Total
32155 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10661 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
| HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. | |||||
| CVE-2020-10622 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users | |||||
| CVE-2020-10592 | 2 Opensuse, Torproject | 3 Backports, Leap, Tor | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. | |||||
| CVE-2020-10591 | 1 Walmart | 1 Concord | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey. | |||||
| CVE-2020-10590 | 1 Replicated | 1 Replicated Classic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console. | |||||
| CVE-2020-10587 | 2 Antixlinux, Mxlinux | 2 Antix Linux, Mx Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration. | |||||
| CVE-2020-10578 | 1 Q-cms | 1 Qcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. | |||||
| CVE-2020-10570 | 1 Telegram | 1 Telegram | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature. | |||||
| CVE-2020-10558 | 1 Tesla | 1 Model 3 Web Interface | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen. | |||||
| CVE-2020-10541 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108. | |||||
| CVE-2020-10535 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. | |||||
| CVE-2020-10519 | 1 Github | 1 Github | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program. | |||||
| CVE-2020-10518 | 1 Github | 1 Github | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. | |||||
| CVE-2020-10517 | 1 Github | 1 Github | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | |||||
| CVE-2020-10383 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module. | |||||
| CVE-2020-10382 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler. | |||||
| CVE-2020-10284 | 1 Ufactory | 1 Xarm Studio | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session. | |||||
| CVE-2020-10268 | 1 Kuka | 2 Kr C4, Kr C4 Firmware | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs. | |||||
| CVE-2020-10262 | 1 Mi | 2 Xiaomi Xiaoai Speaker Pro Lx06, Xiaomi Xiaoai Speaker Pro Lx06 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro (LX06), (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’s SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks. | |||||