Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10839 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020). | |||||
| CVE-2020-10834 | 1 Google | 1 Android | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notifications on the lock screen via Routines. The Samsung ID is SVE-2019-15074 (February 2020). | |||||
| CVE-2020-10570 | 1 Telegram | 1 Telegram | 2021-07-21 | 3.6 LOW | 6.1 MEDIUM |
| The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature. | |||||
| CVE-2020-10870 | 1 Zim-wiki | 1 Zim | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could predict and create Zim's temporary directories and prevent other users from being able to start Zim, resulting in a denial of service. | |||||
| CVE-2020-6426 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in V8 in Google Chrome prior to 80.0.3987.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-8497 | 1 Artica | 1 Pandora Fms | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file is in JSON format and it contains user names, user IDs, private messages, and timestamps. | |||||
| CVE-2020-10807 | 1 Mitre | 1 Caldera | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "localhost" string in the HTTP Host header. | |||||
| CVE-2020-10194 | 1 Zimbra | 1 Zm-mailbox | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated users to request any GAL account. This differs from the intended behavior in which the domain of the authenticated user must match the domain of the galsync account in the request. | |||||
| CVE-2020-9343 | 2 Microsoft, Signotec | 2 Windows, Signopad-api\/web | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array. | |||||
| CVE-2019-16062 | 1 Netsas | 1 Enigma Network Management Solution | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| NETSAS Enigma NMS 65.0.0 and prior does not encrypt sensitive data stored within the SQL database. It is possible for an attacker to expose unencrypted sensitive data. | |||||
| CVE-2020-4203 | 1 Ibm | 1 Datapower Gateway | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956. | |||||
| CVE-2020-10665 | 1 Docker | 1 Desktop | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the collection of diagnostics with Administrator privileges, leading to arbitrary DACL permissions overwrites and arbitrary file writes. This affects Docker Desktop Enterprise before 2.1.0.9, Docker Desktop for Windows Stable before 2.2.0.4, and Docker Desktop for Windows Edge before 2.2.2.0. | |||||
| CVE-2019-12921 | 1 Graphicsmagick | 1 Graphicsmagick | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In GraphicsMagick before 1.3.32, the text filename component allows remote attackers to read arbitrary files via a crafted image because of TranslateTextEx for SVG. | |||||
| CVE-2020-9323 | 1 Aquaforest | 1 Tiff Server | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Aquaforest TIFF Server 4.0 allows Unauthenticated File and Directory Enumeration via tiffserver/tssp.aspx. | |||||
| CVE-2020-10122 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547). | |||||
| CVE-2020-10116 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts via WebDisk UAPI calls (SEC-541). | |||||
| CVE-2019-20495 | 1 Cpanel | 1 Cpanel | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| cPanel before 82.0.18 allows attackers to read an arbitrary database via MySQL dump streaming (SEC-531). | |||||
| CVE-2020-7608 | 1 Yargs | 1 Yargs-parser | 2021-07-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload. | |||||
| CVE-2019-19946 | 1 Dradisframework | 1 Dradis | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The API in Dradis Pro 3.4.1 allows any user to extract the content of a project, even if this user is not part of the project team. | |||||
| CVE-2019-4656 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Mq and 5 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 7.1, 7.5, 8.0, 9.0 LTS, 9.1 LTS, and 9.1 CD is vulnerable to a denial of service attack that would allow an authenticated user to crash the queue and require a restart due to an error processing error messages. IBM X-Force ID: 170967. | |||||
| CVE-2020-9518 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Login filter can access configuration files vulnerability in Micro Focus Service Manager (Web Tier), affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62. The vulnerability could be exploited to allow unauthorized access to configuration data. | |||||
| CVE-2020-9519 | 1 Microfocus | 1 Service Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HTTP methods reveled in Web services vulnerability in Micro Focus Service manager (server), affecting versions 9.40, 9.41, 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow exposure of configuration data. | |||||
| CVE-2019-6696 | 1 Fortinet | 1 Fortios | 2021-07-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| An improper input validation vulnerability in FortiOS 6.2.1, 6.2.0, 6.0.8 and below until 5.4.0 under admin webUI may allow an attacker to perform an URL redirect attack via a specifically crafted request to the admin initial password change webpage. | |||||
| CVE-2020-0088 | 1 Google | 1 Android | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| In parseTrackFragmentRun of MPEG4Extractor.cpp, there is possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-124389881 | |||||
| CVE-2020-10075 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input. | |||||
| CVE-2020-10085 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles. | |||||
| CVE-2020-10084 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace | |||||
| CVE-2020-0505 | 1 Intel | 1 Graphics Driver | 2021-07-21 | 3.6 LOW | 6.1 MEDIUM |
| Improper conditions check in Intel(R) Graphics Drivers before versions 15.33.49.5100, 15.36.38.5117, 15.40.44.5107, 15.45.30.5103, and 26.20.100.7212 may allow an authenticated user to potentially enable information disclosure and denial of service via local | |||||
| CVE-2019-14626 | 1 Intel | 2 Field Programmable Gate Array Programmable Acceleration Card N3000, Field Programmable Gate Array Programmable Acceleration Card N3000 Firmware | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper access control in PCIe function for the IntelĀ® FPGA Programmable Acceleration Card N3000, all versions, may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-0885 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows Graphics Component Information Disclosure Vulnerability'. | |||||
| CVE-2020-0882 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0880. | |||||
| CVE-2020-0880 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0879, CVE-2020-0882. | |||||
| CVE-2020-0879 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, CVE-2020-0880, CVE-2020-0882. | |||||
| CVE-2020-0874 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0879, CVE-2020-0880, CVE-2020-0882. | |||||
| CVE-2020-0871 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Windows Network Connections Service fails to properly handle objects in memory, aka 'Windows Network Connections Service Information Disclosure Vulnerability'. | |||||
| CVE-2020-5182 | 1 Cmsjunkie | 1 J-businessdirectory | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| The J-BusinessDirectory extension before 5.2.9 for Joomla! allows Reverse Tabnabbing. In some configurations, the link to the business website can be entered by any user. If it doesn't contain rel="noopener" (or similar attributes such as noreferrer), the tabnabbing may occur. To reproduce the bug, create a business with a website link that contains JavaScript to exploit the window.opener property (for example, by setting window.opener.location). | |||||
| CVE-2020-4224 | 1 Ibm | 1 Storediq | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM StoredIQ 7.6.0.17 through 7.6.0.20 could disclose sensitive information to a local user due to data in certain directories not being encrypted when it contained symbolic links. IBM X-Force ID: 175133. | |||||
| CVE-2020-7993 | 1 Prototypejs | 1 Prototype | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field. | |||||
| CVE-2019-19119 | 1 Paessler | 1 Prtg Network Monitor | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in PRTG 7.x through 19.4.53. Due to insufficient access control on local registry keys for the Core Server Service, a non-administrative user on the local machine is able to access administrative credentials. | |||||
| CVE-2020-8516 | 1 Torproject | 1 Tor | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| ** DISPUTED ** The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node is known before attempting to connect to it, which might make it easier for remote attackers to discover circuit information. NOTE: The network team of Tor claims this is an intended behavior and not a vulnerability. | |||||
| CVE-2020-8422 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote Access Plus before 10.0.450. A user with the Guest role can extract the collection of all defined credentials of remote machines: the credential name, credential type, user name, domain/workgroup name, and description (but not the password). | |||||
| CVE-2020-7955 | 1 Hashicorp | 1 Consul | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all API endpoints, resulting in potential unintended information disclosure. Fixed in 1.6.3. | |||||
| CVE-2020-7908 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages. | |||||
| CVE-2019-17273 | 1 Netapp | 1 E-series Santricity Os Controller | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| E-Series SANtricity OS Controller Software version 11.60.0 is susceptible to a vulnerability which allows an attacker to cause a Denial of Service (DoS) in IPv6 environments. | |||||
| CVE-2020-8315 | 1 Python | 1 Python | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure dependency load upon launch on Windows 7 may result in an attacker's copy of api-ms-win-core-path-l1-1-0.dll being loaded and used instead of the system's copy. Windows 8 and later are unaffected. | |||||
| CVE-2019-4614 | 4 Ibm, Linux, Microsoft and 1 more | 5 Mq, Mq Appliance, Linux Kernel and 2 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS client connecting to a Queue Manager could cause a SIGSEGV denial of service caused by converting an invalid message. IBM X-Force ID: 168639. | |||||
| CVE-2019-4568 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Mq and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM MQ and IBM MQ Appliance 8.0 and 9.0 LTS could allow a remote attacker with intimate knowledge of the server to cause a denial of service when receiving data on the channel. IBM X-Force ID: 166629. | |||||
| CVE-2020-1932 | 1 Apache | 1 Superset | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure issue was found in Apache Superset 0.34.0, 0.34.1, 0.35.0, and 0.35.1. Authenticated Apache Superset users are able to retrieve other users' information, including hashed passwords, by accessing an unused and undocumented API endpoint on Apache Superset. | |||||
| CVE-2020-0549 | 1 Intel | 854 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 851 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Cleanup errors in some data cache evictions for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-0548 | 1 Intel | 854 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 851 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||