Vulnerabilities (CVE)

Filtered by CWE-20
Total 10029 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-21068 1 Google 1 Android 2024-02-04 2.1 LOW 6.2 MEDIUM
An issue was discovered on Samsung mobile devices with O(8.0) software. Execution of an application in a locked Secure Folder can occur without a password via a split screen. The Samsung ID is SVE-2018-11669 (July 2018).
CVE-2020-7116 1 Arubanetworks 1 Clearpass Policy Manager 2024-02-04 9.0 HIGH 7.2 HIGH
The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote execution. When the attacker is already authenticated to the administrative interface, they could then exploit the system, leading to remote command execution in the underlying operating system. Resolution: Fixed in 6.7.13-HF, 6.8.5-HF, 6.8.6, 6.9.1 and higher.
CVE-2020-1223 1 Microsoft 1 Word 2024-02-04 6.8 MEDIUM 8.8 HIGH
A remote code execution vulnerability exists when Microsoft Word for Android fails to properly handle certain files.To exploit the vulnerability, an attacker would have to convince a user to open a specially crafted URL file.The update addresses the vulnerability by correcting how Microsoft Word for Android handles specially crafted URL files., aka 'Word for Android Remote Code Execution Vulnerability'.
CVE-2019-14047 1 Qualcomm 30 Apq8053, Apq8053 Firmware, Apq8096au and 27 more 2024-02-04 7.2 HIGH 7.8 HIGH
While IPA driver processes route add rule IOCTL, there is no input validation of the rule ID prior to adding the rule to the IPA HW commit list in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8096AU, MDM9607, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCS605, SC8180X, SDA845, SDX20, SDX24, SDX55, SM8150, SXR1130
CVE-2020-1837 1 Huawei 2 Changxiang 8 Plus, Changxiang 8 Plus Firmware 2024-02-04 2.9 LOW 5.3 MEDIUM
ChangXiang 8 Plus with versions earlier than 9.1.0.136(C00E121R1P6T8) have a denial of service vulnerability. The device does not properly handle certain message from base station, the attacker could craft a fake base station to launch the attack. Successful exploit could cause a denial of signal service condition.
CVE-2020-3263 1 Cisco 1 Webex Meetings 2024-02-04 7.6 HIGH 7.5 HIGH
A vulnerability in Cisco Webex Meetings Desktop App could allow an unauthenticated, remote attacker to execute programs on an affected end-user system. The vulnerability is due to improper validation of input that is supplied to application URLs. The attacker could exploit this vulnerability by persuading a user to follow a malicious URL. A successful exploit could allow the attacker to cause the application to execute other programs that are already present on the end-user system. If malicious files are planted on the system or on an accessible network file path, the attacker could execute arbitrary code on the affected system.
CVE-2020-4548 3 Ibm, Linux, Microsoft 4 Aix, Content Navigator, Linux Kernel and 1 more 2024-02-04 4.0 MEDIUM 2.7 LOW
IBM Content Navigator 3.0.7 and 3.0.8 is vulnerable to improper input validation. A malicious administrator could bypass the user interface and send requests to the IBM Content Navigator server with illegal characters that could be stored in the IBM Content Navigator database. IBM X-Force ID: 183316.
CVE-2020-1044 1 Microsoft 1 Sql Server Reporting Services 2024-02-04 4.0 MEDIUM 4.3 MEDIUM
<p>A security feature bypass vulnerability exists in SQL Server Reporting Services (SSRS) when the server improperly validates attachments uploaded to reports. An attacker who successfully exploited this vulnerability could upload file types that were disallowed by an administrator.</p> <p>To exploit the vulnerability, an authenticated attacker would need to send a specially crafted request to an affected SSRS server.</p> <p>The update addresses the vulnerability by modifying how SSRS validates attachment uploads.</p>
CVE-2020-5131 1 Sonicwall 1 Netextender 2024-02-04 4.6 MEDIUM 7.8 HIGH
SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier.
CVE-2020-4411 2 Ibm, Linux 3 Aix, Spectrum Scale, Linux Kernel 2024-02-04 4.9 MEDIUM 7.1 HIGH
The Spectrum Scale 4.2.0.0 through 4.2.3.21 and 5.0.0.0 through 5.0.4.3 file system component is affected by a denial of service vulnerability in its kernel module that could allow an attacker to cause a denial of service condition on the affected system. To exploit this vulnerability, a local attacker could invoke a subset of ioctls on the Spectrum Scale device with non-valid arguments. This could allow the attacker to crash the kernel. IBM X-Force ID: 179986.
CVE-2020-4693 3 Ibm, Linux, Microsoft 4 Aix, Spectrum Protect Operations Center, Linux Kernel and 1 more 2024-02-04 7.5 HIGH 9.8 CRITICAL
IBM Spectrum Protect Operations Center 7.1.0.000 through 7.1.10 and 8.1.0.000 through 8.1.9 may allow an attacker to execute arbitrary code on the system, caused by improper validation of data prior to export. IBM X-Force ID: 186782.
CVE-2019-20552 1 Google 1 Android 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via an RCS call. The Samsung ID is SVE-2019-15035 (October 2019).
CVE-2020-3398 1 Cisco 67 Nexus 3016, Nexus 3048, Nexus 3064 and 64 more 2024-02-04 4.3 MEDIUM 8.6 HIGH
A vulnerability in the Border Gateway Protocol (BGP) Multicast VPN (MVPN) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a BGP session to repeatedly reset, causing a partial denial of service (DoS) condition due to the BGP session being down. The vulnerability is due to incorrect parsing of a specific type of BGP MVPN update message. An attacker could exploit this vulnerability by sending this BGP MVPN update message to a targeted device. A successful exploit could allow the attacker to cause the BGP peer connections to reset, which could lead to BGP route instability and impact traffic. The incoming BGP MVPN update message is valid but is parsed incorrectly by the NX-OS device, which could send a corrupted BGP update to the configured BGP peer. Note: The Cisco implementation of BGP accepts incoming BGP traffic from only explicitly configured peers. To exploit this vulnerability, an attacker must send a specific BGP MVPN update message over an established TCP connection that appears to come from a trusted BGP peer. To do so, the attacker must obtain information about the BGP peers in the trusted network of the affected system.
CVE-2020-11890 1 Joomla 1 Joomla\! 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
An issue was discovered in Joomla! before 3.9.17. Improper input validations in the usergroup table class could lead to a broken ACL configuration.
CVE-2020-6247 1 Sap 1 Businessobjects Business Intelligence Platform 2024-02-04 5.0 MEDIUM 7.5 HIGH
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.
CVE-2020-8787 1 Salesagility 1 Suitecrm 2024-02-04 5.0 MEDIUM 7.5 HIGH
SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted.
CVE-2020-16269 2 Fedoraproject, Radare 2 Fedora, Radare2 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
radare2 4.5.0 misparses DWARF information in executable files, causing a segmentation fault in parse_typedef in type_dwarf.c via a malformed DW_AT_name in the .debug_info section.
CVE-2020-4383 2 Ibm, Linux 2 Elastic Storage Server, Linux Kernel 2024-02-04 4.0 MEDIUM 6.5 MEDIUM
IBM Spectrum Scale for IBM Elastic Storage Server 5.3.0 through 5.3.5 could allow an authenticated user to cause a denial of service during deployment while configuring some of the network services. IBM X-Force ID: 179165.
CVE-2019-20570 1 Google 1 Android 2024-02-04 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019).
CVE-2020-6348 1 Sap 1 3d Visual Enterprise Viewer 2024-02-04 4.3 MEDIUM 4.3 MEDIUM
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.