Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-0449 | 1 Google | 1 Android | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| In btm_sec_disconnected of btm_sec.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution in the Bluetooth server with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-9 Android-10 Android-11 Android-8.0 Android-8.1Android ID: A-162497143 | |||||
| CVE-2020-0448 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334 | |||||
| CVE-2020-0447 | 1 Google | 1 Android | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617 | |||||
| CVE-2020-0446 | 1 Google | 1 Android | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528 | |||||
| CVE-2020-0445 | 1 Google | 1 Android | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527 | |||||
| CVE-2020-0443 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In LocaleList of LocaleList.java, there is a possible forced reboot due to an uncaught exception. This could lead to local denial of service requiring factory reset to restore with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-152410253 | |||||
| CVE-2020-0438 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In the AIBinder_Class constructor of ibinder.cpp, there is a possible arbitrary code execution due to uninitialized data. This could lead to local escalation of privilege if a process were using libbinder_ndk in a vulnerable way with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-10Android ID: A-161812320 | |||||
| CVE-2020-0424 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In send_vc of res_send.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-9 Android-10Android ID: A-161362564 | |||||
| CVE-2020-0409 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-8.0 Android-8.1 Android-9Android ID: A-156997193 | |||||
| CVE-2020-27019 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an information disclosure vulnerability which could allow an attacker to access a specific database and key. | |||||
| CVE-2020-27017 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. | |||||
| CVE-2020-28371 | 1 Readytalk | 1 Avian | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving the out-of-bounds access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-4650 | 1 Ibm | 1 Maximo Spatial Asset Management | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| IBM Maximo Spatial Asset Management 7.6.0.3, 7.6.0.4, 7.6.0.5, and 7.6.1.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 186023. | |||||
| CVE-2020-28347 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbitrary code via the slave_mac parameter. NOTE: this issue exists because of an incomplete fix for CVE-2020-10882 in which shell quotes are mishandled. | |||||
| CVE-2020-28339 | 1 Collne | 1 Welcart E-commerce | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Injection because of usces_unserialize. There is not a complete POP chain. | |||||
| CVE-2020-7198 | 1 Hp | 3 Oneview, Synergy Composer, Synergy Composer 2 | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| There is a remote escalation of privilege possible for a malicious user that has a OneView account in OneView and Synergy Composer. HPE has provided updates to Oneview and Synergy Composer: Update to version 5.5 of OneView, Composer, or Composer2. | |||||
| CVE-2020-4484 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could disclose sensitive information to an authenticated user that could be used in further attacks against the system. IBM X-Force ID: 181858. | |||||
| CVE-2020-25592 | 2 Debian, Saltstack | 2 Debian Linux, Salt | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH. | |||||
| CVE-2020-5649 | 1 Mitsubishielectric | 6 Coreos, Gt1450-qlbde, Gt1450-qmbde and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specially crafted packet. | |||||
| CVE-2020-7207 | 1 Hp | 42 Apollo 2000, Apollo 2000 Firmware, Apollo 4200 Gen10 and 39 more | 2021-07-21 | 7.2 HIGH | 6.8 MEDIUM |
| A local elevation of privilege using physical access security vulnerability was found in HPE Proliant Gen10 Servers using Intel Innovation Engine (IE). This attack requires a physical attack to the server motherboard. To mitigate this issue, ensure your server is always physically secured. HPE will not address this issue in the impacted Gen 10 servers listed. HPE recommends using appropriate physical security methods as a compensating control to disallow an attacker from having physical access to the server main circuit board. | |||||
| CVE-2020-6877 | 1 Zte | 2 Zxa10 Eodn, Zxa10 Eodn Firmware | 2021-07-21 | 4.0 MEDIUM | 8.8 HIGH |
| A ZTE product is impacted by an information leak vulnerability. An attacker could use this vulnerability to obtain the authentication password of the handheld terminal and access the device illegally for operation. This affects: ZXA10 eODN V2.3P2T1 | |||||
| CVE-2020-25837 | 1 Microfocus | 1 Self Service Password Reset | 2021-07-21 | 4.3 MEDIUM | 7.5 HIGH |
| Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. | |||||
| CVE-2020-5943 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In versions 14.1.0-14.1.0.1 and 14.1.2.5-14.1.2.7, when a BIG-IP object is created or listed through the REST interface, the protected fields are obfuscated in the REST response, not protected via a SecureVault cryptogram as TMSH does. One example of protected fields is the GTM monitor password. | |||||
| CVE-2020-26506 | 1 Marmind | 1 Marmind | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0 allows users with lower privileges to gain control to files uploaded by administrative users. The accessed files were not visible by the low privileged users in the web GUI. | |||||
| CVE-2020-25399 | 1 Mind | 1 Imind Server | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's session by sending a malicious file in the chat. | |||||
| CVE-2020-24849 | 1 Fruitywifi Project | 1 Fruitywifi | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317. | |||||
| CVE-2020-15951 | 1 Immuta | 1 Immuta | 2021-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Immuta v2.8.2 accepts user-supplied project names without properly sanitizing the input, allowing attackers to inject arbitrary HTML content that is rendered as part of the application. An attacker could leverage this to redirect application users to a phishing website in an attempt to steal credentials. | |||||
| CVE-2020-15949 | 1 Immuta | 1 Immuta | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Immuta v2.8.2 is affected by one instance of insecure permissions that can lead to user account takeover. | |||||
| CVE-2020-7763 | 1 Jsreport | 1 Phantom-html-to-pdf | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package phantom-html-to-pdf before 0.6.1. | |||||
| CVE-2020-7762 | 1 Jsreport | 1 Jsreport-chrome-pdf | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| This affects the package jsreport-chrome-pdf before 1.10.0. | |||||
| CVE-2020-25201 | 1 Hashicorp | 1 Consul | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5. | |||||
| CVE-2020-7129 | 1 Arubanetworks | 1 Airwave Glass | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-7128 | 1 Arubanetworks | 1 Airwave Glass | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-26167 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| In FUEL CMS 11.4.12 and before, the page preview feature allows an anonymous user to take complete ownership of any account including an administrator one. | |||||
| CVE-2020-22277 | 1 Codection | 1 Import And Export Users And Customers | 2021-07-21 | 6.0 MEDIUM | 8.0 HIGH |
| Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. | |||||
| CVE-2020-22275 | 1 Easyregistrationforms | 1 Easy Registration Forms | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable. | |||||
| CVE-2020-16009 | 5 Debian, Fedoraproject, Google and 2 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16007 | 3 Debian, Google, Opensuse | 4 Debian Linux, Chrome, Backports Sle and 1 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient data validation in installer in Google Chrome prior to 86.0.4240.183 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | |||||
| CVE-2020-16005 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in ANGLE in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16004 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in user interface in Google Chrome prior to 86.0.4240.183 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16003 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in printing in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-16002 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in PDFium in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2020-16001 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in media in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15989 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Uninitialized data in PDFium in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file. | |||||
| CVE-2020-15986 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Integer overflow in media in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15979 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15976 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Android and 2 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15975 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15972 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15969 | 5 Apple, Debian, Fedoraproject and 2 more | 10 Ipados, Iphone Os, Macos and 7 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||