Export limit exceeded: 366936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366936 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11845 | 1 Microfocus | 1 Service Manager | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2020-11844 | 1 Microfocus | 1 Service Management Automation | 2024-11-21 | 10 Critical |
| Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to 2019.11. - ArcSight Investigate. versions 2.4.0, 3.0.0 and 3.1.0. - ArcSight Transformation Hub. versions 3.0.0, 3.1.0, 3.2.0. - ArcSight Interset. version 6.0.0. - ArcSight ESM (when ArcSight Fusion 1.0 is installed). version 7.2.1. - Service Management Automation (SMA). versions 2018.05 to 2020.02 - Operation Bridge Suite (Containerized). Versions 2018.05 to 2020.02. - Network Operation Management. versions 2017.11 to 2019.11. - Data Center Automation Containerized. versions 2018.05 to 2019.11 - Identity Intelligence. versions 1.1.0 and 1.1.1. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation. | ||||
| CVE-2020-11843 | 1 Netiq | 1 Access Manager | 2024-11-21 | 6.5 Medium |
| This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before | ||||
| CVE-2020-11842 | 1 Microfocus | 1 Verastream Host Integrator | 2024-11-21 | 7.5 High |
| Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. | ||||
| CVE-2020-11841 | 1 Microfocus | 1 Arcsight Management Center | 2024-11-21 | 4.3 Medium |
| Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | ||||
| CVE-2020-11840 | 1 Microfocus | 1 Arcsight Management Center | 2024-11-21 | 4.3 Medium |
| Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | ||||
| CVE-2020-11839 | 1 Microfocus | 1 Arcsight Logger | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | ||||
| CVE-2020-11838 | 1 Microfocus | 1 Arcsight Management Center | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure. | ||||
| CVE-2020-11836 | 2 Google, Oppo | 19 Android, A12, A15 and 16 more | 2024-11-21 | 5.5 Medium |
| OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no. | ||||
| CVE-2020-11835 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 5.5 Medium |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. | ||||
| CVE-2020-11834 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 5.5 Medium |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability. | ||||
| CVE-2020-11833 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 5.5 Medium |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability. | ||||
| CVE-2020-11832 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 5.5 Medium |
| In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability. | ||||
| CVE-2020-11831 | 1 Oppo | 1 Ovoicemanager | 2024-11-21 | 9.8 Critical |
| OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected product is com.oppo.ovoicemanager V2.0.1. | ||||
| CVE-2020-11830 | 1 Oppo | 1 Qualityprotect | 2024-11-21 | 9.8 Critical |
| QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. | ||||
| CVE-2020-11829 | 1 Oppo | 1 Coloros | 2024-11-21 | 9.8 Critical |
| Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. | ||||
| CVE-2020-11828 | 1 Oppo | 1 Coloros | 2024-11-21 | 7.5 High |
| In ColorOS (oppo mobile phone operating system, based on AOSP frameworks/native code position/services/surfaceflinger surfaceflinger.CPP), RGB is defined on the stack but uninitialized, so when the screenShot function to RGB value assignment, will not initialize the value is returned to the attackers, leading to values on the stack information leakage, the vulnerability can be used to bypass attackers ALSR. | ||||
| CVE-2020-11827 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| In GOG Galaxy 1.2.67, there is a service that is vulnerable to weak file/service permissions: GalaxyClientService.exe. An attacker can put malicious code in a Trojan horse GalaxyClientService.exe. After that, the attacker can re-start this service as an unprivileged user to escalate his/her privileges and run commands on the machine with SYSTEM rights. | ||||
| CVE-2020-11826 | 1 Appinghouse | 1 Memono | 2024-11-21 | 7.5 High |
| Users can lock their notes with a password in Memono version 3.8. Thus, users needs to know a password to read notes. However, these notes are stored in a database without encryption and an attacker can read the password-protected notes without having the password. Notes are stored in the ZENTITY table in the memono.sqlite database. | ||||
| CVE-2020-11825 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 8.8 High |
| In Dolibarr 10.0.6, forms are protected with a CSRF token against CSRF attacks. The problem is any CSRF token in any user's session can be used in another user's session. CSRF tokens should not be valid in this situation. | ||||