Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-3539 | 1 Rope Project | 1 Rope | 2020-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| base/oi/doa.py in the Rope library in CPython (aka Python) allows remote attackers to execute arbitrary code by leveraging an unsafe call to pickle.load. | |||||
| CVE-2020-13471 | 1 Apexmic | 2 Apm32f103, Apm32f103 Firmware | 2020-09-09 | 7.2 HIGH | 6.8 MEDIUM |
| Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | |||||
| CVE-2020-24705 | 1 Wso2 | 6 Api Manager, Api Manager Analytics, Identity Server and 3 more | 2020-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | |||||
| CVE-2020-24703 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2020-09-08 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | |||||
| CVE-2020-14729 | 1 Oracle | 1 Suitecommerce Advanced | 2020-09-08 | 3.6 LOW | 5.4 MEDIUM |
| Vulnerability in SuiteCommerce Advanced (SCA) Sites component of Oracle NetSuite service. Supported versions that are affected are prior to 2020.1.4. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:N). | |||||
| CVE-2020-14728 | 1 Oracle | 1 Suitecommerce Advanced | 2020-09-08 | 4.9 MEDIUM | 5.4 MEDIUM |
| Vulnerability in the SuiteCommerce Advanced (SCA) component of Oracle NetSuite service. Supported versions that are affected are Montblanc, Vinson, Elbrus, Kilimanjaro, Aconcagua, 2018.2, 2019.1, 2019.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise NetSuite SCA. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in NetSuite SCA, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of NetSuite SCA accessible data as well as unauthorized read access to a subset of NetSuite SCA data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | |||||
| CVE-2014-6476 | 1 Oracle | 2 Jdk, Jre | 2020-09-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6527. | |||||
| CVE-2014-6527 | 1 Oracle | 1 Jre | 2020-09-08 | 2.6 LOW | N/A |
| Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect integrity via unknown vectors related to Deployment, a different vulnerability than CVE-2014-6476. | |||||
| CVE-2014-6456 | 1 Oracle | 2 Jdk, Jre | 2020-09-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2017-3512 | 2 Oracle, Redhat | 3 Jdk, Jre, Icedtea | 2020-09-08 | 5.1 MEDIUM | 8.3 HIGH |
| Vulnerability in the Java SE component of Oracle Java SE (subcomponent: AWT). Supported versions that are affected are Java SE: 7u131 and 8u121. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | |||||
| CVE-2015-4908 | 1 Oracle | 3 Javafx, Jdk, Jre | 2020-09-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4916. | |||||
| CVE-2015-4868 | 1 Oracle | 2 Jdk, Jre | 2020-09-08 | 7.6 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded 8u51 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | |||||
| CVE-2015-4906 | 1 Oracle | 3 Javafx, Jdk, Jre | 2020-09-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors related to JavaFX, a different vulnerability than CVE-2015-4908 and CVE-2015-4916. | |||||
| CVE-2015-2659 | 1 Oracle | 2 Jdk, Jre | 2020-09-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded 8u33 allows remote attackers to affect availability via unknown vectors related to Security. | |||||
| CVE-2015-4916 | 1 Oracle | 3 Javafx, Jdk, Jre | 2020-09-08 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2015-4906 and CVE-2015-4908. | |||||
| CVE-2015-4901 | 1 Oracle | 2 Jdk, Jre | 2020-09-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 8u60 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to JavaFX. | |||||
| CVE-2014-6562 | 1 Oracle | 2 Jdk, Jre | 2020-09-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 8u20 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Libraries. | |||||
| CVE-2014-6468 | 1 Oracle | 2 Jdk, Jre | 2020-09-08 | 6.8 MEDIUM | N/A |
| Unspecified vulnerability in Oracle Java SE 8u20 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Hotspot. | |||||
| CVE-2014-6485 | 1 Oracle | 1 Jre | 2020-09-08 | 9.3 HIGH | N/A |
| Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. | |||||
| CVE-2020-25069 | 1 Usvn | 1 Usvn | 2020-09-04 | 7.5 HIGH | 9.8 CRITICAL |
| USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. | |||||