Total
34292 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13509 | 1 Nzxt | 1 Cam | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) Using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability and this access could allow for information leakage of sensitive data. | |||||
| CVE-2020-13471 | 1 Apexmic | 2 Apm32f103, Apm32f103 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | |||||
| CVE-2020-13466 | 1 St | 2 Stm32f103, Stm32f103 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | |||||
| CVE-2020-13461 | 1 Tufin | 1 Securetrack | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor's response: "This attack requires access to the internal network. If an attacker is part of the internal network, they do not require access to TOS to know the usernames". | |||||
| CVE-2020-13444 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers. | |||||
| CVE-2020-13424 | 1 Xcloner | 1 Xcloner | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure. | |||||
| CVE-2020-13420 | 1 Openiam | 1 Openiam | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. | |||||
| CVE-2020-13417 | 4 Apple, Aviatrix, Linux and 1 more | 6 Macos, Controller, Gateway and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. | |||||
| CVE-2020-13364 | 1 Zyxel | 8 Nas326, Nas326 Firmware, Nas520 and 5 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. | |||||
| CVE-2020-13359 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 7.6 HIGH |
| The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-13358 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.1 LOW | 4.7 MEDIUM |
| A vulnerability in the internal Kubernetes agent api in GitLab CE/EE version 13.3 and above allows unauthorized access to private projects. Affected versions are: >=13.4, <13.4.5,>=13.3, <13.3.9,>=13.5, <13.5.2. | |||||
| CVE-2020-13356 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-13352 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| Private group info is leaked leaked in GitLab CE/EE version 10.2 and above, when the project is moved from private to public group. Affected versions are: >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-13348 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 5.7 MEDIUM |
| An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-13327 | 1 Gitlab | 1 Runner | 2024-11-21 | 6.0 MEDIUM | 6.0 MEDIUM |
| An issue has been discovered in GitLab Runner affecting all versions starting from 13.4.0 before 13.4.2, all versions starting from 13.3.0 before 13.3.7, all versions starting from 13.2.0 before 13.2.10. Insecure Runner Configuration in Kubernetes Environments | |||||
| CVE-2020-13326 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the restriction for Github project import could be bypassed. | |||||
| CVE-2020-13325 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| A vulnerability was discovered in GitLab versions prior 13.1. The comment section of the issue page was not restricting the characters properly, potentially resulting in a denial of service. | |||||
| CVE-2020-13324 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A vulnerability was discovered in GitLab versions prior to 13.1. Under certain conditions the private activity of a user could be exposed via the API. | |||||
| CVE-2020-13323 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 7.7 HIGH |
| A vulnerability was discovered in GitLab versions prior 13.1. Under certain conditions private merge requests could be read via Todos | |||||
| CVE-2020-13321 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 MEDIUM | 8.3 HIGH |
| A vulnerability was discovered in GitLab versions prior to 13.1. Username format restrictions could be bypassed allowing for html tags to be added. | |||||