Search
Total
1566 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-2075 | 1 Oracle | 1 Weblogic Server | 2021-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Samples). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-2064 | 1 Oracle | 1 Weblogic Server | 2021-01-25 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core Components). The supported version that is affected is 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP, T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-2029 | 1 Oracle | 1 Scripting | 2021-01-23 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks of this vulnerability can result in takeover of Oracle Scripting. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2021-1994 | 1 Oracle | 2 Enterprise Repository, Weblogic Server | 2021-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-24640 | 1 Arubanetworks | 1 Airwave Glass | 2021-01-21 | 10.0 HIGH | 9.8 CRITICAL |
| There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system. | |||||
| CVE-2019-25002 | 1 Sodiumoxide Project | 1 Sodiumoxide | 2021-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the sodiumoxide crate before 0.2.5 for Rust. generichash::Digest::eq compares itself to itself and thus has degenerate security properties. | |||||
| CVE-2020-14275 | 1 Hcltechsw | 1 Hcl Commerce | 2021-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | |||||
| CVE-2019-18642 | 1 Sparkdevnetwork | 1 Rock Rms | 2021-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the email address of another account, even the administrator account. Upon changing another account's email address, performing a password reset to the new email address could allow an attacker to take over any account. | |||||
| CVE-2020-16016 | 1 Google | 1 Chrome | 2021-01-11 | 6.8 MEDIUM | 9.6 CRITICAL |
| Inappropriate implementation in base in Google Chrome prior to 86.0.4240.193 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2020-35879 | 1 Rulinalg Project | 1 Rulinalg | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the rulinalg crate through 2020-02-11 for Rust. There are incorrect lifetime-boundary definitions for RowMut::raw_slice and RowMut::raw_slice_mut. | |||||
| CVE-2020-35880 | 1 Bigint Project | 1 Bigint | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the bigint crate through 2020-05-07 for Rust. It allows a soundness violation. | |||||
| CVE-2019-25004 | 1 Google | 1 Flatbuffers | 2021-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the flatbuffers crate before 0.6.1 for Rust. Arbitrary bytes can be reinterpreted as a bool, defeating soundness. | |||||
| CVE-2020-7771 | 1 Asciitable.js Project | 1 Asciitable.js | 2021-01-06 | 7.5 HIGH | 9.8 CRITICAL |
| The package asciitable.js before 1.0.3 are vulnerable to Prototype Pollution via the main function. | |||||
| CVE-2020-3284 | 1 Cisco | 87 A99-rp2-se, A99-rp2-se Firmware, A99-rp2-tr and 84 more | 2021-01-05 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory. | |||||
| CVE-2020-35173 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER). | |||||
| CVE-2019-18641 | 1 Sparkdevnetwork | 1 Rock Rms | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller. | |||||
| CVE-2020-29594 | 1 Rocket.chat | 1 Rocket.chat | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login. | |||||
| CVE-2020-35800 | 1 Netgear | 254 Ac2100, Ac2100 Firmware, Ac2400 and 251 more | 2021-01-04 | 9.7 HIGH | 9.4 CRITICAL |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D6000 before 1.0.0.80, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D7800 before 1.0.3.48, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, DM200 before 1.0.0.66, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX2700 before 1.0.1.58, EX3110 before 1.0.1.68, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100v2 before 1.0.1.94, EX6110 before 1.0.1.68, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150v1 before 1.0.0.46, EX6150v2 before 1.0.1.94, EX6200v1 before 1.0.3.94, EX6250 before 1.0.0.128, EX6400 before 1.0.2.152, EX6400v2 before 1.0.0.128, EX6410 before 1.0.0.128, EX6920 before 1.0.0.54, EX7000 before 1.0.1.90, EX7300 before 1.0.2.152, EX7300v2 before 1.0.0.128, EX7320 before 1.0.0.128, EX7500 before 1.0.0.68, EX7700 before 1.0.0.210, EX8000 before 1.0.1.224, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6250 before 1.0.4.42, R6260 before 1.1.0.76, R6300v2 before 1.0.4.42, R6330 before 1.1.0.76, R6350 before 1.1.0.76, R6400v1 before 1.0.1.62, R6400v2 before 1.0.4.98, R6700v1 before 1.0.2.16, R6700v2 before 1.2.0.72, R6700v3 before 1.0.4.98, R6800 before 1.2.0.72, R6800 before 1.2.0.72, R6850 before 1.1.0.76, R6900 before 1.0.2.16, R6900P before 1.3.2.124, R6900v2 before 1.2.0.72, R7000 before 1.0.11.106, R7000P before 1.3.2.124, R7100LG before 1.0.0.56, R7200 before 1.2.0.72, R7350 before 1.2.0.72, R7400 before 1.2.0.72, R7450 before 1.2.0.72, R7500v2 before 1.0.3.48, R7800 before 1.0.2.74, R7850 before 1.0.5.60, R7900 before 1.0.4.26, R7900P before 1.4.1.62, R7960P before 1.4.1.62, R8000 before 1.0.4.58, R8000P before 1.4.1.62, R8300 before 1.0.2.134, R8500 before 1.0.2.134, R8900 before 1.0.5.24, R9000 before 1.0.5.24, RAX120 before 1.0.1.136, RAX15 before 1.0.1.64, RAX20 before 1.0.1.64, RAX200 before 1.0.5.24, RAX35 before 1.0.3.80, RAX40 before 1.0.3.80, RAX45 before 1.0.2.64, RAX50 before 1.0.2.64, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK12 before 2.6.1.44, RBR10 before 2.6.1.44, RBS10 before 2.6.1.44, RBK20 before 2.6.1.38, RBR20 before 2.6.1.36, RBS20 before 2.6.1.38, RBK40 before 2.6.1.38, RBR40 before 2.6.1.38, RBS40 before 2.6.1.38, RBK50 before 2.6.1.40, RBR50 before 2.6.1.40, RBS50 before 2.6.1.40, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBS40V before 2.5.1.6, RBS40V-200 before 1.0.0.46, RBS50Y before 2.6.1.40, RBW30 before 2.5.0.4, RS400 before 1.5.0.48, WN2500RPv2 before 1.0.1.56, WN3000RPv3 before 1.0.2.86, WN3500RPv1 before 1.0.0.28, WNDR3400v3 before 1.0.1.32, WNR1000v3 before 1.0.2.78, WNR2000v2 before 1.2.0.12, XR300 before 1.0.3.50, XR450 before 2.3.2.66, XR500 before 2.3.2.66, and XR700 before 1.0.1.34. | |||||
| CVE-2020-28281 | 1 Set-object-value Project | 1 Set-object-value | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28280 | 1 Predefine Project | 1 Predefine | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28279 | 1 Flattenizer Project | 1 Flattenizer | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28278 | 1 Shvl Project | 1 Shvl | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28277 | 1 Dset Project | 1 Dset | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28276 | 1 Deep-set Project | 1 Deep-set | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-13931 | 1 Apache | 1 Tomee | 2020-12-23 | 6.8 MEDIUM | 9.8 CRITICAL |
| If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case. | |||||
| CVE-2020-4988 | 1 Ibm | 1 Loopback | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706. | |||||
| CVE-2020-7203 | 1 Hp | 1 Ilo Amplifier Pack | 2020-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution. | |||||
| CVE-2020-35550 | 1 Google | 1 Android | 2020-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020). | |||||
| CVE-2020-29227 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2020-12-15 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution. | |||||
| CVE-2020-28274 | 1 Deepref Project | 1 Deepref | 2020-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-29595 | 1 Acdsee | 1 Photo Studio 2021 | 2020-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa. | |||||
| CVE-2020-6939 | 1 Tableau | 1 Tableau Server | 2020-12-08 | 10.0 HIGH | 9.8 CRITICAL |
| Tableau Server installations configured with Site-Specific SAML that allows the APIs to be used by unauthenticated users. If exploited, this could allow a malicious user to configure Site-Specific SAML settings and could lead to account takeover for users of that site. Tableau Server versions affected on both Windows and Linux are: 2018.2 through 2018.2.27, 2018.3 through 2018.3.24, 2019.1 through 2019.1.22, 2019.2 through 2019.2.18, 2019.3 through 2019.3.14, 2019.4 through 2019.4.13, 2020.1 through 2020.1.10, 2020.2 through 2020.2.7, and 2020.3 through 2020.3.2. | |||||
| CVE-2019-0002 | 1 Juniper | 3 Ex2300, Ex3400, Junos | 2020-12-08 | 7.5 HIGH | 9.8 CRITICAL |
| On EX2300 and EX3400 series, stateless firewall filter configuration that uses the action 'policer' in combination with other actions might not take effect. When this issue occurs, the output of the command: show pfe filter hw summary will not show the entry for: RACL group Affected releases are Junos OS on EX2300 and EX3400 series: 15.1X53 versions prior to 15.1X53-D590; 18.1 versions prior to 18.1R3; 18.2 versions prior to 18.2R2. This issue affect both IPv4 and IPv6 firewall filter. | |||||
| CVE-2020-28272 | 1 Keyget Project | 1 Keyget | 2020-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28273 | 1 Set-in Project | 1 Set-in | 2020-12-07 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2015-9551 | 1 Totolink | 16 A850r-v1, A850r-v1 Firmware, F1-v2 and 13 more | 2020-12-04 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on TOTOLINK A850R-V1 through 1.0.1-B20150707.1612 and F1-V2 through 1.1-B20150708.1646 devices. There is Remote Code Execution in the management interface via the formSysCmd sysCmd parameter. | |||||
| CVE-2020-29279 | 1 74cms | 1 74cms | 2020-12-04 | 7.5 HIGH | 9.8 CRITICAL |
| PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. | |||||
| CVE-2020-28991 | 1 Gitea | 1 Gitea | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go. | |||||
| CVE-2020-11830 | 1 Oppo | 1 Qualityprotect | 2020-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. | |||||
| CVE-2020-7772 | 1 Doc-path Project | 1 Doc-path | 2020-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| This affects the package doc-path before 2.1.2. | |||||
| CVE-2020-24384 | 1 A10networks | 2 Advanced Core Operating System, Agalaxy | 2020-11-24 | 10.0 HIGH | 9.8 CRITICAL |
| A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected. | |||||
| CVE-2020-25207 | 1 Jetbrains | 1 Toolbox | 2020-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | |||||
| CVE-2020-14189 | 1 Atlassian | 1 Jira Comment | 2020-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment. | |||||
| CVE-2020-14188 | 1 Atlassian | 1 Jira Create | 2020-11-18 | 7.5 HIGH | 9.8 CRITICAL |
| The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. | |||||
| CVE-2020-15901 | 1 Nagios | 1 Nagios Xi | 2020-11-13 | 7.5 HIGH | 9.8 CRITICAL |
| In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | |||||
| CVE-2020-28340 | 1 Google | 1 Android | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020). | |||||
| CVE-2019-19617 | 2 Debian, Phpmyadmin | 2 Debian Linux, Phpmyadmin | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/classes/Display/GitRevision.php and libraries/classes/Footer.php. | |||||
| CVE-2020-14841 | 1 Oracle | 1 Weblogic Server | 2020-11-10 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | |||||
| CVE-2020-15917 | 1 Claws-mail | 1 Claws-mail | 2020-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. | |||||
| CVE-2018-4296 | 1 Apple | 1 Mac Os X | 2020-11-02 | 7.5 HIGH | 9.8 CRITICAL |
| This issue is fixed in macOS Mojave 10.14. A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. | |||||