Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12463 | 1 Avira | 1 Software Updater | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files. | |||||
| CVE-2020-8830 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform scraping or other analysis via the SUBCA-1 field on the Wireless Admin screen. | |||||
| CVE-2020-11671 | 1 Teampass | 1 Teampass | 2021-07-21 | 5.8 MEDIUM | 8.1 HIGH |
| Lack of authorization controls in REST API functions in TeamPass through 2.1.27.36 allows any TeamPass user with a valid API token to become a TeamPass administrator and read/modify all passwords via authenticated api/index.php REST API calls. NOTE: the API is not available by default. | |||||
| CVE-2020-11443 | 1 Zoom | 1 It Installer | 2021-07-21 | 8.5 HIGH | 8.1 HIGH |
| The Zoom IT installer for Windows (ZoomInstallerFull.msi) prior to version 4.6.10 deletes files located in %APPDATA%\Zoom before installing an updated version of the client. Standard users are able to write to this directory, and can write links to other directories on the machine. As the installer runs with SYSTEM privileges and follows these links, a user can cause the installer to delete files that otherwise cannot be deleted by the user. | |||||
| CVE-2020-10187 | 1 Doorkeeper Project | 1 Doorkeeper | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an attacker to retrieve the client secret only intended for the OAuth application owner. After authorizing the application and allowing access, the attacker simply needs to request the list of their authorized applications in a JSON format (usually GET /oauth/authorized_applications.json). An application is vulnerable if the authorized applications controller is enabled. | |||||
| CVE-2020-11842 | 1 Microfocus | 1 Verastream Host Integrator | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. | |||||
| CVE-2020-1817 | 1 Huawei | 1 Pcmanager | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Huawei PCManager with versions earlier than 10.0.1.36 has a privilege escalation vulnerability. Due to improper permission management of specific files, local attackers with low permissions can inject commands to exploit this vulnerability. Successful exploit may cause privilege escalation. | |||||
| CVE-2020-5891 | 1 F5 | 9 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 6 more | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, undisclosed HTTP/2 requests can lead to a denial of service when sent to a virtual server configured with the Fallback Host setting and a server-side HTTP/2 profile. | |||||
| CVE-2020-5883 | 1 F5 | 10 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Application Acceleration Manager and 7 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 14.0.0-14.0.1, and 13.1.0-13.1.3.1, when a virtual server is configured with HTTP explicit proxy and has an attached HTTP_PROXY_REQUEST iRule, POST requests sent to the virtual server cause an xdata memory leak. | |||||
| CVE-2020-5879 | 1 F5 | 1 Big-ip Application Security Manager | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| On BIG-IP ASM 11.6.1-11.6.5.1, under certain configurations, the BIG-IP system sends data plane traffic to back-end servers unencrypted, even when a Server SSL profile is applied. | |||||
| CVE-2020-5877 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| On BIG-IP 15.0.0-15.1.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, malformed input to the DATAGRAM::tcp iRules command within a FLOW_INIT event may lead to a denial of service. | |||||
| CVE-2020-5876 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| On BIG-IP 15.0.0-15.0.1.3, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, and 11.6.1-11.6.5.1, a race condition exists where mcpd and other processes may make unencrypted connection attempts to a new configuration sync peer. The race condition can occur when changing the ConfigSync IP address of a peer, adding a new peer, or when the Traffic Management Microkernel (TMM) first starts up. | |||||
| CVE-2019-19218 | 1 Bmcsoftware | 1 Control-m\/agent | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| BMC Control-M/Agent 7.0.00.000 has Insecure Password Storage. | |||||
| CVE-2019-19216 | 1 Bmcsoftware | 1 Control-m\/agent | 2021-07-21 | 8.5 HIGH | 8.8 HIGH |
| BMC Control-M/Agent 7.0.00.000 has an Insecure File Copy. | |||||
| CVE-2020-12478 | 1 Teampass | 1 Teampass | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. | |||||
| CVE-2020-12477 | 1 Teampass | 1 Teampass | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | |||||
| CVE-2020-12473 | 1 Mono | 1 Monox | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. | |||||
| CVE-2020-2575 | 1 Oracle | 1 Vm Virtualbox | 2021-07-21 | 4.4 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-12446 | 1 Gskill | 1 Trident Z Lighting Control | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| The ene.sys driver in G.SKILL Trident Z Lighting Control through 1.00.08 exposes mapping and un-mapping of physical memory, reading and writing to Model Specific Register (MSR) registers, and input from and output to I/O ports to local non-privileged users. This leads to privilege escalation to NT AUTHORITY\SYSTEM. | |||||
| CVE-2020-11674 | 1 Cerner | 1 Medico | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Cerner medico 26.00 allows variable reuse, possibly causing data corruption. | |||||
| CVE-2020-11446 | 1 Eset | 8 Antivirus And Antispyware, Endpoint Antivirus, Endpoint Security and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| ESET Antivirus and Antispyware Module module 1553 through 1560 allows a user with limited access rights to create hard links in some ESET directories and then force the product to write through these links into files that would normally not be write-able by the user, thus achieving privilege escalation. | |||||
| CVE-2019-20781 | 1 Lg | 1 Bridge | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in LG Bridge before April 2019 on Windows. DLL Hijacking can occur. | |||||
| CVE-2019-16653 | 1 Geniusbytes | 1 Genius Server | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An application plugin in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to gain admin privileges. | |||||
| CVE-2019-16652 | 1 Geniusbytes | 1 Genius Server | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| The BPM component in Genius Bytes Genius Server (Genius CDDS) 3.2.2 allows remote authenticated users to execute arbitrary commands. | |||||
| CVE-2020-7644 | 1 Fun-map Project | 1 Fun-map | 2021-07-21 | 6.8 MEDIUM | 8.1 HIGH |
| fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
| CVE-2020-12078 | 1 Opmantek | 1 Open-audit | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address. | |||||
| CVE-2019-15234 | 1 Ushareit | 1 Shareit | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| SHAREit through 4.0.6.177 does not check the full message length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. This is different from CVE-2019-14941. | |||||
| CVE-2019-14941 | 1 Ushareit | 1 Shareit | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| SHAREit through 4.0.6.177 does not check the body length from the received packet header (which is used to allocate memory for the next set of data). This could lead to a system denial of service due to uncontrolled memory allocation. | |||||
| CVE-2020-7135 | 1 Hp | 1 Service Pack For Proliant | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| A potential security vulnerability has been identified in the disk drive firmware installers named Supplemental Update / Online ROM Flash Component on HPE servers running Linux. The vulnerable software is included in the HPE Service Pack for ProLiant (SPP) releases 2018.06.0, 2018.09.0, and 2018.11.0. The vulnerable software is the Supplemental Update / Online ROM Flash Component for Linux (x64) software. The installer in this software component could be locally exploited to execute arbitrary code. Drive Models can be found in the Vulnerability Resolution field of the security bulletin. The 2019_03 SPP and Supplemental update / Online ROM Flash Component for Linux (x64) after 2019.03.0 has fixed this issue. | |||||
| CVE-2020-12242 | 1 Valvesoftware | 1 Source | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. | |||||
| CVE-2020-12138 | 1 Amd | 1 Atillk64 | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages. | |||||
| CVE-2020-12120 | 1 Prestashop | 1 Correos Express | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers. | |||||
| CVE-2019-20002 | 1 Solarwinds | 1 Webhelpdesk | 2021-07-21 | 6.0 MEDIUM | 7.8 HIGH |
| Formula Injection exists in the export feature in SolarWinds WebHelpDesk 12.7.1 via a value (provided by a low-privileged user in the Subject field of a help request form) that is mishandled in a TicketActions/view?tab=group TSV export by an admin user. | |||||
| CVE-2020-12273 | 1 Testlink | 1 Testlink | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. | |||||
| CVE-2020-6828 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2021-07-21 | 6.4 MEDIUM | 7.5 HIGH |
| A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. | |||||
| CVE-2020-6821 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. | |||||
| CVE-2020-4202 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 6.0 MEDIUM | 8.8 HIGH |
| IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955. | |||||
| CVE-2019-9183 | 2 Contiki-ng, Contiki-os | 2 Contiki-ng, Contiki | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Contiki-NG through 4.3 and Contiki through 3.0. A buffer overflow is present due to an integer underflow during 6LoWPAN fragment processing in the face of truncated fragments in os/net/ipv6/sicslowpan.c. This results in accesses of unmapped memory, crashing the application. An attacker can cause a denial-of-service via a crafted 6LoWPAN frame. | |||||
| CVE-2020-12074 | 1 Webtoffee | 1 Import Export Wordpress Users | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. | |||||
| CVE-2020-11506 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab 10.7.0 and later through 12.9.2. A Workhorse bypass could lead to job artifact uploads and file disclosure (Exposure of Sensitive Information) via request smuggling. | |||||
| CVE-2020-11505 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling. | |||||
| CVE-2020-11693 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | |||||
| CVE-2020-11691 | 1 Jetbrains | 1 Hub | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | |||||
| CVE-2020-11685 | 1 Jetbrains | 1 Goland | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In JetBrains GoLand before 2019.3.2, the plugin repository was accessed via HTTP instead of HTTPS. | |||||
| CVE-2020-11539 | 1 Titan | 2 Sf Rush Smart Band, Sf Rush Smart Band Firmware | 2021-07-21 | 4.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Tata Sonata Smart SF Rush 1.12 devices. It has been identified that the smart band has no pairing (mode 0 Bluetooth LE security level) The data being transmitted over the air is not encrypted. Adding to this, the data being sent to the smart band doesn't have any authentication or signature verification. Thus, any attacker can control a parameter of the device. | |||||
| CVE-2020-12051 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser. | |||||
| CVE-2020-10787 | 1 Vestacp | 1 Vesta Control Panel | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root system access from the admin account via v-change-user-password (aka the user password change script). | |||||
| CVE-2020-10786 | 1 Vestacp | 1 Vesta Control Panel | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to execute arbitrary commands on the system via cron jobs. | |||||
| CVE-2019-8961 | 1 Flexera | 1 Flexnet Publisher | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability related to stack exhaustion has been identified in FlexNet Publisher lmadmin.exe 11.16.2. Because the message reading function calls itself recursively given a certain condition in the received message, an unauthenticated remote attacker can repeatedly send messages of that type to cause a stack exhaustion condition. | |||||
| CVE-2020-11828 | 1 Oppo | 1 Coloros | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR. | |||||