Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8323 | 1 Lenovo | 344 14iwl, 14iwl Firmware, 330-14ast and 341 more | 2020-06-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo ThinkPad, ThinkStation, and Lenovo Notebook models may allow arbitrary code execution. | |||||
| CVE-2020-9076 | 1 Huawei | 6 P30, P30 Firmware, P30 Pro and 3 more | 2020-06-20 | 4.0 MEDIUM | 6.8 MEDIUM |
| HUAWEI P30;HUAWEI P30 Pro;Tony-AL00B smartphones with versions earlier than 10.1.0.135(C00E135R2P11); versions earlier than 10.1.0.135(C00E135R2P8), versions earlier than 10.1.0.135 have an improper authentication vulnerability. Due to the identity of the message sender not being properly verified, an attacker can exploit this vulnerability through man-in-the-middle attack to induce user to access malicious URL. | |||||
| CVE-2020-1834 | 1 Huawei | 4 P30, P30 Firmware, P30 Pro and 1 more | 2020-06-20 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI P30 and HUAWEI P30 Pro with versions earlier than 10.1.0.135(C00E135R2P11) and versions earlier than 10.1.0.135(C00E135R2P8) have an insufficient integrity check vulnerability. The system does not check certain software package's integrity sufficiently. Successful exploit could allow an attacker to load a crafted software package to the device. | |||||
| CVE-2019-20844 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Mattermost Server before 5.18.0, 5.17.2, 5.16.4, 5.15.4, and 5.9.7. An attacker can spoof a direct-message channel by changing the type of a channel. | |||||
| CVE-2020-9522 | 1 Microfocus | 1 Arcsight Enterprise Security Manager Express | 2020-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Enterprise Security Manager (ESM) product, Affecting versions 7.0.x, 7.2 and 7.2.1 . The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-13652 | 1 Digdash | 1 Digdash | 2020-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in DigDash 2018R2 before p20200528, 2019R1 before p20200528, 2019R2 before p20200430, and 2020R1 before p20200507. A cross-site scripting (XSS) vulnerability exists in the login menu. | |||||
| CVE-2020-11838 | 1 Microfocus | 1 Arcsight Management Center | 2020-06-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-14452 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014. | |||||
| CVE-2020-7495 | 1 Schneider-electric | 1 Ecostruxure Operator Terminal Expert | 2020-06-19 | 4.3 MEDIUM | 5.5 MEDIUM |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability during zip file extraction exists in EcoStruxure Operator Terminal Expert 3.1 Service Pack 1 and prior (formerly known as Vijeo XD) which could cause unauthorized write access outside of expected path folder when opening the project file. | |||||
| CVE-2020-8337 | 2 Lenovo, Synaptics | 83 5-15ikb, Air-14 2019, C340-14iwl and 80 more | 2020-06-19 | 7.2 HIGH | 6.7 MEDIUM |
| An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Smart Audio UWP app associated with the DCHU audio drivers on Lenovo platforms that could allow an administrative user to execute arbitrary code. | |||||
| CVE-2020-14462 | 1 Mitre | 1 Caldera | 2020-06-19 | 3.5 LOW | 5.4 MEDIUM |
| CALDERA 2.7.0 allows XSS via the Operation Name box. | |||||
| CVE-2019-20806 | 1 Linux | 1 Linux Kernel | 2020-06-19 | 2.1 LOW | 4.4 MEDIUM |
| An issue was discovered in the Linux kernel before 5.2. There is a NULL pointer dereference in tw5864_handle_frame() in drivers/media/pci/tw5864/tw5864-video.c, which may cause denial of service, aka CID-2e7682ebfc75. | |||||
| CVE-2020-13964 | 1 Roundcube | 1 Webmail | 2020-06-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. include/rcmail_output_html.php allows XSS via the username template object. | |||||
| CVE-2020-4406 | 3 Ibm, Linux, Microsoft | 5 Aix, Spectrum Protect Client, Spectrum Protect For Space Management and 2 more | 2020-06-18 | 3.5 LOW | 5.4 MEDIUM |
| IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. IBM X-Force ID: 179488. | |||||
| CVE-2020-9427 | 1 Open-xchange | 1 Ox Guard | 2020-06-18 | 4.0 MEDIUM | 5.0 MEDIUM |
| OX Guard 2.10.3 and earlier allows SSRF. | |||||
| CVE-2020-1825 | 1 Huawei | 1 Fusionaccess | 2020-06-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal. | |||||
| CVE-2015-7851 | 1 Ntp | 1 Ntp | 2020-06-18 | 3.5 LOW | 6.5 MEDIUM |
| Directory traversal vulnerability in the save_config function in ntpd in ntp_control.c in NTP before 4.2.8p4, when used on systems that do not use '\' or '/' characters for directory separation such as OpenVMS, allows remote authenticated users to overwrite arbitrary files. | |||||
| CVE-2015-7702 | 5 Debian, Netapp, Ntp and 2 more | 13 Debian Linux, Clustered Data Ontap, Data Ontap and 10 more | 2020-06-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash). NOTE: This vulnerability exists due to an incomplete fix for CVE-2014-9750. | |||||
| CVE-2015-7852 | 5 Debian, Netapp, Ntp and 2 more | 14 Debian Linux, Clustered Data Ontap, Data Ontap and 11 more | 2020-06-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (crash) via crafted mode 6 response packets. | |||||
| CVE-2015-7850 | 3 Debian, Netapp, Ntp | 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more | 2020-06-18 | 4.0 MEDIUM | 6.5 MEDIUM |
| ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file. | |||||
| CVE-2018-7170 | 4 Hpe, Netapp, Ntp and 1 more | 10 Hpux-ntp, Hci, Solidfire and 7 more | 2020-06-18 | 3.5 LOW | 5.3 MEDIUM |
| ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows authenticated users that know the private symmetric key to create arbitrarily-many ephemeral associations in order to win the clock selection of ntpd and modify a victim's clock via a Sybil attack. This issue exists because of an incomplete fix for CVE-2016-1549. | |||||
| CVE-2020-3929 | 1 Usavisionsys | 10 Geovision Gv-as1010, Geovision Gv-as1010 Firmware, Geovision Gv-as210 and 7 more | 2020-06-18 | 4.3 MEDIUM | 5.9 MEDIUM |
| GeoVision Door Access Control device family employs shared cryptographic private keys for SSH and HTTPS. Attackers may conduct MITM attack with the derived keys and plaintext recover of encrypted messages. | |||||
| CVE-2020-11863 | 2 Fedoraproject, Libemf Project | 2 Fedora, Libemf | 2020-06-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 1 of 2). | |||||
| CVE-2020-11864 | 2 Fedoraproject, Libemf Project | 2 Fedora, Libemf | 2020-06-18 | 4.3 MEDIUM | 5.5 MEDIUM |
| libEMF (aka ECMA-234 Metafile Library) through 1.0.11 allows denial of service (issue 2 of 2). | |||||
| CVE-2020-11798 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2020-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories. | |||||
| CVE-2020-7504 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-06-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. | |||||
| CVE-2020-11839 | 1 Microfocus | 1 Arcsight Logger | 2020-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | |||||
| CVE-2020-9426 | 1 Open-xchange | 1 Ox Guard | 2020-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX Guard 2.10.3 and earlier allows XSS. | |||||
| CVE-2020-12659 | 1 Linux | 1 Linux Kernel | 2020-06-17 | 7.2 HIGH | 6.7 MEDIUM |
| An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation. | |||||
| CVE-2020-14146 | 1 Kumbiaphp | 1 Kumbiaphp | 2020-06-17 | 3.5 LOW | 5.4 MEDIUM |
| KumbiaPHP through 1.1.1, in Development mode, allows XSS via the public/pages/kumbia PATH_INFO. | |||||
| CVE-2018-16848 | 1 Redhat | 1 Openstack-mistral | 2020-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Denial of Service (DoS) condition is possible in OpenStack Mistral in versions up to and including 7.0.3. Submitting a specially crafted workflow definition YAML file containing nested anchors can lead to resource exhaustion culminating in a denial of service. | |||||
| CVE-2020-8322 | 1 Lenovo | 102 14iwl, 14iwl Firmware, 330-14ast and 99 more | 2020-06-17 | 4.6 MEDIUM | 6.7 MEDIUM |
| A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo Notebook and ThinkStation models may allow arbitrary code execution. | |||||
| CVE-2020-8544 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite through 7.10.3 allows SSRF. | |||||
| CVE-2020-8541 | 1 Open-xchange | 1 Open-xchange Appsuite | 2020-06-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| OX App Suite through 7.10.3 allows XXE attacks. | |||||
| CVE-2020-8320 | 1 Lenovo | 200 Thinkpad 11e, Thinkpad 11e Firmware, Thinkpad 11e Yoga Gen 6 and 197 more | 2020-06-17 | 4.6 MEDIUM | 6.8 MEDIUM |
| An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of privilege. | |||||
| CVE-2018-2839 | 3 Canonical, Netapp, Oracle | 7 Ubuntu Linux, Oncommand Insight, Oncommand Unified Manager and 4 more | 2020-06-16 | 4.0 MEDIUM | 4.9 MEDIUM |
| Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: DML). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.0 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | |||||
| CVE-2020-4380 | 1 Ibm | 1 Workload Scheduler | 2020-06-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM Workload Scheduler 9.3.0.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 179160. | |||||
| CVE-2020-1220 | 1 Microsoft | 9 Edge, Windows 10, Windows 7 and 6 more | 2020-06-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| A spoofing vulnerability exists when theMicrosoft Edge (Chromium-based) in IE Mode improperly handles specific redirects, aka 'Microsoft Edge (Chromium-based) in IE Mode Spoofing Vulnerability'. | |||||
| CVE-2020-2033 | 1 Paloaltonetworks | 1 Globalprotect | 2020-06-16 | 2.9 LOW | 5.3 MEDIUM |
| When the pre-logon feature is enabled, a missing certification validation in Palo Alto Networks GlobalProtect app can disclose the pre-logon authentication cookie to a man-in-the-middle attacker on the same local area network segment with the ability to manipulate ARP or to conduct ARP spoofing attacks. This allows the attacker to access the GlobalProtect Server as allowed by configured Security rules for the 'pre-login' user. This access may be limited compared to the network access of regular users. This issue affects: GlobalProtect app 5.0 versions earlier than GlobalProtect app 5.0.10 when the prelogon feature is enabled; GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.4 when the prelogon feature is enabled. | |||||
| CVE-2020-13271 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1 | |||||
| CVE-2020-13269 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Reflected Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code on the Static Site Editor in GitLab CE/EE 12.10 and later through 13.0.1 | |||||
| CVE-2020-13267 | 1 Gitlab | 1 Gitlab | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Stored Cross-Site Scripting vulnerability allowed the execution on Javascript payloads on the Metrics Dashboard in GitLab CE/EE 12.8 and later through 13.0.1 | |||||
| CVE-2020-6270 | 1 Sap | 1 Netweaver As Abap | 2020-06-16 | 4.0 MEDIUM | 6.5 MEDIUM |
| SAP NetWeaver AS ABAP (Banking Services), versions - 710, 711, 740, 750, 751, 752, 75A, 75B, 75C, 75D, 75E, does not perform necessary authorization checks for an authenticated user due to Missing Authorization Check, allowing wrong and unexpected change of individual conditions by a malicious user leading to wrong prices. | |||||
| CVE-2020-4251 | 1 Ibm | 1 Api Connect | 2020-06-16 | 3.5 LOW | 5.4 MEDIUM |
| IBM API Connect 5.0.0.0 through 5.0.8.8 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 175489. | |||||
| CVE-2020-6266 | 1 Sap | 1 Fiori | 2020-06-16 | 4.9 MEDIUM | 5.4 MEDIUM |
| SAP Fiori for SAP S/4HANA, versions - 100, 200, 300, 400, allows an attacker to redirect users to a malicious site due to insufficient URL validation, leading to URL Redirection. | |||||
| CVE-2020-6260 | 1 Sap | 1 Solution Manager | 2020-06-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist. | |||||
| CVE-2020-6246 | 1 Sap | 1 Netweaver As Abap Business Server Pages | 2020-06-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS ABAP Business Server Pages Test Application SBSPEXT_TABLE, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, does not sufficiently encode user-controlled inputs, resulting in reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-1323 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2020-06-16 | 5.8 MEDIUM | 6.1 MEDIUM |
| An open redirect vulnerability exists in Microsoft SharePoint that could lead to spoofing.To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link, aka 'SharePoint Open Redirect Vulnerability'. | |||||
| CVE-2020-1340 | 1 Microsoft | 1 Nugetgallery | 2020-06-16 | 3.5 LOW | 5.4 MEDIUM |
| A spoofing vulnerability exists when the NuGetGallery does not properly sanitize input on package metadata values, aka 'NuGetGallery Spoofing Vulnerability'. | |||||
| CVE-2019-20485 | 2 Debian, Redhat | 2 Debian Linux, Libvirt | 2020-06-16 | 2.7 LOW | 5.7 MEDIUM |
| qemu/qemu_driver.c in libvirt before 6.0.0 mishandles the holding of a monitor job during a query to a guest agent, which allows attackers to cause a denial of service (API blockage). | |||||