Search
Total
6056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23741 | 1 Amoisoft | 1 Anyview | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). | |||||
| CVE-2020-29439 | 1 Tesla | 2 Model X, Model X Firmware | 2020-12-04 | 2.1 LOW | 4.6 MEDIUM |
| Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.) | |||||
| CVE-2020-23738 | 1 Advancedsystemcare | 1 Advanced Systemcare | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD) | |||||
| CVE-2020-23736 | 1 Dadajiasu | 1 Dada Accelerator | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). | |||||
| CVE-2020-23727 | 1 Antiy | 1 Antiy Zhijia Terminal Defense System | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD). | |||||
| CVE-2020-23726 | 1 Wisecleaner | 1 Wise Care 365 | 2020-12-04 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD). | |||||
| CVE-2020-7927 | 1 Mongodb | 1 Ops Manager | 2020-12-03 | 4.0 MEDIUM | 6.5 MEDIUM |
| Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions 4.2.0-4.2.17, v4.3 versions 4.3.0-4.3.9 and v4.4 versions 4.4.0-4.4.2. | |||||
| CVE-2020-29069 | 1 Modern Honey Network Project | 1 Modern Honey Network | 2020-12-03 | 2.1 LOW | 5.5 MEDIUM |
| _get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string. | |||||
| CVE-2020-5947 | 1 F5 | 19 Big-ip 2000, Big-ip 4000, Big-ip Access Policy Manager and 16 more | 2020-12-02 | 4.0 MEDIUM | 4.3 MEDIUM |
| In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE). | |||||
| CVE-2020-4129 | 1 Hcltech | 1 Hcl Domino | 2020-12-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| HCL Domino is susceptible to a lockout policy bypass vulnerability in the LDAP service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the LDAP service. Fixes are available in HCL Domino versions 9.0.1 FP10 IF6, 10.0.1 FP6 and 11.0.1 FP1 and later. | |||||
| CVE-2020-26406 | 1 Gitlab | 1 Gitlab | 2020-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-4592 | 1 Ibm | 1 Mq Appliance | 2020-12-01 | 3.5 LOW | 6.5 MEDIUM |
| IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. | |||||
| CVE-2020-7765 | 1 Google | 1 Firebase\/util | 2020-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | |||||
| CVE-2020-27629 | 1 Jetbrains | 1 Teamcity | 2020-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. | |||||
| CVE-2020-8354 | 1 Lenovo | 2 Notebook, Notebook Firmware | 2020-11-30 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. | |||||
| CVE-2020-8353 | 1 Lenovo | 28 Thinkcentre M80s, Thinkcentre M80s Firmware, Thinkcentre M80t and 25 more | 2020-11-30 | 4.6 MEDIUM | 6.7 MEDIUM |
| Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded Host Based Configuration (EHBC) feature of Intel AMT enabled. This could allow an administrative user with local access to configure Intel AMT. | |||||
| CVE-2020-8677 | 1 Intel | 2 Visual Compute Accelerator 2, Visual Compute Accelerator 2 Firmware | 2020-11-30 | 2.1 LOW | 4.4 MEDIUM |
| Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-13352 | 1 Gitlab | 1 Gitlab | 2020-11-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-13348 | 1 Gitlab | 1 Gitlab | 2020-11-27 | 4.0 MEDIUM | 5.7 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2019-8858 | 1 Apple | 1 Mac Os X | 2020-11-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A user who shares their screen may not be able to end screen sharing. | |||||
| CVE-2018-17774 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2020-11-24 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have an insecure NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2018-17768 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2020-11-24 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have an insecure TRACE protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2018-17765 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2020-11-24 | 7.2 HIGH | 6.8 MEDIUM |
| Ingenico Telium 2 POS terminals have undeclared TRACE protocol commands. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2020-26814 | 1 Sap | 1 Process Integration \(pgp Module - Business-to-business Add On\) | 2020-11-23 | 4.0 MEDIUM | 4.9 MEDIUM |
| SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure. | |||||
| CVE-2020-4692 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780. | |||||
| CVE-2020-4763 | 1 Ibm | 1 Sterling File Gateway | 2020-11-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897. | |||||
| CVE-2020-4665 | 1 Ibm | 1 Sterling File Gateway | 2020-11-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. | |||||
| CVE-2020-4566 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. | |||||
| CVE-2020-4475 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2020-27622 | 1 Jetbrains | 1 Intellij Idea | 2020-11-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. | |||||
| CVE-2020-27628 | 1 Jetbrains | 1 Teamcity | 2020-11-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. | |||||
| CVE-2020-13772 | 1 Ivanti | 1 Endpoint Manager | 2020-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. | |||||
| CVE-2020-27625 | 1 Jetbrains | 1 Youtrack | 2020-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. | |||||
| CVE-2020-6015 | 1 Checkpoint | 1 Endpoint Security | 2020-11-17 | 2.1 LOW | 5.5 MEDIUM |
| Check Point Endpoint Security for Windows before E84.10 can reach denial of service during clean install of the client which will prevent the storage of service log files in non-standard locations. | |||||
| CVE-2020-9968 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-11-15 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Catalina 10.15.7, tvOS 14.0, watchOS 7.0. A malicious application may be able to access restricted files. | |||||
| CVE-2020-8577 | 1 Netapp | 1 E-series Santricity Os Controller | 2020-11-13 | 4.3 MEDIUM | 5.9 MEDIUM |
| SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability which could allow an attacker to discover sensitive information by intercepting its transmission within an https session. | |||||
| CVE-2020-7761 | 1 Absolunet | 1 Kafe | 2020-11-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package @absolunet/kafe before 3.2.10. It allows cause a denial of service when validating crafted invalid emails. | |||||
| CVE-2020-27123 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2020-11-12 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. | |||||
| CVE-2015-8818 | 1 Qemu | 1 Qemu | 2020-11-10 | 2.1 LOW | 5.5 MEDIUM |
| The cpu_physical_memory_write_rom_internal function in exec.c in QEMU (aka Quick Emulator) does not properly skip MMIO regions, which allows local privileged guest users to cause a denial of service (guest crash) via unspecified vectors. | |||||
| CVE-2017-9330 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 1.9 LOW | 5.6 MEDIUM |
| QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI Emulation support, allows local guest OS users to cause a denial of service (infinite loop) by leveraging an incorrect return value, a different vulnerability than CVE-2017-6505. | |||||
| CVE-2020-5935 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2020-11-09 | 4.3 MEDIUM | 5.9 MEDIUM |
| On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file. | |||||
| CVE-2020-5934 | 1 F5 | 1 Big-ip Access Policy Manager | 2020-11-09 | 3.3 LOW | 6.5 MEDIUM |
| On BIG-IP APM 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when multiple HTTP requests from the same client to configured SAML Single Logout (SLO) URL are passing through a TCP Keep-Alive connection, traffic to TMM can be disrupted. | |||||
| CVE-2020-27740 | 1 Citadel | 1 Webcit | 2020-11-04 | 5.0 MEDIUM | 5.3 MEDIUM |
| Citadel WebCit through 926 allows unauthenticated remote attackers to enumerate valid users within the platform. NOTE: this was reported to the vendor in a publicly archived "Multiple Security Vulnerabilities in WebCit 926" thread. | |||||
| CVE-2019-8656 | 1 Apple | 1 Mac Os X | 2020-11-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| This was addressed with additional checks by Gatekeeper on files mounted through a network share. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. Extracting a zip file containing a symbolic link to an endpoint in an NFS mount that is attacker controlled may bypass Gatekeeper. | |||||
| CVE-2020-6829 | 1 Mozilla | 1 Firefox | 2020-11-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | |||||
| CVE-2018-4433 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-11-02 | 4.3 MEDIUM | 5.5 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, watchOS 5, iOS 12, tvOS 12, macOS Mojave 10.14. A malicious application may be able to modify protected parts of the file system. | |||||
| CVE-2019-8645 | 1 Apple | 1 Mac Os X | 2020-11-02 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue existed in the handling of encrypted Mail. This issue was addressed with improved isolation of MIME in Mail. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An attacker in a privileged network position may be able to intercept the contents of S/MIME-encrypted e-mail. | |||||
| CVE-2020-3993 | 1 Vmware | 2 Cloud Foundation, Nsx-t Data Center | 2020-10-30 | 4.3 MEDIUM | 5.9 MEDIUM |
| VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node. | |||||
| CVE-2020-3996 | 1 Vmware | 1 Velero | 2020-10-30 | 2.1 LOW | 5.5 MEDIUM |
| Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. | |||||
| CVE-2019-14716 | 1 Verifone | 2 Verix Os, Vx520 | 2020-10-30 | 4.6 MEDIUM | 6.6 MEDIUM |
| Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). | |||||