Total
9888 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6190 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.8 Medium |
| Certain vulnerable endpoints in SAP NetWeaver AS Java (Heap Dump Application), versions 7.30, 7.31, 7.40, 7.50, provide valuable information about the system like hostname, server node and installation path that could be misused by an attacker leading to Information Disclosure. | ||||
| CVE-2020-6178 | 1 Sap | 1 Enable Now | 2024-11-21 | 5.4 Medium |
| SAP Enable Now, before version 1911, sends the Session ID cookie value in URL. This might be stolen from the browser history or log files, leading to Information Disclosure. | ||||
| CVE-2020-6170 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 9.8 Critical |
| An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI. | ||||
| CVE-2020-5975 | 3 Apple, Microsoft, Nvidia | 3 Macos, Windows, Geforce Now | 2024-11-21 | 7.5 High |
| NVIDIA GeForce NOW, versions prior to 2.0.23 on Windows and macOS, contains a vulnerability in the desktop application software that includes sensitive information as part of a URL, which may lead to information disclosure. | ||||
| CVE-2020-5890 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | 5.5 Medium |
| On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.3, and 12.1.0-12.1.5.1 and BIG-IQ 5.2.0-7.1.0, when creating a QKView, credentials for binding to LDAP servers used for remote authentication of the BIG-IP administrative interface will not fully obfuscate if they contain whitespace. | ||||
| CVE-2020-5866 | 1 F5 | 1 Nginx Controller | 2024-11-21 | 5.5 Medium |
| In versions of NGINX Controller prior to 3.3.0, the helper.sh script, which is used optionally in NGINX Controller to change settings, uses sensitive items as command-line arguments. | ||||
| CVE-2020-5676 | 1 Weseek | 1 Growi | 2024-11-21 | 7.5 High |
| GROWI v4.1.3 and earlier allow remote attackers to obtain information which is not allowed to access via unspecified vectors. | ||||
| CVE-2020-5573 | 1 Cybozu | 1 Kintone | 2024-11-21 | 4.6 Medium |
| Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors. | ||||
| CVE-2020-5572 | 1 Cybozu | 1 Mailwise | 2024-11-21 | 4.6 Medium |
| Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors. | ||||
| CVE-2020-5571 | 1 Sharp | 20 Aquos Compact Sh-m06, Aquos Compact Sh-m06 Firmware, Aquos L2 and 17 more | 2024-11-21 | 7.5 High |
| SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device. | ||||
| CVE-2020-5414 | 1 Vmware | 2 Operations Manager, Tanzu Application Service For Virtual Machines | 2024-11-21 | 5.7 Medium |
| VMware Tanzu Application Service for VMs (2.7.x versions prior to 2.7.19, 2.8.x versions prior to 2.8.13, and 2.9.x versions prior to 2.9.7) contains an App Autoscaler that logs the UAA admin password. This credential is redacted on VMware Tanzu Operations Manager; however, the unredacted logs are available to authenticated users of the BOSH Director. This credential would grant administrative privileges to a malicious user. The same versions of App Autoscaler also log the App Autoscaler Broker password. Prior to newer versions of Operations Manager, this credential was not redacted from logs. This credential allows a malicious user to create, delete, and modify App Autoscaler services instances. Operations Manager started redacting this credential from logs as of its versions 2.7.15, 2.8.6, and 2.9.1. Note that these logs are typically only visible to foundation administrators and operators. | ||||
| CVE-2020-5364 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 5.3 Medium |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. | ||||
| CVE-2020-5331 | 1 Rsa | 1 Archer | 2024-11-21 | 8.8 High |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain an information exposure vulnerability. Users’ session information could potentially be stored in cache or log files. An authenticated malicious local user with access to the log files may obtain the exposed information to use it in further attacks. | ||||
| CVE-2020-5330 | 1 Dell | 10 Pc5500, Pc5500 Firmware, R1-2210 and 7 more | 2024-11-21 | 8.1 High |
| Dell EMC Networking X-Series firmware versions 3.0.1.2 and older, Dell EMC Networking PC5500 firmware versions 4.1.0.22 and older and Dell EMC PowerEdge VRTX Switch Modules firmware versions 2.0.0.77 and older contain an information disclosure vulnerability. A remote unauthenticated attacker could exploit this vulnerability to retrieve sensitive data by sending a specially crafted request to the affected endpoints. | ||||
| CVE-2020-5301 | 1 Simplesamlphp | 1 Simplesamlphp | 2024-11-21 | 3 Low |
| SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in `SimpleSAML\Module` that processes requests for pages hosted by modules, has code to identify paths ending with `.php` and process those as PHP code. If no other suitable way of handling the given path exists it presents the file to the browser. The check to identify paths ending with `.php` does not account for uppercase letters. If someone requests a path ending with e.g. `.PHP` and the server is serving the code from a case-insensitive file system, such as on Windows, the processing of the PHP code does not occur, and the source code is instead presented to the browser. An attacker may use this issue to gain access to the source code in third-party modules that is meant to be private, or even sensitive. However, the attack surface is considered small, as the attack will only work when SimpleSAMLphp serves such content from a file system that is not case-sensitive, such as on Windows. This issue is fixed in version 1.18.6. | ||||
| CVE-2020-5244 | 1 Buddypress | 1 Buddypress | 2024-11-21 | 8 High |
| In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2. | ||||
| CVE-2020-5220 | 1 Sylius | 1 Syliusresourcebundle | 2024-11-21 | 4.4 Medium |
| Sylius ResourceBundle accepts and uses any serialisation groups to be passed via a HTTP header. This might lead to data exposure by using an unintended serialisation group - for example it could make Shop API use a more permissive group from Admin API. Anyone exposing an API with ResourceBundle's controller is affected. The vulnerable versions are: <1.3 || >=1.3.0 <=1.3.12 || >=1.4.0 <=1.4.5 || >=1.5.0 <=1.5.0 || >=1.6.0 <=1.6.2. The patch is provided for Sylius ResourceBundle 1.3.13, 1.4.6, 1.5.1 and 1.6.3, but not for any versions below 1.3. | ||||
| CVE-2020-5197 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2020-5132 | 1 Sonicwall | 3 Sma100, Sma100 Firmware, Sonicos | 2024-11-21 | 5.3 Medium |
| SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. | ||||
| CVE-2020-4967 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425. | ||||