CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2020

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
251 CVE-2020-15098 327 Exec Code 2020-07-29 2021-11-18
6.5
None Remote Low ??? Partial Partial Partial
In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.20, and greater than or equal to 10.0.0 and less than 10.4.6, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. This allows to inject arbitrary data having a valid cryptographic message authentication code (HMAC-SHA1) and can lead to various attack chains including potential privilege escalation, insecure deserialization & remote code execution. The overall severity of this vulnerability is high based on mentioned attack chains and the requirement of having a valid backend user session (authenticated). This has been patched in versions 9.5.20 and 10.4.6.
252 CVE-2020-15096 Bypass 2020-07-07 2020-07-10
4.0
None Remote Low ??? None Partial None
In Electron before versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21, there is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. Apps using "contextIsolation" are affected. There are no app-side workarounds, you must update your Electron version to be protected. This is fixed in versions 6.1.1, 7.2.4, 8.2.4, and 9.0.0-beta21.
253 CVE-2020-15095 532 2020-07-07 2021-01-11
1.9
None Local Medium Not required Partial None None
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
254 CVE-2020-15093 347 2020-07-09 2021-10-26
5.0
None Remote Low Not required None Partial None
The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumvent TUF requiring a minimum threshold of unique signatures before the metadata is considered valid. A fix is available in version 0.7.1. CVE-2020-6174 is assigned to the same vulnerability in the TUF reference implementation.
255 CVE-2020-15092 79 XSS 2020-07-09 2020-07-28
3.5
None Remote Medium ??? None Partial None
In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whether the source data for the timeline is stored on Google Sheets or in a JSON configuration file. Most TimelineJS users configure their timeline with a Google Sheets document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if they grant public write access to the document. Some TimelineJS users configure their timeline with a JSON document. Those users are exposed to this vulnerability if they grant write access to the document to a malicious inside attacker, if the access of a trusted user is compromised, or if write access to the system hosting that document is otherwise compromised. Version 3.7.0 of TimelineJS addresses this in two ways. For content which is intended to support limited HTML markup for styling and linking, that content is "sanitized" before being added to the DOM. For content intended for simple text display, all markup is stripped. Very few users of TimelineJS actually install the TimelineJS code on their server. Most users publish a timeline using a URL hosted on systems we control. The fix for this issue is published to our system such that **those users will automatically begin using the new code**. The only exception would be users who have deliberately edited the embed URL to "pin" their timeline to an earlier version of the code. Some users of TimelineJS use it as a part of a wordpress plugin (knight-lab-timelinejs). Version 3.7.0.0 of that plugin and newer integrate the updated code. Users are encouraged to update the plugin rather than manually update the embedded version of TimelineJS.
256 CVE-2020-15091 347 2020-07-02 2020-07-08
4.0
None Remote Low ??? None None Partial
TenderMint from version 0.33.0 and before version 0.33.6 allows block proposers to include signatures for the wrong block. This may happen naturally if you start a network, have it run for some time and restart it (**without changing chainID**). A malicious block proposer (even with a minimal amount of stake) can use this vulnerability to completely halt the network. This issue is fixed in Tendermint 0.33.6 which checks all the signatures are for the block with 2/3+ majority before creating a commit.
257 CVE-2020-15086 Exec Code 2020-07-29 2021-11-18
7.5
None Remote Low Not required Partial Partial Partial
In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3.
258 CVE-2020-15083 79 XSS 2020-07-02 2020-07-02
4.3
None Remote Medium Not required None Partial None
In PrestaShop from version 1.7.0.0 and before version 1.7.6.6, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 1.7.6.6
259 CVE-2020-15082 2020-07-02 2020-07-02
7.5
None Remote Low Not required Partial Partial Partial
In PrestaShop from version 1.6.0.1 and before version 1.7.6.6, the dashboard allows rewriting all configuration variables. The problem is fixed in 1.7.6.6
260 CVE-2020-15081 200 +Info 2020-07-02 2020-07-02
5.0
None Remote Low Not required Partial None None
In PrestaShop from version 1.5.0.0 and before 1.7.6.6, there is information exposure in the upload directory. The problem is fixed in version 1.7.6.6. A possible workaround is to add an empty index.php file in the upload directory.
261 CVE-2020-15080 862 2020-07-02 2021-11-18
5.0
None Remote Low Not required Partial None None
In PrestaShop from version 1.7.4.0 and before version 1.7.6.6, some files should not be in the release archive, and others should not be accessible. The problem is fixed in version 1.7.6.6 A possible workaround is to make sure `composer.json` and `docker-compose.yml` are not accessible on your server.
262 CVE-2020-15079 2020-07-02 2021-10-07
5.5
None Remote Low ??? Partial Partial None
In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, there is improper access control in Carrier page, Module Manager and Module Positions. The problem is fixed in version 1.7.6.6
263 CVE-2020-15074 613 2020-07-14 2021-11-23
5.0
None Remote Low Not required None Partial None
OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp.
264 CVE-2020-15073 79 XSS 2020-07-08 2020-07-10
3.5
None Remote Medium ??? None Partial None
An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section.
265 CVE-2020-15072 89 Sql 2020-07-08 2020-07-10
6.5
None Remote Low ??? Partial Partial Partial
An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.
266 CVE-2020-15053 79 XSS 2020-07-20 2020-07-22
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects.
267 CVE-2020-15052 89 Sql 2020-07-20 2020-07-22
5.0
None Remote Low Not required Partial None None
An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields.
268 CVE-2020-15051 79 XSS 2020-07-15 2020-07-21
4.3
None Remote Medium Not required None Partial None
An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields.
269 CVE-2020-15050 22 Dir. Trav. 2020-07-13 2020-07-27
5.0
None Remote Low Not required Partial None None
An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.
270 CVE-2020-15037 79 Exec Code XSS 2020-07-07 2020-07-10
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.
271 CVE-2020-15036 79 Exec Code XSS 2020-07-07 2020-07-10
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.
272 CVE-2020-15035 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter.
273 CVE-2020-15034 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter.
274 CVE-2020-15033 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter.
275 CVE-2020-15032 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.
276 CVE-2020-15031 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.
277 CVE-2020-15030 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.
278 CVE-2020-15029 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.
279 CVE-2020-15028 79 Exec Code XSS 2020-07-07 2020-07-09
3.5
None Remote Medium ??? None Partial None
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.
280 CVE-2020-15027 287 Bypass 2020-07-16 2020-07-24
7.5
None Remote Low Not required Partial Partial Partial
ConnectWise Automate through 2020.x has insufficient validation on certain authentication paths, allowing authentication bypass via a series of attempts. This was patched in 2020.7 and in a hotfix for 2019.12.
281 CVE-2020-15009 426 Exec Code 2020-07-20 2020-07-29
4.4
None Local Medium Not required Partial Partial Partial
AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name.
282 CVE-2020-15008 89 Sql 2020-07-07 2020-07-16
6.0
None Remote Medium ??? Partial Partial Partial
A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user supplied table name with little validation, the table name can be modified to allow arbitrary update commands to be run. Usage of other SQL injection techniques such as timing attacks, it is possible to perform full data extraction as well. Patched in 2020.7 and in a hotfix for 2019.12.
283 CVE-2020-15001 200 +Info 2020-07-09 2021-07-21
2.9
None Local Network Medium Not required Partial None None
An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is intended to prevent unauthorized changes to OTP configurations. The access code is not checked when updating NFC specific components of the OTP configurations. This may allow an attacker to access configured OTPs and passwords stored in slots that were not configured by the user to be read over NFC, despite a user having set an access code. (Users who have not set an access code, or who have not configured the OTP slots, are not impacted by this issue.)
284 CVE-2020-15000 2020-07-09 2020-07-21
4.3
None Remote Medium Not required None Partial None
A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but it is disabled by default. A flaw in the implementation of OpenPGP sets the Reset Code to a known value upon initialization. If the retry counter for the Reset Code is set to non-zero without changing the Reset Code, this known value can be used to reset the User PIN. To set the retry counters, the Admin PIN is required.
285 CVE-2020-14982 89 Sql 2020-07-15 2020-07-22
4.0
None Remote Low ??? Partial None None
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 (affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter) allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database.
286 CVE-2020-14928 74 2020-07-17 2020-08-14
4.3
None Remote Medium Not required None Partial None
evolution-data-server (eds) through 3.36.3 has a STARTTLS buffering issue that affects SMTP and POP3. When a server sends a "begin TLS" response, eds reads additional data and evaluates it in a TLS context, aka "response injection."
287 CVE-2020-14725 2020-07-24 2021-05-26
4.0
None Remote Low ??? None None Partial
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
288 CVE-2020-14724 2020-07-15 2020-07-21
4.4
None Local Medium Not required Partial Partial Partial
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).
289 CVE-2020-14723 2020-07-15 2020-10-29
5.8
None Remote Medium Not required Partial Partial None
Vulnerability in the Oracle Help Technologies product of Oracle Fusion Middleware (component: Web UIX). Supported versions that are affected are 11.1.1.9.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Help Technologies. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Help Technologies, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Help Technologies accessible data as well as unauthorized update, insert or delete access to some of Oracle Help Technologies accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
290 CVE-2020-14722 DoS 2020-07-15 2020-07-21
5.1
None Remote High Not required Partial Partial Partial
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Communications Broker, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 5.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L).
291 CVE-2020-14721 DoS 2020-07-15 2020-07-21
6.5
None Remote Low ??? Partial Partial Partial
Vulnerability in the Oracle Enterprise Communications Broker product of Oracle Communications Applications (component: WebGUI). Supported versions that are affected are 3.0.0-3.2.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Communications Broker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Enterprise Communications Broker accessible data as well as unauthorized read access to a subset of Oracle Enterprise Communications Broker accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Communications Broker. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
292 CVE-2020-14720 2020-07-15 2020-07-20
4.0
None Remote Low ??? Partial None None
Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
293 CVE-2020-14719 2020-07-15 2020-07-20
4.0
None Remote Low ??? None Partial None
Vulnerability in the Oracle Internet Expenses product of Oracle E-Business Suite (component: Mobile Expenses Admin Utilities). Supported versions that are affected are 12.2.4-12.2.9. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Internet Expenses. While the vulnerability is in Oracle Internet Expenses, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Internet Expenses accessible data. CVSS 3.1 Base Score 7.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N).
294 CVE-2020-14718 2020-07-15 2020-07-20
6.5
None Remote Low ??? Partial Partial Partial
Vulnerability in the Oracle GraalVM Enterprise Edition product of Oracle GraalVM (component: JVMCI). Supported versions that are affected are 19.3.2 and 20.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in takeover of Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
295 CVE-2020-14717 2020-07-15 2020-07-20
4.3
None Remote Medium Not required None Partial None
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).
296 CVE-2020-14716 2020-07-15 2020-07-20
4.3
None Remote Medium Not required None Partial None
Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N).
297 CVE-2020-14715 2020-07-15 2021-02-17
2.1
None Local Low Not required None None Partial
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
298 CVE-2020-14714 2020-07-15 2021-02-17
2.1
None Local Low Not required None None Partial
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
299 CVE-2020-14713 2020-07-15 2021-02-16
4.4
None Local Medium Not required Partial Partial Partial
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
300 CVE-2020-14712 2020-07-15 2021-02-16
1.9
None Local Medium Not required None Partial None
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N).
Total number of vulnerabilities : 1418   Page : 1 2 3 4 5 6 (This Page)7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.