Total
9858 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14955 | 1 Jiangmin | 1 Jiangmin Antivirus | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In Jiangmin Antivirus 16.0.13.129, the driver file (KVFG.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x220440. | |||||
| CVE-2020-14939 | 1 Freedroid | 1 Freedroidrpg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading. | |||||
| CVE-2020-14513 | 1 Wibu | 1 Codemeter | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| CodeMeter (All versions prior to 6.81) and the software using it may crash while processing a specifically crafted license file due to unverified length fields. | |||||
| CVE-2020-14503 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech iView, versions 5.6 and prior, has an improper input validation vulnerability. Successful exploitation of this vulnerability could allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-14459 | 1 Mattermost | 1 Mattermost Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Server before 5.19.0. Attackers can rename a channel and cause a collision with a direct message, aka MMSA-2020-0002. | |||||
| CVE-2020-14343 | 2 Oracle, Pyyaml | 2 Communications Cloud Native Core Network Function Cloud Native Environment, Pyyaml | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747. | |||||
| CVE-2020-14338 | 1 Redhat | 1 Xerces | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A flaw was found in Wildfly's implementation of Xerces, specifically in the way the XMLSchemaValidator class in the JAXP component of Wildfly enforced the "use-grammar-pool-only" feature. This flaw allows a specially-crafted XML file to manipulate the validation process in certain cases. This issue is the same flaw as CVE-2020-14621, which affected OpenJDK, and uses a similar code. This flaw affects all Xerces JBoss versions before 2.12.0.SP3. | |||||
| CVE-2020-14273 | 1 Hcltech | 1 Domino | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Domino is susceptible to a Denial of Service (DoS) vulnerability due to insufficient validation of input to its public API. An unauthenticated attacker could could exploit this vulnerability to crash the Domino server. | |||||
| CVE-2020-14258 | 1 Hcltech | 1 Notes | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Notes is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the client. Versions 9, 10 and 11 are affected. | |||||
| CVE-2020-14234 | 1 Hcltech | 1 Domino | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Domino is susceptible to a Denial of Service vulnerability due to improper validation of user-supplied input, potentially giving an attacker the ability to crash the server. Versions previous to release 9.0.1 FP10 IF6 and release 10.0.1 are affected. | |||||
| CVE-2020-14231 | 1 Hcltechsw | 1 Hcl Client Application Access | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. | |||||
| CVE-2020-14230 | 1 Hcltech | 1 Domino | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HCL Domino is susceptible to a Denial of Service vulnerability caused by improper validation of user-supplied input. A remote unauthenticated attacker could exploit this vulnerability using a specially-crafted email message to hang the server. Versions previous to releases 9.0.1 FP10 IF6, 10.0.1 FP5 and 11.0.1 are affected. | |||||
| CVE-2020-13961 | 1 Strapi | 1 Strapi | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails. | |||||
| CVE-2020-13941 | 1 Apache | 1 Solr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. | |||||
| CVE-2020-13835 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x) (with TEEGRIS) software. The Gatekeeper Trustlet allows a brute-force attack on user credentials. The Samsung ID is SVE-2020-16908 (June 2020). | |||||
| CVE-2020-13832 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020). | |||||
| CVE-2020-13753 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
| The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOCSTI ioctl. CLONE_NEWUSER could potentially be used to confuse xdg-desktop-portal, which allows access outside the sandbox. TIOCSTI can be used to directly execute commands outside the sandbox by writing to the controlling terminal's input buffer, similar to CVE-2017-5226. | |||||
| CVE-2020-13646 | 1 Ijinshan | 1 Cheetah Free Wifi | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In Cheetah free WiFi 5.1, the driver file (liebaonat.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x830020f8, 0x830020E0, 0x830020E4, or 0x8300210c. | |||||
| CVE-2020-13634 | 1 Youhua | 1 Windows Master | 2024-11-21 | 6.1 MEDIUM | 7.8 HIGH |
| In Windows Master (aka Windows Optimization Master) 7.99.13.604, the driver file (WoptiHWDetect.SYS) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0xF1002558 | |||||
| CVE-2020-13602 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Remote Denial of Service in LwM2M do_write_op_tlv. Zephyr versions >= 1.14.2, >= 2.2.0 contain Improper Input Validation (CWE-20), Loop with Unreachable Exit Condition ('Infinite Loop') (CWE-835). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-g9mg-fj58-6fqh | |||||