Total
32233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26652 | 1 Realtek | 2 Rtl8812au, Rtl8812au Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | |||||
| CVE-2020-26607 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October 2020). | |||||
| CVE-2020-26606 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020). | |||||
| CVE-2020-26604 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020). | |||||
| CVE-2020-26601 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020). | |||||
| CVE-2020-26600 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020). | |||||
| CVE-2020-26569 | 1 Arista | 47 7010t-48, 7050cx3-32s, 7050cx3m-32s and 44 more | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train. | |||||
| CVE-2020-26552 | 1 Aviatrix | 1 Controller | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. | |||||
| CVE-2020-26548 | 1 Aviatrix | 1 Controller | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. | |||||
| CVE-2020-26526 | 1 Damstratechnology | 1 Smart Asset | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password"). | |||||
| CVE-2020-26524 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. | |||||
| CVE-2020-26414 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string. | |||||
| CVE-2020-26412 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 3.1 LOW |
| Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. | |||||
| CVE-2020-26406 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Certain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: >=13.3, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-26242 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18. | |||||
| CVE-2020-26224 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9. | |||||
| CVE-2020-26191 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users. | |||||
| CVE-2020-26181 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-11-21 | 7.2 HIGH | 7.0 HIGH |
| Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges. | |||||
| CVE-2020-26112 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The email quota cache in cPanel before 90.0.10 allows overwriting of files. | |||||
| CVE-2020-26102 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | |||||