Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-31 | CVE-2020-5425 | Improper Authentication vulnerability in VMWare Single Sign-On for Tanzu Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. | 4.6 |
| 2020-10-31 | CVE-2020-15703 | Path Traversal vulnerability in Aptdaemon Project Aptdaemon 1.1.1 There is no input validation on the Locale property in an apt transaction. | 2.1 |
| 2020-10-30 | CVE-2020-5991 | Out-of-bounds Read vulnerability in Nvidia Cuda Toolkit 10.0.130/10.2.89/9.0.176 NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure. | 4.6 |
| 2020-10-30 | CVE-2020-15276 | Cross-site Scripting vulnerability in Basercms baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. | 3.5 |
| 2020-10-30 | CVE-2020-15273 | Cross-site Scripting vulnerability in Basercms baserCMS before version 4.4.1 is vulnerable to Cross-Site Scripting. | 3.5 |
| 2020-10-30 | CVE-2020-15277 | Unrestricted Upload of File with Dangerous Type vulnerability in Basercms baserCMS before version 4.4.1 is affected by Remote Code Execution (RCE). | 6.5 |
| 2020-10-30 | CVE-2020-7373 | Command Injection vulnerability in Vbulletin vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. | 7.5 |
| 2020-10-30 | CVE-2020-4588 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM I2 Ibase 8.9.13 IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. | 7.8 |
| 2020-10-30 | CVE-2020-4584 | Information Exposure Through an Error Message vulnerability in IBM I2 Ibase 8.9.13 IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. | 5.0 |
| 2020-10-30 | CVE-2020-7760 | Resource Exhaustion vulnerability in multiple products This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. | 5.0 |