Total
29064 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26919 | 1 Netgear | 2 Jgs516pe, Jgs516pe Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| NETGEAR JGS516PE devices before 2.6.0.43 are affected by lack of access control at the function level. | |||||
| CVE-2020-26916 | 1 Netgear | 28 D6200, D6200 Firmware, D7000 and 25 more | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.50, and WNR2020 before 1.1.0.62. | |||||
| CVE-2020-26911 | 1 Netgear | 28 D6200, D6200 Firmware, D7000 and 25 more | 2024-11-21 | 5.8 MEDIUM | 8.3 HIGH |
| Certain NETGEAR devices are affected by lack of access control at the function level. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62. | |||||
| CVE-2020-26908 | 1 Netgear | 30 D6200, D6200 Firmware, D7000 and 27 more | 2024-11-21 | 10.0 HIGH | 9.4 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.36, D7000 before 1.0.1.74, PR2000 before 1.0.0.30, R6020 before 1.0.0.42, R6050 before 1.0.1.22, JR6150 before 1.0.1.22, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R69002 before 1.2.0.62, and WNR2020 before 1.1.0.62. | |||||
| CVE-2020-26898 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 8.3 HIGH | 9.6 CRITICAL |
| NETGEAR RAX40 devices before 1.0.3.80 are affected by incorrect configuration of security settings. | |||||
| CVE-2020-26831 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.5 MEDIUM | 9.6 CRITICAL |
| SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS). | |||||
| CVE-2020-26541 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 6.9 MEDIUM | 6.5 MEDIUM |
| The Linux kernel through 5.8.13 does not properly enforce the Secure Boot Forbidden Signature Database (aka dbx) protection mechanism. This affects certs/blacklist.c and certs/system_keyring.c. | |||||
| CVE-2020-26268 | 1 Google | 1 Tensorflow | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | |||||
| CVE-2020-26163 | 1 Bigbluebutton | 1 Greenlight | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. | |||||
| CVE-2020-26147 | 4 Arista, Debian, Linux and 1 more | 14 C-65, C-65 Firmware, C-75 and 11 more | 2024-11-21 | 3.2 LOW | 5.4 MEDIUM |
| An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. | |||||
| CVE-2020-26109 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). | |||||
| CVE-2020-26108 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). | |||||
| CVE-2020-26100 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | |||||
| CVE-2020-26099 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). | |||||
| CVE-2020-25779 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature. | |||||
| CVE-2020-25716 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected | |||||
| CVE-2020-25684 | 4 Arista, Debian, Fedoraproject and 1 more | 4 Eos, Debian Linux, Fedora and 1 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. | |||||
| CVE-2020-25659 | 2 Cryptography.io, Oracle | 2 Cryptography, Communications Cloud Native Core Network Function Cloud Native Environment | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | |||||
| CVE-2020-25654 | 2 Clusterlabs, Debian | 2 Pacemaker, Debian Linux | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. | |||||
| CVE-2020-25619 | 1 Solarwinds | 1 N-central | 2024-11-21 | 3.6 LOW | 4.4 MEDIUM |
| An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication. | |||||