Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6937 | 1 Mulesoft | 1 Mule Runtime | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion. | |||||
| CVE-2020-7653 | 1 Synk | 1 Broker | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary file reads for users with access to Snyk's internal network by creating symlinks to match whitelisted paths. | |||||
| CVE-2020-7651 | 1 Synk | 1 Broker | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial file reads for users who have access to Snyk's internal network via patch history from GitHub Commits API. | |||||
| CVE-2020-3959 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.1.0) and VMware Fusion (11.x before 11.1.0) contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine's vmx process leading to a partial denial of service. | |||||
| CVE-2020-3958 | 1 Vmware | 3 Esxi, Fusion, Workstation | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| VMware ESXi (6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), VMware Workstation (15.x before 15.5.2) and VMware Fusion (11.x before 11.5.2) contain a denial-of-service vulnerability in the shader functionality. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine's vmx process leading to a denial of service condition. | |||||
| CVE-2020-1809 | 1 Huawei | 2 Mate 10, Mate 10 Firmware | 2021-07-21 | 2.1 LOW | 4.6 MEDIUM |
| HUAWEI Mate 10 smartphones with versions earlier than 10.0.0.143(C00E143R2P4) have an information disclosure vulnerability. The attacker could wake up voice assistant then do a series of crafted voice operation, successful exploit could allow the attacker read certain files without unlock the phone leading to information disclosure. | |||||
| CVE-2020-1797 | 1 Huawei | 2 Mate 20, Mate 20 Firmware | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| HUAWEI Mate 20 smartphones with versions earlier than 10.0.0.185(C00E74R3P8) have an improper authorization vulnerability. The system does not properly restrict certain operation in ADB mode, successful exploit could allow certain user break the limit of digital balance function. | |||||
| CVE-2020-4352 | 1 Ibm | 1 Mq For Hpe Nonstop | 2021-07-21 | 4.4 MEDIUM | 7.0 HIGH |
| IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427. | |||||
| CVE-2019-6342 | 1 Drupal | 1 Drupal | 2021-07-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| An access bypass vulnerability exists when the experimental Workspaces module in Drupal 8 core is enabled. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. | |||||
| CVE-2020-8330 | 1 Lenovo | 6 Lj4010dn, Lj4010dn Firmware, Lj6700dn and 3 more | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, preventing subsequent print jobs until the printer is rebooted. | |||||
| CVE-2020-8329 | 1 Lenovo | 6 Lj4010dn, Lj4010dn Firmware, Lj6700dn and 3 more | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo Printer LJ4010DN that could be triggered by a remote user sending a crafted packet to the device, causing an error to be displayed and preventing printer from functioning until the printer is rebooted. | |||||
| CVE-2020-4248 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 4.0 MEDIUM | 2.7 LOW |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175484. | |||||
| CVE-2020-4249 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose highly sensitive information to other authenticated users on the sytem due to incorrect authorization. IBM X-Force ID: 175485. | |||||
| CVE-2020-4244 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration. IBM X-Force ID: 175422. | |||||
| CVE-2020-4233 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow a remote attacker to obtain sensitive information, caused by the failure to set the secure flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information. IBM X-Force ID: 175360. | |||||
| CVE-2020-4232 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Security Identity Governance and Intelligence 5.2.6 could allow an attacker to enumerate usernames to find valid login credentials which could be used to attempt further attacks against the system. IBM X-Force ID: 175336. | |||||
| CVE-2020-13649 | 1 Jerryscript | 1 Jerryscript | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure. | |||||
| CVE-2020-11949 | 1 Vivotek | 388 Cc8160, Cc8160\(hs\), Cc8160\(hs\) Firmware and 385 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| testserver.cgi of the web service on VIVOTEK Network Cameras before XXXXX-VVTK-2.2002.xx.01x (and before XXXXX-VVTK-0XXXX_Beta2) allows an authenticated user to obtain arbitrary files from a camera's local filesystem. For example, this affects IT9388-HT devices. | |||||
| CVE-2020-4357 | 1 Ibm | 1 Spectrum Scale | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 178761. | |||||
| CVE-2020-4348 | 1 Ibm | 1 Spectrum Scale | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.4 could allow an authenticated GUI user to perform unauthorized actions due to missing function level access control. IBM X-Force ID: 178414 | |||||
| CVE-2020-6831 | 4 Canonical, Debian, Mozilla and 1 more | 6 Ubuntu Linux, Debian Linux, Firefox and 3 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2020-12393 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | |||||
| CVE-2020-13424 | 1 Xcloner | 1 Xcloner | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure. | |||||
| CVE-2020-10947 | 1 Sophos | 2 Anti-virus For Sophos Central, Anti-virus For Sophos Home | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation. | |||||
| CVE-2020-10377 | 1 Mitel | 2 Mivoice Connect, Mivoice Connect Client | 2021-07-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials. | |||||
| CVE-2020-11872 | 1 Bluetrace | 1 Opentrace | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Cloud Functions subsystem in OpenTrace 1.0 might allow fabrication attacks by making billions of TempID requests before an AES-256-GCM key rotation occurs. | |||||
| CVE-2019-7306 | 2 Byobu, Canonical | 2 Byobu, Ubuntu Linux | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu | |||||
| CVE-2019-20761 | 1 Netgear | 2 R7800, R7800 Firmware | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user. | |||||
| CVE-2019-20757 | 1 Netgear | 2 R7800, R7800 Firmware | 2021-07-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user. | |||||
| CVE-2019-20745 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2021-07-21 | 5.2 MEDIUM | 6.8 MEDIUM |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WAC505 before 5.0.10.2 and WAC510 before 5.0.10.2. | |||||
| CVE-2019-20744 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2021-07-21 | 2.7 LOW | 4.5 MEDIUM |
| NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information. | |||||
| CVE-2019-20741 | 1 Netgear | 2 Wac510, Wac510 Firmware | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| NETGEAR WAC510 devices before 5.0.10.2 are affected by disclosure of sensitive information. | |||||
| CVE-2019-20729 | 1 Netgear | 38 Jndr3000, Jndr3000 Firmware, R6250 and 35 more | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects JNDR3000 before 1.0.0.22, R6250 before 1.0.4.26, R6300v2 before 1.0.4.22, R6400 before 1.0.1.36, R6400v2 before 1.0.2.52, R6700 before 1.0.1.44, R6900 before 1.0.1.44, R7000 before 1.0.9.28, R6900P before 1.3.1.26, R7000P before 1.3.1.26, R7300DST before 1.0.0.62, R7900 before 1.0.2.16, R8000 before 1.0.4.18, R7900P before 1.4.1.42, R8000P before 1.4.1.42, R8300 before 1.0.2.116, R8500 before 1.0.2.116, WNDR3400v3 before 1.0.1.18, WNDR4500v2 before 1.0.0.68, and WNR3500Lv2 before 1.2.0.48. | |||||
| CVE-2020-7113 | 1 Arubanetworks | 1 Clearpass | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability was found when an attacker, while communicating with the ClearPass management interface, is able to intercept and change parameters in the HTTP packets resulting in the compromise of some of ClearPass' service accounts. Resolution: Fixed in 6.7.10, 6.8.1, 6.9.0 and higher. | |||||
| CVE-2020-11826 | 1 Appinghouse | 1 Memono | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database. | |||||
| CVE-2020-11819 | 1 Rukovoditel | 1 Rukovoditel | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Rukovoditel 2.5.2, an attacker may inject an arbitrary .php file location instead of a language file and thus achieve command execution. | |||||
| CVE-2019-20717 | 1 Netgear | 46 D3600, D3600 Firmware, D6000 and 43 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by denial of service. This affects D3600 before 1.0.0.75, D6000 before 1.0.0.75, D7800 before 1.0.1.44, EX2700 before 1.0.1.52, EX6200v2 before 1.0.1.74, EX8000 before 1.0.1.180, R7500v2 before 1.0.3.38, R7800 before 1.0.2.58, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBS40 before 2.3.0.28, SRK60 before 2.2.1.210, SRR60 before 2.2.1.210, SRS60 before 2.2.1.210, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.68, WN3000RPv3 before 1.0.2.70, WN3100RPv2 before 1.0.0.60, WNDR4300v2 before 1.0.0.58, and WNDR4500v3 before 1.0.0.58. | |||||
| CVE-2019-20711 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20710 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20709 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20708 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20707 | 1 Netgear | 4 R7800, R7800 Firmware, Xr500 and 1 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32. | |||||
| CVE-2019-20706 | 1 Netgear | 4 R7800, R7800 Firmware, Xr500 and 1 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32. | |||||
| CVE-2019-20705 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20704 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20703 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20702 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20701 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20698 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2021-07-21 | 3.3 LOW | 6.5 MEDIUM |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before 8.0.5.5 and WAC510 before 8.0.5.5. | |||||
| CVE-2019-20696 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC505 before V5.6.8.3 and WAC510 before V5.6.8.3. | |||||