Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24904 | 1 Davesteele | 1 Gnome-gmail | 2024-11-21 | N/A | 6.5 MEDIUM |
|
An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link.
|
|||||
| CVE-2020-24827 | 1 Libelfin Project | 1 Libelfin | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
|
|||||
| CVE-2020-24743 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter.
|
|||||
| CVE-2020-24742 | 1 Qt | 1 Qt | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
|
|||||
| CVE-2020-24721 | 2 Apple, Google | 2 Exposure Notifications, Exposure Notifications | 2024-11-21 | 3.3 LOW | 5.7 MEDIUM |
|
An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework.
|
|||||
| CVE-2020-24705 | 1 Wso2 | 6 Api Manager, Api Manager Analytics, Identity Server and 3 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0.
|
|||||
| CVE-2020-24703 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.
|
|||||
| CVE-2020-24697 | 1 Powerdns | 1 Authoritative | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature.
|
|||||
| CVE-2020-24693 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization.
|
|||||
| CVE-2020-24678 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges.
|
|||||
| CVE-2020-24676 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
In Symphony Plus Operations and Symphony Plus Historian, some services can be vulnerable to privilege escalation attacks. An unprivileged (but authenticated) user could execute arbitrary code and result in privilege escalation, depending on the user that the service runs as.
|
|||||
| CVE-2020-24653 | 1 Expo | 1 Expo | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
|
secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used.
|
|||||
| CVE-2020-24640 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
There is a vulnerability caused by insufficient input validation that allows for arbitrary command execution in a containerized environment within Airwave Glass before 1.3.3. Successful exploitation can lead to complete compromise of the underlying host operating system.
|
|||||
| CVE-2020-24638 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the glassadmin cli. These allow for a user with glassadmin privileges to execute arbitrary code as root on the underlying host operating system.
|
|||||
| CVE-2020-24637 | 1 Arubanetworks | 15 7005, 7008, 7010 and 12 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Successful exploitation of this vulnerability this could lead to remote compromise of system integrity by allowing an attacker to load an untrusted or modified kernel in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4. ...
Show More |
|||||
| CVE-2020-24632 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
|
|||||
| CVE-2020-24631 | 1 Arubanetworks | 1 Airwave Glass | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software version(s): Prior to 1.3.2.
|
|||||
| CVE-2020-24630 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
|
|||||
| CVE-2020-24618 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.65515, and 2019.3.65516, an attacker can retrieve an issue description without appropriate access.
|
|||||
| CVE-2020-24595 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.
|
|||||
| CVE-2020-24585 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.
|
|||||
| CVE-2020-24567 | 1 Voidtools | 1 Everything | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error
|
|||||
| CVE-2020-24513 | 3 Debian, Intel, Siemens | 71 Debian Linux, Atom C3308, Atom C3336 and 68 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
|
Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2020-24503 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 may allow an authenticated user to potentially enable information disclosure via local access.
|
|||||
| CVE-2020-24497 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-24495 | 1 Intel | 33 Ethernet Network Adapter 700 Firmware, Ethernet Network Adapter V710-at2, Ethernet Network Adapter X710-am2 and 30 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-24494 | 1 Intel | 4 Ethernet Network Adapter X722-da2, Ethernet Network Adapter X722-da2 Firmware, Ethernet Network Adapter X722-da4 and 1 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-24493 | 1 Intel | 33 Ethernet Network Adapter 700 Firmware, Ethernet Network Adapter V710-at2, Ethernet Network Adapter X710-am2 and 30 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 8.0 may allow a privileged user to potentially enable denial of service via local access.
|
|||||
| CVE-2020-24492 | 1 Intel | 4 Ethernet Network Adapter X722-da2, Ethernet Network Adapter X722-da2 Firmware, Ethernet Network Adapter X722-da4 and 1 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version 1.5 may allow a privileged user to potentially enable a denial of service via local access.
|
|||||
| CVE-2020-24490 | 2 Bluez, Linux | 2 Bluez, Linux Kernel | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
|
Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial of service via adjacent access. This affects all Linux kernel versions that support BlueZ.
|
|||||
| CVE-2020-24482 | 1 Intel | 2 Xmm 7360, Xmm 7360 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may allow unauthenticated user to potentially enable denial of service via network access.
|
|||||
| CVE-2020-24457 | 1 Intel | 100 Core I7-10510u, Core I7-10510u Firmware, Core I7-10510y and 97 more | 2024-11-21 | 4.6 MEDIUM | 7.6 HIGH |
|
Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access.
|
|||||
| CVE-2020-24391 | 1 Mongo-express Project | 1 Mongo-express | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsafe way. NOTE: this may overlap CVE-2019-10769.
|
|||||
| CVE-2020-24384 | 1 A10networks | 2 Advanced Core Operating System, Agalaxy | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected.
|
|||||
| CVE-2020-24366 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for Android via application backups.
|
|||||
| CVE-2020-24333 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.
|
|||||
| CVE-2020-24285 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx.
|
|||||
| CVE-2020-24246 | 1 Peplink | 110 Balance 1350, Balance 1350 Firmware, Balance 20 and 107 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin.
|
|||||
| CVE-2020-24242 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory.
|
|||||
| CVE-2020-24231 | 1 Jumpmind | 1 Symmetricds | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution.
|
|||||