Total
4572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15001 | 1 Yubico | 2 Yubikey 5 Nfc, Yubikey 5 Nfc Firmware | 2021-07-21 | 2.9 LOW | 5.3 MEDIUM |
| An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a user having set an access code. (Users who have not set an access code, or who have not configured the OTP slots, are not impacted by this issue.) | |||||
| CVE-2020-10257 | 1 Themerex | 63 Addons, Aldo-gutenberg Wordpress Blog Theme, Amuli and 60 more | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v2/get/sc_layout REST API endpoint, allowing for PHP functions to be executed by any users, because includes/plugin.rest-api.php calls trx_addons_rest_get_sc_layout with an unsafe sc parameter. | |||||
| CVE-2019-10648 | 1 Robocode Project | 1 Robocode | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Robocode through 1.9.3.5 allows remote attackers to cause external service interaction (DNS), as demonstrated by a query for a unique subdomain name within an attacker-controlled DNS zone, because of a .openStream call within java.net.URL. | |||||
| CVE-2020-4175 | 1 Ibm | 1 Security Guardium Insights | 2021-07-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| IBM Security Guardium Insights 2.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174684. | |||||
| CVE-2020-0047 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| In setMasterMute of AudioService.java, there is a missing permission check. This could lead to local silencing of audio with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141622311 | |||||
| CVE-2020-14969 | 1 Misp | 1 Misp | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. | |||||
| CVE-2020-27998 | 1 Fast-report | 1 Fastreport | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. | |||||
| CVE-2020-13276 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| User is allowed to set an email as a notification email even without verifying the new email in all previous GitLab CE/EE versions through 13.0.1 | |||||
| CVE-2020-0497 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In canUseBiometric of BiometricServiceBase, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-158481661 | |||||
| CVE-2020-0135 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| In dump of RollbackManagerServiceImpl.java, there is a possible backup metadata exposure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-150949837 | |||||
| CVE-2020-0448 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| In getPhoneAccountsForPackage of TelecomServiceImpl.java, there is a possible way to access a tracking identifier due to a missing permission check. This could lead to local information disclosure of the identifier, which could be used to track an account across devices, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-153995334 | |||||
| CVE-2020-25781 | 1 Mantisbt | 1 Mantisbt | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view private issue notes are able to download the (supposedly private) attachments linked to these notes by accessing the corresponding file download URL directly. | |||||
| CVE-2019-16909 | 1 Infosysta | 1 In-app \& Desktop Notifications | 2021-07-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in the Infosysta "In-App & Desktop Notifications" app before 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/NotificationSettings URI. | |||||
| CVE-2020-23740 | 1 Drivergenius | 1 Drivergenius | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In DriverGenius 9.61.5480.28 there is a local privilege escalation vulnerability in the driver wizard, attackers can use constructed programs to increase user privileges. | |||||
| CVE-2020-26649 | 1 Atomx | 1 Atomxcms 2 | 2021-07-21 | 5.5 MEDIUM | 8.1 HIGH |
| AtomXCMS 2.0 is affected by Incorrect Access Control via admin/dump.php | |||||
| CVE-2020-0412 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 3.3 LOW |
| In setProcessMemoryTrimLevel of ActivityManagerService.java, there is a missing permission check. This could lead to local information disclosure of foreground processes with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-160390416 | |||||
| CVE-2019-20801 | 1 Readdle | 1 Documents | 2021-07-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the Readdle Documents app before 6.9.7 for iOS. The application's file-transfer web server allows for cross-origin requests from any domain, and the WebSocket server lacks authorization control. Any web site can execute JavaScript code (that accesses a user's data) via cross-origin requests. | |||||
| CVE-2020-0085 | 1 Google | 1 Android | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege to activate tethering with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-134487438 | |||||
| CVE-2019-1010152 | 1 Zzcms | 1 Zzcms | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The component is: user/manage.php line 31-80. | |||||
| CVE-2020-27053 | 1 Google | 1 Android | 2021-07-21 | 2.1 LOW | 4.4 MEDIUM |
| In broadcastWifiCredentialChanged of ClientModeImpl.java, there is a possible location permission bypass due to a missing permission check. This could lead to local information disclosure of the WiFi network name with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159371448 | |||||