Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10278 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2020-07-06 | 5.0 MEDIUM | 4.6 MEDIUM |
| The BIOS onboard MiR's Computer is not protected by password, therefore, it allows a Bad Operator to modify settings such as boot order. This can be leveraged by a Malicious operator to boot from a Live Image. | |||||
| CVE-2020-4053 | 1 Helm | 1 Helm | 2020-07-06 | 8.5 HIGH | 6.8 MEDIUM |
| In Helm greater than or equal to 3.0.0 and less than 3.2.4, a path traversal attack is possible when installing Helm plugins from a tar archive over HTTP. It is possible for a malicious plugin author to inject a relative path into a plugin archive, and copy a file outside of the intended directory. This has been fixed in 3.2.4. | |||||
| CVE-2020-12635 | 1 Mageme | 1 Webforms Pro M2 | 2020-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. | |||||
| CVE-2020-10272 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2020-07-06 | 10.0 HIGH | 9.8 CRITICAL |
| MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with CVE-2020-10269 and CVE-2020-10271, this flaw allows malicious actors to command the robot at desire. | |||||
| CVE-2020-0182 | 2 Debian, Google | 2 Debian Linux, Android | 2020-07-06 | 6.4 MEDIUM | 6.5 MEDIUM |
| In exif_entry_get_value of exif-entry.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-147140917 | |||||
| CVE-2020-11013 | 1 Helm | 1 Helm | 2020-07-06 | 4.0 MEDIUM | 5.0 MEDIUM |
| Their is an information disclosure vulnerability in Helm from version 3.1.0 and before version 3.2.0. `lookup` is a Helm template function introduced in Helm v3. It is able to lookup resources in the cluster to check for the existence of specific resources and get details about them. This can be used as part of the process to render templates. The documented behavior of `helm template` states that it does not attach to a remote cluster. However, a the recently added `lookup` template function circumvents this restriction and connects to the cluster even during `helm template` and `helm install|update|delete|rollback --dry-run`. The user is not notified of this behavior. Running `helm template` should not make calls to a cluster. This is different from `install`, which is presumed to have access to a cluster in order to load resources into Kubernetes. Helm 2 is unaffected by this vulnerability. A malicious chart author could inject a `lookup` into a chart that, when rendered through `helm template`, performs unannounced lookups against the cluster a user's `KUBECONFIG` file points to. This information can then be disclosed via the output of `helm template`. This issue has been fixed in Helm 3.2.0 | |||||
| CVE-2020-10271 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2020-07-06 | 5.0 MEDIUM | 9.8 CRITICAL |
| MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS). | |||||
| CVE-2020-10270 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2020-07-06 | 5.0 MEDIUM | 9.8 CRITICAL |
| Out of the wired and wireless interfaces within MiR100, MiR200 and other vehicles from the MiR fleet, it's possible to access the Control Dashboard on a hardcoded IP address. Credentials to such wireless interface default to well known and widely spread users (omitted) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. This flaw allows cyber attackers to take control of the robot remotely and make use of the default user interfaces MiR has created, lowering the complexity of attacks and making them available to entry-level attackers. More elaborated attacks can also be established by clearing authentication and sending network requests directly. We have confirmed this flaw in MiR100 and MiR200 but according to the vendor, it might also apply to MiR250, MiR500 and MiR1000. | |||||
| CVE-2020-10269 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2020-07-06 | 5.0 MEDIUM | 9.8 CRITICAL |
| One of the wireless interfaces within MiR100, MiR200 and possibly (according to the vendor) other MiR fleet vehicles comes pre-configured in WiFi Master (Access Point) mode. Credentials to such wireless Access Point default to well known and widely spread SSID (MiR_RXXXX) and passwords (omitted). This information is also available in past User Guides and manuals which the vendor distributed. We have confirmed this flaw in MiR100 and MiR200 but it might also apply to MiR250, MiR500 and MiR1000. | |||||
| CVE-2020-13640 | 1 Gvectors | 1 Wpdiscuz | 2020-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection issue in the gVectors wpDiscuz plugin 5.3.5 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the order parameter of a wpdLoadMoreComments request. (No 7.x versions are affected.) | |||||
| CVE-2020-10276 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2020-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The password for the safety PLC is the default and thus easy to find (in manuals, etc.). This allows a manipulated program to be uploaded to the safety PLC, effectively disabling the emergency stop in case an object is too close to the robot. Navigation and any other components dependent on the laser scanner are not affected (thus it is hard to detect before something happens) though the laser scanner configuration can also be affected altering further the safety of the device. | |||||
| CVE-2020-6870 | 1 Zte | 2 Netnumen U31 R10, Netnumen U31 R10 Firmware | 2020-07-06 | 5.2 MEDIUM | 8.0 HIGH |
| The version V12.17.20T115 of ZTE U31R20 product is impacted by a design error vulnerability. An attacker could exploit the vulnerability to log in to the FTP server to tamper with the password, and illegally download, modify, upload, or delete files, causing improper operation of the network management system and equipment. This affects: NetNumenU31R20 V12.17.20T115 | |||||
| CVE-2020-15308 | 1 Turnkeylinux | 1 Support Incident Tracker | 2020-07-06 | 6.5 MEDIUM | 7.2 HIGH |
| Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield parameter. | |||||
| CVE-2015-2067 | 1 Magmi Project | 1 Magmi | 2020-07-06 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in web/ajax_pluginconf.php in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. | |||||
| CVE-2015-2068 | 1 Magmi Project | 1 Magmi | 2020-07-06 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka Magento Mass Importer) plugin for Magento Server allow remote attackers to inject arbitrary web script or HTML via the (1) profile parameter to web/magmi.php or (2) QUERY_STRING to web/magmi_import_run.php. | |||||
| CVE-2020-15324 | 1 Zyxel | 1 Cloud Cnm Secumanager | 2020-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a world-readable axess/opt/axXMPPHandler/config/xmpp_config.py file that stores hardcoded credentials. | |||||
| CVE-2019-20409 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2020-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| The way in which velocity templates were used in Atlassian Jira Server and Data Center prior to version 8.8.0 allowed remote attackers to gain remote code execution if they were able to exploit a server side template injection vulnerability. | |||||
| CVE-2020-12033 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2020-07-06 | 5.8 MEDIUM | 8.8 HIGH |
| In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges. | |||||
| CVE-2020-2021 | 1 Paloaltonetworks | 1 Pan-os | 2020-07-06 | 9.3 HIGH | 10.0 CRITICAL |
| When Security Assertion Markup Language (SAML) authentication is enabled and the 'Validate Identity Provider Certificate' option is disabled (unchecked), improper verification of signatures in PAN-OS SAML authentication enables an unauthenticated network-based attacker to access protected resources. The attacker must have network access to the vulnerable server to exploit this vulnerability. This issue affects PAN-OS 9.1 versions earlier than PAN-OS 9.1.3; PAN-OS 9.0 versions earlier than PAN-OS 9.0.9; PAN-OS 8.1 versions earlier than PAN-OS 8.1.15, and all versions of PAN-OS 8.0 (EOL). This issue does not affect PAN-OS 7.1. This issue cannot be exploited if SAML is not used for authentication. This issue cannot be exploited if the 'Validate Identity Provider Certificate' option is enabled (checked) in the SAML Identity Provider Server Profile. Resources that can be protected by SAML-based single sign-on (SSO) authentication are: GlobalProtect Gateway, GlobalProtect Portal, GlobalProtect Clientless VPN, Authentication and Captive Portal, PAN-OS next-generation firewalls (PA-Series, VM-Series) and Panorama web interfaces, Prisma Access In the case of GlobalProtect Gateways, GlobalProtect Portal, Clientless VPN, Captive Portal, and Prisma Access, an unauthenticated attacker with network access to the affected servers can gain access to protected resources if allowed by configured authentication and Security policies. There is no impact on the integrity and availability of the gateway, portal or VPN server. An attacker cannot inspect or tamper with sessions of regular users. In the worst case, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N). In the case of PAN-OS and Panorama web interfaces, this issue allows an unauthenticated attacker with network access to the PAN-OS or Panorama web interfaces to log in as an administrator and perform administrative actions. In the worst-case scenario, this is a critical severity vulnerability with a CVSS Base Score of 10.0 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). If the web interfaces are only accessible to a restricted management network, then the issue is lowered to a CVSS Base Score of 9.6 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). Palo Alto Networks is not aware of any malicious attempts to exploit this vulnerability. | |||||
| CVE-2019-12360 | 1 Glyphandcog | 1 Xpdfreader | 2020-07-05 | 5.8 MEDIUM | 7.1 HIGH |
| A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. | |||||
| CVE-2020-4040 | 1 Boltcms | 1 Bolt | 2020-07-03 | 4.3 MEDIUM | 4.3 MEDIUM |
| Bolt CMS before version 3.7.1 lacked CSRF protection in the preview generating endpoint. Previews are intended to be generated by the admins, developers, chief-editors, and editors, who are authorized to create content in the application. But due to lack of proper CSRF protection, unauthorized users could generate a preview. This has been fixed in Bolt 3.7.1 | |||||
| CVE-2020-4041 | 1 Boltcms | 1 Bolt | 2020-07-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. | |||||
| CVE-2019-15140 | 1 Imagemagick | 1 Imagemagick | 2020-07-03 | 6.8 MEDIUM | 8.8 HIGH |
| coders/mat.c in ImageMagick 7.0.8-43 Q16 allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by crafting a Matlab image file that is mishandled in ReadImage in MagickCore/constitute.c. | |||||
| CVE-2020-14929 | 1 Alpine Project | 1 Alpine | 2020-07-03 | 5.0 MEDIUM | 7.5 HIGH |
| Alpine before 2.23 silently proceeds to use an insecure connection after a /tls is sent in certain circumstances involving PREAUTH, which is a less secure behavior than the alternative of closing the connection and letting the user decide what they would like to do. | |||||
| CVE-2019-13033 | 2 Cisofy, Debian | 2 Lynis, Debian Linux | 2020-07-03 | 2.1 LOW | 3.3 LOW |
| In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans. | |||||
| CVE-2020-13775 | 1 Znc | 1 Znc | 2020-07-03 | 3.5 LOW | 6.5 MEDIUM |
| ZNC 1.8.0 up to 1.8.1-rc1 allows authenticated users to trigger an application crash (with a NULL pointer dereference) if echo-message is not enabled and there is no network. | |||||
| CVE-2020-15415 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-python-script content type is used, a different issue than CVE-2020-14472. | |||||
| CVE-2020-15006 | 1 Bludit | 1 Bludit | 2020-07-02 | 3.5 LOW | 5.4 MEDIUM |
| Bludit 3.12.0 allows stored XSS via JavaScript code in an SVG document to bl-kernel/ajax/logo-upload.php. | |||||
| CVE-2020-15314 | 1 Zyxel | 1 Cloudcnm Secumanager | 2020-07-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. | |||||
| CVE-2020-15319 | 1 Zyxel | 1 Cloudcnm Secumanager | 2020-07-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account within the /opt/mysql chroot directory tree. | |||||
| CVE-2020-15320 | 1 Zyxel | 1 Cloudcnm Secumanager | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the axiros password for the root account. | |||||
| CVE-2019-7267 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Linear eMerge 50P/5000P devices allow Cookie Path Traversal. | |||||
| CVE-2019-7268 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2020-07-02 | 10.0 HIGH | 10.0 CRITICAL |
| Linear eMerge 50P/5000P devices allow Unauthenticated File Upload. | |||||
| CVE-2019-7269 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2020-07-02 | 10.0 HIGH | 9.8 CRITICAL |
| Linear eMerge 50P/5000P devices allow Authenticated Command Injection with root Code Execution. | |||||
| CVE-2019-7270 | 1 Nortekcontrol | 4 Linear Emerge 5000p, Linear Emerge 5000p Firmware, Linear Emerge 50p and 1 more | 2020-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| Linear eMerge 50P/5000P devices allow Cross-Site Request Forgery (CSRF). | |||||
| CVE-2020-9659 | 2 Adobe, Microsoft | 2 Audition, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-5588 | 1 Cybozu | 1 Garoon | 2020-07-02 | 4.0 MEDIUM | 4.9 MEDIUM |
| Path traversal vulnerability in Cybozu Garoon 5.0.0 to 5.0.1 allows attacker with administrator rights to obtain unintended information via unspecified vectors. | |||||
| CVE-2020-15081 | 1 Prestashop | 1 Prestashop | 2020-07-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory. | |||||
| CVE-2020-9652 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9654 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9653 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-13443 | 1 Expressionengine | 1 Expressionengine | 2020-07-02 | 6.5 MEDIUM | 8.8 HIGH |
| ExpressionEngine before 5.3.2 allows remote attackers to upload and execute arbitrary code in a .php%20 file via Compose Msg, Add attachment, and Save As Draft actions. A user with low privileges (member) is able to upload this. It is possible to bypass the MIME type check and file-extension check while uploading new files. Short aliases are not used for an attachment; instead, direct access is allowed to the uploaded files. It is possible to upload PHP only if one has member access, or registration/forum is enabled and one can create a member with the default group id of 5. To exploit this, one must to be able to send and compose messages (at least). | |||||
| CVE-2020-12021 | 1 Osisoft | 1 Pi Web Api | 2020-07-02 | 6.0 MEDIUM | 9.0 CRITICAL |
| In OSIsoft PI Web API 2019 Patch 1 (1.12.0.6346) and all previous versions, the affected product is vulnerable to a cross-site scripting attack, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-15082 | 1 Prestashop | 1 Prestashop | 2020-07-02 | 7.5 HIGH | 8.8 HIGH |
| In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6 | |||||
| CVE-2020-13484 | 1 Bitrix24 | 1 Bitrix24 | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| Bitrix24 through 20.0.975 allows SSRF via an intranet IP address in the services/main/ajax.php?action=attachUrlPreview url parameter, if the destination URL hosts an HTML document containing '<meta name="og:image" content="' followed by an intranet URL. | |||||
| CVE-2020-10280 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2020-07-02 | 5.0 MEDIUM | 7.5 HIGH |
| The Apache server on port 80 that host the web interface is vulnerable to a DoS by spamming incomplete HTTP headers, effectively blocking the access to the dashboard. | |||||
| CVE-2020-15083 | 1 Prestashop | 1 Prestashop | 2020-07-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6 | |||||
| CVE-2020-10275 | 3 Easyrobotics, Mobile-industrial-robots, Uvd-robots | 20 Er-flex, Er-flex Firmware, Er-lite and 17 more | 2020-07-02 | 7.5 HIGH | 9.8 CRITICAL |
| The access tokens for the REST API are directly derived from the publicly available default credentials for the web interface. Given a USERNAME and a PASSWORD, the token string is generated directly with base64(USERNAME:sha256(PASSWORD)). An unauthorized attacker inside the network can use the default credentials to compute the token and interact with the REST API to exfiltrate, infiltrate or delete data. | |||||
| CVE-2020-15313 | 1 Zyxel | 1 Cloudcnm Secumanager | 2020-07-02 | 4.3 MEDIUM | 5.9 MEDIUM |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. | |||||
| CVE-2017-18883 | 1 Mattermost | 1 Mattermost Server | 2020-07-02 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2, when serving as an OAuth 2.0 Service Provider. There is low entropy for authorization data. | |||||