|
196991
|
6.5 |
MEDIUM
Network
|
vmware
|
horizon_daas
|
VMware Horizon DaaS (7.x and 8.x before 8.0.1 Update 1) contains a broken authentication vulnerability due to a flaw in the way it handled the first factor authentication. Successful exploitation of …
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2020-3977
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196992
|
6.5 |
MEDIUM
Network
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server Liberty 17.0.0.3 through 20.0.0.9 running oauth-2.0 or openidConnectServer-1.0 server features is vulnerable to a denial of service attack conducted by an authenticat…
|
NVD-CWE-noinfo
|
CVE-2020-4590
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196993
|
7.5 |
HIGH
Network
|
ibm
|
datapower_gateway
|
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a chunked transfer-encoding HTTP/2 request. IBM X-Force ID: 184441.
|
NVD-CWE-noinfo
|
CVE-2020-4581
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196994
|
7.5 |
HIGH
Network
|
ibm
|
datapower_gateway
|
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted a JSON request with invalid characters. IBM X-Force ID: …
|
NVD-CWE-noinfo
|
CVE-2020-4580
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196995
|
7.5 |
HIGH
Network
|
ibm
|
datapower_gateway
|
IBM DataPower Gateway 2018.4.1.0 through 2018.4.1.12 could allow a remote attacker to cause a denial of service by sending a specially crafted HTTP/2 request with invalid characters. IBM X-Force ID: …
|
NVD-CWE-noinfo
|
CVE-2020-4579
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196996
|
4.3 |
MEDIUM
Network
|
ibm
|
business_automation_content_analyzer_on_cloud
|
IBM Business Automation Content Analyzer on Cloud 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http://…
|
CWE-922
Insecure Storage of Sensitive Information
|
CVE-2020-4315
|
2024-11-21 14:32 |
2020-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196997
|
7.8 |
HIGH
Local
|
installbuilder
|
installbuilder
|
InstallBuilder for Qt Windows (versions prior to 20.7.0) installers look for plugins at a predictable location at initialization time, writable by non-admin users. While those plugins are not require…
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2020-3979
|
2024-11-21 14:32 |
2020-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196998
|
6.1 |
MEDIUM
Local
|
vmware
|
horizon_client
workstation_player
workstation_pro
|
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (JPEG2000 parser). A malicious actor with normal…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-3988
|
2024-11-21 14:32 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196999
|
6.1 |
MEDIUM
Local
|
vmware
|
horizon_client
workstation_player
workstation_pro
|
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an out-of-bounds read vulnerability in Cortado ThinPrint component (EMR STRETCHDIBITS parser). A malicious actor wi…
|
CWE-125
Out-of-bounds Read
|
CVE-2020-3987
|
2024-11-21 14:32 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197000
|
6.5 |
MEDIUM
Local
|
vmware
|
horizon_client
workstation_player
workstation_pro
|
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A maliciou…
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2020-3990
|
2024-11-21 14:32 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
