CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1401 CVE-2019-4731 200 +Info 2020-07-28 2020-07-28
2.1
None Local Low Not required Partial None None
IBM MQ Appliance 9.1.4.CD could allow a local attacker to obtain highly sensitive information by inclusion of sensitive data within trace. IBM X-Force ID: 172616.
1402 CVE-2019-4706 532 2020-07-01 2020-07-02
4.0
None Remote Low ??? Partial None None
IBM Security Identity Manager Virtual Appliance 7.0.2 writes information to log files which can be of a sensitive nature and give valuable guidance to an attacker or expose sensitive user information. IBM X-Force ID: 172016.
1403 CVE-2019-4705 200 +Info 2020-07-01 2021-07-21
4.0
None Remote Low ??? Partial None None
IBM Security Identity Manager Virtual Appliance 7.0.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 172015.
1404 CVE-2019-4704 863 2020-07-01 2021-07-21
4.3
None Remote Medium Not required Partial None None
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.
1405 CVE-2019-4676 312 2020-07-01 2020-07-02
2.1
None Local Low Not required Partial None None
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
1406 CVE-2019-4591 384 2020-07-13 2020-07-14
4.6
None Local Low Not required Partial Partial Partial
IBM Maximo Asset Management 7.6.0 and 7.6.1 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 167451.
1407 CVE-2019-4324 79 XSS 2020-07-07 2020-07-15
4.3
None Remote Medium Not required None Partial None
"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."
1408 CVE-2019-4323 1021 2020-07-07 2020-07-15
4.3
None Remote Medium Not required None Partial None
"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."
1409 CVE-2019-4091 79 XSS 2020-07-17 2020-07-22
3.5
None Remote Medium ??? None Partial None
"HCL Marketing Platform is vulnerable to cross-site scripting during addition of new users and also while searching for users in Dashboard, potentially giving an attacker ability to inject malicious code into the system. "
1410 CVE-2019-4090 79 XSS 2020-07-17 2020-07-22
3.5
None Remote Medium ??? None Partial None
"HCL Campaign is vulnerable to cross-site scripting when a user provides XSS scripts in Campaign Description field."
1411 CVE-2018-21036 20 DoS 2020-07-21 2020-07-23
5.0
None Remote Low Not required None None Partial
Sails.js before v1.0.0-46 allows attackers to cause a denial of service with a single request because there is no error handler in sails-hook-sockets to handle an empty pathname in a WebSocket request.
1412 CVE-2018-12371 190 Overflow 2020-07-09 2020-07-13
6.8
None Remote Medium Not required Partial Partial Partial
An integer overflow vulnerability in the Skia library when allocating memory for edge builders on some systems with at least 16 GB of RAM. This results in the use of uninitialized memory, resulting in a potentially exploitable crash. This vulnerability affects Firefox ESR < 60.1, Thunderbird < 60, and Firefox < 61.
1413 CVE-2017-18923 74 2020-07-29 2020-08-05
5.0
None Remote Low Not required Partial None None
beroNet VoIP Gateways before 3.0.16 have a PHP script that allows downloading arbitrary files, including ones with credentials.
1414 CVE-2017-1712 326 2020-07-01 2020-07-10
4.3
None Remote Medium Not required Partial None None
"A vulnerability in the TLS protocol implementation of the Domino server could allow an unauthenticated, remote attacker to access sensitive information, aka a Return of Bleichenbacher's Oracle Threat (ROBOT) attack. An attacker could iteratively query a server running a vulnerable TLS stack implementation to perform cryptanalytic operations that may allow decryption of previously captured TLS sessions."
1415 CVE-2017-1659 79 XSS 2020-07-01 2020-07-08
4.3
None Remote Medium Not required None Partial None
"HCL iNotes is susceptible to a Cross-Site Scripting (XSS) Vulnerability. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials."
1416 CVE-2016-7064 347 +Info 2020-07-21 2020-07-23
5.0
None Remote Low Not required Partial None None
A flaw was found in pritunl-client before version 1.0.1116.6. A lack of signature verification leads to sensitive information leakage
1417 CVE-2016-7063 22 Dir. Trav. 2020-07-21 2020-07-23
7.5
None Remote Low Not required Partial Partial Partial
A flaw was found in pritunl-client before version 1.0.1116.6. Arbitrary write to user specified path may lead to privilege escalation.
1418 CVE-2014-1422 732 2020-07-22 2020-08-09
1.9
None Local Medium Not required Partial None None
In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
Total number of vulnerabilities : 1418   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.