Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8569 | 1 Apple | 1 Mac Os X | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-8525 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, watchOS 5.2, macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.2. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-27181 | 1 Konzept-ix | 1 Publixone | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. | |||||
| CVE-2020-7196 | 1 Hp | 2 Bluedata Epic, Ezmeral Container Platform | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/". | |||||
| CVE-2020-3998 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes. | |||||
| CVE-2020-9361 | 1 Cryptopro | 1 Csp | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation. | |||||
| CVE-2020-15003 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). | |||||
| CVE-2020-26650 | 1 Atomx | 1 Atomxcms | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | |||||
| CVE-2020-27646 | 1 Biscom | 1 Secure File Transfer | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. | |||||
| CVE-2020-3981 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2021-07-21 | 3.5 LOW | 5.8 MEDIUM |
| VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | |||||
| CVE-2020-4491 | 1 Ibm | 1 Spectrum Scale | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991. | |||||
| CVE-2020-7748 | 1 Ts.ed Project | 1 Ts.ed | 2021-07-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | |||||
| CVE-2020-9092 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. | |||||
| CVE-2020-11496 | 1 Sprecher-automation | 1 Sprecon-e | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device. | |||||
| CVE-2019-12305 | 1 Actions-micro | 2 Ezcast Pro Ii, Ezcast Pro Ii Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| In EZCast Pro II, the administrator password md5 hash is provided upon a web request. This hash can be cracked to access the administration panel of the device. | |||||
| CVE-2020-24352 | 1 Qemu | 1 Qemu | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | |||||
| CVE-2020-14185 | 1 Atlassian | 1 Jira | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2. | |||||
| CVE-2020-6371 | 1 Sap | 1 Netweaver As Abap | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure. | |||||
| CVE-2020-25778 | 1 Trendmicro | 1 Antivirus | 2021-07-21 | 2.1 LOW | 6.0 MEDIUM |
| Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension where an attacker could supply a kernel pointer and leak several bytes of memory. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability. | |||||
| CVE-2020-0415 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-156020795 | |||||
| CVE-2020-0414 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In AudioFlinger::RecordThread::threadLoop of audioflinger/Threads.cpp, there is a possible non-silenced audio buffer due to a permissions bypass. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-157708122 | |||||
| CVE-2020-0411 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ~AACExtractor() of AACExtractor.cpp, there is a possible out of bounds write due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-142641801 | |||||
| CVE-2020-0410 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In setNotification of SapServer.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-156021269 | |||||
| CVE-2020-0400 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-153356561 | |||||
| CVE-2020-0398 | 1 Google | 1 Android | 2021-07-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a PendingIntent error. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-154323381 | |||||
| CVE-2020-8821 | 1 Webmin | 1 Webmin | 2021-07-21 | 3.5 LOW | 5.4 MEDIUM |
| An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered (however, JavaScript is not executed). Changes are kept across users. | |||||
| CVE-2020-9110 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an information disclosure vulnerability. The device does not sufficiently validate the output of device in certain specific scenario, the attacker can gain information in the victim's smartphone to launch the attack, successful exploit could cause information disclosure. | |||||
| CVE-2020-9109 | 1 Huawei | 12 Laya-al00ep, Laya-al00ep Firmware, Mate 20 and 9 more | 2021-07-21 | 1.9 LOW | 4.6 MEDIUM |
| There is an information disclosure vulnerability in several smartphones. The device does not sufficiently validate the identity of smart wearable device in certain specific scenario, the attacker need to gain certain information in the victim's smartphone to launch the attack, and successful exploit could cause information disclosure.Affected product versions include:HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI Mate 20 X versions earlier than 10.1.0.160(C00E160R2P8),versions earlier than 10.1.0.160(C01E160R2P8);HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8);Laya-AL00EP versions earlier than 10.1.0.160(C786E160R3P8);Tony-AL00B versions earlier than 10.1.0.160(C00E160R2P11);Tony-TL00B versions earlier than 10.1.0.160(C01E160R2P11). | |||||
| CVE-2020-9106 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have a path traversal vulnerability. The system does not sufficiently validate certain pathname, successful exploit could allow the attacker access files and cause information disclosure. | |||||
| CVE-2020-4740 | 1 Ibm | 1 Infosphere Information Server | 2021-07-21 | 4.3 MEDIUM | 5.2 MEDIUM |
| IBM InfoSphere Information Server 11.5 and 11.7 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 188150. | |||||
| CVE-2020-4689 | 1 Ibm | 1 Security Guardium | 2021-07-21 | 8.5 HIGH | 6.8 MEDIUM |
| IBM Security Guardium 11.2 is vulnerable to CVS Injection. A remote privileged attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-ForceID: 186696. | |||||
| CVE-2020-4678 | 1 Ibm | 1 Security Guardium | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM Security Guardium 11.2 could allow an attacker with admin access to obtain and read files that they normally would not have access to. IBM X-Force ID: 186423. | |||||
| CVE-2020-13341 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2. Insufficient permission check allows attacker with developer role to perform various deletions. | |||||
| CVE-2020-4774 | 1 Ibm | 1 Curam Social Program Management | 2021-07-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| An XPath vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10, caused by the improper handling of user-supplied input. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to obtain unauthorized access or reveal sensitive information such as XML document structure and content. IBM X-Force ID: 189152. | |||||
| CVE-2020-13955 | 1 Apache | 1 Calcite | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| HttpUtils#getURLConnection method disables explicitly hostname verification for HTTPS connections making clients vulnerable to man-in-the-middle attacks. Calcite uses internally this method to connect with Druid and Splunk so information leakage may happen when using the respective Calcite adapters. The method itself is in a utility class so people may use it to create vulnerable HTTPS connections for other applications. From Apache Calcite 1.26 onwards, the hostname verification will be performed using the default JVM truststore. | |||||
| CVE-2020-26931 | 1 Netgear | 6 Wc7500, Wc7500 Firmware, Wc7600 and 3 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24. | |||||
| CVE-2020-26924 | 1 Netgear | 4 Wac720, Wac720 Firmware, Wac730 and 1 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13. | |||||
| CVE-2020-26901 | 1 Netgear | 12 Rbk752, Rbk752 Firmware, Rbk852 and 9 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2020-25768 | 1 Contao | 1 Contao | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered. | |||||
| CVE-2020-13346 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Membership changes are not reflected in ToDo subscriptions in GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, allowing guest users to access confidential issues through API. | |||||
| CVE-2020-13335 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | |||||
| CVE-2020-26599 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020). | |||||
| CVE-2020-4528 | 1 Ibm | 1 Datapower Gateway | 2021-07-21 | 1.9 LOW | 5.5 MEDIUM |
| IBM MQ Appliance (IBM DataPower Gateway 10.0.0.0 and 2018.4.1.0 through 2018.4.1.12) could allow a local user, under special conditions, to obtain highly sensitive information from log files. IBM X-Force ID: 182658. | |||||
| CVE-2020-8671 | 1 Intel | 49 Bios, Celeron 4205u, Celeron 4305u and 46 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processors and Intel(R) Celeron(R) Processor 4000 Series may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-0571 | 1 Intel | 22 Bios, Core I3 8100, Core I3 8100f and 19 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper conditions check in BIOS firmware for 8th Generation Intel(R) Core(TM) Processors and Intel(R) Pentium(R) Silver Processor Series may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-7709 | 1 Smallpdf | 1 Json-pointer | 2021-07-21 | 6.5 MEDIUM | 6.0 MEDIUM |
| This affects the package json-pointer before 0.6.1. Multiple reference of object using slash is supported. | |||||
| CVE-2020-25048 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Lockscreen state, the Quick Share feature allows unauthenticated downloads, aka file injection. The Samsung ID is SVE-2020-17760 (August 2020). | |||||
| CVE-2020-13464 | 1 Cksic | 2 Cks32f103, Cks32f103 Firmware | 2021-07-21 | 1.9 LOW | 4.2 MEDIUM |
| The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module. | |||||
| CVE-2020-12643 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. | |||||
| CVE-2020-24928 | 1 Premid | 1 Premid | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 3020) open to all origins, which allows attackers to obtain sensitive Discord user information. | |||||