Total
9858 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24377 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3. | |||||
| CVE-2020-24376 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebox Server before 4.2.3. | |||||
| CVE-2020-24374 | 1 Free | 2 Freebox Hd, Freebox Hd Firmware | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| A DNS rebinding vulnerability in Freebox v5 before 1.5.29. | |||||
| CVE-2020-24359 | 1 Hashicorp | 1 Vault-ssh-helper | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0. | |||||
| CVE-2020-24074 | 1 Silk-v3-decoder Project | 1 Silk-v3-decoder | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. | |||||
| CVE-2020-1986 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows. | |||||
| CVE-2020-1984 | 2 Microsoft, Paloaltonetworks | 2 Windows, Secdo | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows. | |||||
| CVE-2020-1976 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 4.9 MEDIUM | 4.7 MEDIUM |
| A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS. | |||||
| CVE-2020-1890 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A URL validation issue in WhatsApp for Android prior to v2.20.11 and WhatsApp Business for Android prior to v2.20.2 could have caused the recipient of a sticker message containing deliberately malformed data to load an image from a sender-controlled URL without user interaction. | |||||
| CVE-2020-1880 | 1 Huawei | 2 Lion-al00c, Lion-al00c Firmware | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Huawei smartphone Lion-AL00C with versions earlier than 10.0.0.205(C00E202R7P2) have a denial of service vulnerability. An attacker crafted specially file to the affected device. Due to insufficient input validation of the value when executing the file, successful exploit may cause device abnormal. | |||||
| CVE-2020-1828 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; and Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have an input validation vulnerability where the IPSec module does not validate a field in a specific message. Attackers can send specific message to cause out-of-bound read, compromising normal service. | |||||
| CVE-2020-1825 | 1 Huawei | 1 Fusionaccess | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| FusionAccess with versions earlier than 6.5.1.SPC002 have a Denial of Service (DoS) vulnerability. Due to insufficient verification on specific input, attackers can exploit this vulnerability by sending constructed messages to the affected device through another device on the same network. Successful exploit could cause affected devices to be abnormal. | |||||
| CVE-2020-1811 | 1 Huawei | 1 Gaussdb 200 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. | |||||
| CVE-2020-1757 | 1 Redhat | 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Fuse and 3 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in all undertow-2.x.x SP1 versions prior to undertow-2.0.30.SP1, all undertow-1.x.x and undertow-2.x.x versions prior to undertow-2.1.0.Final, where the Servlet container causes servletPath to normalize incorrectly by truncating the path after semicolon which may lead to an application mapping resulting in the security bypass. | |||||
| CVE-2020-1756 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 7.2 HIGH |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, insufficient input escaping was applied to the PHP unit webrunner admin tool. | |||||
| CVE-2020-1747 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 4 Fedora, Leap, Communications Cloud Native Core Network Function Cloud Native Environment and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor. | |||||
| CVE-2020-1732 | 1 Redhat | 4 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Continuous Delivery, Openshift Application Runtimes and 1 more | 2024-11-21 | 4.9 MEDIUM | 4.2 MEDIUM |
| A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request. | |||||
| CVE-2020-1727 | 1 Redhat | 1 Keycloak | 2024-11-21 | 5.5 MEDIUM | 6.4 MEDIUM |
| A vulnerability was found in Keycloak before 9.0.2, where every Authorization URL that points to an IDP server lacks proper input validation as it allows a wide range of characters. This flaw allows a malicious to craft deep links that introduce further attack scenarios on affected clients. | |||||
| CVE-2020-1714 | 2 Quarkus, Redhat | 7 Quarkus, Decision Manager, Jboss Fuse and 4 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution. | |||||
| CVE-2020-1682 | 1 Juniper | 7 Junos, Nfx150, Nfx250 and 4 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An input validation vulnerability exists in Juniper Networks Junos OS, allowing an attacker to crash the srxpfe process, causing a Denial of Service (DoS) through the use of specific maintenance commands. The srxpfe process restarts automatically, but continuous execution of the commands could lead to an extended Denial of Service condition. This issue only affects the SRX1500, SRX4100, SRX4200, NFX150, NFX250, and vSRX-based platforms. No other products or platforms are affected by this vulnerability. This issue affects Juniper Networks Junos OS: 15.1X49 versions prior to 15.1X49-D220 on SRX1500, SRX4100, SRX4200, vSRX; 17.4 versions prior to 17.4R3-S3 on SRX1500, SRX4100, SRX4200, vSRX; 18.1 versions prior to 18.1R3-S11 on SRX1500, SRX4100, SRX4200, vSRX, NFX150; 18.2 versions prior to 18.2R3-S5 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.1 versions prior to 19.1R3-S2 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250; 19.2 versions prior to 19.2R1-S5, 19.2R3 on SRX1500, SRX4100, SRX4200, vSRX, NFX150, NFX250. This issue does not affect Junos OS 19.3 or any subsequent version. | |||||