Total
29622 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24481 | 1 Intel | 1 Quartus | 2024-11-21 | 7.8 High |
| Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-24448 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 5.5 Medium |
| Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-24441 | 1 Adobe | 1 Acrobat Reader | 2024-11-21 | 5.5 Medium |
| Adobe Acrobat Reader for Android version 20.6.2 (and earlier) does not properly restrict access to directories created by the application. This could result in disclosure of sensitive information stored in databases used by the application. Exploitation requires a victim to download and run a malicious application. | ||||
| CVE-2020-24433 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Adobe Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a local privilege escalation vulnerability that could enable a user without administrator privileges to delete arbitrary files and potentially execute arbitrary code as SYSTEM. Exploitation of this issue requires an attacker to socially engineer a victim, or the attacker must already have some access to the environment. | ||||
| CVE-2020-24405 | 1 Magento | 1 Magento | 2024-11-21 | 4.3 Medium |
| Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions issue vulnerability in the Inventory module. This vulnerability could be abused by authenticated users to modify inventory stock data without authorization. | ||||
| CVE-2020-24404 | 1 Magento | 1 Magento | 2024-11-21 | 2.7 Low |
| Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect permissions vulnerability within the Integrations component. This vulnerability could be abused by users with permissions to the Pages resource to delete cms pages via the REST API without authorization. | ||||
| CVE-2020-24403 | 1 Magento | 1 Magento | 2024-11-21 | 2.7 Low |
| Magento version 2.4.0 and 2.3.5p1 (and earlier) are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the REST API. | ||||
| CVE-2020-24386 | 4 Debian, Dovecot, Fedoraproject and 1 more | 4 Debian Linux, Dovecot, Fedora and 1 more | 2024-11-21 | 6.8 Medium |
| An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can trigger unhibernation via attacker-controlled parameters, leading to access to other users' email messages (and path disclosure). | ||||
| CVE-2020-24214 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device. | ||||
| CVE-2020-23996 | 1 Ilias | 1 Ilias | 2024-11-21 | 8.8 High |
| A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. | ||||
| CVE-2020-23352 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 7.5 High |
| Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values. | ||||
| CVE-2020-23349 | 1 Weibo | 1 Android Software Development Kit | 2024-11-21 | 7.5 High |
| An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | ||||
| CVE-2020-21844 | 1 Gnu | 1 Libredwg | 2024-11-21 | 8.8 High |
| GNU LibreDWG 0.10 is affected by: memcpy-param-overlap. The impact is: execute arbitrary code (remote). The component is: read_2004_section_header ../../src/decode.c:2580. | ||||
| CVE-2020-21686 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| A stack-use-after-scope issue discovered in expand_mmac_params function in preproc.c in nasm before 2.15.04 allows remote attackers to cause a denial of service via crafted asm file. | ||||
| CVE-2020-20741 | 1 Beckhoff | 1 Cx9020 | 2024-11-21 | 9.8 Critical |
| Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials are incorrect. | ||||
| CVE-2020-20467 | 1 White Shark Systems Project | 1 White Shark Systems | 2024-11-21 | 6.5 Medium |
| White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. | ||||
| CVE-2020-20096 | 1 Whatsapp | 1 Whatsapp | 2024-11-21 | 6.5 Medium |
| Whatsapp iOS 2.19.80 and prior and Android 2.19.222 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | ||||
| CVE-2020-20095 | 1 Apple | 1 Imessage | 2024-11-21 | 6.5 Medium |
| iMessage (Messages app) iOS 12.4 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | ||||
| CVE-2020-20094 | 1 Facebook | 1 Instagram | 2024-11-21 | 6.5 Medium |
| Instagram iOS 106.0 and prior and Android 107.0.0.11 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages | ||||
| CVE-2020-20093 | 1 Facebook | 1 Messenger | 2024-11-21 | 6.5 Medium |
| The Facebook Messenger app for iOS 227.0 and prior and Android 228.1.0.10.116 and prior user interface does not properly represent URI messages to the user, which results in URI spoofing via specially crafted messages. | ||||