Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25737 | 2 Hackolade, Microsoft | 2 Hackolade, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application.
|
|||||
| CVE-2020-25736 | 1 Acronis | 1 True Image | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.
|
|||||
| CVE-2020-25698 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10.
|
|||||
| CVE-2020-25612 | 1 Mitel | 1 Micollab | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
|
The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information.
|
|||||
| CVE-2020-25610 | 1 Mitel | 1 Micollab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes.
|
|||||
| CVE-2020-25601 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the pro ...
Show More |
|||||
| CVE-2020-25594 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7.
|
|||||
| CVE-2020-25400 | 1 Taskcafe Project | 1 Taskcafe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token.
|
|||||
| CVE-2020-25286 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public.
|
|||||
| CVE-2020-25281 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020).
|
|||||
| CVE-2020-25280 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
|
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020).
|
|||||
| CVE-2020-25265 | 1 Appimage | 1 Libappimage | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components.
|
|||||
| CVE-2020-25255 | 1 Hyland | 1 Onbase | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry.
|
|||||
| CVE-2020-25250 | 1 Hyland | 1 Onbase | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs.
|
|||||
| CVE-2020-25249 | 1 Hyland | 1 Onbase | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations.
|
|||||
| CVE-2020-25210 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriate access grants.
|
|||||
| CVE-2020-25209 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to information disclosure via the REST API.
|
|||||
| CVE-2020-25207 | 1 Jetbrains | 1 Toolbox | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler.
|
|||||
| CVE-2020-25201 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can be triggered to cause denial of service via infinite Raft writes. Fixed in 1.7.9 and 1.8.5.
|
|||||
| CVE-2020-25069 | 1 Usvn | 1 Usvn | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view.
|
|||||
| CVE-2020-25064 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Certain automated testing is mishandled. The LG ID is LVE-SMP-200019 (August 2020).
|
|||||
| CVE-2020-25062 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider allows a bypass of intended privilege restrictions. The LG ID is LVE-SMP-200017 (July 2020).
|
|||||
| CVE-2020-25061 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020).
|
|||||
| CVE-2020-25060 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Local users can gain privileges because of LAF and SBL1 flaws. The LG ID is LVE-SMP-200015 (July 2020).
|
|||||
| CVE-2020-25058 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020).
|
|||||
| CVE-2020-25057 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020).
|
|||||
| CVE-2020-25053 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020).
|
|||||
| CVE-2020-25051 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppInfo. The Samsung ID is SVE-2020-17758 (August 2020).
|
|||||
| CVE-2020-25050 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020).
|
|||||
| CVE-2020-25049 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService has insufficient DEX access control. The Samsung ID is SVE-2020-17797 (August 2020).
|
|||||
| CVE-2020-25047 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020).
|
|||||
| CVE-2020-25044 | 1 Kaspersky | 1 Virus Removal Tool | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.
|
|||||
| CVE-2020-25043 | 1 Kaspersky | 1 Vpn Secure Connection | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
|
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
|
|||||
| CVE-2020-25035 | 1 Ucopia | 1 Express Wireless Appliance | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322.
|
|||||
| CVE-2020-25026 | 1 Derhansen | 1 Event Management And Registration | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control.
|
|||||
| CVE-2020-25018 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
|
|||||
| CVE-2020-25013 | 1 Jetbrains | 1 Toolbox | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
|
|||||
| CVE-2020-24981 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS.
|
|||||
| CVE-2020-24949 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
|
|||||
| CVE-2020-24930 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
|
Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files.
|
|||||