Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36211 | 1 Devolutions | 1 Gfwx | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | |||||
| CVE-2020-36210 | 1 Autorand Project | 1 Autorand | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. | |||||
| CVE-2020-36208 | 1 Conquer-once Project | 1 Conquer-once | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption. | |||||
| CVE-2020-36207 | 1 Aovec Project | 1 Aovec | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | |||||
| CVE-2020-36206 | 1 Rusb Project | 1 Rusb | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur. | |||||
| CVE-2020-36201 | 1 Xerox | 60 Workcentre 3655, Workcentre 3655 Firmware, Workcentre 3655i and 57 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in certain Xerox WorkCentre products. They do not properly encrypt passwords. This affects 3655, 3655i, 58XX, 58XXi 59XX, 59XXi, 6655, 6655i, 72XX, 72XXi 78XX, 78XXi, 7970, 7970i, EC7836, and EC7856 devices. | |||||
| CVE-2020-35576 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| A Command Injection issue in the traceroute feature on TP-Link TL-WR841N V13 (JP) with firmware versions prior to 201216 allows authenticated users to execute arbitrary code as root via shell metacharacters, a different vulnerability than CVE-2018-12577. | |||||
| CVE-2020-28874 | 1 Projectsend | 1 Projectsend | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter). | |||||
| CVE-2020-25737 | 2 Hackolade, Microsoft | 2 Hackolade, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application. | |||||
| CVE-2020-23449 | 1 Newbee-mall Project | 1 Newbee-mall | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID. | |||||
| CVE-2020-23162 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials. | |||||
| CVE-2020-0236 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In A2DP_GetCodecType of a2dp_codec_config, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android, Versions: Android-10, Android ID: A-79703353. | |||||
| CVE-2020-11200 | 1 Qualcomm | 330 Apq8053, Apq8064au, Apq8096au and 327 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-11181 | 1 Qualcomm | 78 Pm3003a, Pm3003a Firmware, Pm8009 and 75 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-11119 | 1 Qualcomm | 942 Apq8009, Apq8009 Firmware, Apq8017 and 939 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-4983 | 1 Ibm | 2 Spectrum Lsf, Spectrum Lsf Suite | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Spectrum LSF 10.1 and IBM Spectrum LSF Suite 10.2 could allow a user on the local network who has privileges to submit LSF jobs to execute arbitrary commands. IBM X-Force ID: 192586. | |||||
| CVE-2020-19360 | 1 Fhem | 1 Fhem | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure. | |||||
| CVE-2020-24641 | 1 Arubanetworks | 1 Airwave Glass | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an unauthenticated endpoint that if successfully exploited can result in disclosure of sensitive information. This can be used to perform an authentication bypass and ultimately gain administrative access on the web administrative interface. | |||||
| CVE-2020-4596 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184812. | |||||
| CVE-2020-4595 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184819. | |||||
| CVE-2020-4594 | 2 Ibm, Linux | 2 Security Guardium Insights, Linux Kernel | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Guardium Insights 2.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 184800. | |||||
| CVE-2020-35459 | 2 Clusterlabs, Debian | 2 Crmsh, Debian Linux | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. | |||||
| CVE-2020-14274 | 1 Hcltechsw | 1 Hcl Commerce | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. | |||||
| CVE-2020-26050 | 1 Safervpn | 1 Safervpn | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572. | |||||
| CVE-2020-27059 | 1 Google | 1 Android | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, 11; Android ID: A-159249069. | |||||
| CVE-2020-26118 | 1 Smartbear | 1 Collaborator | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system. | |||||
| CVE-2020-17508 | 1 Apache | 1 Traffic Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected. | |||||
| CVE-2020-16039 | 1 Google | 1 Chrome | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16038 | 1 Google | 2 Chrome, Chrome Os | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16037 | 1 Google | 1 Chrome | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16026 | 1 Google | 1 Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16023 | 1 Google | 1 Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebCodecs in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16015 | 1 Google | 1 Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in WASM in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-36049 | 1 Socket | 1 Socket.io-parser | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| socket.io-parser before 3.4.1 allows attackers to cause a denial of service (memory consumption) via a large packet because a concatenation approach is used. | |||||
| CVE-2020-36176 | 1 Ithemes | 1 Ithemes Security | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The iThemes Security (formerly Better WP Security) plugin before 7.7.0 for WordPress does not enforce a new-password requirement for an existing account until the second login occurs. | |||||
| CVE-2019-20484 | 1 Vikisolutions | 1 Vera | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in. | |||||
| CVE-2020-4912 | 1 Ibm | 1 Cloud Pak System | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| IBM Cloud Pak System 2.3 Self Service Console could allow a privilege escalation by capturing the user request URL when logged in as a privileged user. IBM X-Force ID: 191287. | |||||
| CVE-2020-35962 | 1 Loopring | 1 Loopring | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation. | |||||
| CVE-2020-35947 | 1 Pagelayer | 1 Pagelayer | 2021-07-21 | 6.5 MEDIUM | 7.4 HIGH |
| An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. Nearly all of the AJAX action endpoints lacked permission checks, allowing these actions to be executed by anyone authenticated on the site. This happened because nonces were used as a means of authorization, but a nonce was present in a publicly viewable page. The greatest impact was the pagelayer_save_content function that allowed pages to be modified and allowed XSS to occur. | |||||
| CVE-2020-35944 | 1 Pagelayer | 1 Pagelayer | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in the PageLayer plugin before 1.1.2 for WordPress. The pagelayer_settings_page function is vulnerable to CSRF, which can lead to XSS. | |||||
| CVE-2020-35938 | 1 Pickplugins | 2 Post Grid, Team Showcase | 2021-07-21 | 6.0 MEDIUM | 8.8 HIGH |
| PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts. | |||||
| CVE-2019-25012 | 1 Webform Report Project | 1 Webform Report | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Webform Report project 7.x-1.x-dev for Drupal allows remote attackers to view submissions by visiting the /rss.xml page. NOTE: This project is not covered by Drupal's security advisory policy. | |||||
| CVE-2020-26165 | 1 Qdpm | 1 Qdpm | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| qdPM through 9.1 allows PHP Object Injection via timeReportActions::executeExport in core/apps/qdPM/modules/timeReport/actions/actions.class.php because unserialize is used. | |||||
| CVE-2020-35896 | 1 Ws-rs | 1 Ws-rs | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the ws crate through 2020-09-25 for Rust. The outgoing buffer is not properly limited, leading to a remote memory-consumption attack. | |||||
| CVE-2020-35893 | 1 Simple-slab Project | 1 Simple-slab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. | |||||
| CVE-2020-35874 | 1 Internment Project | 1 Internment | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the internment crate through 2020-05-28 for Rust. ArcIntern::drop has a race condition and resultant use-after-free. | |||||
| CVE-2019-25006 | 1 Streebog Project | 1 Streebog | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the streebog crate before 0.8.0 for Rust. The Streebog hash function can produce the wrong answer. | |||||
| CVE-2020-19664 | 1 Draytek | 2 Vigor2960, Vigor2960 Firmware | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| DrayTek Vigor2960 1.5.1 allows remote command execution via shell metacharacters in a toLogin2FA action to mainfunction.cgi. | |||||
| CVE-2020-35849 | 1 Mantisbt | 1 Mantisbt | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter. | |||||
| CVE-2020-35802 | 1 Netgear | 28 Cbr40, Cbr40 Firmware, Rax75 and 25 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects CBR40 before 2.5.0.14, RBW30 before 2.6.1.4, RAX75 before 1.0.3.102, RAX80 before 1.0.3.102, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, RBK842 before 3.2.16.6, RBR840 before 3.2.16.6, RBS840 before 3.2.16.6, and RBS40V before 2.6.1.4. | |||||