Total
615 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25040 | 2 Opensuse, Sylabs | 2 Leap, Singularity | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | |||||
| CVE-2020-25039 | 2 Opensuse, Sylabs | 2 Leap, Singularity | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | |||||
| CVE-2020-24511 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-22647 | 1 Smartconrtactgames Project | 1 Smartconrtactgames | 2024-11-21 | N/A | 9.1 CRITICAL |
| An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions. | |||||
| CVE-2020-22535 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | |||||
| CVE-2020-21503 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. | |||||
| CVE-2020-21356 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. | |||||
| CVE-2020-20948 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | |||||
| CVE-2020-1981 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.2 HIGH | 7.0 HIGH |
| A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. | |||||
| CVE-2020-1945 | 5 Apache, Canonical, Fedoraproject and 2 more | 50 Ant, Ubuntu Linux, Fedora and 47 more | 2024-11-21 | 3.3 LOW | 6.3 MEDIUM |
| Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | |||||
| CVE-2020-19155 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | |||||
| CVE-2020-18972 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |||||
| CVE-2020-18754 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. | |||||
| CVE-2020-18647 | 1 5none | 1 Nonecms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor". | |||||
| CVE-2020-18646 | 1 5none | 1 Nonecms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php". | |||||
| CVE-2020-16268 | 1 1e | 1 Client | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. | |||||
| CVE-2020-16263 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins. | |||||
| CVE-2020-16247 | 1 Philips | 1 Clinical Collaboration Platform | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | |||||
| CVE-2020-16212 | 1 Philips | 1 Patient Information Center Ix | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. | |||||
| CVE-2020-15816 | 1 Westerndigital | 1 Wd Discovery | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables. | |||||