Total
10302 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-35493 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. | |||||
CVE-2020-35169 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-11-21 | 7.5 HIGH | 9.1 CRITICAL |
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.5.2, contain an Improper Input Validation Vulnerability. | |||||
CVE-2020-2908 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
CVE-2020-2907 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
CVE-2020-2168 | 1 Jenkins | 1 Azure Container Service | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins Azure Container Service Plugin 1.0.1 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
CVE-2020-2167 | 1 Jenkins | 1 Openshift Pipeline | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins OpenShift Pipeline Plugin 1.0.56 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
CVE-2020-2166 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. | |||||
CVE-2020-2110 | 1 Jenkins | 1 Script Security | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Sandbox protection in Jenkins Script Security Plugin 1.69 and earlier could be circumvented during the script compilation phase by applying AST transforming annotations to imports or by using them inside of other annotations. | |||||
CVE-2020-2109 | 1 Jenkins | 1 Pipeline\ | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
Sandbox protection in Jenkins Pipeline: Groovy Plugin 2.78 and earlier can be circumvented through default parameter expressions in CPS-transformed methods. | |||||
CVE-2020-2011 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
An improper input validation vulnerability in the configuration daemon of Palo Alto Networks PAN-OS Panorama allows for a remote unauthenticated user to send a specifically crafted registration request to the device that causes the configuration service to crash. Repeated attempts to send this request result in denial of service to all PAN-OS Panorama services by restarting the device and putting it into maintenance mode. This issue affects: All versions of PAN-OS 7.1, PAN-OS 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7; PAN-OS 9.1 versions earlier than 9.1.0. | |||||
CVE-2020-29508 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-11-21 | 7.5 HIGH | 5.3 MEDIUM |
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Improper Input Validation Vulnerability. | |||||
CVE-2020-29507 | 2 Dell, Oracle | 6 Bsafe Crypto-c-micro-edition, Bsafe Micro-edition-suite, Database and 3 more | 2024-11-21 | 7.5 HIGH | 5.3 MEDIUM |
Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versions before 4.4, contain an Improper Input Validation Vulnerability. | |||||
CVE-2020-29013 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests. | |||||
CVE-2020-28898 | 1 Resourcexpress | 1 Resourcexpress | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL parameters causes a server error in script execution due to insufficient input validation. | |||||
CVE-2020-28870 | 1 Inoideas | 1 Inoerp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack of validations in /modules/sys/form_personalization/json_fp.php. | |||||
CVE-2020-28648 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. | |||||
CVE-2020-28645 | 1 Owncloud | 1 Owncloud | 2024-11-21 | 5.0 MEDIUM | 9.1 CRITICAL |
Deleting users with certain names caused system files to be deleted. Risk is higher for systems which allow users to register themselves and have the data directory in the web root. This affects ownCloud/core versions < 10.6. | |||||
CVE-2020-28349 | 1 Chirpstack | 1 Network Server | 2024-11-21 | 6.8 MEDIUM | 6.5 MEDIUM |
An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gateway to perform uplink Denial of Service via malformed frequency attributes in CollectAndCallOnceCollect in internal/uplink/collect.go. NOTE: the vendor's position is that there are no "guarantees that allowing untrusted LoRa gateways to the network should still result in a secure network. | |||||
CVE-2020-28221 | 1 Schneider-electric | 42 Ecostruxure Operator Terminal Expert, Gp-4104g, Gp-4104w and 39 more | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
A CWE-20: Improper Input Validation vulnerability exists in EcoStruxureâ„¢ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution when the Ethernet Download feature is enable on the HMI. | |||||
CVE-2020-28031 | 1 Eramba | 1 Eramba | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. |