Total
365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11493 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2020-09-09 | 5.8 MEDIUM | 8.1 HIGH |
| In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. | |||||
| CVE-2020-25019 | 1 Jitsi | 1 Meet Electron | 2020-09-03 | 4.3 MEDIUM | 7.5 HIGH |
| jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | |||||
| CVE-2019-12510 | 1 Netgear | 2 Nighthawk X10-r9000, Nighthawk X10-r9000 Firmware | 2020-08-24 | 6.4 MEDIUM | 9.1 CRITICAL |
| In NETGEAR Nighthawk X10-R900 prior to 1.0.4.26, an attacker may bypass all authentication checks on the device's "NETGEAR Genie" SOAP API ("/soap/server_sa") by supplying a malicious X-Forwarded-For header of the device's LAN IP address (192.168.1.1) in every request. As a result, an attacker may modify almost all of the device's settings and view various configuration settings. | |||||
| CVE-2019-7323 | 1 Logmx | 1 Logmx | 2020-08-24 | 5.1 MEDIUM | 7.5 HIGH |
| GUP (generic update process) in LightySoft LogMX before 7.4.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update. The update process relies on cleartext HTTP. The attacker could replace the LogMXUpdater.class file. | |||||
| CVE-2019-0805 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists when Windows improperly handles calls to the LUAFV driver (luafv.sys), aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0836, CVE-2019-0841. | |||||
| CVE-2018-17938 | 1 Synacor | 1 Zimbra Collaboration Suite | 2020-08-24 | 5.0 MEDIUM | 5.3 MEDIUM |
| Zimbra Collaboration before 8.8.10 GA allows text content spoofing via a loginErrorCode value. | |||||
| CVE-2019-18835 | 1 Matrix | 1 Synapse | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| Matrix Synapse before 1.5.0 mishandles signature checking on some federation APIs. Events sent over /send_join, /send_leave, and /invite may not be correctly signed, or may not come from the expected servers. | |||||
| CVE-2018-19971 | 1 Jfrog | 1 Artifactory | 2020-08-24 | 7.5 HIGH | 9.8 CRITICAL |
| JFrog Artifactory Pro 6.5.9 has Incorrect Access Control. | |||||
| CVE-2019-2289 | 1 Qualcomm | 110 Apq8009, Apq8009 Firmware, Apq8017 and 107 more | 2020-08-24 | 10.0 HIGH | 9.8 CRITICAL |
| Lack of integrity check allows MODEM to accept any NAS messages which can result into authentication bypass of NAS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8976, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, Snapdragon_High_Med_2016, SXR1130, SXR2130 | |||||
| CVE-2017-11103 | 5 Apple, Debian, Freebsd and 2 more | 6 Iphone Os, Mac Os X, Debian Linux and 3 more | 2020-08-18 | 6.8 MEDIUM | 8.1 HIGH |
| Heimdal before 7.4 allows remote attackers to impersonate services with Orpheus' Lyre attacks because it obtains service-principal names in a way that violates the Kerberos 5 protocol specification. In _krb5_extract_ticket() the KDC-REP service name must be obtained from the encrypted version stored in 'enc_part' instead of the unencrypted version stored in 'ticket'. Use of the unencrypted version provides an opportunity for successful server impersonation and other attacks. NOTE: this CVE is only for Heimdal and other products that embed Heimdal code; it does not apply to other instances in which this part of the Kerberos 5 protocol specification is violated. | |||||
| CVE-2020-13178 | 1 Teradici | 2 Graphics Agent, Pcoip Standard Agent | 2020-08-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| A function in the Teradici PCoIP Standard Agent for Windows and Graphics Agent for Windows prior to version 20.04.1 does not properly validate the signature of an external binary, which could allow an attacker to gain elevated privileges via execution in the context of the PCoIP Agent process. | |||||
| CVE-2020-15899 | 1 Grin | 1 Grin | 2020-08-04 | 5.0 MEDIUM | 7.5 HIGH |
| Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble. | |||||
| CVE-2020-15699 | 1 Joomla | 1 Joomla\! | 2020-07-15 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration. | |||||
| CVE-2020-8660 | 1 Envoyproxy | 1 Envoy | 2020-07-13 | 5.0 MEDIUM | 5.3 MEDIUM |
| CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process. | |||||
| CVE-2020-12119 | 1 Ledger | 1 Ledger Live | 2020-07-08 | 5.8 MEDIUM | 8.1 HIGH |
| Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). It increases the user's balance with the value of an unconfirmed transaction as soon as it is received (before the transaction is confirmed) and does not decrease the balance when it is canceled. As a result, users are exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent. | |||||
| CVE-2019-19160 | 2 Cabsoftware, Microsoft | 4 Reportexpress Proplus, Windows 10, Windows 7 and 1 more | 2020-07-07 | 6.5 MEDIUM | 8.8 HIGH |
| Reportexpress ProPlus contains a vulnerability that could allow an arbitrary code execution by inserted VBscript into the configure file(rxp). | |||||
| CVE-2020-13265 | 1 Gitlab | 1 Gitlab | 2020-06-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| User email verification bypass in GitLab CE/EE 12.5 and later through 13.0.1 allows user to bypass email verification | |||||
| CVE-2020-14453 | 1 Mattermost | 1 Mattermost Server | 2020-06-19 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.21.0. Socket read operations are not appropriately restricted, which allows attackers to cause a denial of service, aka MMSA-2020-0005. | |||||
| CVE-2020-3220 | 1 Cisco | 1 Ios Xe | 2020-06-10 | 7.1 HIGH | 6.8 MEDIUM |
| A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by tampering with ESP cleartext values as a man-in-the-middle. | |||||
| CVE-2019-18905 | 2 Opensuse, Suse | 2 Autoyast2, Linux Enterprise Server | 2020-05-23 | 4.3 MEDIUM | 5.9 MEDIUM |
| A Insufficient Verification of Data Authenticity vulnerability in autoyast2 of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15 allows remote attackers to MITM connections when deprecated and unused functionality of autoyast is used to create images. This issue affects: SUSE Linux Enterprise Server 12 autoyast2 version 4.1.9-3.9.1 and prior versions. SUSE Linux Enterprise Server 15 autoyast2 version 4.0.70-3.20.1 and prior versions. | |||||