Total
32156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13918 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | |||||
| CVE-2020-13914 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | |||||
| CVE-2020-13909 | 1 Facade | 1 Ignition | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The Ignition component before 2.0.5 for Laravel mishandles globals, _get, _post, _cookie, and _env. NOTE: in the 1.x series, versions 1.16.15 and later are unaffected as a consequence of the CVE-2021-43996 fix. | |||||
| CVE-2020-13906 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038eb7. | |||||
| CVE-2020-13905 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4. | |||||
| CVE-2020-13896 | 1 Maipu | 2 Mp1800x-50, Mp1800x-50 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The web interface of Maipu MP1800X-50 7.5.3.14(R) devices allows remote attackers to obtain sensitive information via the form/formDeviceVerGet URI, such as system id, hardware model, hardware version, bootloader version, software version, software image file, compilation time, and system uptime. This is similar to CVE-2019-1653. | |||||
| CVE-2020-13891 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. | |||||
| CVE-2020-13857 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request. | |||||
| CVE-2020-13843 | 1 Google | 1 Android | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). | |||||
| CVE-2020-13842 | 2 Google, Lg | 35 Android, Cv1, Cv1s and 32 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). A dangerous AT command was made available even though it is unused. The LG ID is LVE-SMP-200010 (June 2020). | |||||
| CVE-2020-13841 | 2 Google, Lg | 35 Android, Cv1, Cv1s and 32 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 9 and 10 (MTK chipsets). An AT command handler allows attackers to bypass intended access restrictions. The LG ID is LVE-SMP-200009 (June 2020). | |||||
| CVE-2020-13829 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can disable the SEAndroid protection mechanism in the RKP. The Samsung ID is SVE-2019-15998 (June 2020). | |||||
| CVE-2020-13772 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In /ldclient/ldprov.cgi in Ivanti Endpoint Manager through 2020.1.1, an attacker is able to disclose information about the server operating system, local pathnames, and environment variables with no authentication required. | |||||
| CVE-2020-13767 | 1 Mitel | 1 Micollab | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Mitel MiCollab application before 9.1.332 for iOS could allow an unauthorized user to access restricted files and folders due to insufficient access control. An exploit requires a rooted iOS device, and (if successful) could allow an attacker to gain access to sensitive information, | |||||
| CVE-2020-13693 | 1 Bbpress | 1 Bbpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated privilege-escalation issue exists in the bbPress plugin before 2.6.5 for WordPress when New User Registration is enabled. | |||||
| CVE-2020-13665 | 1 Drupal | 1 Drupal | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1. | |||||
| CVE-2020-13661 | 1 Telerik | 1 Fiddler | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204. | |||||
| CVE-2020-13657 | 1 Avast | 2 Avg Antivirus, Free Antivirus | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files. | |||||
| CVE-2020-13631 | 8 Apple, Brocade, Canonical and 5 more | 19 Icloud, Ipados, Iphone Os and 16 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | |||||
| CVE-2020-13522 | 1 Softperfect | 1 Ram Disk | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability. | |||||