Total
32208 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15655 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A redirected HTTP request which is observed or modified through a web extension could bypass existing CORS checks, leading to potential disclosure of cross-origin information. This vulnerability affects Firefox ESR < 78.1, Firefox < 79, and Thunderbird < 78.1. | |||||
| CVE-2020-15651 | 2 Apple, Mozilla | 2 Iphone Os, Firefox | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28. | |||||
| CVE-2020-15650 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.11. | |||||
| CVE-2020-15646 | 1 Mozilla | 1 Thunderbird | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| If an attacker intercepts Thunderbird's initial attempt to perform automatic account setup using the Microsoft Exchange autodiscovery mechanism, and the attacker sends a crafted response, then Thunderbird sends username and password over https to a server controlled by the attacker. This vulnerability affects Thunderbird < 68.10.0. | |||||
| CVE-2020-15593 | 2 Microsoft, Riverbed | 2 Windows, Steelcentral Aternity Agent | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| SteelCentral Aternity Agent 11.0.0.120 on Windows mishandles IPC. It uses an executable running as a high privileged Windows service to perform administrative tasks and collect data from other processes. It distributes functionality among different processes and uses IPC (Inter-Process Communication) primitives to enable the processes to cooperate. Any user in the system is allowed to access the interprocess communication channel AternityAgentAssistantIpc, retrieve a serialized object and call object methods remotely. Among others, the methods allow any user to: (1) Create and/or overwrite arbitrary XML files across the system; (2) Create arbitrary directories across the system; and (3) Load arbitrary plugins (i.e., C# assemblies) from the "%PROGRAMFILES(X86)/Aternity Information Systems/Assistant/plugins” directory and execute code contained in them. | |||||
| CVE-2020-15580 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020). | |||||
| CVE-2020-15579 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via the KNOX API. The Samsung ID is SVE-2020-17318 (July 2020). | |||||
| CVE-2020-15577 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Cameralyzer allows attackers to write files to the SD card. The Samsung ID is SVE-2020-16830 (July 2020). | |||||
| CVE-2020-15576 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SolarWinds Serv-U File Server before 15.2.1 allows information disclosure via an HTTP response. | |||||
| CVE-2020-15574 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SolarWinds Serv-U File Server before 15.2.1 mishandles the Same-Site cookie attribute, aka Case Number 00331893. | |||||
| CVE-2020-15542 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SolarWinds Serv-U FTP server before 15.2.1 mishandles the CHMOD command. | |||||
| CVE-2020-15541 | 1 Solarwinds | 1 Serv-u Ftp Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| SolarWinds Serv-U FTP server before 15.2.1 allows remote command execution. | |||||
| CVE-2020-15525 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. | |||||
| CVE-2020-15515 | 1 Turn\! Project | 1 Turn\! | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution. | |||||
| CVE-2020-15511 | 1 Hashicorp | 1 Terraform Enterprise | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HashiCorp Terraform Enterprise up to v202006-1 contained a default signup page that allowed user registration even when disabled, bypassing SAML enforcement. Fixed in v202007-1. | |||||
| CVE-2020-15507 | 1 Mobileiron | 5 Cloud, Core, Enterprise Connector and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file reading vulnerability in MobileIron Core versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to read files on the system via unspecified vectors. | |||||
| CVE-2020-15506 | 1 Mobileiron | 5 Cloud, Core, Enterprise Connector and 2 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors. | |||||
| CVE-2020-15501 | 1 Smarter | 1 Smarter Coffee Maker 1st Generation | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Smarter Coffee Maker before 2nd generation allows firmware replacement without authentication or authorization. User interaction is required to press a button. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-15495 | 1 Acronis | 1 True Image | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Acronis True Image 2019 update 1 through 2020 on macOS allows local privilege escalation due to an insecure XPC service configuration. | |||||
| CVE-2020-15486 | 1 Drtrust | 2 Electrocardiogram Pen, Electrocardiogram Pen Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity. | |||||