Total
34855 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28921 | 1 Pcanalyser | 1 Pc Analyser | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. | |||||
| CVE-2020-28841 | 1 Drivergenius | 1 Drivergenius Firmware | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1. | |||||
| CVE-2020-28715 | 1 Leeco | 2 Letv X43, Letv X43 Firmware | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, allows attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). | |||||
| CVE-2020-28672 | 1 Monocms | 1 Monocms | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code execution. At monofiles/category.php:27, user input can be saved to category/[foldername]/index.php causing RCE. | |||||
| CVE-2020-28653 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Remote Code Execution via the Smart Update Manager (SUM) servlet. | |||||
| CVE-2020-28583 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version, build and patch information. | |||||
| CVE-2020-28582 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal number of managed agents. | |||||
| CVE-2020-28577 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal server hostname and db names. | |||||
| CVE-2020-28576 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal version and build information. | |||||
| CVE-2020-28573 | 1 Trendmicro | 2 Apex One, Officescan | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeScan XG SP1 could allow an unauthenticated user to connect to the product server and reveal the total agents managed by the server. | |||||
| CVE-2020-28572 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product installer to reinstall the agent with additional malicious code in the context of a higher privilege. | |||||
| CVE-2020-28499 | 1 Merge Project | 1 Merge | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| All versions of package merge are vulnerable to Prototype Pollution via _recursiveMerge . | |||||
| CVE-2020-28479 | 1 Jointjs | 1 Jointjs | 2024-11-21 | 5.0 MEDIUM | 5.9 MEDIUM |
| The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. | |||||
| CVE-2020-28478 | 1 Greensock | 1 Greensock Animation Platform | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package gsap before 3.6.0. | |||||
| CVE-2020-28477 | 1 Immer Project | 1 Immer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects all versions of package immer. | |||||
| CVE-2020-28472 | 1 Amazon | 2 Aws Sdk For Javascipt, Aws Shared Configuration File Loader | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| This affects the package @aws-sdk/shared-ini-file-loader before 1.0.0-rc.9; the package aws-sdk before 2.814.0. If an attacker submits a malicious INI file to an application that parses it with loadSharedConfigFiles , they will pollute the prototype on the application. This can be exploited further depending on the context. | |||||
| CVE-2020-28421 | 2 Broadcom, Microsoft | 2 Unified Infrastructure Management, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (controller) component that allows local attackers to elevate privileges. | |||||
| CVE-2020-28419 | 1 Hp | 1503 Laserjet Managed Mfp E62665 3gy14a, Laserjet Managed Mfp E62665 3gy15a, Laserjet Managed Mfp E62665 3gy16a and 1500 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| During installation with certain driver software or application packages an arbitrary code execution could occur. | |||||
| CVE-2020-28416 | 1 Hp | 310 Officejet 250 Cz992a, Officejet 250 Cz992a Firmware, Officejet 250c L9d57a and 307 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) software available with HP PageWide and OfficeJet printer software installations that could potentially allow unauthorized local code execution. | |||||
| CVE-2020-28340 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020). | |||||