Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-06-15 | CVE-2017-18869 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Chownr Project Chownr A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks. | 1.9 |
| 2020-06-15 | CVE-2020-8675 | Improper Privilege Management vulnerability in Intel Innovation Engine Firmware Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engine before version 1.0.859 may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | 4.6 |
| 2020-06-15 | CVE-2020-8674 | Out-of-bounds Read vulnerability in Intel products Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.12.77, 11.22.77, 12.0.64 and 14.0.33 may allow an unauthenticated user to potentially enable information disclosure via network access. | 5.0 |
| 2020-06-15 | CVE-2020-4494 | Information Exposure vulnerability in IBM products IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow an attacker to bypass authentication due to improper session validation which can result in access to unauthorized resources. | 5.0 |
| 2020-06-15 | CVE-2020-4477 | Information Exposure vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 discloses highly sensitive information in plain text in the virgo log file which could be used in further attacks against the system. | 4.0 |
| 2020-06-15 | CVE-2020-4471 | Improper Input Validation vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow an unauthenticated attacker to cause a denial of service or hijack DNS sessions by send a specially crafted HTTP command to the remote server. | 6.4 |
| 2020-06-15 | CVE-2020-4470 | Unrestricted Upload of File with Dangerous Type vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 Administrative Console could allow an authenticated attacker to upload arbitrary files which could be execute arbitrary code on the vulnerable server. | 6.0 |
| 2020-06-15 | CVE-2020-4469 | OS Command Injection vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 could allow a remote attacker to execute arbitrary code on the system. | 10.0 |
| 2020-06-15 | CVE-2020-4406 | Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM products IBM Spectrum Protect Client 8.1.7.0 through 8.1.9.1 (Linux and Windows), 8.1.9.0 trough 8.1.9.1 (AIX) and IBM Spectrum Protect for Space Management 8.1.7.0 through 8.1.9.1 (Linux), 8.1.9.0 through 8.1.9.1 (AIX) web user interfaces could allow a remote attacker to hijack the clicking action of the victim. | 3.5 |
| 2020-06-15 | CVE-2020-4216 | Use of Hard-coded Credentials vulnerability in IBM Spectrum Protect Plus IBM Spectrum Protect Plus 10.1.0 through 10.1.5 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 7.5 |