Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15820 | 1 Jetbrains | 1 Youtrack | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. | |||||
| CVE-2020-15825 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. | |||||
| CVE-2020-15828 | 1 Jetbrains | 1 Teamcity | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. | |||||
| CVE-2020-1583 | 1 Microsoft | 7 365 Apps, Office, Office Online Server and 4 more | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An information disclosure vulnerability exists when Microsoft Word improperly discloses the contents of its memory, aka 'Microsoft Word Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1502, CVE-2020-1503. | |||||
| CVE-2020-1584 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in the way that the dnsrslvr.dll handles objects in memory, aka 'Windows dnsrslvr.dll Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-15841 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-07-21 | 4.3 MEDIUM | 8.8 HIGH |
| Liferay Portal before 7.3.0, and Liferay DXP 7.0 before fix pack 89, 7.1 before fix pack 17, and 7.2 before fix pack 4, does not safely test a connection to a LDAP server, which allows remote attackers to obtain the LDAP server's password via the Test LDAP Connection feature. | |||||
| CVE-2020-1585 | 1 Microsoft | 1 Windows 10 | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1560, CVE-2020-1574. | |||||
| CVE-2020-15868 | 1 Sonatype | 1 Nexus Repository Manager | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. | |||||
| CVE-2020-1587 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Ancillary Function Driver for WinSock improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-15871 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | |||||
| CVE-2020-15877 | 1 Librenms | 1 Librenms | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php. | |||||
| CVE-2020-1589 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1592, CVE-2020-16854. | |||||
| CVE-2020-1590 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Connected User Experiences and Telemetry Service improperly handles file operations, aka 'Connected User Experiences and Telemetry Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-15903 | 1 Nagios | 1 Nagios Xi | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3. | |||||
| CVE-2020-1594 | 1 Microsoft | 3 365 Apps, Excel, Office | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1193, CVE-2020-1332, CVE-2020-1335. | |||||
| CVE-2020-1598 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly handles objects in memory, aka 'Windows UPnP Service Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1601 | 1 Juniper | 22 Junos, Srx100, Srx110 and 19 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain types of malformed Path Computation Element Protocol (PCEP) packets when received and processed by a Juniper Networks Junos OS device serving as a Path Computation Client (PCC) in a PCEP environment using Juniper's path computational element protocol daemon (pccd) process allows an attacker to cause the pccd process to crash and generate a core file thereby causing a Denial of Service (DoS). Continued receipt of this family of malformed PCEP packets will cause an extended Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1F6-S13, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D180 on SRX Series; 15.1X53 versions prior to 15.1X53-D238, 15.1X53-D496, 15.1X53-D592; 16.1 versions prior to 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R2-S11, 17.1R3; 17.2 versions prior to 17.2R1-S9; 17.2 version 17.2R2 and later prior to 17.2R3-S2; 17.3 versions prior to 17.3R3-S3; 17.4 versions prior to 17.4R2-S2, 17.4R3; 18.1 versions prior to 18.1R3-S2; 18.2 versions prior to 18.2R2-S6, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. This issue does not affect releases of Junos OS prior to 15.1R1. | |||||
| CVE-2020-1608 | 1 Juniper | 17 Junos, Mx10, Mx10003 and 14 more | 2021-07-21 | 7.8 HIGH | 7.5 HIGH |
| Receipt of a specific MPLS or IPv6 packet on the core facing interface of an MX Series device configured for Broadband Edge (BBE) service may trigger a kernel crash (vmcore), causing the device to reboot. The issue is specific to the processing of packets destined to BBE clients connected to MX Series subscriber management platforms. This issue affects MX Series running Juniper Networks Junos OS: 17.2 versions starting from17.2R2-S6, 17.2R3 and later releases, prior to 17.2R3-S3; 17.3 versions starting from 17.3R2-S4, 17.3R3-S2 and later releases, prior to 17.3R2-S5, 17.3R3-S5; 17.4 versions starting from 17.4R2 and later releases, prior to 17.4R2-S7,17.4R3; 18.1 versions starting from 18.1R2-S3, 18.1R3 and later releases, prior to 18.1R3-S6; 18.2 versions starting from18.2R1-S1, 18.2R2 and later releases, prior to 18.2R3-S2; 18.2X75 versions prior to 18.2X75-D51, 18.2X75-D60; 18.3 versions prior to 18.3R3; 18.4 versions prior to 18.4R2; 19.1 versions prior to 19.1R1-S3, 19.1R2; 19.2 versions prior to 19.2R1-S2, 19.2R2. This issue does not affect Juniper Networks Junos OS versions prior to 17.2R2-S6. | |||||
| CVE-2020-1611 | 1 Juniper | 1 Junos Space | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A Local File Inclusion vulnerability in Juniper Networks Junos Space allows an attacker to view all files on the target when the device receives malicious HTTP packets. This issue affects: Juniper Networks Junos Space versions prior to 19.4R1. | |||||
| CVE-2020-16134 | 1 Swisscom | 10 Internet-box 2, Internet-box 2 Firmware, Internet-box 3 and 7 more | 2021-07-21 | 7.7 HIGH | 8.0 HIGH |
| An issue was discovered on Swisscom Internet Box 2, Internet Box Standard, Internet Box Plus prior to 10.04.38, Internet Box 3 prior to 11.01.20, and Internet Box light prior to 08.06.06. Given the (user-configurable) credentials for the local Web interface or physical access to a device's plus or reset button, an attacker can create a user with elevated privileges on the Sysbus-API. This can then be used to modify local or remote SSH access, thus allowing a login session as the superuser. | |||||