Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5875 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On BIG-IP 15.0.0-15.0.1 and 14.1.0-14.1.2.3, under certain conditions, the Traffic Management Microkernel (TMM) may generate a core file and restart while processing SSL traffic with an HTTP/2 full proxy.
|
|||||
| CVE-2020-5874 | 1 F5 | 1 Big-ip Access Policy Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On BIG-IP APM 15.0.0-15.0.1.2, 14.1.0-14.1.2.3, and 14.0.0-14.0.1, in certain circumstances, an attacker sending specifically crafted requests to a BIG-IP APM virtual server may cause a disruption of service provided by the Traffic Management Microkernel(TMM).
|
|||||
| CVE-2020-5873 | 1 F5 | 12 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 9 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.3, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.1-11.6.5 and BIG-IQ 5.2.0-7.1.0, a user associated with the Resource Administrator role who has access to the secure copy (scp) utility but does not have access to Advanced Shell (bash) can execute arbitrary commands using a maliciously crafted scp request.
|
|||||
| CVE-2020-5872 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On BIG-IP 14.1.0-14.1.2.3, 14.0.0-14.0.1, 13.1.0-13.1.3.1, and 12.1.0-12.1.4.1, when processing TLS traffic with hardware cryptographic acceleration enabled on platforms with Intel QAT hardware, the Traffic Management Microkernel (TMM) may stop responding and cause a failover event.
|
|||||
| CVE-2020-5871 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On BIG-IP 14.1.0-14.1.2.3, undisclosed requests can lead to a denial of service (DoS) when sent to BIG-IP HTTP/2 virtual servers. The problem can occur when ciphers, which have been blacklisted by the HTTP/2 RFC, are used on backend servers. This is a data-plane issue. There is no control-plane exposure.
|
|||||
| CVE-2020-5863 | 2 F5, Netapp | 2 Nginx Controller, Cloud Backup | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
|
In NGINX Controller versions prior to 3.2.0, an unauthenticated attacker with network access to the Controller API can create unprivileged user accounts. The user which is created is only able to upload a new license to the system but cannot view or modify any other components of the system.
|
|||||
| CVE-2020-5862 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On BIG-IP 15.1.0-15.1.0.1, 15.0.0-15.0.1.1, and 14.1.0-14.1.2.2, under certain conditions, TMM may crash or stop processing new traffic with the DPDK/ENA driver on AWS systems while sending traffic. This issue does not affect any other platforms, hardware or virtual, or any other cloud provider since the affected driver is specific to AWS.
|
|||||
| CVE-2020-5859 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.
|
|||||
| CVE-2020-5858 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 11 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
On BIG-IP 15.0.0-15.0.1.2, 14.1.0-14.1.2.2, 13.1.0-13.1.3.2, 12.1.0-12.1.5, and 11.5.2-11.6.5.1 and BIG-IQ 7.0.0, 6.0.0-6.1.0, and 5.2.0-5.4.0, users with non-administrator roles (for example, Guest or Resource Administrator) with tmsh shell access can execute arbitrary commands with elevated privilege via a crafted tmsh command.
|
|||||
| CVE-2020-5857 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On BIG-IP 15.0.0-15.0.1, 14.1.0-14.1.2.2, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.5.2-11.6.5.1, undisclosed HTTP behavior may lead to a denial of service.
|
|||||
| CVE-2020-5856 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
On BIG-IP 15.0.0-15.0.1.1 and 14.1.0-14.1.2.2, while processing specifically crafted traffic using the default 'xnet' driver, Virtual Edition instances hosted in Amazon Web Services (AWS) may experience a TMM restart.
|
|||||
| CVE-2020-5855 | 2 F5, Microsoft | 3 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client, Windows | 2024-11-21 | 4.6 MEDIUM | 4.3 MEDIUM |
|
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client for Windows, unauthorized users who have physical access to an authorized user's machine can get shell access under unprivileged user.
|
|||||
| CVE-2020-5854 | 1 F5 | 17 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 14 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
On BIG-IP 15.0.0-15.0.1.1, 14.1.0-14.1.2.2, 14.0.0-14.0.1, 13.1.0-13.1.3.1, 12.1.0-12.1.5, and 11.6.0-11.6.5.1, the tmm crashes under certain circumstances when using the connector profile if a specific sequence of connections are made.
|
|||||
| CVE-2020-5852 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Undisclosed traffic patterns received may cause a disruption of service to the Traffic Management Microkernel (TMM). This vulnerability affects TMM through a virtual server configured with a FastL4 profile. Traffic processing is disrupted while TMM restarts. This issue only impacts specific engineering hotfixes. NOTE: This vulnerability does not affect any of the BIG-IP major, minor or maintenance releases you obtained from downloads.f5.com. The affected Engineering Hotfix builds are as follows: ...
Show More |
|||||
| CVE-2020-5839 | 1 Symantec | 1 Endpoint Detection And Response | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Symantec Endpoint Detection And Response, prior to 4.4, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data.
|
|||||
| CVE-2020-5836 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
|
Symantec Endpoint Protection, prior to 14.3, can potentially reset the ACLs on a file as a limited user while Symantec Endpoint Protection's Tamper Protection feature is disabled.
|
|||||
| CVE-2020-5832 | 1 Symantec | 1 Data Center Security | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Symantec Data Center Security Manager Component, prior to 6.8.2 (aka 6.8 MP2), may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
|
|||||
| CVE-2020-5825 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an arbitrary file write vulnerability, which is a type of issue whereby an attacker is able to overwrite existing files on the resident system without proper privileges.
|
|||||
| CVE-2020-5824 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a denial of service vulnerability, which is a type of issue whereby a threat actor attempts to tie up the resources of a resident application, thereby making certain functions unavailable.
|
|||||
| CVE-2020-5823 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
|
|||||
| CVE-2020-5822 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
|
|||||
| CVE-2020-5820 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
|
|||||
| CVE-2020-5808 | 1 Tenable | 1 Tenable.sc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
|
|||||
| CVE-2020-5794 | 2 Microsoft, Tenable | 2 Windows, Nessus Network Monitor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.
|
|||||
| CVE-2020-5793 | 2 Microsoft, Tenable | 3 Windows, Nessus, Nessus Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
A vulnerability in Nessus versions 8.9.0 through 8.12.0 for Windows & Nessus Agent 8.0.0 and 8.1.0 for Windows could allow an authenticated local attacker to copy user-supplied files to a specially constructed path in a specifically named user directory. An attacker could exploit this vulnerability by creating a malicious file and copying the file to a system directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability.
|
|||||
| CVE-2020-5782 | 1 Ignitenet | 1 Helios Glinq | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
In IgniteNet HeliOS GLinq v2.2.1 r2961, if a user logs in and sets the ‘wan_type’ parameter, the wan interface for the device will become unreachable, which results in a denial of service condition for devices dependent on this connection.
|
|||||
| CVE-2020-5742 | 1 Plex | 1 Media Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.
|
|||||
| CVE-2020-5665 | 1 Mitsubishielectric | 2 Melsec Iq-f Fx5u Cpu, Melsec Iq-f Fx5u Cpu Firmware | 2024-11-21 | 3.3 LOW | 7.4 HIGH |
|
Improper check or handling of exceptional conditions in MELSEC iQ-F series FX5U(C) CPU unit firmware version 1.060 and earlier allows an attacker to cause a denial-of-service (DoS) condition on program execution and communication by sending a specially crafted ARP packet.
|
|||||
| CVE-2020-5658 | 1 Mitsubishielectric | 10 Melsec Iq-rd81dl96, Melsec Iq-rd81dl96 Firmware, Melsec Iq-rd81mes96n and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Resource Management Errors vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server ...
Show More |
|||||
| CVE-2020-5649 | 1 Mitsubishielectric | 6 Coreos, Gt1450-qlbde, Gt1450-qmbde and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Resource management error vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products via a specia ...
Show More |
|||||
| CVE-2020-5640 | 1 Onethird | 1 Onethird | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.
|
|||||
| CVE-2020-5634 | 1 Elecom | 8 Wrc-1167gst2, Wrc-1167gst2 Firmware, Wrc-1750gst2 and 5 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
ELECOM LAN routers (WRC-2533GST2 firmware versions prior to v1.14, WRC-1900GST2 firmware versions prior to v1.14, WRC-1750GST2 firmware versions prior to v1.14, and WRC-1167GST2 firmware versions prior to v1.10) allow an attacker on the same network segment to execute arbitrary OS commands with a root privilege via unspecified vectors.
|
|||||
| CVE-2020-5632 | 1 Nec | 1 Infocage Siteshell | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
InfoCage SiteShell series (Host type SiteShell for IIS V1.4, V1.5, and V1.6, Host type SiteShell for IIS prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1, Host type SiteShell for Apache Windows V1.4, V1.5, and V1.6, and Host type SiteShell for Apache Windows prior to revision V2.0.0.6, V2.1.0.7, V2.1.1.6, V3.0.0.11, V4.0.0.6, V4.1.0.5, and V4.2.0.1) allow authenticated attackers to bypass access restriction and to execute arbitrary code with an elevated ...
Show More |
|||||
| CVE-2020-5629 | 1 Uniqlo | 1 Uniqlo | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via a malicious App created by the third party. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
|
|||||
| CVE-2020-5628 | 1 Uniqlo | 1 Uniqlo | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
UNIQLO App for Android versions 7.3.3 and earlier allows remote attackers to lead a user to access an arbitrary website via the vulnerable App. As a result, if the access destination is a malicious website, the user may fall victim to the social engineering attack.
|
|||||
| CVE-2020-5604 | 1 Mercari | 1 Mercari | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
|
Android App 'Mercari' (Japan version) prior to version 3.52.0 allows arbitrary method execution of a Java object by a remote attacker via a Man-In-The-Middle attack by using Java Reflection API of JavaScript code on WebView.
|
|||||
| CVE-2020-5600 | 1 Mitsubishielectric | 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a resource management error vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet.
|
|||||
| CVE-2020-5598 | 1 Mitsubishielectric | 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains an improper access control vulnerability, which may which may allow a remote attacker tobypass access restriction and stop the network functions of the products or execute a malicious program via a specially crafted packet.
|
|||||
| CVE-2020-5587 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
Cybozu Garoon 4.0.0 to 5.0.1 allow remote authenticated attackers to obtain unintended information via unspecified vectors.
|
|||||
| CVE-2020-5584 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cybozu Garoon 4.0.0 to 5.0.1 allow remote attackers to obtain unintended information via unspecified vectors.
|
|||||