Weekly Vulnerabilities Reports > July 13 to 19, 2020
Overview
626 new vulnerabilities reported during this period, including 50 critical vulnerabilities and 96 high severity vulnerabilities. This weekly summary report vulnerabilities in 401 products from 103 vendors including Oracle, Microsoft, Canonical, Netapp, and Opensuse. Vulnerabilities are notably categorized as "Improper Privilege Management", "Cross-site Scripting", "Information Exposure", "Improper Input Validation", and "Improper Restriction of Operations within the Bounds of a Memory Buffer".
- 459 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities have public exploit available.
- 137 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 433 reported vulnerabilities are exploitable by an anonymous user.
- Oracle has the most reported vulnerabilities, with 217 reported vulnerabilities.
- Microsoft has the most reported critical vulnerabilities, with 15 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
50 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-07-17 | CVE-2020-5759 | Grandstream | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via SSH. | 10.0 |
2020-07-17 | CVE-2020-5757 | Grandstream | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. | 10.0 |
2020-07-17 | CVE-2020-0225 | Out-of-bounds Write vulnerability in Google Android 10.0 In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. | 10.0 | |
2020-07-17 | CVE-2020-0224 | Type Confusion vulnerability in Google Android In FastKeyAccumulator::GetKeysSlow of keys.cc, there is a possible out of bounds write due to type confusion. | 10.0 | |
2020-07-17 | CVE-2020-7825 | Tobesoft | OS Command Injection vulnerability in Tobesoft Miplatform 2019.05.16 A vulnerability exists that could allow the execution of operating system commands on systems running MiPlatform 2019.05.16 and earlier. | 10.0 |
2020-07-17 | CVE-2020-9682 | Adobe | Link Following vulnerability in Adobe Creative Cloud Desktop Application 2.4/2.5/5.1 Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. | 10.0 |
2020-07-16 | CVE-2020-3331 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco RV110W Wireless-N VPN Firewall and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. | 10.0 |
2020-07-16 | CVE-2020-3330 | Cisco | Use of Hard-coded Credentials vulnerability in Cisco Rv110W Wireless-N VPN Firewall Firmware A vulnerability in the Telnet service of Cisco Small Business RV110W Wireless-N VPN Firewall Routers could allow an unauthenticated, remote attacker to take full control of the device with a high-privileged account. | 10.0 |
2020-07-16 | CVE-2020-3323 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. | 10.0 |
2020-07-16 | CVE-2020-3140 | Cisco | Incorrect Authorization vulnerability in Cisco Prime License Manager A vulnerability in the web management interface of Cisco Prime License Manager (PLM) Software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. | 10.0 |
2020-07-15 | CVE-2020-14606 | Oracle | Unspecified vulnerability in Oracle Sd-Wan Edge 8.2/9.0 Vulnerability in the Oracle SD-WAN Edge product of Oracle Communications Applications (component: User Interface). | 10.0 |
2020-07-15 | CVE-2020-8178 | Jison Project | OS Command Injection vulnerability in Jison Project Jison Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection attacks. | 10.0 |
2020-07-14 | CVE-2020-1350 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests, aka 'Windows DNS Server Remote Code Execution Vulnerability'. | 10.0 |
2020-07-14 | CVE-2020-13753 | Wpewebkit Webkitgtk Fedoraproject Debian Canonical Opensuse | Improper Input Validation vulnerability in multiple products The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. | 10.0 |
2020-07-14 | CVE-2020-11956 | Rittal | OS Command Injection vulnerability in Rittal products An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. | 10.0 |
2020-07-14 | CVE-2020-6287 | SAP | Missing Authentication for Critical Function vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an attacker without prior authentication to execute configuration tasks to perform critical actions against the SAP Java system, including the ability to create an administrative user, and therefore compromising Confidentiality, Integrity and Availability of the system, leading to Missing Authentication Check. | 10.0 |
2020-07-14 | CVE-2020-11951 | Rittal | Use of Hard-coded Credentials vulnerability in Rittal products An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. | 10.0 |
2020-07-13 | CVE-2020-10988 | Tenda | Use of Hard-coded Credentials vulnerability in Tenda Ac15 Firmware 15.03.05.19 A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. | 10.0 |
2020-07-13 | CVE-2020-10987 | Tenda | Injection vulnerability in Tenda Ac15 Firmware 15.03.05.19 The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the deviceName POST parameter. | 10.0 |
2020-07-17 | CVE-2020-14001 | Kramdown Project Debian Fedoraproject Canonical | Missing Authorization vulnerability in multiple products The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). | 9.8 |
2020-07-16 | CVE-2020-12007 | Mitsubishielectric Iconics | Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. | 9.8 |
2020-07-16 | CVE-2020-3357 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the Secure Sockets Layer (SSL) VPN feature of Cisco Small Business RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device or cause the device to reload, resulting in a denial of service (DoS) condition. | 9.8 |
2020-07-15 | CVE-2020-14644 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 9.8 |
2020-07-14 | CVE-2020-1025 | Microsoft | Improper Input Validation vulnerability in Microsoft products An elevation of privilege vulnerability exists when Microsoft SharePoint Server and Skype for Business Server improperly handle OAuth token validation. | 9.8 |
2020-07-14 | CVE-2020-13926 | Apache | SQL Injection vulnerability in Apache Kylin Kylin concatenates and executes a Hive SQL in Hive CLI or beeline when building a new segment; some part of the HQL is from system configurations, while the configuration can be overwritten by certain rest api, which makes SQL injection attack is possible. | 9.8 |
2020-07-14 | CVE-2020-13925 | Apache | OS Command Injection vulnerability in Apache Kylin Similar to CVE-2020-1956, Kylin has one more restful API which concatenates the API inputs into OS commands and then executes them on the server; while the reported API misses necessary input validation, which causes the hackers to have the possibility to execute OS command remotely. | 9.8 |
2020-07-17 | CVE-2020-9688 | Adobe | Injection vulnerability in Adobe Download Manager 2.0.0.518 Adobe Download Manager version 2.0.0.518 have a command injection vulnerability. | 9.3 |
2020-07-14 | CVE-2020-1481 | Microsoft | Injection vulnerability in Microsoft Visual Studio Code Eslint Extension A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1458 | Microsoft | Untrusted Search Path vulnerability in Microsoft 365 Apps A remote code execution vulnerability exists when Microsoft Office improperly validates input before loading dynamic link library (DLL) files, aka 'Microsoft Office Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1449 | Microsoft | Origin Validation Error vulnerability in Microsoft 365 Apps, Office and Project 2016 A remote code execution vulnerability exists in Microsoft Project software when the software fails to check the source markup of a file, aka 'Microsoft Project Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1435 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1421 | Microsoft | Type Confusion vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Windows that could allow remote code execution if a .LNK file is processed.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user, aka 'LNK Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1412 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1410 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists when Windows Address Book (WAB) improperly processes vcard files.To exploit the vulnerability, an attacker could send a malicious vcard that a victim opens using Windows Address Book (WAB), aka 'Windows Address Book Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1409 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1408 | Microsoft | Origin Validation Error vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1407 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1401 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1400 | Microsoft | Integer Underflow (Wrap or Wraparound) vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. | 9.3 |
2020-07-14 | CVE-2020-1240 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft 365 Apps A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | 9.3 |
2020-07-17 | CVE-2020-5758 | Grandstream | OS Command Injection vulnerability in Grandstream products Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. | 9.0 |
2020-07-17 | CVE-2020-5756 | Grandstream | OS Command Injection vulnerability in Grandstream Gwn7000 Firmware 1.0.6.32 Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. | 9.0 |
2020-07-17 | CVE-2020-4464 | IBM | Deserialization of Untrusted Data vulnerability in IBM Websphere Application Server IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 traditional could allow a remote attacker to execute arbitrary code on a system with a specially-crafted sequence of serialized objects over the SOAP connector. | 9.0 |
2020-07-16 | CVE-2020-3332 | Cisco | OS Command Injection vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker to inject arbitrary shell commands that are executed by an affected device. | 9.0 |
2020-07-16 | CVE-2020-3146 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. | 9.0 |
2020-07-15 | CVE-2020-8958 | Gpononu | OS Command Injection vulnerability in Gpononu products Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-181024 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the boaform/admin/formPing Dest IP Address field. | 9.0 |
2020-07-15 | CVE-2020-11439 | Librehealth | Improper Input Validation vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is affected by a Local File Inclusion issue allowing arbitrary PHP to be included and executed within the EMR application. | 9.0 |
2020-07-14 | CVE-2020-11955 | Rittal | Incorrect Default Permissions vulnerability in Rittal products An issue was discovered on Rittal PDU-3C002DEC through 5.15.70 and CMCIII-PU-9333E0FB through 3.15.70 devices. | 9.0 |
2020-07-14 | CVE-2020-11953 | Rittal | OS Command Injection vulnerability in Rittal products An issue was discovered on Rittal PDU-3C002DEC through 5.15.40 and CMCIII-PU-9333E0FB through 3.15.70_4 devices. | 9.0 |
2020-07-13 | CVE-2020-11749 | Pandorafms | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Pandora FMS 7.0 NG <= 746 suffers from Multiple XSS vulnerabilities in different browser views. | 9.0 |
96 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-07-17 | CVE-2020-11978 | Apache | OS Command Injection vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 8.8 |
2020-07-16 | CVE-2020-3387 | Cisco | Improper Input Validation vulnerability in Cisco Sd-Wan Firmware A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to execute code with root privileges on an affected system. | 8.8 |
2020-07-16 | CVE-2020-3381 | Cisco | Path Traversal vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct directory traversal attacks and obtain read and write access to sensitive files on a targeted system. | 8.8 |
2020-07-15 | CVE-2020-2228 | Jenkins | Incorrect Authorization vulnerability in Jenkins Gitlab Authentication Jenkins Gitlab Authentication Plugin 1.5 and earlier does not perform group authorization checks properly, resulting in a privilege escalation vulnerability. | 8.8 |
2020-07-14 | CVE-2020-1416 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies, aka 'Visual Studio and Visual Studio Code Elevation of Privilege Vulnerability'. | 8.8 |
2020-07-13 | CVE-2020-14300 | Redhat Docker | Improper Check for Dropped Privileges vulnerability in multiple products The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 (https://access.redhat.com/errata/RHBA-2020:0053) included an incorrect version of runc that was missing multiple bug and security fixes. | 8.8 |
2020-07-13 | CVE-2020-14298 | Redhat Docker | Improper Check for Dropped Privileges vulnerability in multiple products The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053 advisory included an incorrect version of runc missing the fix for CVE-2019-5736, which was previously fixed via RHSA-2019:0304. | 8.8 |
2020-07-16 | CVE-2020-3358 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in the Secure Sockets Layer (SSL) VPN feature for Cisco Small Business RV VPN Routers could allow an unauthenticated, remote attacker to cause the device to unexpectedly restart, causing a denial of service (DoS) condition. | 8.6 |
2020-07-15 | CVE-2020-14664 | Oracle Netapp | Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). | 8.3 |
2020-07-15 | CVE-2020-14583 | Oracle Fedoraproject Canonical Debian Opensuse Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 8.3 |
2020-07-15 | CVE-2020-14723 | Oracle | Unspecified vulnerability in Oracle Help Technologies 11.1.1.9.0/12.2.1.3.0 Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). | 8.2 |
2020-07-14 | CVE-2020-7587 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). | 8.2 |
2020-07-16 | CVE-2020-3388 | Cisco | Improper Authentication vulnerability in Cisco Sd-Wan Firmware A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to inject arbitrary commands that are executed with root privileges. | 7.8 |
2020-07-16 | CVE-2020-3369 | Cisco | Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 7.8 |
2020-07-16 | CVE-2020-3351 | Cisco | Resource Exhaustion vulnerability in Cisco products A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. | 7.8 |
2020-07-16 | CVE-2020-3180 | Cisco | Insufficiently Protected Credentials vulnerability in Cisco Sd-Wan A vulnerability in Cisco SD-WAN Solution Software could allow an unauthenticated, local attacker to access an affected device by using an account that has a default, static password. | 7.8 |
2020-07-15 | CVE-2020-15603 | Trendmicro | Out-of-bounds Read vulnerability in Trendmicro products An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash. | 7.8 |
2020-07-15 | CVE-2020-14642 | Oracle | Improper Resource Shutdown or Release vulnerability in Oracle Coherence Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: CacheStore). | 7.8 |
2020-07-14 | CVE-2020-1349 | Microsoft | Unspecified vulnerability in Microsoft 365 Apps, Office and Outlook A remote code execution vulnerability exists in Microsoft Outlook software when it fails to properly handle objects in memory, aka 'Microsoft Outlook Remote Code Execution Vulnerability'. | 7.8 |
2020-07-14 | CVE-2020-1336 | Microsoft | Unspecified vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. | 7.8 |
2020-07-14 | CVE-2020-1043 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. | 7.7 |
2020-07-14 | CVE-2020-1042 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. | 7.7 |
2020-07-14 | CVE-2020-1041 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. | 7.7 |
2020-07-14 | CVE-2020-1040 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. | 7.7 |
2020-07-14 | CVE-2020-1036 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. | 7.7 |
2020-07-14 | CVE-2020-1032 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. | 7.7 |
2020-07-14 | CVE-2020-1403 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Internet Explorer 11/9 A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. | 7.6 |
2020-07-17 | CVE-2020-7206 | HP | Code Injection vulnerability in HP Nagios-Plugins-Hpilo 1.50 HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerability. | 7.5 |
2020-07-17 | CVE-2020-0231 | Out-of-bounds Write vulnerability in Google Android There is a possible out of bounds write due to an incorrect bounds check. | 7.5 | |
2020-07-17 | CVE-2020-0230 | Out-of-bounds Write vulnerability in Google Android There is a possible out of bounds write due to an incorrect bounds check. | 7.5 | |
2020-07-17 | CVE-2020-1654 | Juniper | Classic Buffer Overflow vulnerability in Juniper Junos On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, processing a malformed HTTP message can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) Continued processing of this malformed HTTP message may result in an extended Denial of Service (DoS) condition. | 7.5 |
2020-07-17 | CVE-2020-1652 | Opennms | Unspecified vulnerability in Opennms OpenNMS is accessible via port 9443 | 7.5 |
2020-07-17 | CVE-2020-7826 | Eyesurfer | Download of Code Without Integrity Check vulnerability in Eyesurfer Bflyinstallerx.Ocx EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. | 7.5 |
2020-07-17 | CVE-2020-7684 | Rollup Plugin Serve Project | Path Traversal vulnerability in Rollup-Plugin-Serve Project Rollup-Plugin-Serve This affects all versions of package rollup-plugin-serve. | 7.5 |
2020-07-17 | CVE-2020-15801 | Python Netapp | Untrusted Search Path vulnerability in multiple products In Python 3.8.4, sys.path restrictions specified in a python38._pth file are ignored, allowing code to be loaded from arbitrary locations. | 7.5 |
2020-07-17 | CVE-2020-9671 | Adobe | Incorrect Permission Assignment for Critical Resource vulnerability in Adobe Creative Cloud Desktop Application 2.4/2.5/5.1 Adobe Creative Cloud Desktop Application versions 5.1 and earlier have an insecure file permissions vulnerability. | 7.5 |
2020-07-17 | CVE-2020-9670 | Adobe | Link Following vulnerability in Adobe Creative Cloud Desktop Application 5.1 Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a symlink vulnerability vulnerability. | 7.5 |
2020-07-17 | CVE-2020-9669 | Adobe | Improper Privilege Management vulnerability in Adobe Creative Cloud Adobe Creative Cloud Desktop Application versions 5.1 and earlier have a lack of exploit mitigations vulnerability. | 7.5 |
2020-07-17 | CVE-2020-11982 | Apache | Deserialization of Untrusted Data vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 7.5 |
2020-07-17 | CVE-2020-11981 | Apache | OS Command Injection vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 7.5 |
2020-07-16 | CVE-2020-12011 | Mitsubishielectric Iconics | Out-of-bounds Write vulnerability in multiple products A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. | 7.5 |
2020-07-16 | CVE-2020-3144 | Cisco | Improper Authentication vulnerability in Cisco products A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary commands with administrative commands on an affected device. | 7.5 |
2020-07-16 | CVE-2019-20914 | GNU | NULL Pointer Dereference vulnerability in GNU Libredwg An issue was discovered in GNU LibreDWG through 0.9.3. | 7.5 |
2020-07-16 | CVE-2020-15027 | Connectwise | Improper Authentication vulnerability in Connectwise Automate 2020.0/2020.7 ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. | 7.5 |
2020-07-16 | CVE-2020-14000 | MIT | Deserialization of Untrusted Data vulnerability in MIT Scratch-Vm MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain _ characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. | 7.5 |
2020-07-15 | CVE-2020-10288 | ABB | Improper Authentication vulnerability in ABB Robotware 5.09 IRC5 exposes an ftp server (port 21). | 7.5 |
2020-07-15 | CVE-2020-10287 | ABB | Insufficiently Protected Credentials vulnerability in ABB Irb140 Firmware and Irc5 Firmware The IRC5 family with UAS service enabled comes by default with credentials that can be found on publicly available manuals. | 7.5 |
2020-07-15 | CVE-2020-10285 | Ufactory | Insufficient Entropy vulnerability in Ufactory Xarm 5 Lite Firmware 1.5.0 The authentication implementation on the xArm controller has very low entropy, making it vulnerable to a brute-force attack. | 7.5 |
2020-07-15 | CVE-2020-12684 | Inetsoftware | XXE vulnerability in Inetsoftware I-Net Clear Reports 19.0.287 XXE injection can occur in i-net Clear Reports 2019 19.0.287 (Designer), as used in i-net HelpDesk and other products, when XML input containing a reference to an external entity is processed by a weakly configured XML parser. | 7.5 |
2020-07-15 | CVE-2020-14701 | Oracle | Unspecified vulnerability in Oracle Sd-Wan Aware 8.2 Vulnerability in the Oracle SD-WAN Aware product of Oracle Communications Applications (component: User Interface). | 7.5 |
2020-07-15 | CVE-2020-14687 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2020-07-15 | CVE-2020-14645 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2020-07-15 | CVE-2020-14630 | Oracle | Improper Resource Shutdown or Release vulnerability in Oracle Enterprise Session Border Controller 8.1.0/8.2.0/8.3.0 Vulnerability in the Oracle Enterprise Session Border Controller product of Oracle Communications Applications (component: File Upload). | 7.5 |
2020-07-15 | CVE-2020-14625 | Oracle | Unspecified vulnerability in Oracle Weblogic Server 12.2.1.3.0/12.2.1.4.0/14.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 7.5 |
2020-07-15 | CVE-2020-14611 | Oracle | Unspecified vulnerability in Oracle Webcenter Portal 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Composer). | 7.5 |
2020-07-15 | CVE-2020-14609 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web Answers). | 7.5 |
2020-07-15 | CVE-2020-14511 | Moxa | Out-of-bounds Write vulnerability in Moxa products Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). | 7.5 |
2020-07-15 | CVE-2020-14503 | Advantech | Improper Input Validation vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. | 7.5 |
2020-07-15 | CVE-2020-14507 | Advantech | Path Traversal vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, is vulnerable to multiple path traversal vulnerabilities that could allow an attacker to create/download arbitrary files, limit system availability, and remotely execute code. | 7.5 |
2020-07-15 | CVE-2020-14505 | Advantech | Injection vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, has an improper neutralization of special elements used in a command (“command injection”) vulnerability. | 7.5 |
2020-07-15 | CVE-2020-14497 | Advantech | SQL Injection vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. | 7.5 |
2020-07-14 | CVE-2020-9297 | Netflix | Injection vulnerability in Netflix Titus Netflix Titus, all versions prior to version v0.1.1-rc.274, uses Java Bean Validation (JSR 380) custom constraint validators. | 7.5 |
2020-07-14 | CVE-2020-11546 | Superwebmailer | Injection vulnerability in Superwebmailer SuperWebMailer 7.21.0.01526 is susceptible to a remote code execution vulnerability in the Language parameter of mailingupgrade.php. | 7.5 |
2020-07-14 | CVE-2020-13847 | Sylabs | Improper Validation of Integrity Check Value vulnerability in Sylabs Singularity Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. | 7.5 |
2020-07-14 | CVE-2020-13846 | Sylabs | Unspecified vulnerability in Sylabs Singularity Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. | 7.5 |
2020-07-14 | CVE-2020-13845 | Sylabs | Improper Validation of Integrity Check Value vulnerability in Sylabs Singularity Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. | 7.5 |
2020-07-14 | CVE-2020-13935 | Apache Debian Netapp Opensuse Canonical Mcafee Oracle | Infinite Loop vulnerability in multiple products The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. | 7.5 |
2020-07-14 | CVE-2020-13934 | Apache Debian Netapp Opensuse Canonical Oracle | Memory Leak vulnerability in multiple products An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. | 7.5 |
2020-07-14 | CVE-2020-7593 | Siemens | Classic Buffer Overflow vulnerability in Siemens Logo! 8 BM Firmware A vulnerability has been identified in LOGO! 8 BM (incl. | 7.5 |
2020-07-14 | CVE-2020-1948 | Apache | Deserialization of Untrusted Data vulnerability in Apache Dubbo This vulnerability can affect all Dubbo users stay on version 2.7.6 or lower. | 7.5 |
2020-07-14 | CVE-2020-10042 | Siemens | Classic Buffer Overflow vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 7.5 |
2020-07-14 | CVE-2020-10038 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 7.5 |
2020-07-13 | CVE-2020-15050 | Supremainc | Path Traversal vulnerability in Supremainc Biostar 2 An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. | 7.5 |
2020-07-13 | CVE-2020-15689 | Embedthis | NULL Pointer Dereference vulnerability in Embedthis Appweb Appweb before 7.2.2 and 8.x before 8.1.0, when built with CGI support, mishandles an HTTP request with a Range header that lacks an exact range. | 7.5 |
2020-07-13 | CVE-2019-20907 | Python Opensuse Debian Fedoraproject Canonical Netapp Oracle | Infinite Loop vulnerability in multiple products In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation. | 7.5 |
2020-07-15 | CVE-2020-14593 | Oracle Fedoraproject Canonical Debian Opensuse Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). | 7.4 |
2020-07-15 | CVE-2020-8203 | Lodash Oracle | Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | 7.4 |
2020-07-17 | CVE-2020-0227 | Missing Authorization vulnerability in Google Android In onCommand of CompanionDeviceManagerService.java, there is a possible permissions bypass due to a missing permission check. | 7.2 | |
2020-07-17 | CVE-2020-0226 | Type Confusion vulnerability in Google Android 10.0 In createWithSurfaceParent of Client.cpp, there is a possible out of bounds write due to type confusion. | 7.2 | |
2020-07-17 | CVE-2020-0122 | Incorrect Default Permissions vulnerability in Google Android In the permission declaration for com.google.android.providers.gsf.permission.WRITE_GSERVICES in AndroidManifest.xml, there is a possible permissions bypass. | 7.2 | |
2020-07-16 | CVE-2020-3380 | Cisco | Argument Injection or Modification vulnerability in Cisco Data Center Network Manager A vulnerability in the CLI of Cisco Data Center Network Manager (DCNM) could allow an authenticated, local attacker to elevate privileges to root and execute arbitrary commands on the underlying operating system. | 7.2 |
2020-07-16 | CVE-2020-3379 | Cisco | Improper Input Validation vulnerability in Cisco products A vulnerability in Cisco SD-WAN Solution Software could allow an authenticated, local attacker to elevate privileges to Administrator on the underlying operating system. | 7.2 |
2020-07-15 | CVE-2020-15780 | Linux Opensuse Canonical | Missing Authorization vulnerability in multiple products An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. | 7.2 |
2020-07-15 | CVE-2020-14697 | Oracle Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 7.2 |
2020-07-15 | CVE-2020-14678 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 7.2 |
2020-07-15 | CVE-2020-14663 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 7.2 |
2020-07-14 | CVE-2020-1465 | Microsoft | Improper Privilege Management vulnerability in Microsoft Onedrive An elevation of privilege vulnerability exists in Microsoft OneDrive that allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft OneDrive Elevation of Privilege Vulnerability'. | 7.2 |
2020-07-14 | CVE-2020-1429 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles a process crash, aka 'Windows Error Reporting Manager Elevation of Privilege Vulnerability'. | 7.2 |
2020-07-14 | CVE-2020-1424 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Update Stack fails to properly handle objects in memory, aka 'Windows Update Stack Elevation of Privilege Vulnerability'. | 7.2 |
2020-07-14 | CVE-2020-1418 | Microsoft | Improper Input Validation vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Diagnostics Execution Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. | 7.2 |
2020-07-14 | CVE-2020-1411 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. | 7.2 |
2020-07-14 | CVE-2020-1406 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network List Service handles objects in memory, aka 'Windows Network List Service Elevation of Privilege Vulnerability'. | 7.2 |
2020-07-14 | CVE-2020-1402 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows ActiveX Installer Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows ActiveX Installer Service Elevation of Privilege Vulnerability'. | 7.2 |
2020-07-14 | CVE-2020-11827 | GOG | Improper Privilege Management vulnerability in GOG Galaxy In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. | 7.2 |
2020-07-15 | CVE-2019-17637 | Eclipse Debian | XXE vulnerability in multiple products In all versions of Eclipse Web Tools Platform through release 3.18 (2020-06), XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. | 7.1 |
2020-07-13 | CVE-2020-10986 | Tenda | Cross-Site Request Forgery (CSRF) vulnerability in Tenda Ac15 Firmware 15.03.05.19 A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page. | 7.1 |
402 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-07-15 | CVE-2019-20908 | Linux Opensuse Canonical | Improper Privilege Management vulnerability in multiple products An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. | 6.9 |
2020-07-15 | CVE-2020-15602 | Trendmicro | Untrusted Search Path vulnerability in Trendmicro products An untrusted search path remote code execution (RCE) vulnerability in the Trend Micro Secuity 2020 (v16.0.0.1146 and below) consumer family of products could allow an attacker to run arbitrary code on a vulnerable system. | 6.9 |
2020-07-17 | CVE-2020-9257 | Huawei | Classic Buffer Overflow vulnerability in Huawei P30 PRO Firmware HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a buffer overflow vulnerability. | 6.8 |
2020-07-17 | CVE-2020-9254 | Huawei | Injection vulnerability in Huawei P30 PRO Firmware HUAWEI P30 Pro smartphones with versions earlier than 10.1.0.123(C432E19R2P5patch02), versions earlier than 10.1.0.126(C10E11R5P1), and versions earlier than 10.1.0.160(C00E160R2P8) have a logic check error vulnerability. | 6.8 |
2020-07-17 | CVE-2020-7818 | Hmtalk | Out-of-bounds Write vulnerability in Hmtalk Daviewindy 8.98.4/8.98.7/8.98.9 DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. | 6.8 |
2020-07-17 | CVE-2020-1647 | Juniper | Double Free vulnerability in Juniper Junos On Juniper Networks SRX Series with ICAP (Internet Content Adaptation Protocol) redirect service enabled, a double free vulnerability can lead to a Denial of Service (DoS) or Remote Code Execution (RCE) due to processing of a specific HTTP message. | 6.8 |
2020-07-17 | CVE-2020-1645 | Juniper | Unspecified vulnerability in Juniper Junos When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management Daemon (mspmand) process, responsible for managing "URL Filtering service", may crash, causing the Services PIC to restart. | 6.8 |
2020-07-17 | CVE-2020-15813 | Graylog | Improper Certificate Validation vulnerability in Graylog Graylog before 3.3.3 lacks SSL Certificate Validation for LDAP servers. | 6.8 |
2020-07-17 | CVE-2020-9650 | Adobe | Out-of-bounds Write vulnerability in Adobe Media Encoder Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. | 6.8 |
2020-07-17 | CVE-2020-9646 | Adobe | Out-of-bounds Write vulnerability in Adobe Media Encoder Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. | 6.8 |
2020-07-16 | CVE-2019-20912 | GNU | Out-of-bounds Write vulnerability in GNU Libredwg An issue was discovered in GNU LibreDWG through 0.9.3. | 6.8 |
2020-07-15 | CVE-2020-9309 | Silverstripe | Unrestricted Upload of File with Dangerous Type vulnerability in Silverstripe Mimevalidator and Recipe Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). | 6.8 |
2020-07-15 | CVE-2020-11438 | Librehealth | Cross-Site Request Forgery (CSRF) vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is affected by systemic CSRF. | 6.8 |
2020-07-15 | CVE-2020-14626 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 6.8 |
2020-07-15 | CVE-2020-15700 | Joomla | Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla! An issue was discovered in Joomla! through 3.9.19. | 6.8 |
2020-07-15 | CVE-2020-15695 | Joomla | Cross-Site Request Forgery (CSRF) vulnerability in Joomla Joomla! An issue was discovered in Joomla! through 3.9.19. | 6.8 |
2020-07-14 | CVE-2020-1448 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 6.8 |
2020-07-14 | CVE-2020-1447 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 6.8 |
2020-07-14 | CVE-2020-1446 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. | 6.8 |
2020-07-14 | CVE-2020-1436 | Microsoft | Out-of-bounds Write vulnerability in Microsoft products A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted fonts.For all systems except Windows 10, an attacker who successfully exploited the vulnerability could execute code remotely, aka 'Windows Font Library Remote Code Execution Vulnerability'. | 6.8 |
2020-07-14 | CVE-2020-1147 | Microsoft | Unspecified vulnerability in Microsoft products A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'. | 6.8 |
2020-07-14 | CVE-2019-12784 | Verint | Cross-Site Request Forgery (CSRF) vulnerability in Verint Impact 360 An issue was discovered in Verint Impact 360 15.1. | 6.8 |
2020-07-14 | CVE-2020-10045 | Siemens | Authentication Bypass by Capture-replay vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 6.8 |
2020-07-14 | CVE-2020-10039 | Siemens | Missing Encryption of Sensitive Data vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 6.8 |
2020-07-14 | CVE-2020-6290 | SAP | Session Fixation vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version 10.1, is vulnerable to Session Fixation attacks wherein the attacker tricks the user into using a specific session ID. | 6.8 |
2020-07-14 | CVE-2020-6289 | SAP | Cross-Site Request Forgery (CSRF) vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version 10.1, had insufficient protection against Cross-Site Request Forgery, which could be used to trick user in to browsing malicious site. | 6.8 |
2020-07-14 | CVE-2020-15711 | Misp | Cross-Site Request Forgery (CSRF) vulnerability in Misp In MISP before 2.4.129, setting a favourite homepage was not CSRF protected. | 6.8 |
2020-07-14 | CVE-2020-7581 | Siemens | Unquoted Search Path or Element vulnerability in Siemens products A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). | 6.7 |
2020-07-17 | CVE-2020-15816 | Westerndigital | Injection vulnerability in Westerndigital WD Discovery In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables. | 6.5 |
2020-07-16 | CVE-2020-3401 | Cisco | Path Traversal vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. | 6.5 |
2020-07-16 | CVE-2020-3372 | Cisco | Resource Exhaustion vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to consume excessive system memory and cause a denial of service (DoS) condition on an affected system. | 6.5 |
2020-07-16 | CVE-2020-3145 | Cisco | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Cisco products Multiple vulnerabilities in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, RV130 VPN Router, RV130W Wireless-N Multifunction VPN Router, and RV215W Wireless-N VPN Router could allow an authenticated, remote attacker to execute arbitrary code on an affected device. | 6.5 |
2020-07-15 | CVE-2020-14066 | Icewarp | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload JavaScript files that are dangerous for clients to access. | 6.5 |
2020-07-15 | CVE-2020-12854 | Seczetta | Unrestricted Upload of File with Dangerous Type vulnerability in Seczetta Neprofile 3.3.11 A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. | 6.5 |
2020-07-15 | CVE-2020-15117 | Symless Fedoraproject | Improper Check for Unusual or Exceptional Conditions vulnerability in multiple products In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. | 6.5 |
2020-07-15 | CVE-2020-14721 | Oracle | Unspecified vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0 Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). | 6.5 |
2020-07-15 | CVE-2020-14718 | Oracle | Unspecified vulnerability in Oracle Graalvm 19.3.2/20.1.0 Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). | 6.5 |
2020-07-15 | CVE-2020-14680 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2020-07-15 | CVE-2020-14662 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 6.5 |
2020-07-15 | CVE-2020-14619 | Netapp Fedoraproject Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). | 6.5 |
2020-07-15 | CVE-2020-14591 | Oracle Netapp Fedoraproject | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). | 6.5 |
2020-07-15 | CVE-2020-14576 | Oracle Netapp Fedoraproject Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). | 6.5 |
2020-07-15 | CVE-2020-14539 | Oracle Netapp Fedoraproject Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 6.5 |
2020-07-14 | CVE-2020-1439 | Microsoft | Deserialization of Untrusted Data vulnerability in Microsoft products A remote code execution vulnerability exists in PerformancePoint Services for SharePoint Server when the software fails to check the source markup of XML file input, aka 'PerformancePoint Services Remote Code Execution Vulnerability'. | 6.5 |
2020-07-14 | CVE-2020-6292 | SAP | Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1 Logout mechanism in SAP Disclosure Management, version 10.1, does not invalidate one of the session cookies, leading to Insufficient Session Expiration. | 6.5 |
2020-07-14 | CVE-2020-6291 | SAP | Insufficient Session Expiration vulnerability in SAP Disclosure Management 10.1 SAP Disclosure Management, version 10.1, session mechanism does not have expiration data set therefore allows unlimited access after authenticating once, leading to Insufficient Session Expiration | 6.5 |
2020-07-14 | CVE-2020-4512 | IBM | OS Command Injection vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow a remote privileged user to execute commands. | 6.5 |
2020-07-17 | CVE-2020-0305 | Google Opensuse | Use After Free vulnerability in multiple products In cdev_get of char_dev.c, there is a possible use-after-free due to a race condition. | 6.4 |
2020-07-16 | CVE-2020-12013 | Mitsubishielectric Iconics | SQL Injection vulnerability in multiple products A specially crafted WCF client that interfaces to the may allow the execution of certain arbitrary SQL commands remotely. | 6.4 |
2020-07-16 | CVE-2020-4462 | IBM | XXE vulnerability in IBM products IBM Sterling External Authentication Server 6.0.1, 6.0.0, 2.4.3.2, and 2.4.2 and IBM Sterling Secure Proxy 6.0.1, 6.0.0, 3.4.3, and 3.4.2 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 6.4 |
2020-07-15 | CVE-2020-10284 | Ufactory | Unspecified vulnerability in Ufactory Xarm Studio 1.3.0 No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. | 6.4 |
2020-07-15 | CVE-2020-14696 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Layout Templates). | 6.4 |
2020-07-15 | CVE-2020-14665 | Oracle | Unspecified vulnerability in Oracle Trade Management Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Invoice). | 6.4 |
2020-07-15 | CVE-2020-14658 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 6.4 |
2020-07-15 | CVE-2020-14652 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 6.4 |
2020-07-15 | CVE-2020-14608 | Oracle | Unspecified vulnerability in Oracle Fusion Middleware Mapviewer 12.2.1.3.0 Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). | 6.4 |
2020-07-15 | CVE-2020-14599 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Gateway FOR Mobile Devices 12.1.1/12.1.3 Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). | 6.4 |
2020-07-15 | CVE-2020-14598 | Oracle | Unspecified vulnerability in Oracle Customer Relationship Management Gateway FOR Mobile Devices 12.1.1/12.1.3 Vulnerability in the Oracle CRM Gateway for Mobile Devices product of Oracle E-Business Suite (component: Setup of Mobile Applications). | 6.4 |
2020-07-15 | CVE-2020-14595 | Oracle | Unspecified vulnerability in Oracle Ilearning 6.1/6.1.1 Vulnerability in the Oracle iLearning product of Oracle iLearning (component: Assessment Manager). | 6.4 |
2020-07-15 | CVE-2020-14588 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). | 6.4 |
2020-07-15 | CVE-2020-14571 | Oracle | Injection vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). | 6.4 |
2020-07-17 | CVE-2020-15497 | Jalios | Cross-site Scripting vulnerability in Jalios Jcms 10.0.2 jcore/portal/ajaxPortal.jsp in Jalios JCMS 10.0.2 build-20200224104759 allows XSS via the types parameter. | 6.1 |
2020-07-17 | CVE-2020-15803 | Zabbix Fedoraproject Debian Opensuse | Cross-site Scripting vulnerability in multiple products Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget. | 6.1 |
2020-07-16 | CVE-2020-3385 | Cisco | Unspecified vulnerability in Cisco Sd-Wan Firmware and Vedge Cloud Router A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. | 6.1 |
2020-07-15 | CVE-2020-9496 | Apache | Deserialization of Untrusted Data vulnerability in Apache Ofbiz 17.12.03 XML-RPC request are vulnerable to unsafe deserialization and Cross-Site Scripting issues in Apache OFBiz 17.12.03 | 6.1 |
2020-07-15 | CVE-2020-11436 | Librehealth | Cross-site Scripting vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is vulnerable to XSS that results in the ability to force arbitrary actions on behalf of other users including administrators. | 6.0 |
2020-07-15 | CVE-2020-2969 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Data Pump component of Oracle Database Server. | 6.0 |
2020-07-15 | CVE-2020-14580 | Oracle | Unspecified vulnerability in Oracle Communications Applications 8.1.0/8.2.0/8.3.0 Vulnerability in the Oracle Communications Session Border Controller product of Oracle Communications Applications (component: System Admin). | 6.0 |
2020-07-17 | CVE-2020-15586 | Golang Cloudfoundry Debian Opensuse Fedoraproject | Race Condition vulnerability in multiple products Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time. | 5.9 |
2020-07-17 | CVE-2020-14928 | Gnome Debian Fedoraproject Canonical | Injection vulnerability in multiple products evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. | 5.9 |
2020-07-16 | CVE-2019-20915 | GNU | Out-of-bounds Read vulnerability in GNU Libredwg An issue was discovered in GNU LibreDWG through 0.9.3. | 5.8 |
2020-07-16 | CVE-2019-20913 | GNU | Out-of-bounds Read vulnerability in GNU Libredwg An issue was discovered in GNU LibreDWG through 0.9.3. | 5.8 |
2020-07-16 | CVE-2019-20910 | GNU | Out-of-bounds Read vulnerability in GNU Libredwg An issue was discovered in GNU LibreDWG through 0.9.3. | 5.8 |
2020-07-15 | CVE-2020-10286 | Ufactory | Improper Privilege Management vulnerability in Ufactory products the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation. | 5.8 |
2020-07-15 | CVE-2020-2966 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 5.8 |
2020-07-15 | CVE-2020-14705 | Oracle | Unspecified vulnerability in Oracle Goldengate Vulnerability in the Oracle GoldenGate product of Oracle GoldenGate (component: Process Management). | 5.8 |
2020-07-15 | CVE-2020-14690 | Oracle | Unspecified vulnerability in Oracle Business Intelligence Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Actions). | 5.8 |
2020-07-15 | CVE-2020-14688 | Oracle | Unspecified vulnerability in Oracle Common Applications Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). | 5.8 |
2020-07-15 | CVE-2020-14686 | Oracle | Unspecified vulnerability in Oracle Isupport Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Others). | 5.8 |
2020-07-15 | CVE-2020-14682 | Oracle | Unspecified vulnerability in Oracle Depot Repair 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Depot Repair product of Oracle E-Business Suite (component: Estimate and Actual Charges). | 5.8 |
2020-07-15 | CVE-2020-14681 | Oracle | Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). | 5.8 |
2020-07-15 | CVE-2020-14671 | Oracle | Unspecified vulnerability in Oracle Advanced Outbound Telephony 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: User Interface). | 5.8 |
2020-07-15 | CVE-2020-14670 | Oracle | Unspecified vulnerability in Oracle Advanced Outbound Telephony Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Settings). | 5.8 |
2020-07-15 | CVE-2020-14669 | Oracle | Unspecified vulnerability in Oracle Configurator 12.1/12.2 Vulnerability in the Oracle Configurator product of Oracle Supply Chain (component: UI Servlet). | 5.8 |
2020-07-15 | CVE-2020-14668 | Oracle | Unspecified vulnerability in Oracle E-Business Intelligence 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle E-Business Intelligence product of Oracle E-Business Suite (component: DBI Setups). | 5.8 |
2020-07-15 | CVE-2020-14666 | Oracle | Unspecified vulnerability in Oracle Email Center Vulnerability in the Oracle Email Center product of Oracle E-Business Suite (component: Message Display). | 5.8 |
2020-07-15 | CVE-2020-14660 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 5.8 |
2020-07-15 | CVE-2020-14655 | Oracle | Unspecified vulnerability in Oracle Security Service 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: SSL API). | 5.8 |
2020-07-15 | CVE-2020-14640 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). | 5.8 |
2020-07-15 | CVE-2020-14638 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). | 5.8 |
2020-07-15 | CVE-2020-14637 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). | 5.8 |
2020-07-15 | CVE-2020-14636 | Oracle | Information Exposure vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). | 5.8 |
2020-07-15 | CVE-2020-14627 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). | 5.8 |
2020-07-15 | CVE-2020-14570 | Oracle | Unspecified vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). | 5.8 |
2020-07-15 | CVE-2020-14536 | Oracle | Unspecified vulnerability in Oracle products Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce Experience Manager product of Oracle Commerce (component: Workbench). | 5.8 |
2020-07-15 | CVE-2020-14535 | Oracle | Unspecified vulnerability in Oracle Commerce Service Center 11.1/11.2 Vulnerability in the Oracle Commerce Service Center product of Oracle Commerce (component: Commerce Service Center). | 5.8 |
2020-07-15 | CVE-2020-14534 | Oracle | Unspecified vulnerability in Oracle Applications Framework 12.2.9 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Popups). | 5.8 |
2020-07-15 | CVE-2020-14528 | Oracle | Unspecified vulnerability in Oracle Primavera Portfolio Management Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). | 5.8 |
2020-07-14 | CVE-2019-12783 | Verint | Open Redirect vulnerability in Verint Impact 360 An issue was discovered in Verint Impact 360 15.1. | 5.8 |
2020-07-13 | CVE-2019-20901 | Atlassian | Open Redirect vulnerability in Atlassian Jira The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of performing a phishing attack via an open redirect in the os_destination parameter. | 5.8 |
2020-07-15 | CVE-2020-15366 | AJV JS | Unspecified vulnerability in Ajv.Js AJV 6.12.2 An issue was discovered in ajv.validate() in Ajv (aka Another JSON Schema Validator) 6.12.2. | 5.6 |
2020-07-17 | CVE-2020-15110 | Jupyterhub | Incorrect Authorization vulnerability in Jupyterhub Kubespawner In jupyterhub-kubespawner before 0.12, certain usernames will be able to craft particular server names which will grant them access to the default server of other users who have matching usernames. | 5.5 |
2020-07-16 | CVE-2020-3468 | Cisco | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. | 5.5 |
2020-07-15 | CVE-2020-2984 | Oracle | Unspecified vulnerability in Oracle Configuration Manager 12.1.2.0.6 Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). | 5.5 |
2020-07-15 | CVE-2020-2983 | Oracle | Unspecified vulnerability in Oracle Data Masking and Subsetting 13.3.0.0/13.4.0.0 Vulnerability in the Oracle Data Masking and Subsetting product of Oracle Enterprise Manager (component: Data Masking). | 5.5 |
2020-07-15 | CVE-2020-2982 | Oracle | Unspecified vulnerability in Oracle Enterprise Manager Base Platform 13.3.0.0/13.4.0.0 Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). | 5.5 |
2020-07-15 | CVE-2020-14710 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0 Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Security). | 5.5 |
2020-07-15 | CVE-2020-14709 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0 Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Card). | 5.5 |
2020-07-15 | CVE-2020-14691 | Oracle | Unspecified vulnerability in Oracle Financial Services Liquidity Risk Management 8.0.6.0.0 Vulnerability in the Oracle Financial Services Liquidity Risk Management product of Oracle Financial Services Applications (component: User Interface). | 5.5 |
2020-07-15 | CVE-2020-14653 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). | 5.5 |
2020-07-15 | CVE-2020-14651 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). | 5.5 |
2020-07-15 | CVE-2020-14643 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). | 5.5 |
2020-07-15 | CVE-2020-14612 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Human Capital Management Candidate Gateway 9.2 Vulnerability in the PeopleSoft Enterprise HRMS product of Oracle PeopleSoft (component: Time and Labor). | 5.5 |
2020-07-15 | CVE-2020-14602 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 5.5 |
2020-07-15 | CVE-2020-14587 | Oracle | Unspecified vulnerability in Oracle Peoplesoft products 9.2 Vulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). | 5.5 |
2020-07-15 | CVE-2020-14569 | Oracle | Unspecified vulnerability in Oracle Flexcube Investor Servicing Vulnerability in the Oracle FLEXCUBE Investor Servicing product of Oracle Financial Services Applications (component: Infrastructure). | 5.5 |
2020-07-14 | CVE-2020-15104 | Envoyproxy | Origin Validation Error vulnerability in Envoyproxy Envoy In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. | 5.5 |
2020-07-14 | CVE-2020-11084 | Ipear Project | Command Injection vulnerability in Ipear Project Ipear 0.6.14/0.6.15/0.7.0 In iPear, the manual execution of the eval() function can lead to command injection. | 5.5 |
2020-07-14 | CVE-2020-7578 | Siemens | Improper Privilege Management vulnerability in Siemens Opcenter Execution Core A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). | 5.5 |
2020-07-14 | CVE-2020-7577 | Siemens | SQL Injection vulnerability in Siemens Opcenter Execution Core A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2). | 5.5 |
2020-07-14 | CVE-2020-4510 | IBM | XXE vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. | 5.5 |
2020-07-17 | CVE-2019-12000 | HP | Improper Input Validation vulnerability in HP MSE MSG GW Application E-Ltu HPE has found a potential Remote Access Restriction Bypass in HPE MSE Msg Gw application E-LTU prior to version 3.2 when HTTPS is used between the USSD and an external USSD service logic application. | 5.4 |
2020-07-15 | CVE-2020-2227 | Jenkins | Cross-site Scripting vulnerability in Jenkins Deployer Framework 1.0/1.1/1.2 Jenkins Deployer Framework Plugin 1.2 and earlier does not escape the URL displayed in the build home page, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-07-15 | CVE-2020-2226 | Jenkins | Cross-site Scripting vulnerability in Jenkins Matrix Authorization Strategy Jenkins Matrix Authorization Strategy Plugin 2.6.1 and earlier does not escape user names shown in the configuration, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-07-15 | CVE-2020-2225 | Jenkins | Cross-site Scripting vulnerability in Jenkins Matrix Project Jenkins Matrix Project Plugin 1.16 and earlier does not escape the axis names shown in tooltips on the overview page of builds with multiple axes, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-07-15 | CVE-2020-2224 | Jenkins | Cross-site Scripting vulnerability in Jenkins Matrix Project Jenkins Matrix Project Plugin 1.16 and earlier does not escape the node names shown in tooltips on the overview page of builds with a single axis, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-07-15 | CVE-2020-2223 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape correctly the 'href' attribute of links to downstream jobs displayed in the build console page, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-07-15 | CVE-2020-2222 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the job name in the 'Keep this build forever' badge tooltip, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-07-15 | CVE-2020-2221 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-07-15 | CVE-2020-2220 | Jenkins | Cross-site Scripting vulnerability in Jenkins Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the agent name in the build time trend page, resulting in a stored cross-site scripting vulnerability. | 5.4 |
2020-07-14 | CVE-2020-7576 | Siemens | Cross-site Scripting vulnerability in Siemens Opcenter Execution Core A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Execution Core (All versions < V8.2), Opcenter Execution Core (V8.2). | 5.4 |
2020-07-14 | CVE-2020-6267 | SAP | Incorrect Permission Assignment for Critical Resource vulnerability in SAP Disclosure Management 10.1 Some sensitive cookies in SAP Disclosure Management, version 10.1, are missing HttpOnly flag, leading to sensitive cookie without Http Only flag. | 5.4 |
2020-07-17 | CVE-2020-14039 | Golang Opensuse | Improper Certificate Validation vulnerability in multiple products In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). | 5.3 |
2020-07-15 | CVE-2020-14621 | Oracle Fedoraproject Mcafee Opensuse Canonical Debian Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JAXP). | 5.3 |
2020-07-15 | CVE-2020-14562 | Oracle Netapp Fedoraproject Opensuse Debian Canonical | Vulnerability in the Java SE product of Oracle Java SE (component: ImageIO). | 5.3 |
2020-07-15 | CVE-2020-14550 | Oracle Netapp Fedoraproject Canonical Mariadb | Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). | 5.3 |
2020-07-15 | CVE-2020-13923 | Apache | Authorization Bypass Through User-Controlled Key vulnerability in Apache Ofbiz IDOR vulnerability in the order processing feature from ecommerce component of Apache OFBiz before 17.12.04 | 5.3 |
2020-07-14 | CVE-2020-7588 | Siemens | Improper Input Validation vulnerability in Siemens products A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). | 5.3 |
2020-07-15 | CVE-2020-14722 | Oracle | Unspecified vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0 Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). | 5.1 |
2020-07-14 | CVE-2020-1374 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server, aka 'Remote Desktop Client Remote Code Execution Vulnerability'. | 5.1 |
2020-07-17 | CVE-2020-10605 | Grundfos | Missing Authentication for Critical Function vulnerability in Grundfos CIM 500 Firmware Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files. | 5.0 |
2020-07-17 | CVE-2020-0228 | Information Exposure vulnerability in Google Android There is an improper configuration of recorder related service. | 5.0 | |
2020-07-17 | CVE-2020-1655 | Juniper | Resource Exhaustion vulnerability in Juniper Junos When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of large packets requiring fragmentation, generating the following error messages: [LOG: Err] MQSS(0): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[0:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(0): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1838, QID 0 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk length error in stage 5 - Chunk Address: 0x4321f3 [LOG: Err] MQSS(0): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0x0 [LOG: Notice] Error: /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(0), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/8/pfe/0/cm/0/MQSS(0)/0/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(0) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). | 5.0 |
2020-07-17 | CVE-2020-1653 | Juniper | Missing Release of Resource after Effective Lifetime vulnerability in Juniper Junos On Juniper Networks Junos OS devices, a stream of TCP packets sent to the Routing Engine (RE) may cause mbuf leak which can lead to Flexible PIC Concentrator (FPC) crash or the system to crash and restart (vmcore). | 5.0 |
2020-07-17 | CVE-2020-1650 | Juniper | Resource Exhaustion vulnerability in Juniper Junos On Juniper Networks Junos MX Series with service card configured, receipt of a stream of specific packets may crash the MS-PIC component on MS-MIC or MS-MPC. | 5.0 |
2020-07-17 | CVE-2020-1649 | Juniper | Improper Input Validation vulnerability in Juniper Junos When a device running Juniper Networks Junos OS with MPC7, MPC8, or MPC9 line cards installed and the system is configured for inline IP reassembly, used by L2TP, MAP-E, GRE, and IPIP, the packet forwarding engine (PFE) will become disabled upon receipt of small fragments requiring reassembly, generating the following error messages: [LOG: Err] MQSS(2): WO: Packet Error - Error Packets 1, Connection 29 [LOG: Err] eachip_hmcif_rx_intr_handler(7259): EA[2:0]: HMCIF Rx: Injected checksum error detected on WO response - Chunk Address 0x0 [LOG: Err] MQSS(2): DRD: RORD1: CMD reorder ID error - Command 11, Reorder ID 1960, QID 0 [LOG: Err] MQSS(2): DRD: UNROLL0: HMC chunk address error in stage 5 - Chunk Address: 0xc38fb1 [LOG: Notice] Error: /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc), scope: pfe, category: functional, severity: major, module: MQSS(2), type: DRD_RORD_ENG_INT: CMD FSM State Error [LOG: Notice] Performing action cmalarm for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action get-state for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major [LOG: Notice] Performing action disable-pfe for error /fpc/0/pfe/0/cm/0/MQSS(2)/2/MQSS_CMERROR_DRD_RORD_ENG_INT_REG_CMD_FSM_STATE_ERR (0x2203cc) in module: MQSS(2) with scope: pfe category: functional level: major By continuously sending fragmented packets that cannot be reassembled, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). | 5.0 |
2020-07-17 | CVE-2020-1648 | Juniper | Unspecified vulnerability in Juniper Junos and Junos OS Evolved On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific BGP packet can lead to a routing process daemon (RPD) crash and restart. | 5.0 |
2020-07-17 | CVE-2020-1644 | Juniper | Improper Input Validation vulnerability in Juniper Junos On Juniper Networks Junos OS and Junos OS Evolved devices, the receipt of a specific BGP UPDATE packet causes an internal counter to be incremented incorrectly, which over time can lead to the routing protocols process (RPD) crash and restart. | 5.0 |
2020-07-17 | CVE-2020-1640 | Juniper | Improper Input Validation vulnerability in Juniper Junos An improper use of a validation framework when processing incoming genuine BGP packets within Juniper Networks RPD (routing protocols process) daemon allows an attacker to crash RPD thereby causing a Denial of Service (DoS) condition. | 5.0 |
2020-07-17 | CVE-2020-5130 | Sonicwall | Improper Input Validation vulnerability in Sonicwall Sonicos SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. | 5.0 |
2020-07-17 | CVE-2020-7696 | React Native Fast Image Project | Information Exposure vulnerability in React-Native-Fast-Image Project React-Native-Fast-Image This affects all versions of package react-native-fast-image. | 5.0 |
2020-07-16 | CVE-2020-12015 | Mitsubishielectric Iconics | Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. | 5.0 |
2020-07-16 | CVE-2020-12009 | Mitsubishielectric Iconics | Deserialization of Untrusted Data vulnerability in multiple products A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. | 5.0 |
2020-07-16 | CVE-2020-13405 | Microweber | Information Exposure vulnerability in Microweber userfiles/modules/users/controller/controller.php in Microweber before 1.1.20 allows an unauthenticated user to disclose the users database via a /modules/ POST request. | 5.0 |
2020-07-16 | CVE-2020-3370 | Cisco | Improper Input Validation vulnerability in Cisco Email Security Appliance A vulnerability in URL filtering of Cisco Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to bypass URL filtering on an affected device. | 5.0 |
2020-07-16 | CVE-2020-3197 | Cisco | Improper Authentication vulnerability in Cisco Meeting Server A vulnerability in the API subsystem of Cisco Meetings App could allow an unauthenticated, remote attacker to retain and reuse the Traversal Using Relay NAT (TURN) server credentials that are configured in an affected system. | 5.0 |
2020-07-16 | CVE-2019-20909 | GNU | NULL Pointer Dereference vulnerability in GNU Libredwg An issue was discovered in GNU LibreDWG through 0.9.3. | 5.0 |
2020-07-15 | CVE-2019-17639 | Eclipse | Type Confusion vulnerability in Eclipse Openj9 In Eclipse OpenJ9 prior to version 0.21 on Power platforms, calling the System.arraycopy method with a length longer than the length of the source or destination array can, in certain specially crafted code patterns, cause the current method to return prematurely with an undefined return value. | 5.0 |
2020-07-15 | CVE-2020-6165 | Silverstripe | Incorrect Default Permissions vulnerability in Silverstripe SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. | 5.0 |
2020-07-15 | CVE-2020-6164 | Silverstripe | Information Exposure vulnerability in Silverstripe In SilverStripe through 4.5.0, a specific URL path configured by default through the silverstripe/framework module can be used to disclose the fact that a domain is hosting a Silverstripe application. | 5.0 |
2020-07-15 | CVE-2020-15779 | Socket IO File Project | Path Traversal vulnerability in Socket.Io-File Project Socket.Io-File A Path Traversal issue was discovered in the socket.io-file package through 2.0.31 for Node.js. | 5.0 |
2020-07-15 | CVE-2020-2967 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). | 5.0 |
2020-07-15 | CVE-2020-14679 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 5.0 |
2020-07-15 | CVE-2020-14639 | Oracle | Information Exposure vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Sample apps). | 5.0 |
2020-07-15 | CVE-2020-14635 | Oracle | Information Exposure vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Logging). | 5.0 |
2020-07-15 | CVE-2020-14604 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 5.0 |
2020-07-15 | CVE-2020-14603 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 5.0 |
2020-07-15 | CVE-2020-14589 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). | 5.0 |
2020-07-15 | CVE-2020-14558 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 5.0 |
2020-07-15 | CVE-2020-15699 | Joomla | Insufficient Verification of Data Authenticity vulnerability in Joomla Joomla! An issue was discovered in Joomla! through 3.9.19. | 5.0 |
2020-07-15 | CVE-2020-15698 | Joomla | Information Exposure vulnerability in Joomla Joomla! An issue was discovered in Joomla! through 3.9.19. | 5.0 |
2020-07-15 | CVE-2020-14501 | Advantech | Missing Authentication for Critical Function vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, has an improper authentication for critical function (CWE-306) issue. | 5.0 |
2020-07-15 | CVE-2020-14499 | Advantech | Unspecified vulnerability in Advantech Iview 5.6 Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. | 5.0 |
2020-07-14 | CVE-2020-1469 | Microsoft | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Bond 9.0.1 A denial of service vulnerability exists when the .NET implementation of Bond improperly parses input, aka 'Bond Denial of Service Vulnerability'. | 5.0 |
2020-07-14 | CVE-2020-5374 | Dell | Use of Hard-coded Credentials vulnerability in Dell EMC Omimssc FOR Sccm and EMC Omimssc FOR Scvmm Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain a hard-coded cryptographic key vulnerability. | 5.0 |
2020-07-14 | CVE-2020-5373 | Dell | Missing Authentication for Critical Function vulnerability in Dell EMC Omimssc FOR Sccm and EMC Omimssc FOR Scvmm Dell EMC OpenManage Integration for Microsoft System Center (OMIMSSC) for SCCM and SCVMM versions prior to 7.2.1 contain an improper authentication vulnerability. | 5.0 |
2020-07-14 | CVE-2020-15074 | Openvpn | Insufficient Session Expiration vulnerability in Openvpn Access Server OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp. | 5.0 |
2020-07-14 | CVE-2020-7584 | Siemens | Resource Exhaustion vulnerability in Siemens products A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.1). | 5.0 |
2020-07-14 | CVE-2020-10044 | Siemens | Missing Authentication for Critical Function vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 5.0 |
2020-07-14 | CVE-2020-10037 | Siemens | Out-of-bounds Read vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 5.0 |
2020-07-14 | CVE-2020-6286 | SAP | Path Traversal vulnerability in SAP Netweaver Application Server Java The insufficient input path validation of certain parameter in the web service of SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, allows an unauthenticated attacker to exploit a method to download zip files to a specific directory, leading to Path Traversal. | 5.0 |
2020-07-14 | CVE-2020-6282 | SAP | Server-Side Request Forgery (SSRF) vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS JAVA (IIOP service) (SERVERCORE), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, and SAP NetWeaver AS JAVA (IIOP service) (CORE-TOOLS), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker to send a crafted request from a vulnerable web application. | 5.0 |
2020-07-13 | CVE-2020-5766 | SRS Simple Hits Counter Project | SQL Injection vulnerability in SRS Simple Hits Counter Project SRS Simple Hits Counter 1.0.3/1.0.4 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. | 5.0 |
2020-07-13 | CVE-2019-20899 | Atlassian | Unspecified vulnerability in Atlassian products The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. | 5.0 |
2020-07-13 | CVE-2019-20898 | Atlassian | Information Exposure vulnerability in Atlassian Jira Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. | 5.0 |
2020-07-16 | CVE-2020-3450 | Cisco | SQL Injection vulnerability in Cisco Vision Dynamic Signage Director A vulnerability in the web-based management interface of Cisco Vision Dynamic Signage Director could allow an authenticated, remote attacker with administrative credentials to conduct SQL injection attacks on an affected system. | 4.9 |
2020-07-16 | CVE-2020-3405 | Cisco | XXE vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. | 4.9 |
2020-07-15 | CVE-2020-2977 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 4.9 |
2020-07-15 | CVE-2020-2971 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 4.9 |
2020-07-15 | CVE-2020-14704 | Oracle Opensuse | Use of Uninitialized Resource vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2020-07-15 | CVE-2020-14703 | Oracle Opensuse | Use of Uninitialized Resource vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2020-07-15 | CVE-2020-14702 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.9 |
2020-07-15 | CVE-2020-14667 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 4.9 |
2020-07-15 | CVE-2020-14657 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 4.9 |
2020-07-15 | CVE-2020-14656 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Locking). | 4.9 |
2020-07-15 | CVE-2020-14654 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-07-15 | CVE-2020-14631 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Audit). | 4.9 |
2020-07-15 | CVE-2020-14629 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.9 |
2020-07-15 | CVE-2020-14624 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). | 4.9 |
2020-07-15 | CVE-2020-14623 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2020-07-15 | CVE-2020-14620 | Netapp Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2020-07-15 | CVE-2020-14614 | Netapp Fedoraproject Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-07-15 | CVE-2020-14597 | Netapp Fedoraproject Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-07-15 | CVE-2020-14586 | Oracle Netapp Fedoraproject Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). | 4.9 |
2020-07-15 | CVE-2020-14575 | Netapp Fedoraproject Canonical Oracle | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2020-07-15 | CVE-2020-14568 | Oracle Netapp Fedoraproject Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.9 |
2020-07-15 | CVE-2020-14565 | Oracle | Unspecified vulnerability in Oracle Unified Directory 11.1.2.3.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Unified Directory product of Oracle Fusion Middleware (component: Security). | 4.9 |
2020-07-15 | CVE-2020-14547 | Oracle Netapp Fedoraproject Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). | 4.9 |
2020-07-15 | CVE-2020-14540 | Oracle Netapp Fedoraproject Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). | 4.9 |
2020-07-15 | CVE-2020-14533 | Oracle | Unspecified vulnerability in Oracle Commerce Platform 11.1/11.2.0.2/11.2.0.3 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). | 4.9 |
2020-07-15 | CVE-2020-14529 | Oracle | Unspecified vulnerability in Oracle Primavera Portfolio Management Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). | 4.9 |
2020-07-14 | CVE-2020-11952 | Rittal | Information Exposure vulnerability in Rittal products An issue was discovered on Rittal PDU-3C002DEC through 5.17.10 and CMCIII-PU-9333E0FB through 3.17.10 devices. | 4.9 |
2020-07-15 | CVE-2020-14556 | Oracle Fedoraproject Opensuse Debian Canonical Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 4.8 |
2020-07-14 | CVE-2020-11083 | Octobercms | Cross-site Scripting vulnerability in Octobercms October In October from version 1.0.319 and before version 1.0.466, a user with access to a markdown FormWidget that stores data persistently could create a stored XSS attack against themselves and any other users with access to the generated HTML from the field. | 4.8 |
2020-07-15 | CVE-2020-14700 | Oracle Opensuse | Out-of-bounds Read vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.7 |
2020-07-15 | CVE-2020-14698 | Oracle Opensuse | Out-of-bounds Read vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.7 |
2020-07-15 | CVE-2020-14695 | Oracle Opensuse | Out-of-bounds Read vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.7 |
2020-07-15 | CVE-2020-14694 | Oracle Opensuse | Out-of-bounds Read vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.7 |
2020-07-15 | CVE-2020-14673 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.7 |
2020-07-15 | CVE-2020-14650 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.7 |
2020-07-15 | CVE-2020-14648 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.7 |
2020-07-15 | CVE-2020-14537 | Oracle | Improper Resource Shutdown or Release vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Packaging Scripts). | 4.7 |
2020-07-17 | CVE-2020-0120 | Out-of-bounds Write vulnerability in Google Android 10.0 In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. | 4.6 | |
2020-07-17 | CVE-2020-5131 | Sonicwall | Improper Input Validation vulnerability in Sonicwall Netextender SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. | 4.6 |
2020-07-15 | CVE-2020-2968 | Oracle | Unspecified vulnerability in Oracle Database Server Vulnerability in the Java VM component of Oracle Database Server. | 4.6 |
2020-07-15 | CVE-2020-14628 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.6 |
2020-07-14 | CVE-2020-1463 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the SharedStream Library handles objects in memory, aka 'Windows SharedStream Library Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1438 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1437 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Location Awareness Service handles objects in memory, aka 'Windows Network Location Awareness Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1434 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Sync Host Service handles objects in memory, aka 'Windows Sync Host Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1431 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.To exploit this vulnerability, an authenticated attacker would need to run a specially crafted application to elevate privileges.The security update addresses the vulnerability by correcting how AppX Deployment Extensions manages privileges., aka 'Windows AppX Deployment Extensions Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1430 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1428 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1427 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1423 | Microsoft | Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files, aka 'Windows Subsystem for Linux Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1422 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1415 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1414 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1413 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1404 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1399 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1398 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Lockscreen fails to properly handle Ease of Access dialog.An attacker who successfully exploited the vulnerability could execute commands with elevated permissions.The security update addresses the vulnerability by ensuring that the Ease of Access dialog is handled properly., aka 'Windows Lockscreen Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1396 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system, aka 'Windows ALPC Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1395 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Speech Brokered API handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1394 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Geolocation Framework handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1393 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1392 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Delivery Optimization service improperly handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1390 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1388 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the psmsrv.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1387 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1385 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Credential Picker handles objects in memory, aka 'Windows Credential Picker Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1384 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1382 | Microsoft | Improper Privilege Management vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1381 | Microsoft | Use After Free vulnerability in Microsoft Windows 10 and Windows Server 2016 An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1375 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows improperly handles COM object creation, aka 'Windows COM Server Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1373 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Network Connections Service handles objects in memory, aka 'Windows Network Connections Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1372 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles objects in memory, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1371 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1370 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1369 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1368 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Credential Enrollment Manager service handles objects in memory, aka 'Windows Credential Enrollment Manager Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1366 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Print Workflow Service improperly handles objects in memory, aka 'Windows Print Workflow Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1365 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Event Logging Service improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Event Logging Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1363 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Picker Platform improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Picker Platform Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1362 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1360 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Profile Service improperly handles file operations, aka 'Windows Profile Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1359 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Cryptography Next Generation (CNG) Key Isolation service improperly handles memory, aka 'Windows CNG Key Isolation Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1357 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows System Events Broker improperly handles file operations, aka 'Windows System Events Broker Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1356 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows iSCSI Target Service improperly handles file operations, aka 'Windows iSCSI Target Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1355 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft Windows 10 and Windows Server 2016 A remote code execution vulnerability exists when the Windows Font Driver Host improperly handles memory.An attacker who successfully exploited the vulnerability would gain execution on a victim system.The security update addresses the vulnerability by correcting how the Windows Font Driver Host handles memory., aka 'Windows Font Driver Host Remote Code Execution Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1354 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows UPnP Device Host improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows UPnP Device Host Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1353 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1352 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows USO Core Worker improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows USO Core Worker Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1347 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Storage Services improperly handle file operations, aka 'Windows Storage Services Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1346 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Modules Installer improperly handles file operations, aka 'Windows Modules Installer Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1344 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows WalletService handles objects in memory, aka 'Windows WalletService Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1249 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka 'Windows Runtime Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-14 | CVE-2020-1085 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists in the way that the Windows Function Discovery Service handles objects in memory, aka 'Windows Function Discovery Service Elevation of Privilege Vulnerability'. | 4.6 |
2020-07-13 | CVE-2019-4591 | IBM | Session Fixation vulnerability in IBM Maximo Asset Management IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. | 4.6 |
2020-07-17 | CVE-2020-9673 | Adobe | Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018 Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. | 4.4 |
2020-07-17 | CVE-2020-9672 | Adobe | Untrusted Search Path vulnerability in Adobe Coldfusion 2016/2018 Adobe ColdFusion 2016 update 15 and earlier versions, and ColdFusion 2018 update 9 and earlier versions have a dll search-order hijacking vulnerability. | 4.4 |
2020-07-15 | CVE-2020-14724 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). | 4.4 |
2020-07-15 | CVE-2020-14713 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14711 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14699 | Oracle Opensuse | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14677 | Oracle Opensuse | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14676 | Oracle Opensuse | Out-of-bounds Read vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14675 | Oracle Opensuse | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14674 | Oracle Opensuse | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in multiple products Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14649 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14647 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14646 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 4.4 |
2020-07-15 | CVE-2020-14594 | Oracle | Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Inventory Integration). | 4.4 |
2020-07-15 | CVE-2020-14561 | Oracle | Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). | 4.4 |
2020-07-15 | CVE-2020-14543 | Oracle | Unspecified vulnerability in Oracle Hospitality Reporting and Analytics 9.1 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Installation). | 4.4 |
2020-07-18 | CVE-2020-9256 | Huawei | Unspecified vulnerability in Huawei Mate 30 PRO Firmware 10.0.0.203(C00E202R7P2)/10.0.0.205(C00E202R7P2) Huawei Mate 30 Pro smartphones with versions earlier than 10.1.0.150(C00E136R5P3) have an improper authorization vulnerability. | 4.3 |
2020-07-17 | CVE-2020-9259 | Huawei | Improper Authentication vulnerability in Huawei Honor V30 Firmware 10.0.1.135(C00E130R4P1) Huawei Honor V30 smartphones with versions earlier than 10.1.0.212(C00E210R5P1) have an improper authentication vulnerability. | 4.3 |
2020-07-17 | CVE-2020-9255 | Huawei | Improper Input Validation vulnerability in Huawei Honor 10 Firmware Huawei Honor 10 smartphones with versions earlier than 10.0.0.178(C00E178R1P4) have a denial of service vulnerability. | 4.3 |
2020-07-17 | CVE-2020-9227 | Huawei | Missing Initialization of Resource vulnerability in Huawei Moana-Al00B Firmware Huawei Smart Phones Moana-AL00B with versions earlier than 10.1.0.166 have a missing initialization of resource vulnerability. | 4.3 |
2020-07-17 | CVE-2020-5767 | Icegram | Cross-Site Request Forgery (CSRF) vulnerability in Icegram Email Subscribers & Newsletters 4.4.8 Cross-site request forgery in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote attacker to send forged emails by tricking legitimate users into clicking a crafted link. | 4.3 |
2020-07-17 | CVE-2020-1646 | Juniper | Unspecified vulnerability in Juniper Junos and Junos OS Evolved On Juniper Networks Junos OS and Junos OS Evolved devices, processing a specific UPDATE for an EBGP peer can lead to a routing process daemon (RPD) crash and restart. | 4.3 |
2020-07-17 | CVE-2020-15807 | GNU | NULL Pointer Dereference vulnerability in GNU Libredwg GNU LibreDWG before 0.11 allows NULL pointer dereferences via crafted input files. | 4.3 |
2020-07-17 | CVE-2020-9649 | Adobe | Out-of-bounds Read vulnerability in Adobe Media Encoder Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds read vulnerability. | 4.3 |
2020-07-17 | CVE-2020-9485 | Apache | Cross-site Scripting vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 4.3 |
2020-07-16 | CVE-2020-3378 | Cisco | SQL Injection vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface for Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to impact the integrity of an affected system by executing arbitrary SQL queries. | 4.3 |
2020-07-16 | CVE-2020-3345 | Cisco | Improper Input Validation vulnerability in Cisco Webex Meetings A vulnerability in certain web pages of Cisco Webex Meetings and Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to modify a web page in the context of a browser. | 4.3 |
2020-07-16 | CVE-2020-3150 | Cisco | Incorrect Authorization vulnerability in Cisco Rv110W Firmware and Rv215W Firmware A vulnerability in the web-based management interface of Cisco Small Business RV110W and RV215W Series Routers could allow an unauthenticated, remote attacker to download sensitive information from the device, which could include the device configuration. | 4.3 |
2020-07-16 | CVE-2019-20911 | GNU | Infinite Loop vulnerability in GNU Libredwg An issue was discovered in GNU LibreDWG through 0.9.3. | 4.3 |
2020-07-16 | CVE-2020-4316 | IBM | Unspecified vulnerability in IBM Publishing Engine and Rational Publishing Engine IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. | 4.3 |
2020-07-15 | CVE-2020-15051 | Articatech | Cross-site Scripting vulnerability in Articatech Artica Proxy 4.28.030.418/4.28.030418 An issue was discovered in Artica Proxy before 4.30.000000. | 4.3 |
2020-07-15 | CVE-2020-15718 | Rosariosis | Cross-site Scripting vulnerability in Rosariosis 6.7.2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the PrintSchedules.php script. | 4.3 |
2020-07-15 | CVE-2020-15717 | Rosariosis | Cross-site Scripting vulnerability in Rosariosis 6.7.2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. | 4.3 |
2020-07-15 | CVE-2020-15716 | Rosariosis | Cross-site Scripting vulnerability in Rosariosis 6.7.2 RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Preferences.php script. | 4.3 |
2020-07-15 | CVE-2019-19326 | Silverstripe | HTTP Request Smuggling vulnerability in Silverstripe Silverstripe CMS sites through 4.4.4 which have opted into HTTP Cache Headers on responses served by the framework's HTTP layer can be vulnerable to web cache poisoning. | 4.3 |
2020-07-15 | CVE-2020-2562 | Oracle | Cross-site Scripting vulnerability in Oracle Primavera Portfolio Management Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Investor Module). | 4.3 |
2020-07-15 | CVE-2020-14717 | Oracle | Unspecified vulnerability in Oracle Common Applications Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). | 4.3 |
2020-07-15 | CVE-2020-14716 | Oracle | Unspecified vulnerability in Oracle Common Applications Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). | 4.3 |
2020-07-15 | CVE-2020-14684 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 4.3 |
2020-07-15 | CVE-2020-14661 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 4.3 |
2020-07-15 | CVE-2020-14659 | Oracle | Unspecified vulnerability in Oracle CRM Technical Foundation Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). | 4.3 |
2020-07-15 | CVE-2020-14615 | Oracle | Cross-site Scripting vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 4.3 |
2020-07-15 | CVE-2020-14613 | Oracle | Cross-site Scripting vulnerability in Oracle Webcenter Sites 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced User Interface). | 4.3 |
2020-07-15 | CVE-2020-14607 | Oracle | Cross-site Scripting vulnerability in Oracle Fusion Middleware Mapviewer 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). | 4.3 |
2020-07-15 | CVE-2020-14601 | Oracle | Cross-site Scripting vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 4.3 |
2020-07-15 | CVE-2020-14600 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). | 4.3 |
2020-07-15 | CVE-2020-14596 | Oracle | Cross-site Scripting vulnerability in Oracle Istore 12.1.1/12.1.2/12.1.3 Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Address Book). | 4.3 |
2020-07-15 | CVE-2020-14592 | Oracle | Cross-site Scripting vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Rich Text Editor). | 4.3 |
2020-07-15 | CVE-2020-14585 | Oracle | Cross-site Scripting vulnerability in Oracle BI Publisher 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: Mobile Service). | 4.3 |
2020-07-15 | CVE-2020-14584 | Oracle | Cross-site Scripting vulnerability in Oracle BI Publisher 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle BI Publisher product of Oracle Fusion Middleware (component: BI Publisher Security). | 4.3 |
2020-07-15 | CVE-2020-14582 | Oracle | Cross-site Scripting vulnerability in Oracle Istore Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Registration). | 4.3 |
2020-07-15 | CVE-2020-14572 | Oracle | Cross-site Scripting vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). | 4.3 |
2020-07-15 | CVE-2020-14566 | Oracle | Unspecified vulnerability in Oracle Primavera Portfolio Management Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). | 4.3 |
2020-07-15 | CVE-2020-14563 | Oracle | Cross-site Scripting vulnerability in Oracle Enterprise Communications Broker 3.0.0/3.1.0/3.2.0 Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). | 4.3 |
2020-07-15 | CVE-2020-14559 | Oracle Netapp Fedoraproject Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). | 4.3 |
2020-07-15 | CVE-2020-14555 | Oracle | Unspecified vulnerability in Oracle Marketing Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). | 4.3 |
2020-07-15 | CVE-2020-14554 | Oracle | Unspecified vulnerability in Oracle Application Object Library Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Diagnostics). | 4.3 |
2020-07-15 | CVE-2020-14553 | Oracle Netapp Fedoraproject Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). | 4.3 |
2020-07-15 | CVE-2020-14532 | Oracle | Unspecified vulnerability in Oracle Commerce Platform 11.1/11.2.0.2/11.2.0.3 Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Application Framework). | 4.3 |
2020-07-15 | CVE-2020-14530 | Oracle | Unspecified vulnerability in Oracle Security Service 11.1.1.9.0 Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: None). | 4.3 |
2020-07-15 | CVE-2020-15572 | Torproject | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Torproject TOR Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001. | 4.3 |
2020-07-15 | CVE-2020-15696 | Joomla | Cross-site Scripting vulnerability in Joomla Joomla! An issue was discovered in Joomla! through 3.9.19. | 4.3 |
2020-07-15 | CVE-2020-7292 | Mcafee | Inappropriate Encoding for Output Context vulnerability in Mcafee web Gateway Inappropriate Encoding for output context vulnerability in McAfee Web Gateway (MWG) prior to 9.2.1 allows a remote attacker to cause MWG to return an ambiguous redirect response via getting a user to click on a malicious URL. | 4.3 |
2020-07-14 | CVE-2020-1468 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. | 4.3 |
2020-07-14 | CVE-2020-1462 | Microsoft | Information Exposure vulnerability in Microsoft Edge An information disclosure vulnerability exists when Skype for Business is accessed via Microsoft Edge (EdgeHTML-based), aka 'Skype for Business via Microsoft Edge (EdgeHTML-based) Information Disclosure Vulnerability'. | 4.3 |
2020-07-14 | CVE-2020-1445 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Office improperly discloses the contents of its memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | 4.3 |
2020-07-14 | CVE-2020-1444 | Microsoft | Improper Input Validation vulnerability in Microsoft products A remote code execution vulnerability exists in the way Microsoft SharePoint software parses specially crafted email messages, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. | 4.3 |
2020-07-14 | CVE-2020-1442 | Microsoft | Cross-site Scripting vulnerability in Microsoft Office Online Server and Office web Apps A spoofing vulnerability exists when an Office Web Apps server does not properly sanitize a specially crafted request, aka 'Office Web Apps XSS Vulnerability'. | 4.3 |
2020-07-14 | CVE-2020-1433 | Microsoft | Information Exposure vulnerability in Microsoft Edge An information disclosure vulnerability exists when Microsoft Edge PDF Reader improperly handles objects in memory, aka 'Microsoft Edge PDF Information Disclosure Vulnerability'. | 4.3 |
2020-07-14 | CVE-2020-1432 | Microsoft | Information Exposure vulnerability in Microsoft Internet Explorer 11 An information disclosure vulnerability exists when Skype for Business is accessed via Internet Explorer, aka 'Skype for Business via Internet Explorer Information Disclosure Vulnerability'. | 4.3 |
2020-07-14 | CVE-2020-1397 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists in Windows when the Windows Imaging Component fails to properly handle objects in memory, aka 'Windows Imaging Component Information Disclosure Vulnerability'. | 4.3 |
2020-07-14 | CVE-2020-1342 | Microsoft | Use of Uninitialized Resource vulnerability in Microsoft products An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory, aka 'Microsoft Office Information Disclosure Vulnerability'. | 4.3 |
2020-07-14 | CVE-2019-12773 | Verint | Cross-site Scripting vulnerability in Verint Impact 360 An issue was discovered in Verint Impact 360 15.1. | 4.3 |
2020-07-14 | CVE-2020-15721 | Rosariosis | Cross-site Scripting vulnerability in Rosariosis RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php. | 4.3 |
2020-07-14 | CVE-2020-10043 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 4.3 |
2020-07-14 | CVE-2020-10041 | Siemens | Cross-site Scripting vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 4.3 |
2020-07-14 | CVE-2020-6281 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (BI Launchpad), version 4.2, does not sufficiently encode user-controlled inputs, resulting reflected in Cross-Site Scripting. | 4.3 |
2020-07-14 | CVE-2020-6276 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.2 SAP Business Objects Business Intelligence Platform (bipodata), version 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. | 4.3 |
2020-07-14 | CVE-2020-4513 | IBM | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. | 4.3 |
2020-07-14 | CVE-2020-12025 | Rockwellautomation | XXE vulnerability in Rockwellautomation Studio 5000 Logix Designer 32.00/32.01/32.02 Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. | 4.3 |
2020-07-13 | CVE-2020-10989 | Tenda | Cross-site Scripting vulnerability in Tenda Ac15 Firmware 15.03.05.19 An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. | 4.3 |
2020-07-15 | CVE-2020-2978 | Oracle | Unspecified vulnerability in Oracle Database Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. | 4.1 |
2020-07-17 | CVE-2020-5768 | Icegram | SQL Injection vulnerability in Icegram Email Subscribers & Newsletters 4.4.8 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Icegram Email Subscribers & Newsletters Plugin for WordPress v4.4.8 allows a remote, authenticated attacker to determine the value of database fields. | 4.0 |
2020-07-17 | CVE-2020-15108 | Glpi Project | SQL Injection vulnerability in Glpi-Project Glpi In glpi before 9.5.1, there is a SQL injection for all usages of "Clone" feature. | 4.0 |
2020-07-16 | CVE-2020-3437 | Cisco | Link Following vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of the device. | 4.0 |
2020-07-15 | CVE-2020-14982 | Kronos | SQL Injection vulnerability in Kronos web Time and Attendance 3.8 A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database. | 4.0 |
2020-07-15 | CVE-2020-13788 | Linuxfoundation | Server-Side Request Forgery (SSRF) vulnerability in Linuxfoundation Harbor Harbor prior to 2.0.1 allows SSRF with this limitation: an attacker with the ability to edit projects can scan ports of hosts accessible on the Harbor server's intranet. | 4.0 |
2020-07-15 | CVE-2020-14065 | Icewarp | Unrestricted Upload of File with Dangerous Type vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 allows remote attackers to upload files and consume disk space. | 4.0 |
2020-07-15 | CVE-2020-14064 | Icewarp | Exposure of Resource to Wrong Sphere vulnerability in Icewarp Mail Server 12.3.0.1 IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | 4.0 |
2020-07-15 | CVE-2020-11437 | Librehealth | SQL Injection vulnerability in Librehealth EHR 2.0.0 LibreHealth EMR v2.0.0 is affected by SQL injection allowing low-privilege authenticated users to enumerate the database. | 4.0 |
2020-07-15 | CVE-2020-14720 | Oracle | Unspecified vulnerability in Oracle Internet Expenses Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). | 4.0 |
2020-07-15 | CVE-2020-14719 | Oracle | Unspecified vulnerability in Oracle Internet Expenses Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). | 4.0 |
2020-07-15 | CVE-2020-14708 | Oracle | Unspecified vulnerability in Oracle Retail Customer Management and Segmentation Foundation 16.0/17.0/18.0 Vulnerability in the Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Segment). | 4.0 |
2020-07-15 | CVE-2020-14706 | Oracle | Unspecified vulnerability in Oracle Primavera P6 Enterprise Project Portfolio Management Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). | 4.0 |
2020-07-15 | CVE-2020-14693 | Oracle | Unspecified vulnerability in Oracle Insurance Accounting Analyzer 8.0.6/8.0.9 Vulnerability in the Oracle Insurance Accounting Analyzer product of Oracle Financial Services Applications (component: User Interface). | 4.0 |
2020-07-15 | CVE-2020-14692 | Oracle | Unspecified vulnerability in Oracle Financial Services Loan Loss Forecasting and Provisioning 8.0.6/8.0.8 Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). | 4.0 |
2020-07-15 | CVE-2020-14685 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 4.0 |
2020-07-15 | CVE-2020-14641 | Oracle Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Roles). | 4.0 |
2020-07-15 | CVE-2020-14634 | Oracle Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.0 |
2020-07-15 | CVE-2020-14633 | Oracle Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). | 4.0 |
2020-07-15 | CVE-2020-14632 | Oracle Netapp Canonical | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). | 4.0 |
2020-07-15 | CVE-2020-14622 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). | 4.0 |
2020-07-15 | CVE-2020-14618 | Oracle | Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Mobile App). | 4.0 |
2020-07-15 | CVE-2020-14616 | Oracle | Unspecified vulnerability in Oracle Food and Beverage Applications 9.1.0 Vulnerability in the Oracle Hospitality Reporting and Analytics product of Oracle Food and Beverage Applications (component: Reporting). | 4.0 |
2020-07-15 | CVE-2020-14605 | Oracle | Unspecified vulnerability in Oracle Financial Services Analytical Applications Infrastructure Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). | 4.0 |
2020-07-15 | CVE-2020-14590 | Oracle | Unspecified vulnerability in Oracle Applications Framework Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Page Request). | 4.0 |
2020-07-15 | CVE-2020-14567 | Oracle Netapp | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 4.0 |
2020-07-15 | CVE-2020-14564 | Oracle | Unspecified vulnerability in Oracle Peoplesoft Enterprise Peopletools 8.56/8.57/8.58 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Environment Mgmt Console). | 4.0 |
2020-07-15 | CVE-2020-14557 | Oracle | Unspecified vulnerability in Oracle Weblogic Server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). | 4.0 |
2020-07-15 | CVE-2020-14551 | Oracle | Unspecified vulnerability in Oracle Autovue 21.0 Vulnerability in the Oracle AutoVue product of Oracle Supply Chain (component: Security). | 4.0 |
2020-07-15 | CVE-2020-14549 | Oracle | Unspecified vulnerability in Oracle Primavera Portfolio Management Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Server). | 4.0 |
2020-07-15 | CVE-2020-14544 | Oracle | Information Exposure vulnerability in Oracle Transportation Management 6.4.3 Vulnerability in the Oracle Transportation Management product of Oracle Supply Chain (component: Data, Domain & Function Security). | 4.0 |
2020-07-15 | CVE-2020-14531 | Oracle | Unspecified vulnerability in Oracle Siebel UI Framework Vulnerability in the Siebel UI Framework product of Oracle Siebel CRM (component: SWSE Server). | 4.0 |
2020-07-15 | CVE-2020-14527 | Oracle | Unspecified vulnerability in Oracle Primavera Portfolio Management Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering (component: Web Access). | 4.0 |
2020-07-15 | CVE-2020-15697 | Joomla | Incorrect Permission Assignment for Critical Resource vulnerability in Joomla Joomla! An issue was discovered in Joomla! through 3.9.19. | 4.0 |
2020-07-14 | CVE-2020-1267 | Microsoft | Improper Input Validation vulnerability in Microsoft products This security update corrects a denial of service in the Local Security Authority Subsystem Service (LSASS) caused when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Denial of Service Vulnerability'. | 4.0 |
2020-07-14 | CVE-2020-15101 | Schokokeks | Uncontrolled Recursion vulnerability in Schokokeks Freewvs In freewvs before 0.1.1, a directory structure of more than 1000 nested directories can interrupt a freewvs scan due to Python's recursion limit and os.walk(). | 4.0 |
2020-07-14 | CVE-2020-5246 | Traccar | Injection vulnerability in Traccar Traccar GPS Tracking System before version 4.9 has a LDAP injection vulnerability. | 4.0 |
2020-07-14 | CVE-2020-15720 | Dogtagpki | Improper Certificate Validation vulnerability in Dogtagpki In Dogtag PKI through 10.8.3, the pki.client.PKIConnection class did not enable python-requests certificate validation. | 4.0 |
2020-07-14 | CVE-2020-15719 | Openldap Redhat Opensuse Mcafee Oracle | Improper Certificate Validation vulnerability in multiple products libldap in certain third-party OpenLDAP packages has a certificate-validation flaw when the third-party package is asserting RFC6125 support. | 4.0 |
2020-07-14 | CVE-2020-4511 | IBM | Unspecified vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. | 4.0 |
2020-07-13 | CVE-2020-14174 | Atlassian | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian products Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References (IDOR) vulnerability in the Administration Permission Helper. | 4.0 |
2020-07-13 | CVE-2019-20897 | Atlassian | Unrestricted Upload of File with Dangerous Type vulnerability in Atlassian products The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. | 4.0 |
78 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2020-07-15 | CVE-2020-2981 | Oracle | Unspecified vulnerability in Oracle Berkeley DB Vulnerability in the Data Store component of Oracle Berkeley DB. | 3.7 |
2020-07-15 | CVE-2020-14581 | Oracle Fedoraproject Mcafee Opensuse Debian Canonical Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: 2D). | 3.7 |
2020-07-15 | CVE-2020-14579 | Oracle Fedoraproject Debian Canonical Mcafee Opensuse Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 3.7 |
2020-07-15 | CVE-2020-14578 | Oracle Fedoraproject Opensuse Debian Canonical Mcafee Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). | 3.7 |
2020-07-15 | CVE-2020-14577 | Oracle Fedoraproject Canonical Opensuse Debian Netapp | Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: JSSE). | 3.7 |
2020-07-15 | CVE-2020-14573 | Oracle Netapp Fedoraproject Opensuse Debian Canonical | Vulnerability in the Java SE product of Oracle Java SE (component: Hotspot). | 3.7 |
2020-07-14 | CVE-2020-1333 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when Group Policy Services Policy Processing improperly handle reparse points, aka 'Group Policy Services Policy Processing Elevation of Privilege Vulnerability'. | 3.7 |
2020-07-14 | CVE-2020-1461 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'. | 3.6 |
2020-07-14 | CVE-2020-1405 | Microsoft | Improper Privilege Management vulnerability in Microsoft products An elevation of privilege vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Elevation of Privilege Vulnerability'. | 3.6 |
2020-07-14 | CVE-2020-1364 | Microsoft | Improper Input Validation vulnerability in Microsoft products A denial of service vulnerability exists in the way that the WalletService handles files, aka 'Windows WalletService Denial of Service Vulnerability'. | 3.6 |
2020-07-17 | CVE-2020-5769 | Teltonika Networks | Cross-site Scripting vulnerability in Teltonika-Networks Gateway Trb245 Firmware Trb2R00.02.02 Insufficient output sanitization in Teltonika firmware TRB2_R_00.02.02 allows a remote, authenticated attacker to conduct persistent cross-site scripting (XSS) attacks by injecting malicious client-side code into the 'URL/ Host / Connection' form in the 'DATA TO SERVER' configuration section. | 3.5 |
2020-07-17 | CVE-2020-4104 | Hcltech | Cross-site Scripting vulnerability in Hcltech Bigfix Webui HCL BigFix WebUI is vulnerable to stored cross-site scripting (XSS) within the Apps->Software module. | 3.5 |
2020-07-17 | CVE-2019-4091 | Hcltech | Cross-site Scripting vulnerability in Hcltech Marketing Campaign 9.1.2.4 "HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. | 3.5 |
2020-07-17 | CVE-2019-4090 | Hcltech | Cross-site Scripting vulnerability in Hcltech Marketing Campaign 11.0.1 "HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field." | 3.5 |
2020-07-17 | CVE-2020-11983 | Apache | Cross-site Scripting vulnerability in Apache Airflow An issue was found in Apache Airflow versions 1.10.10 and below. | 3.5 |
2020-07-16 | CVE-2020-3406 | Cisco | Cross-site Scripting vulnerability in Cisco Sd-Wan Firmware A vulnerability in the web-based management interface of the Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. | 3.5 |
2020-07-16 | CVE-2020-3349 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. | 3.5 |
2020-07-16 | CVE-2020-3348 | Cisco | Cross-site Scripting vulnerability in Cisco Data Center Network Manager Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface on an affected device. | 3.5 |
2020-07-16 | CVE-2019-4748 | IBM | Cross-site Scripting vulnerability in IBM products IBM Jazz Team Server based Applications are vulnerable to cross-site scripting. | 3.5 |
2020-07-16 | CVE-2019-4747 | IBM | Cross-site Scripting vulnerability in IBM products IBM Team Concert (RTC) is vulnerable to cross-site scripting. | 3.5 |
2020-07-15 | CVE-2020-9311 | Silverstripe | Cross-site Scripting vulnerability in Silverstripe In SilverStripe through 4.5, malicious users with a valid Silverstripe CMS login (usually CMS access) can craft profile information which can lead to XSS for other users through specially crafted login form URLs. | 3.5 |
2020-07-15 | CVE-2020-2976 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 3.5 |
2020-07-15 | CVE-2020-2975 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 3.5 |
2020-07-15 | CVE-2020-2974 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 3.5 |
2020-07-15 | CVE-2020-2973 | Oracle | Unspecified vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 3.5 |
2020-07-15 | CVE-2020-2972 | Oracle | Cross-site Scripting vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 3.5 |
2020-07-15 | CVE-2020-2513 | Oracle | Cross-site Scripting vulnerability in Oracle Application Express Vulnerability in the Oracle Application Express component of Oracle Database Server. | 3.5 |
2020-07-15 | CVE-2020-14617 | Oracle | Unspecified vulnerability in Oracle Primavera Unifier Vulnerability in the Primavera Unifier product of Oracle Construction and Engineering (component: Platform, Mobile App). | 3.5 |
2020-07-15 | CVE-2020-14610 | Oracle | Cross-site Scripting vulnerability in Oracle Applications Framework 12.2.9 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments / File Upload). | 3.5 |
2020-07-15 | CVE-2020-14552 | Oracle | Unspecified vulnerability in Oracle Webcenter Portal 11.1.1.9.0/12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). | 3.5 |
2020-07-15 | CVE-2020-5765 | Tenable | Cross-site Scripting vulnerability in Tenable Nessus Nessus 8.10.0 and earlier were found to contain a Stored XSS vulnerability due to improper validation of input during scan configuration. | 3.5 |
2020-07-14 | CVE-2020-1456 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 3.5 |
2020-07-14 | CVE-2020-1454 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server This vulnerability is caused when SharePoint Server does not properly sanitize a specially crafted request to an affected SharePoint server.An authenticated attacker could exploit this vulnerability by sending a specially crafted request to an affected SharePoint server, aka 'Microsoft SharePoint Reflective XSS Vulnerability'. | 3.5 |
2020-07-14 | CVE-2020-1451 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 3.5 |
2020-07-14 | CVE-2020-1450 | Microsoft | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 3.5 |
2020-07-14 | CVE-2020-1443 | Microsoft | Injection vulnerability in Microsoft products A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | 3.5 |
2020-07-14 | CVE-2020-1326 | Microsoft | Cross-site Scripting vulnerability in Microsoft Azure Devops Server 2019/2019.0.1 A Cross-site Scripting (XSS) vulnerability exists when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Cross-site Scripting Vulnerability'. | 3.5 |
2020-07-14 | CVE-2020-6285 | SAP | Information Exposure vulnerability in SAP Netweaver SAP NetWeaver - XML Toolkit for JAVA (ENGINEAPI) (versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50), under certain conditions allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure. | 3.5 |
2020-07-14 | CVE-2020-6278 | SAP | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.1/4.2 SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC), versions 4.1, 4.2, allows to an attacker to embed malicious scripts in the application while uploading images, which gets executed when the victim opens these files, leading to Stored Cross Site Scripting | 3.5 |
2020-07-14 | CVE-2020-4364 | IBM | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. | 3.5 |
2020-07-13 | CVE-2019-20900 | Atlassian | Cross-site Scripting vulnerability in Atlassian Jira Data Center and Jira Server Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. | 3.5 |
2020-07-18 | CVE-2020-9101 | Huawei | Out-of-bounds Write vulnerability in Huawei products There is an out-of-bounds write vulnerability in some products. | 3.3 |
2020-07-17 | CVE-2020-1651 | Juniper | Memory Leak vulnerability in Juniper Junos On Juniper Networks MX series, receipt of a stream of specific Layer 2 frames may cause a memory leak resulting in the packet forwarding engine (PFE) on the line card to crash and restart, causing traffic interruption. | 3.3 |
2020-07-17 | CVE-2020-1641 | Juniper | Race Condition vulnerability in Juniper Junos 12.3/12.3X48/15.1 A Race Condition vulnerability in Juniper Networks Junos OS LLDP implementation allows an attacker to cause LLDP to crash leading to a Denial of Service (DoS). | 3.3 |
2020-07-15 | CVE-2020-14545 | Oracle | Unspecified vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). | 3.3 |
2020-07-14 | CVE-2020-7592 | Siemens | Cleartext Transmission of Sensitive Information vulnerability in Siemens products A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. | 3.3 |
2020-07-15 | CVE-2020-14574 | Oracle | Unspecified vulnerability in Oracle Communications Interactive Session Recorder 6.1/6.4 Vulnerability in the Oracle Communications Interactive Session Recorder product of Oracle Communications Applications (component: FACE). | 3.0 |
2020-07-14 | CVE-2020-6280 | SAP | Unspecified vulnerability in SAP Abap Platform and Netweaver Application Server Abap SAP NetWeaver (ABAP Server) and ABAP Platform, versions 731, 740, 750, allows an attacker with admin privileges to access certain files which should otherwise be restricted, leading to Information Disclosure. | 2.7 |
2020-07-17 | CVE-2020-9252 | Huawei | Path Traversal vulnerability in Huawei products HUAWEI Mate 20 versions earlier than 10.1.0.160(C00E160R3P8), HUAWEI Mate 20 X versions earlier than 10.1.0.135(C00E135R2P8), HUAWEI Mate 20 RS versions earlier than 10.1.0.160(C786E160R3P8), and Honor Magic2 smartphones versions earlier than 10.1.0.160(C00E160R2P11) have a path traversal vulnerability. | 2.1 |
2020-07-17 | CVE-2020-9102 | Huawei | Information Exposure vulnerability in Huawei products There is a information leak vulnerability in some Huawei products, and it could allow a local attacker to get information. | 2.1 |
2020-07-17 | CVE-2020-0107 | Incorrect Default Permissions vulnerability in Google Android 10.0 In getUiccCardsInfo of PhoneInterfaceManager.java, there is a possible permissions bypass due to improper input validation. | 2.1 | |
2020-07-16 | CVE-2020-4095 | Hcltech | Insufficiently Protected Credentials vulnerability in Hcltech Bigfix Platform "BigFix Platform is storing clear text credentials within the system's memory. | 2.1 |
2020-07-15 | CVE-2020-14715 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2020-07-15 | CVE-2020-14714 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 2.1 |
2020-07-15 | CVE-2020-14560 | Oracle | Unspecified vulnerability in Oracle Hyperion Bi+ 11.1.2.4 Vulnerability in the Oracle Hyperion BI+ product of Oracle Hyperion (component: UI and Visualization). | 2.1 |
2020-07-15 | CVE-2020-14548 | Oracle | Information Exposure vulnerability in Oracle Business Intelligence 12.2.1.3.0/12.2.1.4.0 Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Analytics Web General). | 2.1 |
2020-07-15 | CVE-2020-14546 | Oracle | Unspecified vulnerability in Oracle Hyperion Financial Close Management 11.1.2.4 Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). | 2.1 |
2020-07-15 | CVE-2020-14542 | Oracle | Information Exposure vulnerability in Oracle Solaris 11 Vulnerability in the Oracle Solaris product of Oracle Systems (component: libsuri). | 2.1 |
2020-07-15 | CVE-2020-14541 | Oracle | Unspecified vulnerability in Oracle Hyperion Financial Close Management 11.1.2.4 Vulnerability in the Hyperion Financial Close Management product of Oracle Hyperion (component: Close Manager). | 2.1 |
2020-07-15 | CVE-2020-4100 | Hcltechsw | Improper Control of Dynamically-Managed Code Resources vulnerability in Hcltechsw HCL Verse 11.0.4 "HCL Verse for Android was found to employ dynamic code loading. | 2.1 |
2020-07-14 | CVE-2020-1426 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1420 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when Windows Error Reporting improperly handles file operations.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Error Reporting Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1419 | Microsoft | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1391 | Microsoft | Information Exposure vulnerability in Microsoft Windows 10 and Windows Server 2016 An information disclosure vulnerability exists when the Windows Agent Activation Runtime (AarSvc) fails to properly handle objects in memory, aka 'Windows Agent Activation Runtime Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1389 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1386 | Microsoft | Information Exposure vulnerability in Microsoft products An information vulnerability exists when Windows Connected User Experiences and Telemetry Service improperly discloses file information, aka 'Connected User Experiences and Telemetry Service Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1367 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1361 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists in the way that the WalletService handles memory.To exploit the vulnerability, an attacker would first need code execution on a victim system, aka 'Windows WalletService Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1358 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Resource Policy component improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Resource Policy Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1351 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-1330 | Microsoft | Information Exposure vulnerability in Microsoft products An information disclosure vulnerability exists when Windows Mobile Device Management (MDM) Diagnostics improperly handles junctions, aka 'Windows Mobile Device Management Diagnostics Information Disclosure Vulnerability'. | 2.1 |
2020-07-14 | CVE-2020-15100 | Schokokeks | Allocation of Resources Without Limits or Throttling vulnerability in Schokokeks Freewvs In freewvs before 0.1.1, a user could create a large file that freewvs will try to read, which will terminate a scan process. | 2.1 |
2020-07-14 | CVE-2020-10040 | Siemens | Use of Password Hash With Insufficient Computational Effort vulnerability in Siemens products A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). | 2.1 |
2020-07-13 | CVE-2019-19338 | Linux Redhat | Information Exposure Through Discrepancy vulnerability in multiple products A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructions when a TSX Asynchronous Abort (TAA) error occurs. | 2.1 |
2020-07-17 | CVE-2020-1643 | Juniper | Improper Handling of Exceptional Conditions vulnerability in Juniper Junos 12.3X48/14.1X53/15.1 Execution of the "show ospf interface extensive" or "show ospf interface detail" CLI commands on a Juniper Networks device running Junos OS may cause the routing protocols process (RPD) to crash and restart if OSPF interface authentication is configured, leading to a Denial of Service (DoS). | 1.9 |
2020-07-15 | CVE-2020-14712 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 1.9 |
2020-07-15 | CVE-2020-14707 | Oracle Opensuse | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). | 1.9 |
2020-07-15 | CVE-2020-15107 | Openenclave | Unspecified vulnerability in Openenclave In openenclave before 0.10.0, enclaves that use x87 FPU operations are vulnerable to tampering by a malicious host application. | 1.2 |