 An issue was discovered in OpenEXR before v2.5.2. Invalid openexr -- 2020-06- MISC

chunkCount attributes could cause a heap buffer overflow in 2.1 openexr 26 MISC getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. MISC MISC

CVE-2020- In PrestaShop from version 1.5.3.0 and before version prestashop -- 2020-07- 11074

1.7.7.6, there is a stored XSS when using the name of a quick 3.5 prestashop 02 MISC access item. The problem is fixed in 1.7.7.6. CONFIRM