Archive for May, 2020

CVE-2020-7648

All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users who have access to Snyk’s internal network by appending the URL with a fragment identifier and a whitelisted path e.g. `#package.json`
Source: NIST
CVE-2020-7648

CVE-2020-7650

All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary File Read. It allows arbitrary file reads to users with access to Snyk’s internal network of any files ending in the following extensions: yaml, yml or json.
Source: NIST
CVE-2020-7650

CVE-2020-11844

There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation.
Source: NIST
CVE-2020-11844

CVE-2020-8482

Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data
Source: NIST
CVE-2020-8482

CVE-2020-6937

A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
Source: NIST
CVE-2020-6937

CVE-2020-7654

All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private keys if logging level is set to DEBUG.
Source: NIST
CVE-2020-7654

CVE-2020-7653

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network by creating symlinks to match whitelisted paths.
Source: NIST
CVE-2020-7653

CVE-2020-1831

HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.195(SP31C00E74R3P8) have an improper authorization vulnerability. The digital balance function does not sufficiently restrict the using time of certain user, successful exploit could allow the user break the limit of digital balance function after a series of operations with a PC.
Source: NIST
CVE-2020-1831

CVE-2020-7651

All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk’s internal network via patch history from GitHub Commits API.
Source: NIST
CVE-2020-7651

CVE-2020-7652

All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk’s internal network via directory traversal.
Source: NIST
CVE-2020-7652