Total
370 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-5964 | 2 Microsoft, Nvidia | 10 Windows, Geforce, Geforce Experience and 7 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure. | |||||
| CVE-2020-3220 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.1 HIGH | 6.8 MEDIUM |
| A vulnerability in the hardware crypto driver of Cisco IOS XE Software for Cisco 4300 Series Integrated Services Routers and Cisco Catalyst 9800-L Wireless Controllers could allow an unauthenticated, remote attacker to disconnect legitimate IPsec VPN sessions to an affected device. The vulnerability is due to insufficient verification of authenticity of received Encapsulating Security Payload (ESP) packets. An attacker could exploit this vulnerability by tampering with ESP cleartext values as a man-in-the-middle. | |||||
| CVE-2020-3174 | 1 Cisco | 80 Mds 9132t, Mds 9148s, Mds 9148t and 77 more | 2024-11-21 | 3.3 LOW | 4.7 MEDIUM |
| A vulnerability in the anycast gateway feature of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a device to learn invalid Address Resolution Protocol (ARP) entries. The ARP entries are for nonlocal IP addresses for the subnet. The vulnerability is due to improper validation of a received gratuitous ARP (GARP) request. An attacker could exploit this vulnerability by sending a malicious GARP packet on the local subnet to cause the ARP table on the device to become corrupted. A successful exploit could allow the attacker to populate the ARP table with incorrect entries, which could lead to traffic disruptions. | |||||
| CVE-2020-28900 | 1 Nagios | 2 Fusion, Nagios Xi | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | |||||
| CVE-2020-27670 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | |||||
| CVE-2020-26893 | 1 Clamxav | 1 Clamxav | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool. | |||||
| CVE-2020-26547 | 1 Monal | 1 Monal | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim. | |||||
| CVE-2020-25019 | 1 Jitsi | 1 Meet Electron | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | |||||
| CVE-2020-24395 | 1 Hom.ee | 2 Brain Cube, Brain Cube Core | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device. | |||||
| CVE-2020-24045 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar. | |||||
| CVE-2020-23906 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. | |||||
| CVE-2020-1755 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 5.3 MEDIUM |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks. | |||||
| CVE-2020-1677 | 1 Juniper | 1 Mist Cloud Ui | 2024-11-21 | 4.3 MEDIUM | 7.2 HIGH |
| When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | |||||
| CVE-2020-19769 | 1 Rtb1 Project | 1 Rtb1 | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. | |||||
| CVE-2020-19768 | 1 Tokensale Project | 1 Tokensale | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. | |||||
| CVE-2020-16250 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 HIGH | 8.2 HIGH |
| HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. | |||||
| CVE-2020-16122 | 2 Canonical, Packagekit Project | 2 Ubuntu Linux, Packagekit | 2024-11-21 | 2.1 LOW | 8.2 HIGH |
| PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages. | |||||
| CVE-2020-15899 | 1 Grin | 1 Grin | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble. | |||||
| CVE-2020-15699 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration. | |||||
| CVE-2020-15262 | 1 Webpack-subresource-integrity Project | 1 Webpack-subresource-integrity | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1. | |||||