Total
32233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27508 | 1 Frappe | 1 Frappe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security. | |||||
| CVE-2020-27402 | 1 Hindotech | 2 Hk1 Box S905x3, Hk1 Box S905x3 Firmware | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| The HK1 Box S905X3 TV Box contains a vulnerability that allows a local unprivileged user to escalate to root using the /system/xbin/su binary via a serial port (UART) connection or using adb. | |||||
| CVE-2020-27340 | 1 Mitel | 1 Micollab | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| The online help portal of Mitel MiCollab before 9.2 could allow an attacker to redirect a user to an unauthorized website by executing malicious script due to insufficient access control. | |||||
| CVE-2020-27272 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2024-11-21 | 2.9 LOW | 5.7 MEDIUM |
| SOOIL Developments CoLtd DiabecareRS, AnyDana-i, AnyDana-A, The communication protocol of the insulin pump and AnyDana-i,AnyDana-A mobile apps doesn't use adequate measures to authenticate the pump before exchanging keys, which allows unauthenticated, physically proximate attackers to eavesdrop the keys and spoof the pump via BLE. | |||||
| CVE-2020-27218 | 5 Apache, Debian, Eclipse and 2 more | 17 Kafka, Spark, Debian Linux and 14 more | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is received entirely but not consumed by the application, then a subsequent request on the same connection will see that body prepended to its body. The attacker will not see any data but may inject data into the body of the subsequent request. | |||||
| CVE-2020-27217 | 1 Eclipse | 1 Hono | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Eclipse Hono version 1.3.0 and 1.4.0 the AMQP protocol adapter does not verify the size of AMQP messages received from devices. In particular, a device may send messages that are bigger than the max-message-size that the protocol adapter has indicated during link establishment. While the AMQP 1.0 protocol explicitly disallows a peer to send such messages, a hand crafted AMQP 1.0 client could exploit this behavior in order to send a message of unlimited size to the adapter, eventually causing the adapter to fail with an out of memory exception. | |||||
| CVE-2020-27209 | 1 Micro-ecc Project | 1 Micro-ecc | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks which allows an adversary to extract the private ECC key. | |||||
| CVE-2020-27195 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 | |||||
| CVE-2020-27191 | 1 Lionwiki | 1 Lionwiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-27187 | 1 Kde | 1 Partition Manager | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges. | |||||
| CVE-2020-27183 | 1 Konzept-ix | 1 Publixone | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A RemoteFunctions endpoint with missing access control in konzept-ix publiXone before 2020.015 allows attackers to disclose sensitive user information, send arbitrary e-mails, escalate the privileges of arbitrary user accounts, and have unspecified other impact. | |||||
| CVE-2020-27178 | 1 Apereo | 1 Central Authentication Service | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. | |||||
| CVE-2020-27155 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one. | |||||
| CVE-2020-27151 | 1 Katacontainers | 1 Kata Containers | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on the worker nodes. | |||||
| CVE-2020-27150 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set. | |||||
| CVE-2020-27149 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| By exploiting a vulnerability in NPort IA5150A/IA5250A Series before version 1.5, a user with “Read Only” privilege level can send requests via the web console to have the device’s configuration changed. | |||||
| CVE-2020-27147 | 1 Tibco | 1 Partnerexpress | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| The REST API component of TIBCO Software Inc.'s TIBCO PartnerExpress contains a vulnerability that theoretically allows an unauthenticated attacker with network access to obtain an authenticated login URL for the affected system via a REST API. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: version 6.2.0. | |||||
| CVE-2020-27123 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| A vulnerability in the interprocess communication (IPC) channel of Cisco AnyConnect Secure Mobility Client for Windows could allow an authenticated, local attacker to read arbitrary files on the underlying operating system of an affected device. The vulnerability is due to an exposed IPC function. An attacker could exploit this vulnerability by sending a crafted IPC message to the AnyConnect process on an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system of the affected device. | |||||
| CVE-2020-27098 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible way to access contacts due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-138791358 | |||||
| CVE-2020-27097 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-140729426 | |||||