Search Results (Refine Search)

Search Parameters:
There are 145,253 matching records.
Displaying matches 341 through 360.
Vuln ID Summary CVSS Severity
CVE-2020-4718

IBM Jazz Reporting Service 6.0.6, 6.0.6.1, 7.0, and 7.0.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 187731.

Published: November 19, 2020; 11:15:11 AM -0500
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-4701

IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges.

Published: November 19, 2020; 11:15:10 AM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2020-28054

JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request.

Published: November 19, 2020; 11:15:10 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-11831

OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1.

Published: November 19, 2020; 11:15:10 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-11830

QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0.

Published: November 19, 2020; 11:15:10 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-11829

Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722.

Published: November 19, 2020; 11:15:10 AM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-15710

Potential double free in Bluez 5 module of PulseAudio could allow a local attacker to leak memory or crash the program. The modargs variable may be freed twice in the fail condition in src/modules/bluetooth/module-bluez5-device.c and src/modules/bluetooth/module-bluez5-device.c. Fixed in 1:8.0-0ubuntu3.14.

Published: November 18, 2020; 10:15:12 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 3.6 LOW
CVE-2019-20933

InfluxDB before 1.7.6 has an authentication bypass vulnerability in the authenticate function in services/httpd/handler.go because a JWT token may have an empty SharedSecret (aka shared secret).

Published: November 18, 2020; 9:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-8279

Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.

Published: November 18, 2020; 8:15:12 PM -0500
V3.1: 7.4 HIGH
V2.0: 5.8 MEDIUM
CVE-2020-8278

Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.

Published: November 18, 2020; 8:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-8277

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

Published: November 18, 2020; 8:15:12 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-5947

In versions 16.0.0-16.0.0.1 and 15.1.0-15.1.1, on specific BIG-IP platforms, attackers may be able to obtain TCP sequence numbers from the BIG-IP system that can be reused in future connections with the same source and destination port and IP numbers. Only these platforms are affected: BIG-IP 2000 series (C112), BIG-IP 4000 series (C113), BIG-IP i2000 series (C117), BIG-IP i4000 series (C115), BIG-IP Virtual Edition (VE).

Published: November 18, 2020; 8:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-13359

The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Published: November 18, 2020; 7:15:12 PM -0500
V3.1: 7.6 HIGH
V2.0: 5.5 MEDIUM
CVE-2020-13356

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Published: November 18, 2020; 7:15:12 PM -0500
V3.1: 8.2 HIGH
V2.0: 6.4 MEDIUM
CVE-2020-13355

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14. A path traversal is found in LFS Upload that allows attacker to overwrite certain specific paths on the server. Affected versions are: >=8.14, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Published: November 18, 2020; 7:15:11 PM -0500
V3.1: 8.1 HIGH
V2.0: 5.5 MEDIUM
CVE-2019-12412

A flaw in the libapreq2 v2.07 to v2.13 multipart parser can deference a null pointer leading to a process crash. A remote attacker could send a request causing a process crash which could lead to a denial of service attack.

Published: November 18, 2020; 7:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-12593

Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.

Published: November 18, 2020; 6:15:11 PM -0500
V3.1: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2020-26226

In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3.

Published: November 18, 2020; 5:15:12 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-26215

Jupyter Notebook before version 6.1.5 has an Open redirect vulnerability. A maliciously crafted link to a notebook server could redirect the browser to a different website. All notebook servers are technically affected, however, these maliciously crafted links can only be reasonably made for known notebook server hosts. A link to your notebook server may appear safe, but ultimately redirect to a spoofed server on the public internet. The issue is patched in version 6.1.5.

Published: November 18, 2020; 5:15:11 PM -0500
V3.x:(not available)
V2.0:(not available)
CVE-2020-22723

A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address.

Published: November 18, 2020; 5:15:11 PM -0500
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM