Total
34501 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3425 | 1 Cisco | 110 1100 Integrated Services Router, 1101 Integrated Services Router, 1109 Integrated Services Router and 107 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3422 | 1 Cisco | 30 1100 Integrated Services Router, 1101 Integrated Services Router, 1109 Integrated Services Router and 27 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| A vulnerability in the IP Service Level Agreement (SLA) responder feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the IP SLA responder to reuse an existing port, resulting in a denial of service (DoS) condition. The vulnerability exists because the IP SLA responder could consume a port that could be used by another feature. An attacker could exploit this vulnerability by sending specific IP SLA control packets to the IP SLA responder on an affected device. The control packets must include the port number that could be used by another configured feature. A successful exploit could allow the attacker to cause an in-use port to be consumed by the IP SLA responder, impacting the feature that was using the port and resulting in a DoS condition. | |||||
| CVE-2020-3385 | 1 Cisco | 3 Sd-wan Firmware, Vedge 5000, Vedge Cloud Router | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the deep packet inspection (DPI) engine of Cisco SD-WAN vEdge Routers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected system. The vulnerability is due to insufficient handling of malformed packets. An attacker could exploit this vulnerability by sending crafted packets through an affected device. A successful exploit could allow the attacker to cause the device to reboot, resulting in a DoS condition. | |||||
| CVE-2020-3362 | 1 Cisco | 1 Network Services Orchestrator | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| A vulnerability in the CLI of Cisco Network Services Orchestrator (NSO) could allow an authenticated, local attacker to access confidential information on an affected device. The vulnerability is due to a timing issue in the processing of CLI commands. An attacker could exploit this vulnerability by executing a specific sequence of commands on the CLI. A successful exploit could allow the attacker to read configuration information that would normally be accessible to administrators only. | |||||
| CVE-2020-3284 | 1 Cisco | 87 A99-rp2-se, A99-rp2-se Firmware, A99-rp2-tr and 84 more | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
| A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory. | |||||
| CVE-2020-3232 | 1 Cisco | 2 Asr 920-12sz-im, Ios Xe | 2024-11-21 | 6.8 MEDIUM | 7.7 HIGH |
| A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | |||||
| CVE-2020-3213 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user. | |||||
| CVE-2020-3141 | 1 Cisco | 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-36767 | 2 Linux, Vareille | 2 Linux Kernel, Tinyfiledialogs | 2024-11-21 | N/A | 7.5 HIGH |
| tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. | |||||
| CVE-2020-36766 | 1 Linux | 1 Linux Kernel | 2024-11-21 | N/A | 3.3 LOW |
| An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct. | |||||
| CVE-2020-36765 | 1 Google | 1 Chrome | 2024-11-21 | N/A | 6.5 MEDIUM |
| Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2020-36723 | 1 Cridio | 1 Listingpro | 2024-11-21 | N/A | 5.3 MEDIUM |
| The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Sensitive Data Exposure in versions before 2.6.1 via the ~/listingpro-plugin/functions.php file. This makes it possible for unauthenticated attackers to extract sensitive data including usernames, full names, email addresses, phone numbers, physical addresses and user post counts. | |||||
| CVE-2020-36660 | 1 Eve Ship Replacement Program Project | 1 Eve Ship Replacement Program | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability was found in paxswill EVE Ship Replacement Program 0.12.11. It has been rated as problematic. This issue affects some unknown processing of the file src/evesrp/views/api.py of the component User Information Handler. The manipulation leads to information disclosure. The attack may be initiated remotely. Upgrading to version 0.12.12 is able to address this issue. The patch is named 9e03f68e46e85ca9c9694a6971859b3ee66f0240. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-220211. | |||||
| CVE-2020-36549 | 1 Ge | 2 Voluson S8, Voluson S8 Firmware | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in GE Voluson S8. Affected is the underlying Windows XP operating system. Missing patches might introduce an excessive attack surface. Access to the local network is required for this attack to succeed. | |||||
| CVE-2020-36519 | 1 Mimecast | 1 Email Security | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.) | |||||
| CVE-2020-36472 | 1 Max7301 Project | 1 Max7301 | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander<EI> types that they contain. | |||||
| CVE-2020-36471 | 1 Generator Project | 1 Generator | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds. | |||||
| CVE-2020-36470 | 1 Disrustor Project | 1 Disrustor | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references. | |||||
| CVE-2020-36469 | 1 Appendix Project | 1 Appendix | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally. | |||||
| CVE-2020-36468 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer. | |||||