Total
29576 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2185 | 1 Jenkins | 1 Amazon Ec2 | 2024-11-21 | 5.6 Medium |
| Jenkins Amazon EC2 Plugin 1.50.1 and earlier does not validate SSH host keys when connecting agents, enabling man-in-the-middle attacks. | ||||
| CVE-2020-2100 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.8 Medium |
| Jenkins 2.218 and earlier, LTS 2.204.1 and earlier was vulnerable to a UDP amplification reflection denial of service attack on port 33848. | ||||
| CVE-2020-2041 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.5 High |
| An insecure configuration of the appweb daemon of Palo Alto Networks PAN-OS 8.1 allows a remote unauthenticated user to send a specifically crafted request to the device that causes the appweb service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS services by restarting the device and putting it into maintenance mode. This issue impacts all versions of PAN-OS 8.0, and PAN-OS 8.1 versions earlier than 8.1.16. | ||||
| CVE-2020-2003 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 6.5 Medium |
| An external control of filename vulnerability in the command processing of PAN-OS allows an authenticated administrator to delete arbitrary system files affecting the integrity of the system or causing denial of service to all PAN-OS services. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions before 8.1.14; PAN-OS 9.0 versions before 9.0.7; PAN-OS 9.1 versions before 9.1.1. | ||||
| CVE-2020-29666 | 1 Lanatmservice | 1 M3 Atm Monitoring System | 2024-11-21 | 5.3 Medium |
| In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote attacker can view log files, located in /websocket/logs/, that contain a user's cookie values and the predefined developer's cookie value. | ||||
| CVE-2020-29651 | 3 Fedoraproject, Oracle, Pytest | 3 Fedora, Zfs Storage Appliance Kit, Py | 2024-11-21 | 7.5 High |
| A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) through 1.9.0 could be used by attackers to cause a compute-time denial of service attack by supplying malicious input to the blame functionality. | ||||
| CVE-2020-29602 | 1 Irssi | 1 Docker Image | 2024-11-21 | 9.8 Critical |
| The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a root user. System using the irssi docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29601 | 1 Docker | 1 Notary Docker Image | 2024-11-21 | 9.8 Critical |
| The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. System using the notary docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29581 | 1 Docker | 1 Spiped Alpine Docker Image | 2024-11-21 | 9.8 Critical |
| The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29580 | 1 Docker | 1 Storm Docker Image | 2024-11-21 | 9.8 Critical |
| The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29579 | 1 Express-gateway | 1 Express-gateway Docker Image | 2024-11-21 | 9.8 Critical |
| The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access. | ||||
| CVE-2020-29578 | 1 Matomo | 1 Piwik Fpm-alpine Docker Image | 2024-11-21 | 9.8 Critical |
| The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access. | ||||
| CVE-2020-29577 | 1 Znc | 1 Znc Docker Image | 2024-11-21 | 9.8 Critical |
| The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29576 | 1 Eggheads | 1 Eggdrop Docker Image | 2024-11-21 | 9.8 Critical |
| The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29575 | 1 Docker | 1 Elixir Alpine Docker Image | 2024-11-21 | 9.8 Critical |
| The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29564 | 1 Hashicorp | 1 Consul Docker Image | 2024-11-21 | 9.8 Critical |
| The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. System using the Consul Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password. | ||||
| CVE-2020-29534 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference to the files_struct of the process that submitted a request, causing execve() to incorrectly optimize unshare_fd(), aka CID-0f2122045b94. | ||||
| CVE-2020-29511 | 2 Golang, Netapp | 2 Go, Trident | 2024-11-21 | 9.8 Critical |
| The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||
| CVE-2020-29510 | 2 Golang, Netapp | 2 Go, Trident | 2024-11-21 | 9.8 Critical |
| The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||
| CVE-2020-29509 | 2 Golang, Netapp | 2 Go, Trident | 2024-11-21 | 9.8 Critical |
| The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||