Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4782 | 1 Ibm | 1 Websphere Application Server | 2020-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | |||||
| CVE-2020-7127 | 1 Arubanetworks | 1 Airwave Glass | 2020-10-30 | 7.5 HIGH | 9.8 CRITICAL |
| A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-3996 | 1 Vmware | 1 Velero | 2020-10-30 | 2.1 LOW | 5.5 MEDIUM |
| Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users. | |||||
| CVE-2019-8509 | 1 Apple | 1 Mac Os X | 2020-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. A malicious application may be able to elevate privileges. | |||||
| CVE-2019-8532 | 1 Apple | 2 Iphone Os, Watchos | 2020-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in watchOS 5.2, iOS 12.2. A malicious application may be able to access restricted files. | |||||
| CVE-2019-8539 | 1 Apple | 1 Mac Os X | 2020-10-30 | 9.3 HIGH | 7.8 HIGH |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-14716 | 1 Verifone | 2 Verix Os, Vx520 | 2020-10-30 | 4.6 MEDIUM | 6.6 MEDIUM |
| Verifone VerixV Pinpad Payment Terminals with QT000530 have an undocumented physical access mode (aka VerixV shell.out). | |||||
| CVE-2019-14717 | 1 Verifone | 2 Verix Os, Vx520 | 2020-10-30 | 4.6 MEDIUM | 7.8 HIGH |
| Verifone Verix OS on VerixV Pinpad Payment Terminals with QT000530 have a Buffer Overflow via the Run system call. | |||||
| CVE-2020-15270 | 1 Parseplatform | 1 Parse-server | 2020-10-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| Parse Server (npm package parse-server) broadcasts events to all clients without checking if the session token is valid. This allows clients with expired sessions to still receive subscription objects. It is not possible to create subscription objects with invalid session tokens. The issue is not patched. | |||||
| CVE-2020-9417 | 1 Tibco | 3 Foresight Archive And Retrieval System, Foresight Operational Monitor, Foresight Transaction Insight | 2020-10-30 | 6.5 MEDIUM | 8.8 HIGH |
| The Transaction Insight reporting component of TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System, TIBCO Foresight Archive and Retrieval System Healthcare Edition, TIBCO Foresight Operational Monitor, TIBCO Foresight Operational Monitor Healthcare Edition, TIBCO Foresight Transaction Insight, and TIBCO Foresight Transaction Insight Healthcare Edition contains a vulnerability that theoretically allows an authenticated attacker to perform SQL injection. Affected releases are TIBCO Software Inc.'s TIBCO Foresight Archive and Retrieval System: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Archive and Retrieval System Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Operational Monitor Healthcare Edition: versions 5.1.0 and below, version 5.2.0, TIBCO Foresight Transaction Insight: versions 5.1.0 and below, version 5.2.0, and TIBCO Foresight Transaction Insight Healthcare Edition: versions 5.1.0 and below, version 5.2.0. | |||||
| CVE-2020-27604 | 1 Bigbluebutton | 1 Bigbluebutton | 2020-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting. | |||||
| CVE-2020-3997 | 1 Vmware | 1 Horizon | 2020-10-30 | 3.5 LOW | 5.4 MEDIUM |
| VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed. | |||||
| CVE-2020-5387 | 1 Dell | 2 Xps 13 9370, Xps 13 9370 Firmware | 2020-10-30 | 4.9 MEDIUM | 3.9 LOW |
| Dell XPS 13 9370 BIOS versions prior to 1.13.1 contains an Improper Exception Handling vulnerability. A local attacker with physical access could exploit this vulnerability to prevent the system from booting until the exploited boot device is removed. | |||||
| CVE-2020-27155 | 1 Octopus | 1 Octopus Deploy | 2020-10-30 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one. | |||||
| CVE-2020-3459 | 1 Cisco | 17 Firepower 4110, Firepower 4112, Firepower 4115 and 14 more | 2020-10-30 | 7.2 HIGH | 7.8 HIGH |
| A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. The vulnerability is due to insufficient input validation of commands supplied by the user. An attacker could exploit this vulnerability by authenticating to a device and submitting crafted input to the affected command. A successful exploit could allow the attacker to execute commands on the underlying operating system with root privileges. | |||||
| CVE-2020-3533 | 1 Cisco | 1 Firepower Threat Defense | 2020-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) input packet processor of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to restart unexpectedly. The vulnerability is due to a lack of sufficient memory management protections under heavy SNMP polling loads. An attacker could exploit this vulnerability by sending a high rate of SNMP requests to the SNMP daemon through the management interface on an affected device. A successful exploit could allow the attacker to cause the SNMP daemon process to consume a large amount of system memory over time, which could then lead to an unexpected device restart, causing a denial of service (DoS) condition. This vulnerability affects all versions of SNMP. | |||||
| CVE-2020-17381 | 1 Ghisler | 1 Total Commander | 2020-10-30 | 4.4 MEDIUM | 7.3 HIGH |
| An issue was discovered in Ghisler Total Commander 9.51. Due to insufficient access restrictions in the default installation directory, an attacker can elevate privileges by replacing the %SYSTEMDRIVE%\totalcmd\TOTALCMD64.EXE binary. | |||||
| CVE-2020-3550 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2020-10-30 | 5.5 MEDIUM | 8.1 HIGH |
| A vulnerability in the sfmgr daemon of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to perform directory traversal and access directories outside the restricted path. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by using a relative path in specific sfmgr commands. An exploit could allow the attacker to read or write arbitrary files on an sftunnel-connected peer device. | |||||
| CVE-2020-3549 | 1 Cisco | 2 Firepower Management Center, Firepower Threat Defense | 2020-10-30 | 6.8 MEDIUM | 8.1 HIGH |
| A vulnerability in the sftunnel functionality of Cisco Firepower Management Center (FMC) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to obtain the device registration hash. The vulnerability is due to insufficient sftunnel negotiation protection during initial device registration. An attacker in a man-in-the-middle position could exploit this vulnerability by intercepting a specific flow of the sftunnel communication between an FMC device and an FTD device. A successful exploit could allow the attacker to decrypt and modify the sftunnel communication between FMC and FTD devices, allowing the attacker to modify configuration data sent from an FMC device to an FTD device or alert data sent from an FTD device to an FMC device. | |||||
| CVE-2020-15680 | 1 Mozilla | 1 Firefox | 2020-10-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| If a valid external protocol handler was referenced in an image tag, the resulting broken image size could be distinguished from a broken image size of a non-existent protocol handler. This allowed an attacker to successfully probe whether an external protocol handler was registered. This vulnerability affects Firefox < 82. | |||||
| CVE-2020-15682 | 1 Mozilla | 1 Firefox | 2020-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| When a link to an external protocol was clicked, a prompt was presented that allowed the user to choose what application to open it in. An attacker could induce that prompt to be associated with an origin they didn't control, resulting in a spoofing attack. This was fixed by changing external protocol prompts to be tab-modal while also ensuring they could not be incorrectly associated with a different origin. This vulnerability affects Firefox < 82. | |||||
| CVE-2020-15681 | 1 Mozilla | 1 Firefox | 2020-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| When multiple WASM threads had a reference to a module, and were looking up exported functions, one WASM thread could have overwritten another's entry in a shared stub table, resulting in a potentially exploitable crash. This vulnerability affects Firefox < 82. | |||||
| CVE-2020-3915 | 1 Apple | 1 Mac Os X | 2020-10-30 | 4.6 MEDIUM | 7.8 HIGH |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files. | |||||
| CVE-2018-4468 | 1 Apple | 1 Mac Os X | 2020-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed by removing additional entitlements. This issue is fixed in macOS Mojave 10.14.1, Security Update 2018-002 High Sierra, Security Update 2018-005 Sierra. A malicious application may be able to access restricted files. | |||||
| CVE-2018-4467 | 1 Apple | 1 Mac Os X | 2020-10-30 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to elevate privileges. | |||||
| CVE-2020-9771 | 1 Apple | 1 Mac Os X | 2020-10-30 | 3.6 LOW | 7.1 HIGH |
| This issue was addressed with a new entitlement. This issue is fixed in macOS Catalina 10.15.4. A user may gain access to protected parts of the file system. | |||||
| CVE-2020-3427 | 1 Cisco | 1 Duo Authentication For Windows Logon And Rdp | 2020-10-30 | 4.6 MEDIUM | 7.8 HIGH |
| The Windows Logon installer prior to 4.1.2 did not properly validate file installation paths. This allows an attacker with local user privileges to coerce the installer to write to arbitrary privileged directories. If successful, an attacker can manipulate files used by Windows Logon, cause Denial of Service (DoS) by deleting file(s), or replace system files to potentially achieve elevation of privileges. Note that this can only exploitable during new installations while the installer is running and is not exploitable once installation is finished. Versions 4.1.2 of Windows Logon addresses this issue. | |||||
| CVE-2020-3597 | 1 Cisco | 1 Nexus Data Broker | 2020-10-30 | 5.8 MEDIUM | 5.4 MEDIUM |
| A vulnerability in the configuration restore feature of Cisco Nexus Data Broker software could allow an unauthenticated, remote attacker to perform a directory traversal attack on an affected device. The vulnerability is due to insufficient validation of configuration backup files. An attacker could exploit this vulnerability by persuading an administrator to restore a crafted configuration backup file. A successful exploit could allow the attacker to overwrite arbitrary files that are accessible through the affected software on an affected device. | |||||
| CVE-2019-8696 | 1 Apple | 1 Mac Os X | 2020-10-30 | 6.5 MEDIUM | 8.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6, Security Update 2019-004 High Sierra, Security Update 2019-004 Sierra. An attacker in a privileged network position may be able to execute arbitrary code. | |||||
| CVE-2019-8708 | 1 Apple | 2 Iphone Os, Mac Os X | 2020-10-30 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15, iOS 13. A local user may be able to check for the existence of arbitrary files. | |||||
| CVE-2019-8771 | 1 Apple | 2 Iphone Os, Safari | 2020-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 13.0.1, iOS 13. Maliciously crafted web content may violate iframe sandboxing policy. | |||||
| CVE-2018-4391 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2020-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing. | |||||
| CVE-2018-4390 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2020-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in macOS High Sierra 10.13.1, Security Update 2017-001 Sierra, and Security Update 2017-004 El Capitan, watchOS 4.3, iOS 12.1. Processing a maliciously crafted text message may lead to UI spoofing. | |||||
| CVE-2019-8901 | 1 Apple | 2 Ipados, Iphone Os | 2020-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action. | |||||
| CVE-2018-4428 | 1 Apple | 1 Iphone Os | 2020-10-30 | 3.6 LOW | 7.1 HIGH |
| A lock screen issue allowed access to the share function on a locked device. This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 12.1.1. A local attacker may be able to share items from the lock screen. | |||||
| CVE-2018-4451 | 1 Apple | 1 Mac Os X | 2020-10-30 | 9.3 HIGH | 7.8 HIGH |
| This issue is fixed in macOS Mojave 10.14. A memory corruption issue was addressed with improved input validation. | |||||
| CVE-2018-4452 | 1 Apple | 1 Mac Os X | 2020-10-30 | 9.3 HIGH | 7.8 HIGH |
| A memory consumption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.3, Security Update 2019-001 High Sierra, Security Update 2019-001 Sierra, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2019-8612 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-10-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, tvOS 12.3, watchOS 5.2.1, macOS Mojave 10.14.5, Security Update 2019-003 High Sierra, Security Update 2019-003 Sierra, iOS 12.3. An attacker in a privileged network position can modify driver state. | |||||
| CVE-2019-8570 | 1 Apple | 5 Icloud, Iphone Os, Itunes and 2 more | 2020-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 12.1.3, iCloud for Windows 7.10, iTunes 12.9.3 for Windows, Safari 12.0.3, tvOS 12.1.2. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2019-8834 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2020-10-30 | 4.0 MEDIUM | 4.3 MEDIUM |
| A configuration issue was addressed with additional restrictions. This issue is fixed in tvOS 13.3, watchOS 6.1.1, iCloud for Windows 10.9, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iTunes 12.10.3 for Windows, iCloud for Windows 7.16. An attacker in a privileged network position may be able to bypass HSTS for a limited number of specific top-level domains previously not in the HSTS preload list. | |||||
| CVE-2019-8830 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2020-10-30 | 9.3 HIGH | 8.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 13.3, watchOS 6.1.1, macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and Security Update 2019-007 High Sierra, iOS 13.3 and iPadOS 13.3, iOS 12.4.4, watchOS 5.3.4. Processing malicious video via FaceTime may lead to arbitrary code execution. | |||||
| CVE-2019-8780 | 1 Apple | 2 Iphone Os, Tvos | 2020-10-30 | 7.1 HIGH | 5.5 MEDIUM |
| The issue was addressed with improved permissions logic. This issue is fixed in iOS 13.1 and iPadOS 13.1, tvOS 13. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2020-3880 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2020-10-30 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 6.1.2, iOS 13.3.1 and iPadOS 13.3.1, tvOS 13.3.1, macOS Catalina 10.15.3, Security Update 2020-001 Mojave, Security Update 2020-001 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2019-8854 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-10-30 | 5.0 MEDIUM | 7.5 HIGH |
| A user privacy issue was addressed by removing the broadcast MAC address. This issue is fixed in macOS Catalina 10.15, watchOS 6, iOS 13, tvOS 13. A device may be passively tracked by its Wi-Fi MAC address. | |||||
| CVE-2018-4444 | 1 Apple | 4 Iphone Os, Itunes, Safari and 1 more | 2020-10-30 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in Safari 12.0.2, iOS 12.1.1, tvOS 12.1.1, iTunes 12.9.2 for Windows. Processing maliciously crafted web content may disclose sensitive user information. | |||||
| CVE-2018-4448 | 1 Apple | 4 Iphone Os, Mac Os X, Tvos and 1 more | 2020-10-30 | 2.1 LOW | 5.5 MEDIUM |
| A memory initialization issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra, iOS 12.1.1, watchOS 5.1.2, macOS Mojave 10.14.2, Security Update 2018-003 High Sierra, Security Update 2018-006 Sierra, tvOS 12.1.1. A local user may be able to read kernel memory. | |||||
| CVE-2018-4381 | 1 Apple | 2 Iphone Os, Tvos | 2020-10-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A resource exhaustion issue was addressed with improved input validation. This issue is fixed in tvOS 12.1, iOS 12.1. Processing a maliciously crafted message may lead to a denial of service. | |||||
| CVE-2019-8809 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2020-10-30 | 2.1 LOW | 3.3 LOW |
| A validation issue was addressed with improved logic. This issue is fixed in macOS Catalina 10.15, iOS 13.1 and iPadOS 13.1, tvOS 13, watchOS 6, iOS 13. A local app may be able to read a persistent account identifier. | |||||
| CVE-2019-8762 | 1 Apple | 6 Icloud, Ipad Os, Iphone Os and 3 more | 2020-10-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| A validation issue was addressed with improved logic. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, iCloud for Windows 10.7, tvOS 13, iCloud for Windows 7.14, iTunes 12.10.1 for Windows. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2020-9902 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-30 | 7.1 HIGH | 5.5 MEDIUM |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to determine kernel memory layout. | |||||