CVE-2020-17366 5 Aug 2020
An issue was discovered in NLnet Labs Routinator 0.1.0 through 0.7.1. It allows remote attackers to bypass intended access restrictions or to cause a... Read more ➔
CVE-2020-13404 5 Aug 2020
The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection. Read more ➔
CVE-2020-15127 5 Aug 2020
In Contour ( Ingress controller for Kubernetes) before version 1.7.0, a bad actor can shut down all instances of Envoy, essentially killing the entire... Read more ➔
CVE-2020-15132 5 Aug 2020
In Sulu before versions 1.6.35, 2.0.10, and 2.1.1, when the "Forget password" feature on the login screen is used, Sulu asks the user for a username o... Read more ➔
CVE-2020-7298 5 Aug 2020
Unexpected behavior violation in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to turn off real time scanning via a specially cra... Read more ➔
CVE-2020-15112 5 Aug 2020
In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number of entries in the ReadAll method in wal/wal.g... Read more ➔
CVE-2020-15113 5 Aug 2020
In etcd before versions 3.3.23 and 3.4.10, certain directory paths are created (etcd data directory and the directory path when provided to automatica... Read more ➔
CVE-2020-16254 5 Aug 2020
The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). Read more ➔
CVE-2020-15106 5 Aug 2020
In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of a record is stored in the length field of a... Read more ➔
CVE-2020-16192 5 Aug 2020
LimeSurvey 4.3.2 allows reflected XSS because application/controllers/LSBaseController.php lacks code to validate parameters. Read more ➔
CVE-2020-13819 5 Aug 2020
Extreme EAC Appliance 8.4.1.24 allows unauthenticated reflected XSS via a parameter in a GET request. Read more ➔
CVE-2020-13921 5 Aug 2020
**Resolved** Only when using H2/MySQL/TiDB as Apache SkyWalking storage, there is a SQL injection vulnerability in the wildcard query cases. Read more ➔
CVE-2020-14344 5 Aug 2020
An integer overflow leading to a heap-buffer overflow was found in The X Input Method (XIM) client was implemented in libX11 before version 1.6.10. As... Read more ➔
CVE-2020-14347 5 Aug 2020
A flaw was found in the way xserver memory was not properly initialized. This could leak parts of server memory to the X client. In cases where Xorg s... Read more ➔
CVE-2020-17353 5 Aug 2020
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embe... Read more ➔
CVE-2020-4243 5 Aug 2020
IBM Security Identity Governance and Intelligence 5.2.6 Virtual Appliance could allow a remote attacker to obtain sensitive information using man in t... Read more ➔
CVE-2020-4481 5 Aug 2020
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML d... Read more ➔
CVE-2020-5608 5 Aug 2020
CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP Small, Basic) R4.01.00 to R6.07.00, B/... Read more ➔
CVE-2020-5609 5 Aug 2020
Directory traversal vulnerability in CAMS for HIS CENTUM CS 3000 (includes CENTUM CS 3000 Small) R3.08.10 to R3.09.50, CENTUM VP (includes CENTUM VP S... Read more ➔
CVE-2020-8607 5 Aug 2020
An input validation vulnerability found in multiple Trend Micro products utilizing a particular version of a specific rootkit protection driver could... Read more ➔
CVE-2020-13151 5 Aug 2020
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a... Read more ➔