Search Results (Refine Search)

Search Parameters:
There are 143,943 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-4588

IBM i2 iBase 8.9.13 could allow an attacker to upload arbitrary executable files which, when executed by an unsuspecting victim could result in code execution. IBM X-Force ID: 184579.

Published: October 30, 2020; 10:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-4584

IBM i2 iBase 8.9.13 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 184574.

Published: October 30, 2020; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7760

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. The vulnerable regular expression is located in https://github.com/codemirror/CodeMirror/blob/cdb228ac736369c685865b122b736cd0d397836c/mode/javascript/javascript.jsL129. The ReDOS vulnerability of the regex is mainly due to the sub-pattern (s|/*.*?*/)*

Published: October 30, 2020; 7:15:12 AM -0400
V3.1: 5.3 MEDIUM
V2.0:(not available)
CVE-2020-7759

The package pimcore/pimcore from 6.7.2 and before 6.8.3 are vulnerable to SQL Injection in data classification functionality in ClassificationstoreController. This can be exploited by sending a specifically-crafted input in the relationIds parameter as demonstrated by the following request: http://vulnerable.pimcore.example/admin/classificationstore/relations?relationIds=[{"keyId"%3a"''","groupId"%3a"'asd'))+or+1%3d1+union+(select+1,2,3,4,5,6,name,8,password,'',11,12,'',14+from+users)+--+"}]

Published: October 30, 2020; 7:15:12 AM -0400
V3.1: 6.5 MEDIUM
V2.0:(not available)
CVE-2020-27015

Trend Micro Antivirus for Mac 2020 (Consumer) contains an Error Message Information Disclosure vulnerability that if exploited, could allow kernel pointers and debug messages to leak to userland. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

Published: October 29, 2020; 8:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27014

Trend Micro Antivirus for Mac 2020 (Consumer) contains a race condition vulnerability in the Web Threat Protection Blocklist component, that if exploited, could allow an attacker to case a kernel panic or crash. An attacker must first obtain the ability to execute high-privileged code on the target system in order to exploit this vulnerability.

Published: October 29, 2020; 8:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27885

Cross-Site Scripting (XSS) vulnerability on WSO2 API Manager 3.1.0. By exploiting a Cross-site scripting vulnerability the attacker can hijack a logged-in user’s session by stealing cookies which means that a malicious hacker can change the logged-in user’s password and invalidate the session of the victim while the hacker maintains access.

Published: October 29, 2020; 5:15:15 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26205

Sal is a multi-tenanted reporting dashboard for Munki with the ability to display information from Facter. In Sal through version 4.1.6 there is an XSS vulnerability on the machine_list view.

Published: October 29, 2020; 4:15:19 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-25646

A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality

Published: October 29, 2020; 4:15:19 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-14323

A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.

Published: October 29, 2020; 4:15:17 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27887

An issue was discovered in EyesOfNetwork 5.3 through 5.3-8. An authenticated web user with sufficient privileges could abuse the AutoDiscovery module to run arbitrary OS commands via the nmap_binary parameter to lilac/autodiscovery.php.

Published: October 29, 2020; 3:15:14 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27886

An issue was discovered in EyesOfNetwork eonweb 5.3-7 through 5.3-8. The eonweb web interface is prone to a SQL injection, allowing an unauthenticated attacker to exploit the username_available function of the includes/functions.php file (which is called by login.php).

Published: October 29, 2020; 3:15:14 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27998

An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress.

Published: October 29, 2020; 2:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27996

An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations.

Published: October 29, 2020; 2:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27747

An issue was discovered in Click Studios Passwordstate 8.9 (Build 8973).If the user of the system has assigned himself a PIN code for entering from a mobile device using the built-in generator (4 digits), a remote attacker has the opportunity to conduct a brute force attack on this PIN code. As result, remote attacker retrieves all passwords from another systems, available for affected account.

Published: October 29, 2020; 2:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27995

SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter.

Published: October 29, 2020; 1:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27744

An issue was discovered on Western Digital My Cloud NAS devices before 5.04.114. They allow remote code execution with resultant escalation of privileges.

Published: October 29, 2020; 1:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-25780

In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder.

Published: October 29, 2020; 1:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-5936

On BIG-IP LTM 15.1.0-15.1.0.5, 14.1.0-14.1.2.7, 13.1.0-13.1.3.4, and 12.1.0-12.1.5.1, the Traffic Management Microkernel (TMM) process may consume excessive resources when processing SSL traffic and client authentication are enabled on the client SSL profile.

Published: October 29, 2020; 12:15:15 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-5935

On BIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, FPS, GTM, Link Controller, PEM) versions 15.1.0-15.1.0.5, 14.1.0-14.1.2.3, and 13.1.0-13.1.3.3, when handling MQTT traffic through a BIG-IP virtual server associated with an MQTT profile and an iRule performing manipulations on that traffic, TMM may produce a core file.

Published: October 29, 2020; 12:15:15 PM -0400
V3.x:(not available)
V2.0:(not available)