Total
1628 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14196 | 1 Powerdns | 1 Recursor | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | |||||
| CVE-2020-14121 | 1 Mi | 1 Mi App Store | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete permission checks of the products being bypassed, and an attacker can exploit the vulnerability to perform a local silent installation. | |||||
| CVE-2020-14110 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| AX3600 router sensitive information leaked.There is an unauthorized interface through luci to obtain sensitive information and log in to the web background. | |||||
| CVE-2020-14106 | 1 Mi | 1 Miui | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The application in the mobile phone can unauthorized access to the list of running processes in the mobile phone, Xiaomi Mobile Phone MIUI < 2021.01.26. | |||||
| CVE-2020-13957 | 1 Apache | 1 Solr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. | |||||
| CVE-2020-13834 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (with TEEGRIS) software. Secure Folder does not properly restrict use of Android Debug Bridge (adb) for arbitrary installations. The Samsung ID is SVE-2020-17369 (June 2020). | |||||
| CVE-2020-13696 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in LinuxTV xawtv before 3.107. The function dev_open() in v4l-conf.c does not perform sufficient checks to prevent an unprivileged caller of the program from opening unintended filesystem paths. This allows a local attacker with access to the v4l-conf setuid-root program to test for the existence of arbitrary files and to trigger an open on arbitrary files with mode O_RDWR. To achieve this, relative path components need to be added to the device path, as demonstrated by a v4l-conf -c /dev/../root/.bash_history command. | |||||
| CVE-2020-13676 | 1 Drupal | 1 Drupal | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The QuickEdit module does not properly check access to fields in some circumstances, which can lead to unintended disclosure of field data. Sites are only affected if the QuickEdit module (which comes with the Standard profile) is installed. | |||||
| CVE-2020-13335 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Improper group membership validation when deleting a user account in GitLab >=7.12 allows a user to delete own account without deleting/transferring their group. | |||||
| CVE-2020-13334 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| In GitLab versions prior to 13.2.10, 13.3.7 and 13.4.2, improper authorization checks allow a non-member of a project/group to change the confidentiality attribute of issue via mutation GraphQL query | |||||
| CVE-2020-13322 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| A vulnerability was discovered in GitLab versions after 12.9. Due to improper verification of permissions, an unauthorized user can create and delete deploy tokens. | |||||
| CVE-2020-13313 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. An unauthorized project maintainer could edit the subgroup badges due to the lack of authorization control. | |||||
| CVE-2020-13300 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 MEDIUM | 8.0 HIGH |
| GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow. | |||||
| CVE-2020-13284 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. API Authorization Using Outdated CI Job Token | |||||
| CVE-2020-13277 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 6.3 MEDIUM |
| An authorization issue in the mirroring logic allowed read access to private repositories in GitLab CE/EE 10.6 and later through 13.0.5 | |||||
| CVE-2020-13263 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 7.5 HIGH |
| An authorization issue relating to project maintainer impersonation was identified in GitLab EE 9.5 and later through 13.0.1 that could allow unauthorized users to impersonate as a maintainer to perform limited actions. | |||||
| CVE-2020-12876 | 2 Microsoft, Veritas | 2 Windows, Aptare | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. | |||||
| CVE-2020-12875 | 1 Veritas | 1 Aptare | 2024-11-21 | 6.5 MEDIUM | 6.3 MEDIUM |
| Veritas APTARE versions prior to 10.4 did not perform adequate authorization checks. An authenticated user could gain unauthorized access to sensitive information or functionality by manipulating specific parameters within the application. | |||||
| CVE-2020-12780 | 1 Combodo | 1 Itop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A security misconfiguration exists in Combodo iTop, which can expose sensitive information. | |||||
| CVE-2020-12733 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Certain Shenzhen PENGLIXIN components on DEPSTECH WiFi Digital Microscope 3, as used by Shekar Endoscope, allow a TELNET connection with the molinkadmin password for the molink account. | |||||