Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10256 | 1 1password | 2 Command-line, Scim | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption. | |||||
| CVE-2020-27183 | 1 Konzept-ix | 1 Publixone | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact. | |||||
| CVE-2020-27181 | 1 Konzept-ix | 1 Publixone | 2021-07-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| A hardcoded AES key in CipherUtils.java in the Java applet of konzept-ix publiXone before 2020.015 allows attackers to craft password-reset tokens or decrypt server-side configuration files. | |||||
| CVE-2020-27180 | 1 Konzept-ix | 1 Publixone | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. | |||||
| CVE-2020-26878 | 1 Commscope | 2 Ruckus Iot Module, Ruckus Vriot | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py. | |||||
| CVE-2020-7752 | 1 Systeminformation | 1 Systeminformation | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| This affects the package systeminformation before 4.27.11. This package is vulnerable to Command Injection. The attacker can concatenate curl's parameters to overwrite Javascript files and then execute any OS commands. | |||||
| CVE-2020-7196 | 1 Hp | 2 Bluedata Epic, Ezmeral Container Platform | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an insecure method of handling sensitive Kerberos passwords that is susceptible to unauthorized interception and/or retrieval. Specifically, they display the kdc_admin_password in the source file of the url "/bdswebui/assignusers/". | |||||
| CVE-2020-7124 | 1 Arubanetworks | 1 Airwave Glass | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-24632 | 1 Arubanetworks | 1 Airwave Glass | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-24631 | 1 Arubanetworks | 1 Airwave Glass | 2021-07-21 | 9.0 HIGH | 7.2 HIGH |
| A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2. | |||||
| CVE-2020-7751 | 1 Chaijis | 1 Pathval | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| pathval before version 1.1.1 is vulnerable to prototype pollution. | |||||
| CVE-2020-5977 | 1 Nvidia | 1 Geforce Experience | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. | |||||
| CVE-2020-25483 | 1 Ucms Project | 1 Ucms | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server. | |||||
| CVE-2020-3998 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes. | |||||
| CVE-2020-9361 | 1 Cryptopro | 1 Csp | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation. | |||||
| CVE-2020-9331 | 1 Cryptopro | 1 Csp | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space. | |||||
| CVE-2020-15003 | 1 Open-xchange | 1 Open-xchange Appsuite | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). | |||||
| CVE-2019-14719 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | |||||
| CVE-2019-14711 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| Verifone MX900 series Pinpad Payment Terminals with OS 30251000 have a race condition for RBAC bypass. | |||||
| CVE-2020-25186 | 1 We-con | 1 Levistudiou | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. | |||||
| CVE-2020-15684 | 1 Mozilla | 1 Firefox | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. | |||||
| CVE-2019-17006 | 3 Mozilla, Netapp, Siemens | 21 Network Security Services, Hci Compute Node, Hci Management Node and 18 more | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| In Network Security Services (NSS) before 3.46, several cryptographic primitives had missing length checks. In cases where the application calling the library did not perform a sanity check on the inputs it could result in a crash due to a buffer overflow. | |||||
| CVE-2020-9929 | 1 Apple | 1 Mac Os X | 2021-07-21 | 6.6 MEDIUM | 7.1 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A local user may be able to cause unexpected system termination or read kernel memory. | |||||
| CVE-2020-9928 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9921 | 1 Apple | 1 Mac Os X | 2021-07-21 | 6.9 MEDIUM | 7.0 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2020-9906 | 1 Apple | 4 Ipad Os, Iphone Os, Mac Os X and 1 more | 2021-07-21 | 9.4 HIGH | 9.1 CRITICAL |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, watchOS 6.2.8. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory. | |||||
| CVE-2020-9904 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9899 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9892 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved state management. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A malicious application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2020-9887 | 1 Apple | 1 Mac Os X | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. Viewing a maliciously crafted JPEG file may lead to arbitrary code execution. | |||||
| CVE-2020-9869 | 1 Apple | 1 Mac Os X | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.6. A remote attacker may cause an unexpected application termination. | |||||
| CVE-2020-9853 | 1 Apple | 1 Mac Os X | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to determine kernel memory layout. | |||||
| CVE-2020-3898 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. An application may be able to gain elevated privileges. | |||||
| CVE-2020-26650 | 1 Atomx | 1 Atomxcms | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | |||||
| CVE-2020-26649 | 1 Atomx | 1 Atomxcms 2 | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php | |||||
| CVE-2020-27646 | 1 Biscom | 1 Secure File Transfer | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. | |||||
| CVE-2020-27610 | 1 Bigbluebutton | 1 Bigbluebutton | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. | |||||
| CVE-2020-24765 | 1 Mind | 1 Imind Server | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | |||||
| CVE-2020-15931 | 1 Netwrix | 1 Account Lockout Examiner | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller. | |||||
| CVE-2019-9080 | 1 Domainmod | 1 Domainmod | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| DomainMOD before 4.14.0 uses MD5 without a salt for password storage. | |||||
| CVE-2020-3981 | 2 Apple, Vmware | 5 Mac Os X, Cloud Foundation, Esxi and 2 more | 2021-07-21 | 3.5 LOW | 5.8 MEDIUM |
| VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds read vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. | |||||
| CVE-2020-4491 | 1 Ibm | 1 Spectrum Scale | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| IBM Spectrum Scale V4.2.0.0 through V4.2.3.22 and V5.0.0.0 through V5.0.5 could allow a local attacker to cause a denial of service by sending a large number of RPC requests to the mmfsd daemon which would cause the service to crash. IBM X-Force ID: 181991. | |||||
| CVE-2020-7749 | 1 Osm-static-maps Project | 1 Osm-static-maps | 2021-07-21 | 6.5 MEDIUM | 7.6 HIGH |
| This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page which gives opportunity for XSS or rendered on the server (puppeteer) which also gives opportunity for SSRF and Local File Read. | |||||
| CVE-2020-7748 | 1 Ts.ed Project | 1 Ts.ed | 2021-07-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | |||||
| CVE-2020-9092 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI Mate 20 versions earlier than 10.1.0.163(C00E160R3P8) have a JavaScript injection vulnerability. A module does not verify a specific input. This could allow attackers to bypass filter mechanism to launch JavaScript injection. This could compromise normal service of the affected module. | |||||
| CVE-2020-24388 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. | |||||
| CVE-2020-24387 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack. | |||||
| CVE-2020-11496 | 1 Sprecher-automation | 1 Sprecon-e | 2021-07-21 | 7.2 HIGH | 6.7 MEDIUM |
| Sprecher SPRECON-E firmware prior to 8.64b might allow local attackers with access to engineering data to insert arbitrary code. This firmware lacks the validation of the input values on the device side, which is provided by the engineering software during parameterization. Attackers with access to local configuration files can therefore insert malicious commands that are executed after compiling them to valid parameter files (“PDLs”), transferring them to the device, and restarting the device. | |||||
| CVE-2020-7172 | 1 Hp | 1 Intelligent Management Center | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A templateselect expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-7171 | 1 Hp | 1 Intelligent Management Center | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A guidatadetail expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||