|
197841
|
8.8 |
HIGH
Network
|
vmware
|
velocloud_orchestrator
|
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted S…
|
CWE-89
SQL Injection
|
CVE-2020-3973
|
2024-11-21 14:32 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197842
|
9.9 |
CRITICAL
Network
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context an…
|
NVD-CWE-Other
|
CVE-2020-4077
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197843
|
9.0 |
CRITICAL
Local
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context an…
|
NVD-CWE-Other
|
CVE-2020-4076
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197844
|
7.5 |
HIGH
Network
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, arbitrary local file read is possible by defining unsafe window options on a child window opened via window.open. As a workaround, ensure y…
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2020-4075
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197845
|
9.8 |
CRITICAL
Network
|
prestashop
|
prestashop
|
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7…
|
CWE-287
Improper Authentication
|
CVE-2020-4074
|
2024-11-21 14:32 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197846
|
5.4 |
MEDIUM
Network
|
octobercms
|
october
|
In October from version 1.0.319 and before version 1.0.467, pasting content copied from malicious websites into the Froala richeditor could result in a successful self-XSS attack. This has been fixed…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4061
|
2024-11-21 14:32 |
2020-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197847
|
7.5 |
HIGH
Network
|
ibm
|
db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the execution of a…
|
CWE-404
Improper Resource Shutdown or Release
|
CVE-2020-4420
|
2024-11-21 14:32 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197848
|
4.4 |
MEDIUM
Local
|
ibm
|
db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local attacker to perform unauthorized actions on the system, caused by improper usage …
|
NVD-CWE-noinfo
|
CVE-2020-4414
|
2024-11-21 14:32 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197849
|
4.7 |
MEDIUM
Local
|
ibm
|
db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. I…
|
CWE-362
Race Condition
|
CVE-2020-4387
|
2024-11-21 14:32 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
197850
|
4.7 |
MEDIUM
Local
|
ibm
|
db2
|
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a local user to obtain sensitive information using a race condition of a symbolic link. I…
|
CWE-362
Race Condition
|
CVE-2020-4386
|
2024-11-21 14:32 |
2020-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
