|
207681
|
6.5 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 could allow an authenticated user to cause a denial of service of the qflow process by sending a malformed sflow command. IBM X-Force ID: 182366.
|
NVD-CWE-noinfo
|
CVE-2020-4511
|
2024-11-21 14:32 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207682
|
5.5 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information…
|
CWE-611
XXE
|
CVE-2020-4510
|
2024-11-21 14:32 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207683
|
5.4 |
MEDIUM
Network
|
ibm
|
qradar_security_information_and_event_manager
|
IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentiall…
|
CWE-79
Cross-site Scripting
|
CVE-2020-4364
|
2024-11-21 14:32 |
2020-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207684
|
6.8 |
MEDIUM
Network
|
bareos
|
bareos
|
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and conne…
|
CWE-294
Authentication Bypass by Capture-replay
|
CVE-2020-4042
|
2024-11-21 14:32 |
2020-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207685
|
7.8 |
HIGH
Local
|
vmware
|
fusion
horizon_client
remote_console
|
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability …
|
NVD-CWE-noinfo
|
CVE-2020-3974
|
2024-11-21 14:32 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207686
|
8.8 |
HIGH
Network
|
ibm
|
infosphere_information_server_on_cloud
infosphere_information_server
|
IBM InfoSphere Information Server 11.3, 11.5, and 11.7 could allow a remote attacker to execute arbitrary code on the system, caused by the deserialization of untrusted data. By persuading a victim t…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2020-4305
|
2024-11-21 14:32 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207687
|
4.3 |
MEDIUM
Network
|
ibm
|
security_guardium_insights
infosphere_guardium_activity_monitor
|
IBM Guardium Activity Insights 10.6 and 11.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to …
|
NVD-CWE-Other
|
CVE-2020-4173
|
2024-11-21 14:32 |
2020-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207688
|
8.8 |
HIGH
Network
|
vmware
|
velocloud_orchestrator
|
The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted S…
|
CWE-89
SQL Injection
|
CVE-2020-3973
|
2024-11-21 14:32 |
2020-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207689
|
9.9 |
CRITICAL
Network
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context an…
|
NVD-CWE-Other
|
CVE-2020-4077
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
207690
|
9.0 |
CRITICAL
Local
|
electronjs
|
electron
|
In Electron before versions 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass. Code running in the main world context in the renderer can reach into the isolated Electron context an…
|
NVD-CWE-Other
|
CVE-2020-4076
|
2024-11-21 14:32 |
2020-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
