actionpack_page-caching_gem -- actionpack_page-caching_gem
| There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write arbitrary files to a web server, potentially resulting in remote code execution if the attacker can write unescaped ERB to a view. | 2020-05-12 | 7.5 | CVE-2020-8159
MISC |
advantech -- webaccess/scada
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | 2020-05-08 | 7.5 | CVE-2020-10638
MISC
MISC
MISC
MISC
MISC
MISC
MISC |
advantech -- webaccess/scada
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. An improper validation vulnerability exists that could allow an attacker to inject specially crafted input into memory where it can be executed. | 2020-05-08 | 7.5 | CVE-2020-12022
MISC
MISC |
advantech -- webaccess/scada
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple relative path traversal vulnerabilities exist that may allow a low privilege user to overwrite files outside the application’s control. | 2020-05-08 | 7.5 | CVE-2020-12006
MISC
MISC
MISC
MISC |
advantech -- webaccess/scada
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | 2020-05-08 | 7.5 | CVE-2020-12002
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC
MISC |
apache -- log4net
| Apache log4net before 2.0.8 does not disable XML external entities when parsing log4net configuration files. This could allow for XXE-based attacks in applications that accept arbitrary configuration files from users. | 2020-05-11 | 7.5 | CVE-2018-1285
MISC |
domainmod -- domainmod
| reset.php in DomainMOD 4.13.0 uses insufficient entropy for password reset requests, leading to account takeover. | 2020-05-08 | 7.5 | CVE-2020-12735
MISC |
freebsd -- freebsd
| In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. | 2020-05-13 | 7.5 | CVE-2020-7454
MISC
CONFIRM |
freebsd -- freebsd
| In FreeBSD 12.1-STABLE before r356911, and 12.1-RELEASE before p5, insufficient checking in the cryptodev module allocated the size of a kernel buffer based on a user-supplied length allowing an unprivileged process to trigger a kernel panic. | 2020-05-13 | 7.5 | CVE-2019-15880
MISC
CONFIRM |
freerdp -- freerdp
| libfreerdp/codec/interleaved.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Out-of-bounds Write. | 2020-05-15 | 7.5 | CVE-2020-11524
MISC
CONFIRM
CONFIRM |
freerdp -- freerdp
| libfreerdp/gdi/region.c in FreeRDP versions > 1.0 through 2.0.0-rc4 has an Integer Overflow. | 2020-05-15 | 7.5 | CVE-2020-11523
MISC
CONFIRM
CONFIRM |
gazie -- gazie
| An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hidden_req POST parameter. | 2020-05-11 | 7.5 | CVE-2020-12743
CONFIRM |
glpi_project -- glpi
| In GLPI before 9.4.6, an attacker can execute system commands by abusing the backup functionality. Theoretically, this vulnerability can be exploited by an attacker without a valid account by using a CSRF. Due to the difficulty of the exploitation, the attack is only conceivable by an account having Maintenance privileges and the right to add WIFI networks. This is fixed in version 9.4.6. | 2020-05-12 | 9 | CVE-2020-11060
MISC
CONFIRM |
gnuteca -- gnuteca
| Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. | 2020-05-09 | 7.5 | CVE-2020-12766
CONFIRM |
google -- android
| Airbrush FW's scratch memory allocator is susceptible to numeric overflow. When the overflow occurs, the next allocation could potentially return a pointer within the previous allocation's memory, which could lead to improper memory access.Product: AndroidVersions: Android kernelAndroid ID: A-135772851 | 2020-05-14 | 7.5 | CVE-2020-0221
MISC |
google -- android
| In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-148107188 | 2020-05-14 | 10 | CVE-2020-0103
MISC |
ibm -- i2_intelligent_analysis_platform
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176266 | 2020-05-14 | 9.3 | CVE-2020-4285
XF
CONFIRM |
ibm -- i2_intelligent_analysis_platform
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 180167. | 2020-05-14 | 9.3 | CVE-2020-4422
XF
CONFIRM |
ibm -- i2_intelligent_analysis_platform
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176269. | 2020-05-14 | 9.3 | CVE-2020-4287
XF
CONFIRM |
ibm -- i2_intelligent_analysis_platform
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption error. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 176270. | 2020-05-14 | 9.3 | CVE-2020-4288
XF
CONFIRM |
ibm -- i2_intelligent_analysis_platform
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially crafted file, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. IBM X-Force ID: 178244. | 2020-05-14 | 9.3 | CVE-2020-4343
XF
CONFIRM |
ibm -- i2_intelligent_analysis_platform
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181721. | 2020-05-14 | 9.3 | CVE-2020-4467
XF
CONFIRM |
ibm -- i2_intelligent_analysis_platform
| IBM i2 Intelligent Analyis Platform 9.2.1 could allow a remote attacker to execute arbitrary code on the system, caused by memory corruption. By persuading a victim to open a specially-crafted document, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim or cause the application to crash. IBM X-Force ID: 181723. | 2020-05-14 | 9.3 | CVE-2020-4468
XF
CONFIRM |
iproute2 -- iproute2
| iproute2 before 5.1.0 has a use-after-free in get_netnsid_from_name in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors (such as C library configuration) may block exploitability. | 2020-05-09 | 7.5 | CVE-2019-20795
MISC
CONFIRM |
lg -- multiple_mobile_devices
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader. The LG ID is LVE-SMP-200006 (May 2020). | 2020-05-11 | 7.5 | CVE-2020-12753
CONFIRM |
libemf -- libemf
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows out-of-bounds memory access. | 2020-05-11 | 7.5 | CVE-2020-11865
MISC
MISC
MISC |
libemf -- libemf
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows a use-after-free. | 2020-05-11 | 7.5 | CVE-2020-11866
MISC
MISC
MISC |
libexif -- libexif
| exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | 2020-05-09 | 7.5 | CVE-2020-12767
CONFIRM
MLIST |
openconnect_project -- openconnect_vpn_client
| OpenConnect 8.09 has a buffer overflow, causing a denial of service (application crash) or possibly unspecified other impact, via crafted certificate data to get_cert_name in gnutls.c. | 2020-05-12 | 7.5 | CVE-2020-12823
MISC
MISC
MLIST |
palo_alto_networks -- pan-os
| An authentication bypass vulnerability in Palo Alto Networks PAN-OS Panorama proxy service allows an unauthenticated user with network access to Panorama and the knowledge of the Firewall’s serial number to register the PAN-OS firewall to register the device. After the PAN-OS device is registered, the user can further compromise the PAN-OS instances managed by Panorama. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.21; PAN-OS 8.1 versions earlier than 8.1.12; PAN-OS 9.0 versions earlier than 9.0.6. | 2020-05-13 | 9.3 | CVE-2020-2018
CONFIRM |
palo_alto_networks -- pan-os
| An external control of path and data vulnerability in the Palo Alto Networks PAN-OS Panorama XSLT processing logic that allows an unauthenticated user with network access to PAN-OS management interface to write attacker supplied file on the system and elevate privileges. This issue affects: All PAN-OS 7.1 Panorama and 8.0 Panorama versions; PAN-OS 8.1 versions earlier than 8.1.12 on Panorama; PAN-OS 9.0 versions earlier than 9.0.6 on Panorama. | 2020-05-13 | 7.5 | CVE-2020-2001
CONFIRM |
palo_alto_networks -- pan-os
| An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | 9 | CVE-2020-2010
CONFIRM |
palo_alto_networks -- pan-os
| An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | 9 | CVE-2020-2009
CONFIRM |
palo_alto_networks -- pan-os
| An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.0. | 2020-05-13 | 7.8 | CVE-2020-2011
CONFIRM |
palo_alto_networks -- pan-os
| An OS Command Injection vulnerability in PAN-OS management server allows authenticated users to inject and execute arbitrary shell commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | 9 | CVE-2020-2014
CONFIRM |
palo_alto_networks -- pan-os
| A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. | 2020-05-13 | 9 | CVE-2020-2006
CONFIRM |
palo_alto_networks -- pan-os
| An OS command injection vulnerability in the management server component of PAN-OS allows an authenticated user to potentially execute arbitrary commands with root privileges. This issue affects: All PAN-OS 7.1 versions; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | 2020-05-13 | 9 | CVE-2020-2007
CONFIRM |
palo_alto_networks -- pan-os
| An OS command injection and external control of filename vulnerability in Palo Alto Networks PAN-OS allows authenticated administrators to execute code with root privileges or delete arbitrary system files and impact the system's integrity or cause a denial of service condition. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14. | 2020-05-13 | 9 | CVE-2020-2008
CONFIRM |
palo_alto_networks -- pan-os
| A race condition due to insecure creation of a file in a temporary directory vulnerability in PAN-OS allows for root privilege escalation from a limited linux user account. This allows an attacker who has escaped the restricted shell as a low privilege administrator, possibly by exploiting another vulnerability, to escalate privileges to become root user. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.6; All versions of PAN-OS 8.0. | 2020-05-13 | 8.5 | CVE-2020-2016
CONFIRM |
palo_alto_networks -- pan-os
| An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1. | 2020-05-13 | 8.5 | CVE-2020-2003
CONFIRM |
palo_alto_networks -- pan-os
| A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.1; All versions of PAN-OS 8.0. | 2020-05-13 | 9 | CVE-2020-2015
CONFIRM |
pi-hole -- pi-hole
| The Gravity updater in Pi-hole through 4.4 allows an authenticated adversary to upload arbitrary files. This can be abused for Remote Code Execution by writing to a PHP file in the web directory. (Also, it can be used in conjunction with the sudo rule for the www-data user to escalate privileges to root.) The code error is in gravity_DownloadBlocklistFromUrl in gravity.sh. | 2020-05-11 | 9 | CVE-2020-11108
MISC
MISC
MISC
MISC |
ping_identity -- pingid_ssh
| Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. | 2020-05-13 | 7.5 | CVE-2020-10654
CONFIRM
MISC
MISC
MISC |
samsung -- multiple_mobile_devices
| An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020). | 2020-05-11 | 10 | CVE-2020-12746
CONFIRM |
samsung -- multiple_mobile_devices
| An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020). | 2020-05-11 | 7.5 | CVE-2020-12747
CONFIRM |
sap -- business_objects_business_intelligence_platform
| SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.x, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check. | 2020-05-12 | 7.5 | CVE-2020-6242
MISC
MISC |
trendnet -- proview_wireless_camera_tv-ip512wn
| TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long "Authorization: Basic" RTSP header. | 2020-05-13 | 7.5 | CVE-2020-12763
MISC |
vbulletin -- vbulletin
| vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | 2020-05-08 | 7.5 | CVE-2020-12720
MISC
MISC |
veritas -- aptare
| Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. | 2020-05-14 | 7.5 | CVE-2020-12874
MISC |
wordpress -- wordpress
| A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user. | 2020-05-08 | 7.5 | CVE-2020-11530
MISC
MISC
FULLDISC
MISC
MISC |
wordpress -- wordpress
| The simple-file-list plugin before 4.2.8 for WordPress mishandles a .. sequence within a pathname in cases where front-side file management occurs on a non-Linux platform. | 2020-05-13 | 7.5 | CVE-2020-12832
MISC
MISC |
zephyrproject -- zephyr
| A malformed JSON payload that is received from an UpdateHub server may trigger memory corruption in the Zephyr OS. This could result in a denial of service in the best case, or code execution in the worst case. See NCC-NCC-016 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. | 2020-05-11 | 7.5 | CVE-2020-10022
MISC
MISC
MISC
MISC
MISC |
zephyrproject -- zephyr
| The arm platform-specific code uses a signed integer comparison when validating system call numbers. An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | 2020-05-11 | 7.2 | CVE-2020-10024
MISC
MISC
MISC
MISC
MISC |
zephyrproject -- zephyr
| An attacker who has obtained code execution within a user thread is able to elevate privileges to that of the kernel. See NCC-ZEP-001 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | 2020-05-11 | 7.2 | CVE-2020-10027
MISC
MISC
MISC
MISC
MISC |
zephyrproject -- zephyr
| A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. | 2020-05-11 | 7.2 | CVE-2020-10067
MISC
MISC
MISC
MISC
MISC |
zoho -- manageengine_datasecurity_plus
| Zoho ManageEngine DataSecurity Plus prior to 6.0.1 uses default admin credentials to communicate with a DataEngine Xnode server. This allows an attacker to bypass authentication for this server and execute all operations in the context of admin user. | 2020-05-08 | 10 | CVE-2020-11532
MISC
MISC |
zulip -- zulip_desktop
| Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. | 2020-05-09 | 7.5 | CVE-2020-12637
CONFIRM |
