Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1009 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists in the way that the Microsoft Store Install Service handles file operations in protected locations, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0934, CVE-2020-0983, CVE-2020-1011, CVE-2020-1015.
|
|||||
| CVE-2020-1008 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0953, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999.
|
|||||
| CVE-2020-1007 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0821.
|
|||||
| CVE-2020-1006 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1001, CVE-2020-1017.
|
|||||
| CVE-2020-1005 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0982, CVE-2020-0987.
|
|||||
| CVE-2020-1004 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists when the Windows Graphics Component improperly handles objects in memory, aka 'Windows Graphics Component Elevation of Privilege Vulnerability'.
|
|||||
| CVE-2020-1003 | 1 Microsoft | 5 Windows 10, Windows 8.1, Windows Rt 8.1 and 2 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1000, CVE-2020-1027.
|
|||||
| CVE-2020-1002 | 1 Microsoft | 12 Forefront Endpoint Protection 2010, Security Essentials, System Center Endpoint Protection and 9 more | 2024-11-21 | 6.6 MEDIUM | 7.1 HIGH |
|
An elevation of privilege vulnerability exists when the MpSigStub.exe for Defender allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Microsoft Defender Elevation of Privilege Vulnerability'.
|
|||||
| CVE-2020-1001 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists in the way the Windows Push Notification Service handles objects in memory, aka 'Windows Push Notification Service Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0940, CVE-2020-1006, CVE-2020-1017.
|
|||||
| CVE-2020-1000 | 1 Microsoft | 6 Windows 10, Windows 7, Windows Server 2008 and 3 more | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory, aka 'Windows Kernel Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0913, CVE-2020-1003, CVE-2020-1027.
|
|||||
| CVE-2020-19878 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
DBHcms v1.2.0 has a sensitive information leaks vulnerability as there is no security access control in /dbhcms/ext/news/ext.news.be.php, A remote unauthenticated attacker can exploit this vulnerability to get path information.
|
|||||
| CVE-2020-19767 | 1 Zeroxracer Project | 1 Zeroxracer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script.
|
|||||
| CVE-2020-19726 | 1 Gnu | 1 Binutils | 2024-11-21 | N/A | 8.8 HIGH |
|
An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service.
|
|||||
| CVE-2020-19676 | 1 Alibaba | 1 Nacos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Nacos 1.1.4 is affected by: Incorrect Access Control. An environment can be set up locally to get the service details interface. Then other Nacos service names can be accessed through the service list interface. Service details can then be accessed when not logged in. (detail:https://github.com/alibaba/nacos/issues/2284)
|
|||||
| CVE-2020-19640 | 1 Insma | 2 Wifi Mini Spy 1080p Hd Security Ip Camera, Wifi Mini Spy 1080p Hd Security Ip Camera Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in INSMA Wifi Mini Spy 1080P HD Security IP Camera 1.9.7 B. An unauthenticated attacker can reboot the device causing a Denial of Service, via a hidden reboot command to '/media/?action=cmd'.
|
|||||
| CVE-2020-19625 | 1 Gridx Project | 1 Gridx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Remote Code Execution Vulnerability in tests/support/stores/test_grid_filter.php in oria gridx 1.3, allows remote attackers to execute arbitrary code, via crafted value to the $query parameter.
|
|||||
| CVE-2020-19498 | 1 Struktur | 1 Libheif | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts.
|
|||||
| CVE-2020-19492 | 1 Sam2p Project | 1 Sam2p | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact.
|
|||||
| CVE-2020-18980 | 1 Halo | 1 Halo | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Remote Code Executon vulnerability in Halo 0.4.3 via the remoteAddr and themeName parameters.
|
|||||
| CVE-2020-18439 | 1 Phpok | 1 Phpok | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An issue was discoverered in in function edit_save_f in framework/admin/tpl_control.php in qinggan phpok 5.1, allows attackers to write arbitrary files or get a shell.
|
|||||
| CVE-2020-18184 | 1 Pluxxml | 1 Pluxxml | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
In PluxXml V5.7,the theme edit function /PluXml/core/admin/parametres_edittpl.php allows remote attackers to execute arbitrary PHP code by placing this code into a template.
|
|||||
| CVE-2020-18174 | 1 Autohotkey | 1 Autohotkey | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A process injection vulnerability in setup.exe of AutoHotkey 1.1.32.00 allows attackers to escalate privileges.
|
|||||
| CVE-2020-18078 | 1 Sem-cms | 1 Semcms | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.
|
|||||
| CVE-2020-17952 | 1 Twothink Project | 1 Twothink | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A remote code execution (RCE) vulnerability in /library/think/App.php of Twothink v2.0 allows attackers to execute arbitrary PHP code.
|
|||||
| CVE-2020-17753 | 2 Rc Project, Rcpro Project | 2 Rc, Rcpro | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in function addMeByRC in the smart contract implementation for RC, an Ethereum token, allows attackers to transfer an arbitrary amount of tokens to an arbitrary address.
|
|||||
| CVE-2020-17526 | 1 Apache | 1 Airflow | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
|
Incorrect Session Validation in Apache Airflow Webserver versions prior to 1.10.14 with default config allows a malicious airflow user on site A where they log in normally, to access unauthorized Airflow Webserver on Site B through the session from Site A. This does not affect users who have changed the default value for `[webserver] secret_key` config.
|
|||||
| CVE-2020-17520 | 1 Apache | 1 Pulsar Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's admin, permission verification mechanism by constructing special URLs, thereby accessing any HTTP API.
|
|||||
| CVE-2020-17508 | 1 Apache | 1 Traffic Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.
|
|||||
| CVE-2020-17497 | 1 Intel | 1 Inet Wireless Daemon | 2024-11-21 | 4.8 MEDIUM | 8.1 HIGH |
|
eapol.c in iNet wireless daemon (IWD) through 1.8 allows attackers to trigger a PTK reinstallation by retransmitting EAPOL Msg4/4.
|
|||||
| CVE-2020-17487 | 2 Fedoraproject, Radare | 2 Fedora, Radare2 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
radare2 4.5.0 misparses signature information in PE files, causing a segmentation fault in r_x509_parse_algorithmidentifier in libr/util/x509.c. This is due to a malformed object identifier in IMAGE_DIRECTORY_ENTRY_SECURITY.
|
|||||
| CVE-2020-17485 | 1 Uffizio | 1 Gps Tracker | 2024-11-21 | N/A | 9.8 CRITICAL |
|
A Remote Code Execution vulnerability exist in Uffizio's GPS Tracker all versions. The web server can be compromised by uploading and executing a web/reverse shell. An attacker could then run commands, browse system files, and browse local resources
|
|||||
| CVE-2020-17483 | 1 Uffizio | 1 Gps Tracker | 2024-11-21 | N/A | 7.5 HIGH |
|
An improper access control vulnerability exists in Uffizio's GPS Tracker all versions that lead to sensitive information disclosure of all the connected devices. By visiting the vulnerable host at port 9000, we see it responds with a JSON body that has all the details about the devices which have been deployed.
|
|||||
| CVE-2020-17355 | 1 Arista | 1 Eos | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
|
Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (restart of agents) by crafting a malformed DHCP packet which leads to an incorrect route being installed.
|
|||||
| CVE-2020-17353 | 4 Debian, Fedoraproject, Lilypond and 1 more | 5 Debian Linux, Fedora, Lilypond and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
scm/define-stencil-commands.scm in LilyPond through 2.20.0, and 2.21.x through 2.21.4, when -dsafe is used, lacks restrictions on embedded-ps and embedded-svg, as demonstrated by including dangerous PostScript code.
|
|||||
| CVE-2020-17162 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Microsoft Windows Security Feature Bypass Vulnerability
|
|||||
| CVE-2020-17110 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
HEVC Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2020-17109 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
HEVC Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2020-17108 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
HEVC Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2020-17107 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
HEVC Video Extensions Remote Code Execution Vulnerability
|
|||||
| CVE-2020-17106 | 1 Microsoft | 1 Hevc Video Extensions | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
HEVC Video Extensions Remote Code Execution Vulnerability
|
|||||