Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24216 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private.
|
|||||
| CVE-2020-24165 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.
|
|||||
| CVE-2020-24089 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS).
|
|||||
| CVE-2020-24088 | 2 Foxconn, Microsoft | 2 Live Update Utility, Windows | 2024-11-21 | N/A | 7.8 HIGH |
|
An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.
|
|||||
| CVE-2020-24003 | 1 Microsoft | 1 Skype | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access.
|
|||||
| CVE-2020-23864 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
|
An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escalation of privileges is possible by dropping a malicious DLL file into the WindowsApps folder.
|
|||||
| CVE-2020-23811 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java.
|
|||||
| CVE-2020-23768 | 1 Phpyun | 1 Phpyun | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and telephone numbers.
|
|||||
| CVE-2020-23741 | 1 Amoisoft | 1 Anyview | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD).
|
|||||
| CVE-2020-23738 | 1 Advancedsystemcare | 1 Advanced Systemcare | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD)
|
|||||
| CVE-2020-23736 | 1 Dadajiasu | 1 Dada Accelerator | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD).
|
|||||
| CVE-2020-23727 | 1 Antiy | 1 Antiy Zhijia Terminal Defense System | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD).
|
|||||
| CVE-2020-23726 | 1 Wisecleaner | 1 Wise Care 365 | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD).
|
|||||
| CVE-2020-23691 | 1 Yfcmf | 1 Yfcmf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php.
|
|||||
| CVE-2020-23680 | 1 Text2pdf Project | 1 Text2pdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts.
|
|||||
| CVE-2020-23580 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board.
|
|||||
| CVE-2020-23565 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850".
|
|||||
| CVE-2020-23562 | 1 Irfanview | 1 Irfanview | 2024-11-21 | N/A | 5.5 MEDIUM |
|
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe.
|
|||||
| CVE-2020-23561 | 1 Irfanview | 1 Irfanview | 2024-11-21 | N/A | 5.5 MEDIUM |
|
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722.
|
|||||
| CVE-2020-23549 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6".
|
|||||
| CVE-2020-23546 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981.
|
|||||
| CVE-2020-23545 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531.
|
|||||
| CVE-2020-23490 | 1 Wwbn | 1 Avideo | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file.
|
|||||
| CVE-2020-23469 | 1 Gmate Project | 1 Gmate | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin.
|
|||||
| CVE-2020-23361 | 1 Phplist | 1 Phplist | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
|
|||||
| CVE-2020-23356 | 1 Nibbleblog | 1 Nibbleblog | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
|
|||||
| CVE-2020-23355 | 1 Codiad | 1 Codiad | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate.
|
|||||
| CVE-2020-23315 | 1 Microsoft | 1 Chakracore | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta.
|
|||||
| CVE-2020-23160 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices.
|
|||||
| CVE-2020-22916 | 1 Tukaani | 1 Xz | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase.
|
|||||
| CVE-2020-22848 | 1 Chshcms | 1 Cscms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands.
|
|||||
| CVE-2020-22782 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance.
|
|||||
| CVE-2020-22612 | 1 Mybb | 1 Mybb | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Installer RCE on settings file write in MyBB before 1.8.22.
|
|||||
| CVE-2020-22597 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | N/A | 9.8 CRITICAL |
|
An issue in Jerrscript- project Jerryscrip v. 2.3.0 allows a remote attacker to execute arbitrary code via the ecma_builtin_array_prototype_object_slice parameter.
|
|||||
| CVE-2020-22552 | 1 Snap7 Project | 1 Snap7 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed.
|
|||||
| CVE-2020-22427 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time
|
|||||
| CVE-2020-22253 | 1 Xiongmaitech | 16 Ahb7008t-mh-v2, Ahb7008t-mh-v2 Firmware, Ahb7804r-els and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Xiongmai Technology Co devices AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS-V2, AHB7804R-LMS, and HI3518E_50H10L_S39 were all discovered to have port 9530 open which allows unauthenticated attackers to make arbitrary Telnet connections with the victim device.
|
|||||
| CVE-2020-22061 | 1 Superantispyware | 1 Superantispyware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
SUPERAntispyware v8.0.0.1050 was discovered to contain an issue in the component saskutil64.sys. This issue allows attackers to arbitrarily write data to the device via IOCTL 0x9C402140.
|
|||||
| CVE-2020-22057 | 1 Evga | 1 Precision Xoc | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
The WinRin0x64.sys and WinRing0.sys low-level drivers in EVGA Precision XOC version v6.2.7 were discovered to be configured with the default security descriptor which allows attackers to access sensitive components and data.
|
|||||
| CVE-2020-21865 | 1 Thinkphp50-cms Project | 1 Thinkphp50-cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.
|
|||||