Total
653 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5422 | 1 Cloud Foundry | 1 Bosh System Metrics Server | 2024-11-21 | 6.5 Medium |
| BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details). | ||||
| CVE-2020-5386 | 1 Dell | 1 Emc Elastic Cloud Storage | 2024-11-21 | 7.5 High |
| Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system. | ||||
| CVE-2020-4989 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 4.3 Medium |
| IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. | ||||
| CVE-2020-36532 | 1 Klapp | 1 App | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in Klapp App and classified as problematic. This vulnerability affects unknown code of the component Authorization. The manipulation leads to information disclosure (Credentials). The attack can be initiated remotely. It is recommended to upgrade the affected app. | ||||
| CVE-2020-36319 | 1 Vaadin | 2 Flow, Vaadin | 2024-11-21 | 3.1 Low |
| Insecure configuration of default ObjectMapper in com.vaadin:flow-server versions 3.0.0 through 3.0.5 (Vaadin 15.0.0 through 15.0.4) may expose sensitive data if the application also uses e.g. @RestController | ||||
| CVE-2020-35215 | 1 Atomix | 1 Atomix | 2024-11-21 | 6.5 Medium |
| An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states. | ||||
| CVE-2020-28145 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 7.5 High |
| Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | ||||
| CVE-2020-27872 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. | ||||
| CVE-2020-27601 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 3.5 Low |
| In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js. | ||||
| CVE-2020-27361 | 1 Akkadianlabs | 1 Akkadian Provisioning Manager | 2024-11-21 | 7.5 High |
| An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. | ||||
| CVE-2020-26868 | 1 Pcvuesolutions | 1 Pcvue | 2024-11-21 | 7.5 High |
| ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit. | ||||
| CVE-2020-26650 | 1 Atomx | 1 Atomxcms | 2024-11-21 | 5.3 Medium |
| AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | ||||
| CVE-2020-26602 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020). | ||||
| CVE-2020-26272 | 1 Electronjs | 1 Electron | 2024-11-21 | 5.4 Medium |
| The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue. | ||||
| CVE-2020-26261 | 1 Jupyterhub | 1 Systemdspawner | 2024-11-21 | 7.9 High |
| jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15 | ||||
| CVE-2020-26186 | 1 Dell | 2 Inspiron 5675, Inspiron 5675 Firmware | 2024-11-21 | 6.8 Medium |
| Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM). | ||||
| CVE-2020-26086 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2024-11-21 | 4.3 Medium |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information. | ||||
| CVE-2020-26084 | 1 Cisco | 1 Edge Fog Fabric | 2024-11-21 | 6.5 Medium |
| A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. | ||||
| CVE-2020-25459 | 1 Webank | 1 Federated Ai Technology Enabler | 2024-11-21 | 7.5 High |
| An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | ||||
| CVE-2020-25073 | 1 Debian | 1 Freedombox | 2024-11-21 | 5.3 Medium |
| FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. | ||||