Total
32156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12821 | 1 Protocol | 1 Gossipsub | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack. | |||||
| CVE-2020-12797 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. | |||||
| CVE-2020-12787 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | |||||
| CVE-2020-12785 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). | |||||
| CVE-2020-12784 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). | |||||
| CVE-2020-12776 | 1 Openfind | 1 Mail2000 | 2024-11-21 | 9.0 HIGH | 6.6 MEDIUM |
| Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. | |||||
| CVE-2020-12773 | 1 Realtek | 1 Adsl Router Soc Firmware | 2024-11-21 | 6.5 MEDIUM | 9.6 CRITICAL |
| A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool. | |||||
| CVE-2020-12770 | 5 Canonical, Debian, Fedoraproject and 2 more | 36 Ubuntu Linux, Debian Linux, Fedora and 33 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||||
| CVE-2020-12755 | 1 Kde | 1 Kio-extras | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. | |||||
| CVE-2020-12754 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020). | |||||
| CVE-2020-12750 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via SPEN. The Samsung ID is SVE-2020-17019 (May 2020). | |||||
| CVE-2020-12748 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 (May 2020). | |||||
| CVE-2020-12717 | 4 Alberta, Gov, Health and 1 more | 4 Abtracetogether, Protego Safe, Covidsafe and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected. | |||||
| CVE-2020-12680 | 1 Avira | 1 Free Antivirus | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Avira Free Antivirus through 15.0.2005.1866 allows local users to discover user credentials. The functions of the executable file Avira.PWM.NativeMessaging.exe are aimed at collecting credentials stored in Chrome, Firefox, Opera, and Edge. The executable does not verify the calling program and thus a request such as fetchChromePasswords or fetchCredentials will succeed. NOTE: some third parties have stated that this is "not a vulnerability. | |||||
| CVE-2020-12619 | 1 Freron | 1 Mailmate | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| MailMate before 1.11 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email. | |||||
| CVE-2020-12618 | 1 Emclient | 1 Em Client | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| eM Client before 7.2.33412.0 automatically imported S/MIME certificates and thereby silently replaced existing ones. This allowed a man-in-the-middle attacker to obtain an email-validated S/MIME certificate from a trusted CA and replace the public key of the entity to be impersonated. This enabled the attacker to decipher further communication. The entire attack could be accomplished by sending a single email. | |||||
| CVE-2020-12615 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When adding the Add Admin token to a process, and specifying that it runs at medium integrity with the user owning the process, this security token can be stolen and applied to arbitrary processes. | |||||
| CVE-2020-12614 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. If the publisher criteria is selected, it defines the name of a publisher that must be present in the certificate (and also requires that the certificate is valid). If an Add Admin token is protected by this criteria, it can be leveraged by a malicious actor to achieve Elevation of Privileges from standard user to administrator. | |||||
| CVE-2020-12613 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. An attacker can spawn a process with multiple users as part of the security token (prior to Avecto elevation). When Avecto elevates the process, it removes the user who is launching the process, but not the second user. Therefore this second user still retains access and can give permission to the process back to the first user. | |||||
| CVE-2020-12612 | 1 Beyondtrust | 1 Privilege Management For Windows | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in BeyondTrust Privilege Management for Windows through 5.6. When specifying a program to elevate, it can typically be found within the Program Files (x86) folder and therefore uses the %ProgramFiles(x86)% environment variable. However, when this same policy gets pushed to a 32bit machine, this environment variable does not exist. Therefore, since the standard user can create a user level environment variable, they can repoint this variable to any folder the user has full control of. Then, the folder structure can be created in such a way that a rule matches and arbitrary code runs elevated. | |||||