Total
29575 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23349 | 1 Weibo | 1 Android Software Development Kit | 2024-11-21 | 7.5 High |
| An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | ||||
| CVE-2020-21844 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580. | ||||
| CVE-2020-21686 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. | ||||
| CVE-2020-20741 | 1 Beckhoff | 1 Cx9020 | 2024-11-21 | 9.8 Critical |
| Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect. | ||||
| CVE-2020-20467 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 6.5 Medium |
| White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. | ||||
| CVE-2020-20096 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | 6.5 Medium |
| Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | ||||
| CVE-2020-20095 | 1 Apple | 1 Imessage | 2024-11-21 | 6.5 Medium |
| iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | ||||
| CVE-2020-20094 | 1 Facebook | 1 Instagram | 2024-11-21 | 6.5 Medium |
| Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages | ||||
| CVE-2020-20093 | 1 Facebook | 1 Messenger | 2024-11-21 | 6.5 Medium |
| The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | ||||
| CVE-2020-1994 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 4.1 Medium |
| A predictable temporary file vulnerability in PAN-OS allows a local authenticated user with shell access to corrupt arbitrary system files affecting the integrity of the system. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions earlier than 9.0.7. | ||||
| CVE-2020-1795 | 1 Huawei | 4 Mate 20, Mate 20 Firmware, Mate 30 Pro and 1 more | 2024-11-21 | 2.4 Low |
| There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations.Affected product versions include:HUAWEI Mate 20 versions Versions earlier than 10.0.0.188(C00E74R3P8);HUAWEI Mate 30 Pro versions Versions earlier than 10.0.0.203(C00E202R7P2). | ||||
| CVE-2020-1774 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | 4.5 Medium |
| When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions. | ||||
| CVE-2020-1767 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | 3.5 Low |
| Agent A is able to save a draft (i.e. for customer reply). Then Agent B can open the draft, change the text completely and send it in the name of Agent A. For the customer it will not be visible that the message was sent by another agent. This issue affects: ((OTRS)) Community Edition 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | ||||
| CVE-2020-1765 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 3.5 Low |
| An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: ((OTRS)) Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and prior versions. OTRS 7.0.x version 7.0.13 and prior versions. | ||||
| CVE-2020-1761 | 1 Redhat | 1 Openshift | 2024-11-21 | 6.1 Medium |
| A flaw was found in the OpenShift web console, where the access token is stored in the browser's local storage. An attacker can use this flaw to get the access token via physical access, or an XSS attack on the victim's browser. This flaw affects openshift/console versions before openshift/console-4. | ||||
| CVE-2020-1710 | 1 Redhat | 6 Jboss Data Grid, Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus and 3 more | 2024-11-21 | 5.3 Medium |
| The issue appears to be that JBoss EAP 6.4.21 does not parse the field-name in accordance to RFC7230[1] as it returns a 200 instead of a 400. | ||||
| CVE-2020-1695 | 2 Fedoraproject, Redhat | 9 Fedora, Enterprise Linux, Jboss Data Grid and 6 more | 2024-11-21 | 7.5 High |
| A flaw was found in all resteasy 3.x.x versions prior to 3.12.0.Final and all resteasy 4.x.x versions prior to 4.6.0.Final, where an improper input validation results in returning an illegal header that integrates into the server's response. This flaw may result in an injection, which leads to unexpected behavior when the HTTP response is constructed. | ||||
| CVE-2020-1690 | 1 Redhat | 3 Openstack, Openstack-selinux, Openstack Platform | 2024-11-21 | 6.5 Medium |
| An improper authorization flaw was discovered in openstack-selinux's applied policy where it does not prevent a non-root user in a container from privilege escalation. A non-root attacker in one or more Red Hat OpenStack (RHOSP) containers could send messages to the dbus. With access to the dbus, the attacker could start or stop services, possibly causing a denial of service. Versions before openstack-selinux 0.8.24 are affected. | ||||
| CVE-2020-1118 | 1 Microsoft | 2 Windows 10, Windows Server 2019 | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists in the Windows implementation of Transport Layer Security (TLS) when it improperly handles certain key exchanges, aka 'Microsoft Windows Transport Layer Security Denial of Service Vulnerability'. | ||||
| CVE-2020-19896 | 1 1234n | 1 Minicms | 2024-11-21 | 9.8 Critical |
| File inclusion vulnerability in Minicms v1.9 allows remote attackers to execute arbitary PHP code via post-edit.php. | ||||