Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4461 | 1 Ibm | 1 Security Access Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Access Manager Appliance 9.0.7.1 could allow an authenticated user to bypass security by allowing id_token claims manipulation without verification. IBM X-Force ID: 181481. | |||||
| CVE-2020-13154 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | |||||
| CVE-2020-13135 | 1 D-link | 2 Dsp-w215, Dsp-w215 Firmware | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| D-Link DSP-W215 1.26b03 devices allow information disclosure by intercepting messages on the local network, as demonstrated by a Squid Proxy. | |||||
| CVE-2020-11550 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). | |||||
| CVE-2019-7246 | 1 Amd | 1 Atillk64 | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in atillk64.sys in AMD ATI Diagnostics Hardware Abstraction Sys/Overclocking Utility 5.11.9.0. The vulnerable driver exposes a wrmsr instruction and does not properly filter the Model Specific Register (MSR). Allowing arbitrary MSR writes can lead to Ring-0 code execution and escalation of privileges. | |||||
| CVE-2020-12860 | 1 Health | 1 Covidsafe | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| COVIDSafe through v1.0.17 allows a remote attacker to access phone name and model information because a BLE device can have four roles and COVIDSafe uses all of them. This allows for re-identification of a device, and potentially identification of the owner's name. | |||||
| CVE-2019-20801 | 1 Readdle | 1 Documents | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests. | |||||
| CVE-2020-13125 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in the "Ultimate Addons for Elementor" plugin before 1.24.2 for WordPress, as exploited in the wild in May 2020 in conjunction with CVE-2020-13126. Unauthenticated attackers can create users with the Subscriber role even if registration is disabled. | |||||
| CVE-2020-12068 | 1 Codesys | 12 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 9 more | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in CODESYS Development System before 3.5.16.0. CODESYS WebVisu and CODESYS Remote TargetVisu are susceptible to privilege escalation. | |||||
| CVE-2020-0106 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In getCellLocation of PhoneInterfaceManager.java, there is a possible permission bypass due to a missing SDK version check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-148414207 | |||||
| CVE-2020-0104 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In onShowingStateChanged of KeyguardStateMonitor.java, there is a possible inappropriate read due to a logic error. This could lead to local information disclosure of keyguard-protected data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-144430870 | |||||
| CVE-2020-0101 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In BnCrypto::onTransact of ICrypto.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144767096 | |||||
| CVE-2020-0091 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In mnld, an incorrect configuration in driver_cfg of mnld for meta factory mode.Product: AndroidVersions: Android SoCAndroid ID: A-149808700 | |||||
| CVE-2020-0090 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An improper authorization in the receiver component of Email.Product: AndroidVersions: Android SoCAndroid ID: A-149813048 | |||||
| CVE-2020-0065 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An improper authorization in the receiver component of the Android Suite Daemon.Product: AndroidVersions: Android SoCAndroid ID: A-149813448 | |||||
| CVE-2020-0064 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An improper authorization while processing the provisioning data.Product: AndroidVersions: Android SoCAndroid ID: A-149866855 | |||||
| CVE-2020-1960 | 1 Apache | 1 Flink | 2021-07-21 | 1.9 LOW | 4.7 MEDIUM |
| A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. | |||||
| CVE-2019-13023 | 1 Jetstream | 1 Jetselect | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in all versions of Bond JetSelect. Within the JetSelect Application, the web interface hides RADIUS secrets, WPA passwords, and SNMP strings from 'non administrative' users using HTML 'password field' obfuscation. By using Developer tools or similar, it is possible to change the obfuscation so that the credentials are visible. | |||||
| CVE-2019-13021 | 1 Jetstream | 1 Jetselect | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The administrative passwords for all versions of Bond JetSelect are stored within an unprotected file on the filesystem, rather than encrypted within the MySQL database. This backup copy of the passwords is made as part of the installation script, after the administrator has generated a password using ENCtool.jar (see CVE-2019-13022). This allows any low-privilege user who can read this file to trivially obtain the passwords for the administrative accounts of the JetSelect application. The path to the file containing the encoded password hash is /opt/JetSelect/SFC/resources/sfc-general-properties. | |||||
| CVE-2020-4299 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 could expose sensitive information to a user through a specially crafted HTTP request. IBM X-Force ID: 176606. | |||||
| CVE-2020-12717 | 4 Alberta, Gov, Health and 1 more | 4 Abtracetogether, Protego Safe, Covidsafe and 1 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected. | |||||
| CVE-2020-12831 | 1 Linuxfoundation | 1 Free Range Routing | 2021-07-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** An issue was discovered in FRRouting FRR (aka Free Range Routing) through 7.3.1. When using the split-config feature, the init script creates an empty config file with world-readable default permissions, leading to a possible information leak via tools/frr.in and tools/frrcommon.sh.in. NOTE: some parties consider this user error, not a vulnerability, because the permissions are under the control of the user before any sensitive information is present in the file. | |||||
| CVE-2020-9501 | 1 Dahuasecurity | 1 Web P2p | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Attackers can obtain Cloud Key information from the Dahua Web P2P control in specific ways. Cloud Key is used to authenticate the connection between the client tool and the platform. An attacker may use the leaked Cloud Key to impersonate the client to connect to the platform, resulting in additional consumption of platform server resources. Versions with Build time before April 2020 are affected. | |||||
| CVE-2020-4312 | 1 Ibm | 1 Sterling B2b Integrator | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 trough 6.0.3.1 could allow an authenticated user to obtain sensitive information from a cached web page. IBM X-Force ID: 177089. | |||||
| CVE-2020-12700 | 1 Dkd | 1 Direct Mail | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The direct_mail extension through 5.2.3 for TYPO3 allows Information Disclosure via a newsletter subscriber data Special Query. | |||||
| CVE-2020-12698 | 1 Dkd | 1 Direct Mail | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The direct_mail extension through 5.2.3 for TYPO3 has Broken Access Control for newsletter subscriber tables. | |||||
| CVE-2020-6251 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2021-07-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Under certain conditions or error scenarios SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted. | |||||
| CVE-2020-6250 | 1 Sap | 1 Adaptive Server Enterprise | 2021-07-21 | 6.7 MEDIUM | 6.8 MEDIUM |
| SAP Adaptive Server Enterprise, version 16.0, allows an authenticated attacker to exploit certain misconfigured endpoints exposed over the adjacent network, to read system administrator password leading to Information Disclosure. This could help the attacker to read/write any data and even stop the server like an administrator. | |||||
| CVE-2020-4346 | 1 Ibm | 1 Api Connect | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM API Connect's V2018.4.1.0 through 2018.4.1.10 management server has an unsecured api which can be exploited by an unauthenticated attacker to obtain sensitive information. IBM X-Force ID: 178322. | |||||
| CVE-2019-4478 | 1 Ibm | 1 Maximo Asset Management | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Maximo Asset Management 7.6.0, and 7.6.1 could allow an authenticated user to obtain highly sensitive information that they should not normally have access to. IBM X-Force ID: 163998. | |||||
| CVE-2019-4667 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM UrbanCode Deploy (UCD) 7.0.5.2 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 171249. | |||||
| CVE-2020-12784 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). | |||||
| CVE-2020-0993 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. | |||||
| CVE-2020-0982 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0987, CVE-2020-1005. | |||||
| CVE-2020-0977 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2021-07-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0976. | |||||
| CVE-2020-0976 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2021-07-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0975, CVE-2020-0977. | |||||
| CVE-2020-0975 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2021-07-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0972, CVE-2020-0976, CVE-2020-0977. | |||||
| CVE-2020-0972 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2021-07-21 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from CVE-2020-0975, CVE-2020-0976, CVE-2020-0977. | |||||
| CVE-2020-10081 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. | |||||
| CVE-2020-10080 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. | |||||
| CVE-2019-19799 | 1 Zohocorp | 1 Manageengine Applications Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. | |||||
| CVE-2019-16157 | 1 Fortinet | 1 Fortiweb | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information exposure vulnerability in Fortinet FortiWeb 6.2.0 CLI and earlier may allow an authenticated user to view sensitive information being logged via diagnose debug commands. | |||||
| CVE-2020-7600 | 1 Querymen Project | 1 Querymen | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks. | |||||
| CVE-2020-0551 | 1 Intel | 1321 Atom C2308, Atom C2316, Atom C2338 and 1318 more | 2021-07-21 | 1.9 LOW | 5.6 MEDIUM |
| Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html | |||||
| CVE-2020-0550 | 1 Intel | 752 Celeron 1000m, Celeron 1005m, Celeron 1007u and 749 more | 2021-07-21 | 1.9 LOW | 5.6 MEDIUM |
| Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html | |||||
| CVE-2020-0574 | 1 Intel | 2 Max 10 Fpga, Max 10 Fpga Firmware | 2021-07-21 | 3.6 LOW | 5.9 MEDIUM |
| Improper configuration in block design for Intel(R) MAX(R) 10 FPGA all versions may allow an authenticated user to potentially enable escalation of privilege and information disclosure via physical access. | |||||
| CVE-2020-5961 | 1 Nvidia | 1 Virtual Gpu Graphics Driver | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA vGPU graphics driver for guest OS contains a vulnerability in which an incorrect resource clean up on a failure path can impact the guest VM, leading to denial of service. | |||||
| CVE-2020-5959 | 1 Nvidia | 1 Virtual Gpu Manager | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| NVIDIA Virtual GPU Manager, all versions, contains a vulnerability in the vGPU plugin in which an input index value is incorrectly validated which may lead to denial of service. | |||||
| CVE-2020-0962 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the win32k component improperly provides kernel information, aka 'Win32k Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0699. | |||||
| CVE-2020-0955 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when certain central processing units (CPU) speculatively access memory, aka 'Windows Kernel Information Disclosure in CPU Memory Access'. | |||||