Total
186 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2019-8754 | 1 Apple | 1 Mac Os X | 2020-10-29 | 4.3 MEDIUM | 6.5 MEDIUM |
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006. A malicious HTML document may be able to render iframes with sensitive user information. | |||||
CVE-2019-8282 | 1 Gemalto | 1 Sentinel Ldk | 2020-10-22 | 2.6 LOW | 5.3 MEDIUM |
Gemalto Admin Control Center, all versions prior to 7.92, uses cleartext HTTP to communicate with www3.safenet-inc.com to obtain language packs. This allows attacker to do man-in-the-middle (MITM) attack and replace original language pack by malicious one. | |||||
CVE-2020-16951 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-10-21 | 6.8 MEDIUM | 7.8 HIGH |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16952. | |||||
CVE-2020-16952 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-10-21 | 6.8 MEDIUM | 7.8 HIGH |
A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16951. | |||||
CVE-2020-26527 | 1 Damstratechnology | 1 Smart Asset | 2020-10-14 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered in API/api/Version in Damstra Smart Asset 2020.7. Cross-origin resource sharing trusts random origins by accepting the arbitrary 'Origin: example.com' header and responding with 200 OK and a wildcard 'Access-Control-Allow-Origin: *' header. | |||||
CVE-2019-11777 | 1 Eclipse | 1 Paho Java Client | 2020-10-06 | 5.0 MEDIUM | 7.5 HIGH |
In the Eclipse Paho Java client library version 1.2.0, when connecting to an MQTT server using TLS and setting a host name verifier, the result of that verification is not checked. This could allow one MQTT server to impersonate another and provide the client library with incorrect information. | |||||
CVE-2020-1408 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-09-28 | 9.3 HIGH | 8.8 HIGH |
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. | |||||
CVE-2020-15773 | 1 Gradle | 1 Enterprise | 2020-09-25 | 4.0 MEDIUM | 6.5 MEDIUM |
An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user (for the duration of the browser session) after previously explicitly authenticating with the API. | |||||
CVE-2020-14519 | 1 Wibu | 1 Codemeter | 2020-09-22 | 5.0 MEDIUM | 7.5 HIGH |
This vulnerability allows an attacker to use the internal WebSockets API for CodeMeter (All versions prior to 7.00 are affected, including Version 7.0 or newer with the affected WebSockets API still enabled. This is especially relevant for systems or devices where a web browser is used to access a web server) via a specifically crafted Java Script payload, which may allow alteration or creation of license files for when combined with CVE-2020-14515. | |||||
CVE-2019-16237 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2020-09-14 | 5.0 MEDIUM | 7.5 HIGH |
Dino before 2019-09-10 does not properly check the source of an MAM message in module/xep/0313_message_archive_management.vala. | |||||
CVE-2019-16235 | 4 Canonical, Debian, Dino and 1 more | 4 Ubuntu Linux, Debian Linux, Dino and 1 more | 2020-09-14 | 5.0 MEDIUM | 7.5 HIGH |
Dino before 2019-09-10 does not properly check the source of a carbons message in module/xep/0280_message_carbons.vala. | |||||
CVE-2020-16168 | 1 Robotemi | 2 Temi, Temi Firmware | 2020-09-02 | 4.3 MEDIUM | 6.5 MEDIUM |
Origin Validation Error in temi Robox OS prior to 120, temi Android app up to 1.3.7931 allows remote attackers to access the REST API and MQTT broker used by the temi and send it custom data/requests via unspecified vectors. | |||||
CVE-2019-1442 | 1 Microsoft | 1 Sharepoint Server | 2020-08-24 | 4.3 MEDIUM | 5.5 MEDIUM |
A security feature bypass vulnerability exists when Microsoft Office does not validate URLs.An attacker could send a victim a specially crafted file, which could trick the victim into entering credentials, aka 'Microsoft Office Security Feature Bypass Vulnerability'. | |||||
CVE-2019-9764 | 1 Hashicorp | 1 Consul | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
HashiCorp Consul 1.4.3 lacks server hostname verification for agent-to-agent TLS communication. In other words, the product behaves as if verify_server_hostname were set to false, even when it is actually set to true. This is fixed in 1.4.4. | |||||
CVE-2019-7399 | 1 Amazon | 1 Fire Os | 2020-08-24 | 5.8 MEDIUM | 7.4 HIGH |
Amazon Fire OS before 5.3.6.4 allows a man-in-the-middle attack against HTTP requests for "Terms of Use" and Privacy pages. | |||||
CVE-2019-19019 | 1 Titanhq | 1 Webtitan | 2020-08-24 | 8.5 HIGH | 7.5 HIGH |
An issue was discovered in TitanHQ WebTitan before 5.18. It contains a Remote Code Execution issue through which an attacker can execute arbitrary code as root. The issue stems from the hotfix download mechanism, which downloads a shell script via HTTP, and then executes it as root. This is analogous to CVE-2019-6800 but for a different product. | |||||
CVE-2019-16275 | 3 Canonical, Debian, W1.fi | 4 Ubuntu Linux, Debian Linux, Hostapd and 1 more | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
hostapd before 2.10 and wpa_supplicant before 2.10 allow an incorrect indication of disconnection in certain situations because source address validation is mishandled. This is a denial of service that should have been prevented by PMF (aka management frame protection). The attacker must send a crafted 802.11 frame from a location that is within the 802.11 communications range. | |||||
CVE-2019-1447 | 1 Microsoft | 1 Office Online Server | 2020-08-24 | 5.8 MEDIUM | 5.4 MEDIUM |
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1445. | |||||
CVE-2019-1445 | 1 Microsoft | 1 Office Online Server | 2020-08-24 | 5.8 MEDIUM | 5.4 MEDIUM |
A spoofing vulnerability exists when Office Online does not validate origin in cross-origin communications handlers correctly, aka 'Microsoft Office Online Spoofing Vulnerability'. This CVE ID is unique from CVE-2019-1447. | |||||
CVE-2018-4319 | 1 Apple | 4 Icloud, Iphone Os, Itunes and 1 more | 2020-08-24 | 5.8 MEDIUM | 8.1 HIGH |
A cross-origin issue existed with "iframe" elements. This was addressed with improved tracking of security origins. This issue affected versions prior to iOS 12, watchOS 5, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. |