Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3913 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, watchOS 6.2. A malicious application may be able to elevate privileges. | |||||
| CVE-2020-3916 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, watchOS 6.2. Setting an alternate app icon may disclose a photo without needing permission to access photos. | |||||
| CVE-2020-3932 | 1 Draytek | 2 Vigorap 910c, Vigorap 910c Firmware | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerable SNMP in Draytek VigorAP910C cannot be disabled, which may cause information leakage. | |||||
| CVE-2020-3943 | 2 Microsoft, Vmware | 2 Windows, Vrealize Operations | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) uses a JMX RMI service which is not securely configured. An unauthenticated remote attacker who has network access to vRealize Operations, with the Horizon Adapter running, may be able to execute arbitrary code in vRealize Operations. | |||||
| CVE-2020-3980 | 2 Apple, Vmware | 2 Mac Os X, Fusion | 2021-07-21 | 3.7 LOW | 6.7 MEDIUM |
| VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed. | |||||
| CVE-2020-3985 | 1 Vmware | 1 Sd-wan Orchestrator | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3 and 3.4.x prior to 3.4.4 allows an access to set arbitrary authorization levels leading to a privilege escalation issue. An authenticated SD-WAN Orchestrator user may exploit an application weakness and call a vulnerable API to elevate their privileges. | |||||
| CVE-2020-3998 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes. | |||||
| CVE-2020-4002 | 1 Vmware | 1 Sd-wan Orchestrator | 2021-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| The SD-WAN Orchestrator 3.3.2 prior to 3.3.2 P3, 3.4.x prior to 3.4.4, and 4.0.x prior to 4.0.1 handles system parameters in an insecure way. An authenticated SD-WAN Orchestrator user with high privileges may be able to execute arbitrary code on the underlying operating system. | |||||
| CVE-2020-4005 | 1 Vmware | 2 Cloud Foundation, Esxi | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004) | |||||
| CVE-2020-4014 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The /profile/deleteWatch.do resource in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to remove another user's watching settings for a repository via an improper authorization vulnerability. | |||||
| CVE-2020-4015 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The /json/fe/activeUserFinder.do resource in Altassian Fisheye and Crucible before version 4.8.1 allows remote attackers to view user user email addresses via a information disclosure vulnerability. | |||||
| CVE-2020-4016 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The /plugins/servlet/jira-blockers/ resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get the ID of configured Jira application links via an information disclosure vulnerability. | |||||
| CVE-2020-4017 | 1 Atlassian | 2 Crucible, Fisheye | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The /rest/jira-ril/1.0/jira-rest/applinks resource in the crucible-jira-ril plugin in Atlassian Fisheye and Crucible before version 4.8.1 allows remote attackers to get information about any configured Jira application links via an information disclosure vulnerability. | |||||
| CVE-2020-4163 | 1 Ibm | 1 Websphere Application Server | 2021-07-21 | 6.0 MEDIUM | 7.2 HIGH |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0, under specialized conditions, could allow an authenticated user to create a maliciously crafted file name which would be misinterpreted as jsp content and executed. IBM X-Force ID: 174397. | |||||
| CVE-2020-4089 | 1 Hcltech | 1 Notes | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| HCL Notes is vulnerable to an information leakage vulnerability through its support for the 'mailto' protocol. This vulnerability could result in files from the user's filesystem or connected network filesystems being leaked to a third party. All versions of HCL Notes 9, 10 and 11 are affected. | |||||
| CVE-2020-4128 | 1 Hcltech | 1 Domino | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HCL Domino is susceptible to a lockout policy bypass vulnerability in the ID Vault service. An unauthenticated attacker could use this vulnerability to mount a brute force attack against the ID Vault service. | |||||
| CVE-2020-4161 | 3 Ibm, Linux, Microsoft | 4 Aix, Db2, Linux Kernel and 1 more | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 could allow an authenticated attacker to cause a denial of service due to incorrect handling of certain commands. IBM X-Force ID: 174341. | |||||
| CVE-2020-4187 | 1 Ibm | 1 Security Guardium | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| IBM Security Guardium 11.1 could disclose sensitive information on the login page that could aid in further attacks against the system. IBM X-Force ID: 174805. | |||||
| CVE-2020-4202 | 1 Ibm | 1 Urbancode Deploy | 2021-07-21 | 6.0 MEDIUM | 8.8 HIGH |
| IBM UrbanCode Deploy (UCD) 7.0.3.0 and 7.0.4.0 could allow an authenticated user to impersonate another user if the server is configured to enable Distributed Front End (DFE). IBM X-Force ID: 174955. | |||||
| CVE-2020-4203 | 1 Ibm | 1 Datapower Gateway | 2021-07-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.8 could potentially disclose highly sensitive information to a privileged user due to improper access controls. IBM X-Force ID: 174956. | |||||