Total
5236 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14969 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. | ||||
| CVE-2020-14944 | 1 Globalradar | 1 Bsa Radar | 2024-11-21 | 9.8 Critical |
| Global RADAR BSA Radar 1.6.7234.24750 and earlier lacks valid authorization controls in multiple functions. This can allow for manipulation and takeover of user accounts if successfully exploited. The following vulnerable functions are exposed: ChangePassword, SaveUserProfile, and GetUser. | ||||
| CVE-2020-14520 | 1 Inductiveautomation | 1 Ignition Gateway | 2024-11-21 | 7.5 High |
| The affected product is vulnerable to an information leak, which may allow an attacker to obtain sensitive information on the Ignition 8 (all versions prior to 8.0.13). | ||||
| CVE-2020-14491 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.5 Medium |
| OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information. | ||||
| CVE-2020-14306 | 2 Istio-operator Project, Redhat | 2 Istio-operator, Service Mesh | 2024-11-21 | 8.8 High |
| An incorrect access control flaw was found in the operator, openshift-service-mesh/istio-rhel8-operator all versions through 1.1.3. This flaw allows an attacker with a basic level of access to the cluster to deploy a custom gateway/pod to any namespace, potentially gaining access to privileged service account tokens. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-14213 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.4 Medium |
| In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). | ||||
| CVE-2020-14205 | 1 Divebook Project | 1 Divebook | 2024-11-21 | 5.3 Medium |
| The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs. | ||||
| CVE-2020-14185 | 1 Atlassian | 2 Jira, Jira Server | 2024-11-21 | 5.3 Medium |
| Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys via a missing permissions check in the ActionsAndOperations resource. The affected versions are before 7.13.18, from version 8.0.0 before 8.5.9, and from version 8.6.0 before version 8.12.2. | ||||
| CVE-2020-14001 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 9.8 Critical |
| The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access (such as template="/etc/passwd") or unintended embedded Ruby code execution (such as a string that begins with template="string://<%= `). NOTE: kramdown is used in Jekyll, GitLab Pages, GitHub Pages, and Thredded Forum. | ||||
| CVE-2020-13957 | 1 Apache | 1 Solr | 2024-11-21 | 9.8 Critical |
| Apache Solr versions 6.6.0 to 6.6.6, 7.0.0 to 7.7.3 and 8.0.0 to 8.6.2 prevents some features considered dangerous (which could be used for remote code execution) to be configured in a ConfigSet that's uploaded via API without authentication/authorization. The checks in place to prevent such features can be circumvented by using a combination of UPLOAD/CREATE actions. | ||||
| CVE-2020-13938 | 4 Apache, Mcafee, Microsoft and 1 more | 4 Http Server, Epolicy Orchestrator, Windows and 1 more | 2024-11-21 | 5.5 Medium |
| Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows | ||||
| CVE-2020-13794 | 1 Linuxfoundation | 1 Harbor | 2024-11-21 | 4.3 Medium |
| Harbor 1.9.* 1.10.* and 2.0.* allows Exposure of Sensitive Information to an Unauthorized Actor. | ||||
| CVE-2020-13626 | 1 Oneplus | 1 App Locker | 2024-11-21 | 4.6 Medium |
| OnePlus App Locker through 2020-10-06 allows physically proximate attackers to use Google Assistant to bypass an authorization check in order to send an SMS message when the SMS application is locked. | ||||
| CVE-2020-13523 | 1 Softperfect | 1 Ram Disk | 2024-11-21 | 3.3 Low |
| An exploitable information disclosure vulnerability exists in SoftPerfect’s RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13519 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c402088 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13515 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver IRP 0x9c40a148 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause an adversary to obtain elevated privileges. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13514 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0e0 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13513 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0dc gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13512 | 1 Nzxt | 1 Cam | 2024-11-21 | 8.8 High |
| A privilege escalation vulnerability exists in the WinRing0x64 Driver Privileged I/O Write IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause increased privileges. Using the IRP 0x9c40a0d8 gives a low privilege user direct access to the OUT instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13464 | 1 Cksic | 2 Cks32f103, Cks32f103 Firmware | 2024-11-21 | 4.2 Medium |
| The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU or DMA module. | ||||