Total
29504 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5379 | 1 Dell | 2 Inspiron 7352, Inspiron 7352 Bios | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
Dell Inspiron 7352 BIOS versions prior to A12 contain a UEFI BIOS Boot Services overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the EFI_BOOT_SERVICES structure to execute arbitrary code in System Management Mode (SMM). | |||||
CVE-2020-5363 | 1 Dell | 36 Latitude 5300, Latitude 5300 2-in-1, Latitude 5300 2-in-1 Firmware and 33 more | 2024-11-21 | 7.2 HIGH | 8.6 HIGH |
Select Dell Client Consumer and Commercial platforms include an issue that allows the BIOS Admin password to be changed through Dell's manageability interface without knowledge of the current BIOS Admin password. This could potentially allow an unauthorized actor, with physical access and/or OS administrator privileges to the device, to gain privileged access to the platform and the hard drive. | |||||
CVE-2020-4996 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
IBM Security Identity Governance and Intelligence 5.2.6 could allow a local user to obtain sensitive information via the capturing of screenshots of authentication credentials. IBM X-Force ID: 192913. | |||||
CVE-2020-4890 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 could allow a local user with a valid role to the REST API to cause a denial of service due to weak or absense of rate limiting. IBM X-Force ID: 190973. | |||||
CVE-2020-4762 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, I and 4 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5_2, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow an authenticated user to create a privileged account due to improper access controls. IBM X-Force ID: 188896. | |||||
CVE-2020-4725 | 1 Ibm | 1 Cloud Application Performance Management | 2024-11-21 | 3.5 LOW | 3.5 LOW |
IBM Monitoring (IBM Cloud APM 8.1.4 ) could allow an authenticated user to modify HTML content by sending a specially crafted HTTP request to the APM UI, which could mislead another user. IBM X-Force ID: 187974. | |||||
CVE-2020-4654 | 1 Ibm | 1 Sterling File Gateway | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to obtain sensitive information due to improper permission control. IBM X-Force ID: 186090. | |||||
CVE-2020-4646 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.5, 6.0.0.0 through 6.0.3.3, and 6.1.0.0 through 6.1.0.2 could allow an authenticated user to view pages they shoiuld not have access to due to improper authorization control. | |||||
CVE-2020-4495 | 1 Ibm | 9 Collaborative Lifecycle Management, Engineering Lifecycle Management, Engineering Lifecycle Optimization - Engineering Insights and 6 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security restrictions, caused by improper access control. By sending a specially-crafted request to the REST API, an attacker could exploit this vulnerability to bypass access restrictions, and execute arbitrary actions with administrative privileges. IBM X-Force ID: 182114. | |||||
CVE-2020-4490 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 181989 | |||||
CVE-2020-4173 | 2 Ibm, Linux | 3 Infosphere Guardium Activity Monitor, Security Guardium Insights, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 174682. | |||||
CVE-2020-4160 | 1 Ibm | 1 Qradar Network Security | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
IBM QRadar Network Security 5.4.0 and 5.5.0 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 174340. | |||||
CVE-2020-4107 | 1 Hcltech | 1 Domino | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
HCL Domino is affected by an Insufficient Access Control vulnerability. An authenticated attacker with local access to the system could exploit this vulnerability to attain escalation of privileges, denial of service, or information disclosure. | |||||
CVE-2020-4077 | 1 Electronjs | 1 Electron | 2024-11-21 | 6.5 MEDIUM | 7.7 HIGH |
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using both `contextIsolation` and `contextBridge` are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | |||||
CVE-2020-4076 | 1 Electronjs | 1 Electron | 2024-11-21 | 3.6 LOW | 7.8 HIGH |
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using contextIsolation are affected. This is fixed in versions 9.0.0-beta.21, 8.2.4 and 7.2.4. | |||||
CVE-2020-4020 | 1 Atlassian | 1 Companion | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
The file downloading functionality in the Atlassian Companion App before version 1.0.0 allows remote attackers, who control a Confluence Server instance that the Companion App is connected to, execute arbitrary .exe files via a Protection Mechanism Failure. | |||||
CVE-2020-3991 | 2 Microsoft, Vmware | 2 Windows, Horizon Client | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed. | |||||
CVE-2020-3918 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, macOS Catalina 10.15.4, tvOS 13.4, watchOS 6.2. A local user may be able to view sensitive user information. | |||||
CVE-2020-3915 | 1 Apple | 1 Mac Os X | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Catalina 10.15.4. A malicious application may be able to overwrite arbitrary files. | |||||
CVE-2020-3887 | 1 Apple | 6 Icloud, Ipad Os, Iphone Os and 3 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 13.4 and iPadOS 13.4, tvOS 13.4, Safari 13.1, iTunes for Windows 12.10.5, iCloud for Windows 10.9.3, iCloud for Windows 7.18. A download's origin may be incorrectly associated. |