Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2008-4300 | 1 Microsoft | 1 Internet Information Services | 2020-11-23 | 5.0 MEDIUM | N/A |
| A certain ActiveX control in adsiis.dll in Microsoft Internet Information Services (IIS) allows remote attackers to cause a denial of service (browser crash) via a long string in the second argument to the GetObject method. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect. | |||||
| CVE-2008-4301 | 1 Microsoft | 1 Internet Information Services | 2020-11-23 | 10.0 HIGH | N/A |
| ** DISPUTED ** A certain ActiveX control in iisext.dll in Microsoft Internet Information Services (IIS) allows remote attackers to set a password via a string argument to the SetPassword method. NOTE: this issue could not be reproduced by a reliable third party. In addition, the original researcher is unreliable. Therefore the original disclosure is probably erroneous. | |||||
| CVE-2009-4444 | 1 Microsoft | 1 Internet Information Services | 2020-11-23 | 6.0 MEDIUM | N/A |
| Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file. | |||||
| CVE-2008-0075 | 1 Microsoft | 1 Internet Information Server | 2020-11-23 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages. | |||||
| CVE-2020-4692 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user to obtain sensitive information from the Dashboard UI. IBM X-Force ID: 186780. | |||||
| CVE-2020-4700 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 6.5 MEDIUM | 8.8 HIGH |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.2 and 5.2.0.0 through 5.2.6.5 could allow an authenticated user belonging to a specific user group to create a user or group with administrative privileges. IBM X-Force ID: 187077. | |||||
| CVE-2020-4763 | 1 Ibm | 1 Sterling File Gateway | 2020-11-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 6.0.0.0 through 6.0.3.2 and 2.2.0.0 through 2.2.6.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 188897. | |||||
| CVE-2020-4665 | 1 Ibm | 1 Sterling File Gateway | 2020-11-23 | 4.3 MEDIUM | 4.3 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 186280. | |||||
| CVE-2020-4566 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.6.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 stores potentially highly sensitive information in log files that could be read by an authenticated user. IBM X-Force ID: 184083. | |||||
| CVE-2020-4475 | 1 Ibm | 1 Sterling B2b Integrator | 2020-11-23 | 4.0 MEDIUM | 6.5 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | |||||
| CVE-2020-4476 | 1 Ibm | 1 Sterling File Gateway | 2020-11-23 | 5.0 MEDIUM | 7.5 HIGH |
| IBM Sterling File Gateway 2.2.0.0 through 2.2.6.5 and 6.0.0.0 through 6.0.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181778. | |||||
| CVE-2020-27622 | 1 Jetbrains | 1 Intellij Idea | 2020-11-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains IntelliJ IDEA before 2020.2, the built-in web server could expose information about the IDE version. | |||||
| CVE-2020-27628 | 1 Jetbrains | 1 Teamcity | 2020-11-23 | 4.0 MEDIUM | 4.3 MEDIUM |
| In JetBrains TeamCity before 2020.1.5, the Guest user had access to audit records. | |||||
| CVE-2020-17051 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2020-11-23 | 10.0 HIGH | 9.8 CRITICAL |
| Windows Network File System Remote Code Execution Vulnerability | |||||
| CVE-2020-13772 | 1 Ivanti | 1 Endpoint Manager | 2020-11-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. | |||||
| CVE-2020-25207 | 1 Jetbrains | 1 Toolbox | 2020-11-20 | 10.0 HIGH | 9.8 CRITICAL |
| JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | |||||
| CVE-2020-25013 | 1 Jetbrains | 1 Toolbox | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. | |||||
| CVE-2020-27625 | 1 Jetbrains | 1 Youtrack | 2020-11-20 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains YouTrack before 2020.3.888, notifications might have mentioned inaccessible issues. | |||||
| CVE-2020-16991 | 1 Microsoft | 1 Azure Sphere | 2020-11-20 | 2.1 LOW | 5.5 MEDIUM |
| Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16994. | |||||
| CVE-2020-16994 | 1 Microsoft | 1 Azure Sphere | 2020-11-20 | 2.1 LOW | 5.5 MEDIUM |
| Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16987, CVE-2020-16991. | |||||