Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28050 | 1 Zohocorp | 1 Manageengine Desktop Central | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from multiple agents to communicate with the server. | |||||
| CVE-2020-29658 | 1 Zohocorp | 1 Manageengine Applications Control Plus | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting for Nginx, leading to Privilege Escalation. | |||||
| CVE-2019-18630 | 1 Xerox | 20 Altalink B8045, Altalink B8045 Firmware, Altalink B8055 and 17 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| On Xerox AltaLink B8045/B8055/B8065/B8075/B8090 and C8030/C8035/C8045/C8055/C8070 multifunction printers with software releases before 101.00x.099.28200, portions of the drive containing executable code were not encrypted thus leaving it open to potential cryptographic information disclosure. | |||||
| CVE-2020-24914 | 1 Qcubed | 1 Qcubed | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the untrusted data of the POST-variable "strProfileData" and allows an unauthenticated attacker to execute code via a crafted POST request. | |||||
| CVE-2020-24036 | 1 Fork-cms | 1 Fork Cms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an authenticated remote user to execute malicious code. | |||||
| CVE-2020-36240 | 1 Atlassian | 1 Crowd | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ResourceDownloadRewriteRule class in Crowd before version 4.0.4, and from version 4.1.0 before 4.1.2 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | |||||
| CVE-2019-25022 | 1 Scytl | 1 Secure Vote | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. | |||||
| CVE-2019-11684 | 1 Bosch | 4 Divar Ip 5000, Divar Ip 5000 Firmware, Video Management System and 1 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM. | |||||
| CVE-2020-26200 | 1 Kaspersky | 2 Endpoint Security, Rescue Disk | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| A component of Kaspersky custom boot loader allowed loading of untrusted UEFI modules due to insufficient check of their authenticity. This component is incorporated in Kaspersky Rescue Disk (KRD) and was trusted by the Authentication Agent of Full Disk Encryption in Kaspersky Endpoint Security (KES). This issue allowed to bypass the UEFI Secure Boot security feature. An attacker would need physical access to the computer to exploit it. Otherwise, local administrator privileges would be required to modify the boot loader component. | |||||
| CVE-2020-27543 | 1 Restify-paginate Project | 1 Restify-paginate | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception. | |||||
| CVE-2020-12702 | 1 Coolkit | 1 Ewelink | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| Weak encryption in the Quick Pairing mode in the eWeLink mobile application (Android application V4.9.2 and earlier, iOS application V4.9.1 and earlier) allows physically proximate attackers to eavesdrop on Wi-Fi credentials and other sensitive information by monitoring the Wi-Fi spectrum during the pairing process. | |||||
| CVE-2020-28432 | 2021-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2020-28431 | 2021-07-21 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | |||||
| CVE-2020-28429 | 1 Geojson2kml Project | 1 Geojson2kml | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| All versions of package geojson2kml are vulnerable to Command Injection via the index.js file. PoC: var a =require("geojson2kml"); a("./","& touch JHU",function(){}) | |||||
| CVE-2020-22474 | 1 Weberp | 1 Weberp | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter, which can lead to local file inclusion. | |||||
| CVE-2020-11287 | 1 Qualcomm | 329 Aqt1000, Ar8031, Ar8035 and 326 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11286 | 1 Qualcomm | 135 Apq8009, Apq8009w, Apq8017 and 132 more | 2021-07-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An Untrusted Pointer Dereference can occur while doing USB control transfers, if multiple requests of different standard request categories like device, interface & endpoint are made together. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-11282 | 1 Qualcomm | 425 Apq8009, Apq8009w, Apq8017 and 422 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||
| CVE-2020-11277 | 1 Qualcomm | 322 Pm3003a, Pm3003a Firmware, Pm4250 and 319 more | 2021-07-21 | 6.9 MEDIUM | 7.4 HIGH |
| Possible race condition during async fastrpc session after sending RPC message due to the fastrpc ctx gets free during async session in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-11253 | 1 Qualcomm | 346 Aqt1000, Aqt1000 Firmware, Pm3003a and 343 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | |||||
| CVE-2020-11204 | 1 Qualcomm | 1038 Apq8009, Apq8009 Firmware, Apq8016 and 1035 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11198 | 1 Qualcomm | 602 Aqt1000, Aqt1000 Firmware, Ar8031 and 599 more | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-11195 | 1 Qualcomm | 786 Apq8009, Apq8009 Firmware, Apq8016 and 783 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music | |||||
| CVE-2020-11194 | 1 Qualcomm | 458 Aqt1000, Aqt1000 Firmware, Ar8035 and 455 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | |||||
| CVE-2020-35556 | 1 Acronis | 1 Cyber Protect | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. | |||||
| CVE-2020-28248 | 1 Png-img Project | 1 Png-img | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file. | |||||
| CVE-2020-27997 | 1 Smartstore | 1 Smartstorenet | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account). | |||||
| CVE-2020-12668 | 1 Hubspot | 1 Jinjava | 2021-07-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure. | |||||
| CVE-2020-36252 | 1 Owncloud | 1 Owncloud | 2021-07-21 | 2.7 LOW | 5.7 MEDIUM |
| ownCloud Server 10.x before 10.3.1 allows an attacker, who has one outgoing share from a victim, to access any version of any file by sending a request for a predictable ID number. | |||||
| CVE-2020-36251 | 1 Owncloud | 1 Owncloud | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| ownCloud Server before 10.3.0 allows an attacker, who has received non-administrative access to a group share, to remove everyone else's access to that share. | |||||
| CVE-2020-36250 | 1 Owncloud | 1 Owncloud | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| In the ownCloud application before 2.15 for Android, the lock protection mechanism can be bypassed by moving the system date/time into the past. | |||||
| CVE-2020-36246 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | |||||
| CVE-2020-19513 | 1 Aida64 | 1 Aida64 | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. | |||||
| CVE-2020-28490 | 1 Async-git Project | 1 Async-git | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb') | |||||
| CVE-2020-29664 | 1 Dji | 2 Mavic 2, Mavic 2 Firmware | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.0510 allows for code execution via a malicious firmware upgrade packet. | |||||
| CVE-2020-9306 | 1 Tesla | 1 Solarcity Solar Monitoring Gateway | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | |||||
| CVE-2020-36245 | 1 Gramaddict | 1 Gramaddict | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| GramAddict through 1.2.3 allows remote attackers to execute arbitrary code because of use of UIAutomator2 and ATX-Agent. The attacker must be able to reach TCP port 7912, e.g., by being on the same Wi-Fi network. | |||||
| CVE-2020-35339 | 1 74cms | 1 74cms | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin/Controller/ConfigController.class.php and /ThinkPHP/Common/functions.php where attackers can obtain server permissions and control the server. | |||||
| CVE-2020-12365 | 1 Intel | 1 Graphics Drivers | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Untrusted pointer dereference in some Intel(R) Graphics Drivers before versions 15.33.51.5146, 15.45.32.5145, 15.36.39.5144 and 15.40.46.5143 may allow an authenticated user to potentially denial of service via local access. | |||||
| CVE-2020-24503 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24497 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-24495 | 1 Intel | 33 Ethernet Network Adapter 700 Firmware, Ethernet Network Adapter V710-at2, Ethernet Network Adapter X710-am2 and 30 more | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-24494 | 1 Intel | 4 Ethernet Network Adapter X722-da2, Ethernet Network Adapter X722-da2 Firmware, Ethernet Network Adapter X722-da4 and 1 more | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-24493 | 1 Intel | 33 Ethernet Network Adapter 700 Firmware, Ethernet Network Adapter V710-at2, Ethernet Network Adapter X710-am2 and 30 more | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-24492 | 1 Intel | 4 Ethernet Network Adapter X722-da2, Ethernet Network Adapter X722-da2 Firmware, Ethernet Network Adapter X722-da4 and 1 more | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2020-24491 | 1 Intel | 3 Core I3, Core I5, Core I7 | 2021-07-21 | 1.9 LOW | 4.4 MEDIUM |
| Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24482 | 1 Intel | 2 Xmm 7360, Xmm 7360 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access. | |||||
| CVE-2020-12373 | 1 Intel | 48 Bmc Firmware, Hns2600bpb, Hns2600bpb24 and 45 more | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| Expired pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2020-12370 | 1 Intel | 1 Graphics Drivers | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Untrusted pointer dereference in some Intel(R) Graphics Drivers before version 26.20.100.8141 may allow a privileged user to potentially enable a denial of service via local access. | |||||
| CVE-2020-0525 | 1 Intel | 6 Ethernet Controller I210-at, Ethernet Controller I210-cl, Ethernet Controller I210-cs and 3 more | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Improper access control in firmware for the Intel(R) Ethernet I210 Controller series of network adapters before version 3.30 may allow a privileged user to potentially enable denial of service via local access. | |||||