Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11590 | 1 Cipplanner | 1 Cipace | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name. | |||||
| CVE-2020-11589 | 1 Cipplanner | 1 Cipace | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only. | |||||
| CVE-2020-11588 | 1 Cipplanner | 1 Cipace | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths. | |||||
| CVE-2020-11585 | 1 Dnnsoftware | 1 Dotnetnuke | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. | |||||
| CVE-2020-5832 | 1 Symantec | 1 Data Center Security | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | |||||
| CVE-2020-8004 | 1 St | 2 Stm32f1, Stm32f1 Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| STMicroelectronics STM32F1 devices have Incorrect Access Control. | |||||
| CVE-2020-7639 | 1 Dot Project | 1 Dot | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
| CVE-2020-7638 | 1 Confinit Project | 1 Confinit | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | |||||
| CVE-2020-7636 | 1 Adb-driver Project | 1 Adb-driver | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary commands via the command function. | |||||
| CVE-2020-7635 | 1 Compass-compile Project | 1 Compass-compile | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via tha options argument. | |||||
| CVE-2020-7634 | 1 Heroku-addonpool Project | 1 Heroku-addonpool | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| heroku-addonpool through 0.1.15 is vulnerable to Command Injection. | |||||
| CVE-2020-7633 | 1 Apiconnect-cli-plugins Project | 1 Apiconnect-cli-plugins | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbitrary commands via the pluginUri argument. | |||||
| CVE-2020-7632 | 1 Node-mpv Project | 1 Node-mpv | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-7631 | 1 Diskusage-ng Project | 1 Diskusage-ng | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary commands via the path argument. | |||||
| CVE-2020-11548 | 1 Search Meter Project | 1 Search Meter | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Search Meter plugin through 2.13.2 for WordPress allows user input introduced in the search bar to be any formula. The attacker could achieve remote code execution via CSV injection if a wp-admin/index.php?page=search-meter Export is performed. | |||||
| CVE-2020-11542 | 1 3xlogic | 3 Infinias Eidc32, Infinias Eidc32 Firmware, Infinias Eidc32 Web | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| 3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the <KEY>MYKEY</KEY> substring. | |||||
| CVE-2020-11533 | 1 Ivanti | 1 Workspace Control | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). | |||||
| CVE-2020-11527 | 1 Zohocorp | 1 Manageengine Opmanager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | |||||
| CVE-2020-10960 | 1 Mediawiki | 1 Mediawiki | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can affect what content is shown or hidden in the user interface) to arbitrary DOM nodes via HTML content within a MediaWiki page. This occurs because jquery.makeCollapsible allows applying an event handler to any Cascading Style Sheets (CSS) selector. There is no known way to exploit this for cross-site scripting (XSS). | |||||
| CVE-2020-4273 | 1 Ibm | 1 Spectrum Scale | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM Spectrum Scale 4.2 and 5.0 could allow a local unprivileged attacker with intimate knowledge of the enviornment to execute commands as root using specially crafted input. IBM X-Force ID: 175977. | |||||
| CVE-2020-11501 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2021-07-21 | 5.8 MEDIUM | 7.4 HIGH |
| GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 (2018-07-16) because of an error in a 2017-10-06 commit. The DTLS client always uses 32 '\0' bytes instead of a random value, and thus contributes no randomness to a DTLS negotiation. This breaks the security guarantees of the DTLS protocol. | |||||
| CVE-2020-7630 | 1 Git-add-remote Project | 1 Git-add-remote | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the name argument. | |||||
| CVE-2020-7629 | 1 Install-package Project | 1 Install-package | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary commands via the options argument. | |||||
| CVE-2020-7628 | 2 Install-package Project, Umount Project | 2 Install-package, Umount | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by users without any sanitization. | |||||
| CVE-2020-7627 | 1 Node-key-sender Project | 1 Node-key-sender | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary commands via the 'arrParams' argument in the 'execute()' function. | |||||
| CVE-2020-7626 | 1 Karma-mojo Project | 1 Karma-mojo | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary commands via the config argument. | |||||
| CVE-2020-7625 | 1 Op-browser Project | 1 Op-browser | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary commands via the url function. | |||||
| CVE-2020-7624 | 1 Effect Project | 1 Effect | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command via the options argument. | |||||
| CVE-2020-7623 | 1 Jscover Project | 1 Jscover | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command via the source argument. | |||||
| CVE-2020-7621 | 1 Ibm | 1 Strongloop Nginx Controller | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arbitrary command as part of the '_nginxCmd()' function. | |||||
| CVE-2020-7620 | 1 Netease | 1 Pomelo-monitor | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary commands as part of 'pomelo-monitor' params. | |||||
| CVE-2020-7619 | 1 Get-git-data Project | 1 Get-git-data | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary commands as part of the arguments provided to get-git-data. | |||||
| CVE-2020-3905 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-3904 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Multiple memory corruption issues were addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-3903 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.4. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2020-3893 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-3892 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-3891 | 1 Apple | 3 Ipad Os, Iphone Os, Watchos | 2021-07-21 | 2.1 LOW | 2.4 LOW |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. A person with physical access to a locked iOS device may be able to respond to messages even when replies are disabled. | |||||
| CVE-2020-3889 | 1 Apple | 1 Mac Os X | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to read arbitrary files. | |||||
| CVE-2020-3884 | 1 Apple | 1 Mac Os X | 2021-07-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An injection issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A remote attacker may be able to cause arbitrary javascript code execution. | |||||
| CVE-2020-3881 | 1 Apple | 1 Mac Os X | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.4. A local user may be able to view sensitive user information. | |||||
| CVE-2020-10868 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process. | |||||
| CVE-2020-10864 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2021-07-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process. | |||||
| CVE-2020-10863 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine. | |||||
| CVE-2020-10862 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC. | |||||
| CVE-2020-10861 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2021-07-21 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled. | |||||
| CVE-2020-7947 | 1 Auth0 | 1 Login By Auth0 | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fields that can contain data that is pulled from different sources. One issue with this is that the data isn't sanitized, and no input validation is performed, before the exporting of the user data. This can lead to (at least) CSV injection if a crafted Excel document is uploaded. | |||||
| CVE-2020-11445 | 1 Tp-link | 30 Kc200, Kc200 Firmware, Kc300s2 and 27 more | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | |||||
| CVE-2020-4239 | 1 Ibm | 1 Tivoli Netcool\/impact | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 175412. | |||||
| CVE-2020-4236 | 1 Ibm | 1 Tivoli Netcool\/impact | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.17 could allow an authenticated user to cause a denial of service due to improper content parsing in the project management module. IBM X-Force ID: 175409. | |||||