Total
29064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28282 | 1 Getobject Project | 1 Getobject | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28250 | 1 Cellinx | 1 Nvt Web Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via SetFileContent.cgi because authentication is on the client side. | |||||
| CVE-2020-28052 | 3 Apache, Bouncycastle, Oracle | 20 Karaf, Legion-of-the-bouncy-castle-java-crytography-api, Banking Corporate Lending Process Management and 17 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. | |||||
| CVE-2020-28026 | 1 Exim | 1 Exim | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root. | |||||
| CVE-2020-28021 | 1 Exim | 1 Exim | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP client can insert newline characters into a spool file (which indirectly leads to remote code execution as root) via AUTH= in a MAIL FROM command. | |||||
| CVE-2020-28015 | 1 Exim | 1 Exim | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behavior of root processes because a recipient address can have a newline character. | |||||
| CVE-2020-28012 | 1 Exim | 1 Exim | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_interpret uses a privileged pipe that lacks a close-on-exec flag. | |||||
| CVE-2020-27929 | 1 Apple | 1 Iphone Os | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A logic issue existed in the handling of Group FaceTime calls. The issue was addressed with improved state management. This issue is fixed in iOS 12.4.9. A user may send video in Group FaceTime calls without knowing that they have done so. | |||||
| CVE-2020-27925 | 1 Apple | 2 Ipados, Iphone Os | 2024-11-21 | 1.9 LOW | 5.5 MEDIUM |
| An issue existed in the handling of incoming calls. The issue was addressed with additional state checks. This issue is fixed in iOS 14.2 and iPadOS 14.2. A user may answer two calls simultaneously without indication they have answered a second call. | |||||
| CVE-2020-27904 | 1 Apple | 1 Macos | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-27779 | 4 Fedoraproject, Gnu, Netapp and 1 more | 8 Fedora, Grub2, Ontap Select Deploy Administration Utility and 5 more | 2024-11-21 | 6.9 MEDIUM | 7.5 HIGH |
| A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent SecureBoot protections after proper triage about grub's memory layout. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-27621 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The FileImporter extension in MediaWiki through 1.35.0 was not properly attributing various user actions to a specific user's IP address. Instead, for various actions, it would report the IP address of an internal Wikimedia Foundation server by omitting X-Forwarded-For data. This resulted in an inability to properly audit and attribute various user actions performed via the FileImporter extension. | |||||
| CVE-2020-27606 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| BigBlueButton before 2.2.28 (or earlier) does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session. | |||||
| CVE-2020-27605 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| BigBlueButton through 2.2.28 uses Ghostscript for processing of uploaded EPS documents, and consequently may be subject to attacks related to a "schwache Sandbox." | |||||
| CVE-2020-27259 | 1 Omron | 4 Cx-one, Cx-position, Cx-protocol and 1 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Omron CX-One Version 4.60 and prior may allow an attacker to supply a pointer to arbitrary memory locations, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-27222 | 1 Eclipse | 1 Californium | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Californium version 2.3.0 to 2.6.0, the certificate based (x509 and RPK) DTLS handshakes accidentally fails, because the DTLS server side sticks to a wrong internal state. That wrong internal state is set by a previous certificate based DTLS handshake failure with TLS parameter mismatch. The DTLS server side must be restarted to recover this. This allow clients to force a DoS. | |||||
| CVE-2020-27216 | 6 Apache, Debian, Eclipse and 3 more | 19 Beam, Debian Linux, Jetty and 16 more | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability. | |||||
| CVE-2020-27130 | 1 Cisco | 1 Security Manager | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to an affected device. An attacker could exploit this vulnerability by sending a crafted request to the affected device. A successful exploit could allow the attacker to download arbitrary files from the affected device. | |||||
| CVE-2020-26966 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Searching for a single word from the address bar caused an mDNS request to be sent on the local network searching for a hostname consisting of that string; resulting in an information leak. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26954 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| When accepting a malicious intent from other installed apps, Firefox for Android accepted manifests from arbitrary file paths and allowed declaring webapp manifests for other origins. This could be used to gain fullscreen access for UI spoofing and could also lead to cross-origin attacks on targeted websites. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 83. | |||||