Total
29575 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14509 | 1 Wibu | 1 Codemeter | 2024-11-21 | 9.8 Critical |
| Multiple memory corruption vulnerabilities exist in CodeMeter (All versions prior to 7.10) where the packet parser mechanism does not verify length fields. An attacker could send specially crafted packets to exploit these vulnerabilities. | ||||
| CVE-2020-14499 | 1 Advantech | 1 Iview | 2024-11-21 | 7.5 High |
| Advantech iView, versions 5.6 and prior, has an improper access control vulnerability. Successful exploitation of this vulnerability may allow an attacker to obtain all user accounts credentials. | ||||
| CVE-2020-14487 | 1 Freemedsoftware | 1 Openclinic Ga | 2024-11-21 | 9.4 Critical |
| OpenClinic GA 5.09.02 contains a hidden default user account that may be accessed if an administrator has not expressly turned off this account, which may allow an attacker to login and execute arbitrary commands. | ||||
| CVE-2020-14483 | 1 Tridium | 2 Niagara, Niagara Enterprise Security | 2024-11-21 | 4.3 Medium |
| A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct. | ||||
| CVE-2020-14400 | 4 Canonical, Debian, Libvncserver Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint16_t pointers in libvncserver/translate.c. NOTE: Third parties do not consider this to be a vulnerability as there is no known path of exploitation or cross of a trust boundary | ||||
| CVE-2020-14399 | 4 Canonical, Debian, Libvncserver Project and 1 more | 4 Ubuntu Linux, Debian Linux, Libvncserver and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. Byte-aligned data is accessed through uint32_t pointers in libvncclient/rfbproto.c. NOTE: there is reportedly "no trust boundary crossed. | ||||
| CVE-2020-14388 | 1 Redhat | 1 3scale Api Management | 2024-11-21 | 6.3 Medium |
| A flaw was found in the Red Hat 3scale API Management Platform, where member permissions for an API's admin portal were not properly enforced. This flaw allows an authenticated user to bypass normal account restrictions and access API services where they do not have permission. | ||||
| CVE-2020-14383 | 2 Redhat, Samba | 2 Enterprise Linux, Samba | 2024-11-21 | 6.5 Medium |
| A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not. | ||||
| CVE-2020-14340 | 2 Oracle, Redhat | 16 Communications Cloud Native Core Console, Communications Cloud Native Core Network Repository Function, Communications Cloud Native Core Policy and 13 more | 2024-11-21 | 5.9 Medium |
| A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final. | ||||
| CVE-2020-14326 | 2 Netapp, Redhat | 7 Oncommand Insight, Camel Quarkus, Integration and 4 more | 2024-11-21 | 7.5 High |
| A vulnerability was found in RESTEasy, where RootNode incorrectly caches routes. This issue results in hash flooding, leading to slower requests with higher CPU time spent searching and adding the entry. This flaw allows an attacker to cause a denial of service. | ||||
| CVE-2020-14312 | 1 Fedoraproject | 1 Fedora | 2024-11-21 | 5.9 Medium |
| A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems. | ||||
| CVE-2020-14232 | 1 Hcltech | 1 Notes | 2024-11-21 | 8.8 High |
| A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. | ||||
| CVE-2020-14225 | 2 Hcltech, Hcltechsw | 2 Hcl Inotes, Hcl Inotes | 2024-11-21 | 6.5 Medium |
| HCL iNotes is susceptible to a Tabnabbing vulnerability caused by improper sanitization of message content. A remote unauthenticated attacker could use this vulnerability to trick the end user into entering sensitive information such as credentials, e.g. as part of a phishing attack. | ||||
| CVE-2020-14154 | 2 Canonical, Mutt | 2 Ubuntu Linux, Mutt | 2024-11-21 | 4.8 Medium |
| Mutt before 1.14.3 proceeds with a connection even if, in response to a GnuTLS certificate prompt, the user rejects an expired intermediate certificate. | ||||
| CVE-2020-14117 | 1 Mi | 1 Content Center | 2024-11-21 | 5.3 Medium |
| A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content center APP. | ||||
| CVE-2020-13945 | 1 Apache | 1 Apisix | 2024-11-21 | 6.5 Medium |
| In Apache APISIX, the user enabled the Admin API and deleted the Admin API access IP restriction rules. Eventually, the default token is allowed to access APISIX management data. This affects versions 1.2, 1.3, 1.4, 1.5. | ||||
| CVE-2020-13846 | 1 Sylabs | 1 Singularity | 2024-11-21 | 7.5 High |
| Sylabs Singularity 3.5.0 through 3.5.3 fails to report an error in a Status Code. | ||||
| CVE-2020-13677 | 1 Drupal | 1 Drupal | 2024-11-21 | 7.5 High |
| Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected. | ||||
| CVE-2020-13421 | 1 Openiam | 1 Openiam | 2024-11-21 | 9.8 Critical |
| OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions, and Password Reset actions. | ||||
| CVE-2020-13314 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.7 Low |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab Omniauth endpoint allowed a malicious user to submit content to be displayed back to the user within error messages. | ||||