|
197301
|
8.8 |
HIGH
Network
|
ibm
|
infosphere_information_server_on_cloud
infosphere_information_server
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim t…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4305
|
2024-11-21 14:32 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197302
|
4.3 |
MEDIUM
Network
|
ibm
|
security_guardium_insights
infosphere_guardium_activity_monitor
|
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to …
|
NVD-CWE-Other
|
CVE-2020-4173
|
2024-11-21 14:32 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197303
|
8.8 |
HIGH
Network
|
vmware
|
velocloud_orchestrator
|
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted S…
|
CWE-89
SQL Injection
|
CVE-2020-3973
|
2024-11-21 14:32 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197304
|
9.9 |
CRITICAL
Network
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context an…
|
NVD-CWE-Other
|
CVE-2020-4077
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197305
|
9.0 |
CRITICAL
Local
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context an…
|
NVD-CWE-Other
|
CVE-2020-4076
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197306
|
7.5 |
HIGH
Network
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure y…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-4075
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197307
|
9.8 |
CRITICAL
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7…
|
CWE-287
Improper Authentication
|
CVE-2020-4074
|
2024-11-21 14:32 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197308
|
5.4 |
MEDIUM
Network
|
octobercms
|
october
|
In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4061
|
2024-11-21 14:32 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197309
|
7.5 |
HIGH
Network
|
ibm
|
db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-4420
|
2024-11-21 14:32 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197310
|
4.4 |
MEDIUM
Local
|
ibm
|
db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage …
|
NVD-CWE-noinfo
|
CVE-2020-4414
|
2024-11-21 14:32 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
