Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10622 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users
|
|||||
| CVE-2020-10592 | 2 Opensuse, Torproject | 3 Backports, Leap, Tor | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
|
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
|
|||||
| CVE-2020-10591 | 1 Walmart | 1 Concord | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey.
|
|||||
| CVE-2020-10590 | 1 Replicated | 1 Replicated Classic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
|
|||||
| CVE-2020-10587 | 2 Antixlinux, Mxlinux | 2 Antix Linux, Mx Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.
|
|||||
| CVE-2020-10578 | 1 Q-cms | 1 Qcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
|
|||||
| CVE-2020-10570 | 1 Telegram | 1 Telegram | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature.
|
|||||
| CVE-2020-10558 | 1 Tesla | 1 Model 3 Web Interface | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
|
The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen.
|
|||||
| CVE-2020-10541 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108.
|
|||||
| CVE-2020-10535 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address.
|
|||||
| CVE-2020-10519 | 1 Github | 1 Github | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability a ...
Show More |
|||||
| CVE-2020-10518 | 1 Github | 1 Github | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability a ...
Show More |
|||||
| CVE-2020-10517 | 1 Github | 1 Github | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
|
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitH ...
Show More |
|||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information.
|
|||||
| CVE-2020-10383 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module.
|
|||||
| CVE-2020-10382 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler.
|
|||||
| CVE-2020-10284 | 1 Ufactory | 1 Xarm Studio | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session.
|
|||||
| CVE-2020-10268 | 1 Kuka | 2 Kr C4, Kr C4 Firmware | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
|
Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs.
|
|||||
| CVE-2020-10262 | 1 Mi | 2 Xiaomi Xiaoai Speaker Pro Lx06, Xiaomi Xiaoai Speaker Pro Lx06 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
|
An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on ...
Show More |
|||||
| CVE-2020-10256 | 1 1password | 2 Command Line Interface, Scim | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
|
An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption.
|
|||||
| CVE-2020-10249 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3.
|
|||||
| CVE-2020-10234 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
|
The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are ...
Show More |
|||||
| CVE-2020-10222 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document.
|
|||||
| CVE-2020-10122 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
|
cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547).
|
|||||
| CVE-2020-10120 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545).
|
|||||
| CVE-2020-10119 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544).
|
|||||
| CVE-2020-10118 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543).
|
|||||
| CVE-2020-10117 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542).
|
|||||
| CVE-2020-10115 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
|
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
|
|||||
| CVE-2020-10110 | 1 Citrix | 1 Gateway Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive
|
|||||
| CVE-2020-10100 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket data from other companies. Due to the multi-tenant nature of this application, users who can access ticket details from one organization to the next allows for users to exfiltrate potentially sensitive dat ...
Show More |
|||||
| CVE-2020-10085 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles.
|
|||||
| CVE-2020-10084 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace
|
|||||
| CVE-2020-10082 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered.
|
|||||
| CVE-2020-10081 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user.
|
|||||
| CVE-2020-10080 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group.
|
|||||
| CVE-2020-10074 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link.
|
|||||
| CVE-2020-10073 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page.
|
|||||
| CVE-2020-10054 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The affected application does not properly handle the import of large configuration files. A local attacker could import a specially crafted file which could lead to a denial-of-service condition of the application service.
|
|||||
| CVE-2020-10013 | 1 Apple | 4 Ipados, Iphone Os, Mac Os X and 1 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.
|
|||||