CVE-2020-4905
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an…
Read morePage 2/32.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an…
Read moreAdRem NetCrunch 10.6.0.4587 allows Credentials Disclosure. Every user can read the BSD, Linux, MacOS and Solaris private keys, private keys' passwords, and root passwords stored in the credential man…
Read moreThe installer of the macOS Sensor for VMware Carbon Black Cloud (prior to 3.5.1) handles certain files in an insecure way. A malicious actor who has local access to the endpoint on which a macOS sens…
Read moreAn issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwardi…
Read moreAn issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a…
Read morejsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call.
Read moreGJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON.
Read moreThe REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated logi…
Read moreProduct: AndroidVersions: Android kernelAndroid ID: A-127973231References: Upstream kernel
Read moreIn showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent. This could lead to local information disclosure of notification data with no additional execution privil…
Read moreIn postNotification of ServiceRecord.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution privileges needed.…
Read moreIn createSimSelectNotification of SimSelectNotification.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution…
Read moreIn onCreate of HandleApiCalls.java, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege that allows an app to set or dismiss the alarm wit…
Read moreIn EapFailureNotifier.java and SimRequiredNotifier.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution priv…
Read moreIn setErrorPlaybackState of BluetoothMediaBrowserService.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with System execut…
Read moreIn startInputUncheckedLocked of InputMethodManager.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure with User execution priv…
Read moreAll versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
Read moreEnvoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500.
Read moreEnvoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-prox…
Read moreIn addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privilege…
Read moreAn issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, t…
Read moreThe GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion.
Read moreImproper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on progr…
Read morevendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFin…
Read moreFrappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API.
Read moreAn issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that domain names present in the DNS responses have '\0' ter…
Read moreBrocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the…
Read moreOn BIG-IP versions 14.0.0-14.0.1 and 13.1.0-13.1.3.4, certain traffic pattern sent to a virtual server configured with an FTP profile can cause the FTP channel to break.
Read morelib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation.
Read moreThis affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs.
Read moreIn two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security.
Read moreThe package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info).
Read moreRemoved group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
Read moreUnauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive…
Read moreTwo vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity…
Read moreIBM AIX 7.1, 7.2, and VIOS 3.1 could allow a local user to exploit a vulnerability in the ksu user command to gain root privileges. IBM X-Force ID: 189960.
Read moreIn Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and…
Read moreAn information disclosure flaw allows a malicious, authenticated, privileged web UI user to obtain a password for a remote SCP backup server that they might not otherwise be authorized to access. Thi…
Read moreA privilege escalation flaw allows a malicious, authenticated, privileged CLI user to escalate their privileges on the system and gain full control over the SMG appliance. This affects SMG prior to 1…
Read moreVisual Studio Code Java Extension Pack Remote Code Execution Vulnerability
Read moreMicrosoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Read moreVisual Studio Remote Code Execution Vulnerability
Read moreMicrosoft Edge for Android Spoofing Vulnerability
Read moreMicrosoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability
Read moreVisual Studio Code Remote Code Execution Vulnerability
Read moreVisual Studio Code Remote Development Extension Remote Code Execution Vulnerability
Read moreAzure DevOps Server and Team Foundation Services Spoofing Vulnerability
Read moreMicrosoft Exchange Server Information Disclosure Vulnerability
Read moreMicrosoft Exchange Remote Code Execution Vulnerability
Read moreMicrosoft Exchange Remote Code Execution Vulnerability
Read moreWindows SMB Information Disclosure Vulnerability
Read moreWindows Overlay Filter Security Feature Bypass Vulnerability
Read moreWindows Error Reporting Information Disclosure Vulnerability
Read moreDirectX Graphics Kernel Elevation of Privilege Vulnerability
Read moreWindows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Read moreAzure DevOps Server Spoofing Vulnerability
Read moreWindows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Read moreMicrosoft Dynamics Business Central/NAV Information Disclosure
Read moreMicrosoft Exchange Remote Code Execution Vulnerability
Read moreMicrosoft Excel Security Feature Bypass Vulnerability
Read moreMicrosoft Excel Remote Code Execution Vulnerability
Read moreMicrosoft Excel Remote Code Execution Vulnerability
Read moreMicrosoft Excel Remote Code Execution Vulnerability
Read moreMicrosoft Excel Information Disclosure Vulnerability
Read moreMicrosoft Excel Remote Code Execution Vulnerability
Read moreMicrosoft PowerPoint Remote Code Execution Vulnerability
Read moreMicrosoft Excel Remote Code Execution Vulnerability
Read moreMicrosoft Excel Remote Code Execution Vulnerability
Read moreMicrosoft SharePoint Remote Code Execution Vulnerability
Read moreMicrosoft SharePoint Information Disclosure Vulnerability
Read moreMicrosoft Outlook Information Disclosure Vulnerability
Read moreMicrosoft SharePoint Remote Code Execution Vulnerability
Read moreMicrosoft Exchange Remote Code Execution Vulnerability
Read moreMicrosoft SharePoint Server Spoofing Vulnerability
Read moreWindows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Read moreWindows Lock Screen Security Feature Bypass Vulnerability
Read moreWindows GDI+ Information Disclosure Vulnerability
Read moreWindows Digital Media Receiver Elevation of Privilege Vulnerability
Read moreWindows NTFS Remote Code Execution Vulnerability
Read moreWindows Hyper-V Remote Code Execution Vulnerability
Read moreWindows Error Reporting Information Disclosure Vulnerability
Read moreWindows Network Connections Service Elevation of Privilege Vulnerability
Read moreMicrosoft SharePoint Elevation of Privilege Vulnerability
Read moreAzure SDK for C Security Feature Bypass Vulnerability
Read moreKerberos Security Feature Bypass Vulnerability
Read moreAzure SDK for Java Security Feature Bypass Vulnerability
Read moreWindows Backup Engine Elevation of Privilege Vulnerability
Read moreWindows Backup Engine Elevation of Privilege Vulnerability
Read moreWindows Backup Engine Elevation of Privilege Vulnerability
Read moreWindows Backup Engine Elevation of Privilege Vulnerability
Read moreWindows Backup Engine Elevation of Privilege Vulnerability
Read moreWindows Backup Engine Elevation of Privilege Vulnerability
Read moreWindows Backup Engine Elevation of Privilege Vulnerability
Read moreSAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An att…
Read moreA denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying…
Read moreWhen listening for page changes with a Mutation Observer, a malicious web page could confuse Firefox Screenshots into interacting with elements other than those that it injected into the page. This w…
Read moreSearching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: Th…
Read moreIf the Remote Debugging via USB feature was enabled in Firefox for Android on an Android version prior to Android 6.0, untrusted apps could have connected to the feature and operated with the privile…
Read moreRepeated calls to the history and location interfaces could have been used to hang the browser. This was addressed by introducing rate-limiting to these API calls. This vulnerability affects Firefox…
Read moreWhen DNS over HTTPS is in use, it intentionally filters RFC1918 and related IP ranges from the responses as these do not make sense coming from a DoH resolver. However when an IPv4 address was mapped…
Read moreWhen accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be u…
Read moreThis issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iCloud for Windows 7.21, tvOS 14.0. A remote attacker may be able to…
Read morePrototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution.
Read moreA logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls…
Read moreAn issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously w…
Read moreA logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary c…
Read moreThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to gain elevated privileges.
Read moreAn issue existed in the handling of snapshots. The issue was resolved with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to preview file…
Read moreAn information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious applica…
Read moreThe issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.
Read moreThe issue was addressed with improved deletion. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A local user may be able to discover a user’s deleted messages.
Read moreA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to deter…
Read moreAn access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0. A local user may be able to view sen…
Read moreThe issue was addressed with improved handling of icon caches. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.0 and iPadOS 14.0. A malicious app may be able to determine the existence of files o…
Read moreA logic issue was addressed with improved state management. This issue is fixed in macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciou…
Read moreThe issue was addressed with additional user controls. This issue is fixed in macOS Big Sur 11.0.1. Users may be unable to remove metadata indicating where files were downloaded from.
Read moreA logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
Read moreA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.
Read moreA logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to determine kernel memory layout.
Read moreThis issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A malicious application may be able to access restricted files.
Read more