Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25747 | 1 Rubetek | 6 Rv-3406, Rv-3406 Firmware, Rv-3409 and 3 more | 2021-07-21 | 9.0 HIGH | 9.4 CRITICAL |
| The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) can allow a remote attacker to gain access to RTSP and ONFIV services without authentication. Thus, the attacker can watch live streams from the camera, rotate the camera, change some settings (brightness, clarity, time), restart the camera, or reset it to factory settings. | |||||
| CVE-2020-24692 | 1 Mitel | 1 Micontact Center Business | 2021-07-21 | 3.6 LOW | 7.1 HIGH |
| The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | |||||
| CVE-2020-24595 | 1 Mitel | 1 Micloud Management Portal | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. | |||||
| CVE-2020-24593 | 1 Mitel | 1 Micloud Management Portal | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. | |||||
| CVE-2020-12842 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkUserExpirationDate.php. | |||||
| CVE-2020-12839 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/checkExpirationDate.php. | |||||
| CVE-2020-12838 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| ismartgate PRO 1.5.9 is vulnerable to privilege escalation by appending PHP code to /cron/mailAdmin.php. | |||||
| CVE-2020-12817 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. | |||||
| CVE-2020-15604 | 2 Microsoft, Trendmicro | 6 Windows, Antivirus\+ 2019, Internet Security 2019 and 3 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v15) consumer family of products could allow an attacker to combine this vulnerability with another attack to trick an affected client into downloading a malicious update instead of the expected one. CWE-494: Update files are not properly verified. | |||||
| CVE-2020-5782 | 1 Ignitenet | 1 Helios Glinq | 2021-07-21 | 6.8 MEDIUM | 6.5 MEDIUM |
| In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection. | |||||
| CVE-2020-25826 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying CefSharp.BrowserSubprocess.exe. | |||||
| CVE-2020-25514 | 1 Simple Library Management System Project | 1 Simple Library Management System | 2021-07-21 | 4.6 MEDIUM | 8.4 HIGH |
| Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. | |||||
| CVE-2020-24333 | 1 Arista | 1 Cloudvision Portal | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API. | |||||
| CVE-2020-11856 | 1 Microfocus | 1 Operation Bridge Reporter | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to execute arbitrary code on affected installations of OBR. | |||||
| CVE-2020-4616 | 1 Ibm | 1 Data Risk Manager | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 could disclose sensitive username information to an attacker using a specially crafted HTTP request. IBM X-Force ID: 184929. | |||||
| CVE-2020-4612 | 1 Ibm | 1 Data Risk Manager | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to obtain sensitive information using a specially crafted HTTP request. IBM X-Force ID: 184924. | |||||
| CVE-2020-4611 | 1 Ibm | 1 Data Risk Manager | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Data Risk Manager (iDNA) 2.0.6 could allow an authenticated user to bypass security and execute actions reserved for admins. IBM X-Force ID: 184922. | |||||
| CVE-2020-23446 | 1 Verint | 1 Workforce Optimization | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API | |||||
| CVE-2020-11855 | 1 Microfocus | 1 Operation Bridge Reporter | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges. | |||||
| CVE-2020-24619 | 1 Meltytech | 1 Shotcut | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerifyMode(QSslSocket::VerifyNone). A man-in-the-middle attacker could offer a spoofed download resource. | |||||
| CVE-2020-6576 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in offscreen canvas in Google Chrome prior to 85.0.4183.102 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6569 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6562 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in Blink in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | |||||
| CVE-2020-6559 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in presentation API in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6553 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Iphone Os, Debian Linux, Fedora and 1 more | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in offline mode in Google Chrome on iOS prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6552 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in Blink in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6551 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in WebXR in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6550 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in IndexedDB in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6549 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6547 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect security UI in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially obtain sensitive information via a crafted HTML page. | |||||
| CVE-2020-6546 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Inappropriate implementation in installer in Google Chrome prior to 84.0.4147.125 allowed a local attacker to potentially elevate privilege via a crafted filesystem. | |||||
| CVE-2020-6545 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in audio in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6544 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in media in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6543 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in task scheduling in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6542 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in ANGLE in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6541 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in WebUSB in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6539 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in CSS in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6532 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in SCTP in Google Chrome prior to 84.0.4147.105 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-15964 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-14180 | 1 Atlassian | 1 Jira Service Desk | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0. | |||||
| CVE-2020-11861 | 1 Microfocus | 1 Operations Agent | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| Unauthorized escalation of local privileges vulnerability on Micro Focus Operation Agent, affecting all versions prior to versions 12.11. The vulnerability could be exploited to escalate the local privileges and gain root access on the system. | |||||
| CVE-2020-3979 | 2 Installbuilder, Microsoft | 2 Installbuilder, Windows | 2021-07-21 | 4.4 MEDIUM | 7.8 HIGH |
| InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not required, they are loaded if present, which could allow an attacker to plant a malicious library which could result in code execution with the security scope of the installer. | |||||
| CVE-2020-0349 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-139188779 | |||||
| CVE-2020-0331 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Settings, there is a possible permissions bypass. This could lead to local information disclosure of the device's IMEI with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-147309310 | |||||
| CVE-2020-0327 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In core networking, there is a missing permission check. This could lead to local information disclosure of app network usage with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-129151407 | |||||
| CVE-2020-0326 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| In NFC, there is a possible out of bounds write due to uninitialized data. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-146453119 | |||||
| CVE-2020-0325 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| In NFC, there is a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-145079309 | |||||
| CVE-2020-0316 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Telephony, there is a missing permission check. This could lead to local information disclosure of radio data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154934919 | |||||
| CVE-2020-0315 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In Zen Mode, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-155642026 | |||||
| CVE-2020-0313 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In NotificationManagerService, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154917989 | |||||