Search
Total
49350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-17468 | 1 Fnet Project | 1 Fnet | 2020-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in FNET through 4.6.4. The code for processing the hop-by-hop header (in the IPv6 extension headers) doesn't check for a valid length of an extension header, and therefore an out-of-bounds read can occur in _fnet_ip6_ext_header_handler_options in fnet_ip6.c, leading to Denial-of-Service. | |||||
| CVE-2020-8283 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2020-12-17 | 9.0 HIGH | 8.8 HIGH |
| An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | |||||
| CVE-2020-28931 | 1 Epson | 2 Eps Tse Server 8, Eps Tse Server 8 Firmware | 2020-12-17 | 6.8 MEDIUM | 8.8 HIGH |
| Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11) allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website. | |||||
| CVE-2020-35122 | 1 Keysight | 1 Keysight Database Connector | 2020-12-17 | 4.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. | |||||
| CVE-2020-27050 | 1 Google | 1 Android | 2020-12-17 | 6.8 MEDIUM | 7.8 HIGH |
| In rw_i93_send_cmd_write_multi_blocks of rw_i93.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650365 | |||||
| CVE-2020-27055 | 1 Google | 1 Android | 2020-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161378819 | |||||
| CVE-2020-25712 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2020-12-16 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-16104 | 1 Gallagher | 1 Command Centre | 2020-12-16 | 6.5 MEDIUM | 7.2 HIGH |
| SQL Injection vulnerability in Enterprise Data Interface of Gallagher Command Centre allows a remote attacker with 'Edit Enterprise Data Interfaces' privilege to execute arbitrary SQL against a third party database if EDI is configured to import data from this database. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); 8.00 versions prior to 8.00.1228(MR6); version 7.90 and prior versions. | |||||
| CVE-2020-0016 | 1 Google | 1 Android | 2020-12-16 | 7.2 HIGH | 7.8 HIGH |
| In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483 | |||||
| CVE-2020-0489 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 8.8 HIGH |
| In Parse_data of eas_mdls.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151096540 | |||||
| CVE-2020-28219 | 1 Schneider-electric | 2 Ecostruxure Geo Scada Expert 2019, Ecostruxure Geo Scada Expert 2020 | 2020-12-16 | 2.1 LOW | 7.8 HIGH |
| A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert 2019 (Original release and Monthly Updates to September 2020, from 81.7268.1 to 81.7578.1) and EcoStruxure Geo SCADA Expert 2020 (Original release and Monthly Updates to September 2020, from 83.7551.1 to 83.7578.1), that could cause exposure of credentials to server-side users when web users are logged in to Virtual ViewX. | |||||
| CVE-2020-2049 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2020-12-16 | 7.2 HIGH | 7.8 HIGH |
| A local privilege escalation vulnerability exists in Palo Alto Networks Cortex XDR Agent on the Windows platform that allows an authenticated local Windows user to execute programs with SYSTEM privileges. This requires the user to have the privilege to create files in the Windows root directory. This issue impacts: All versions of Cortex XDR Agent 7.1 with content update 149 and earlier versions; All versions of Cortex XDR Agent 7.2 with content update 149 and earlier versions. | |||||
| CVE-2019-14323 | 1 Simple Service Discovery Protocol Responder Project | 1 Simple Service Discovery Protocol Responder | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| SSDP Responder 1.x through 1.5 mishandles incoming network messages, leading to a stack-based buffer overflow by 1 byte. This results in a crash of the server, but only when strict stack checking is enabled. This is caused by an off-by-one error in ssdp_recv in ssdpd.c. | |||||
| CVE-2020-13986 | 1 Contiki-os | 1 Contiki | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. | |||||
| CVE-2020-13988 | 1 Contiki-ng | 1 Contiki-ng | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c. | |||||
| CVE-2020-27045 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| In CE_SendRawFrame of ce_main.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649398 | |||||
| CVE-2020-25230 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an outdated cipher mode on port 10005/tcp, an attacker could extract the encryption key from a captured communication with the device. | |||||
| CVE-2020-27048 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| In RW_SendRawFrame of rw_main.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650117 | |||||
| CVE-2020-27049 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| In rw_t3t_send_raw_frame of rw_t3t.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157649467 | |||||
| CVE-2020-0486 | 1 Google | 1 Android | 2020-12-16 | 4.6 MEDIUM | 7.8 HIGH |
| In openAssetFileListener of ContactsProvider2.java, there is a possible permission bypass due to an insecure default value. This could lead to local escalation of privilege to change contact data with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150857116 | |||||
| CVE-2020-25232 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due to the usage of an insecure random number generation function and a deprecated cryptographic function, an attacker could extract the key that is used when communicating with an affected device on port 8080/tcp. | |||||
| CVE-2020-35470 | 1 Envoyproxy | 1 Envoy | 2020-12-16 | 5.8 MEDIUM | 8.8 HIGH |
| Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters). | |||||
| CVE-2020-10011 | 1 Apple | 3 Ipados, Iphone Os, Mac Os X | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Catalina 10.15.7, Security Update 2020-005 High Sierra, Security Update 2020-005 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-35471 | 1 Envoyproxy | 1 Envoy | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. | |||||
| CVE-2020-25199 | 1 We-con | 1 Levistudiou | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | |||||
| CVE-2020-25234 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 3.6 LOW | 7.7 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOGO! Soft Comfort (All versions < V8.3). The LOGO! program files generated and used by the affected components offer the possibility to save user-defined functions (UDF) in a password protected way. This protection is implemented in the software that displays the information. An attacker could reverse engineer the UDFs directly from stored program files. | |||||
| CVE-2020-8282 | 1 Ui | 4 Edgemax Edgepower 24v, Edgemax Edgepower 24v Firmware, Edgemax Edgepower 54v and 1 more | 2020-12-16 | 6.8 MEDIUM | 8.8 HIGH |
| A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. | |||||
| CVE-2020-8258 | 1 Citrix | 1 Gateway Plug-in | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files. | |||||
| CVE-2020-25235 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The password used for authentication for the LOGO! Website and the LOGO! Access Tool is sent in a recoverable format. An attacker with access to the network traffic could derive valid logins. | |||||
| CVE-2020-0478 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| In extend_frame_lowbd of restoration.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150780418 | |||||
| CVE-2020-0479 | 1 Google | 1 Android | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| In callUnchecked of DocumentsProvider.java, there is a possible permissions bypass. This could lead to local escalation of privilege allowing a malicious app to access files available to the DocumentProvider without user permission, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157294893 | |||||
| CVE-2017-14063 | 1 Asynchttpclient Project | 1 Async-http-client | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| Async Http Client (aka async-http-client) before 2.0.35 can be tricked into connecting to a host different from the one extracted by java.net.URI if a '?' character occurs in a fragment identifier. Similar bugs were previously identified in cURL (CVE-2016-8624) and Oracle Java 8 java.net.URL. | |||||
| CVE-2018-12636 | 1 Ithemes | 1 Security | 2020-12-16 | 6.5 MEDIUM | 7.2 HIGH |
| The iThemes Security (better-wp-security) plugin before 7.0.3 for WordPress allows SQL Injection (by attackers with Admin privileges) via the logs page. | |||||
| CVE-2020-28366 | 2 Fedoraproject, Golang | 2 Fedora, Go | 2020-12-16 | 5.1 MEDIUM | 7.5 HIGH |
| Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. | |||||
| CVE-2020-28367 | 3 Debian, Fedoraproject, Golang | 3 Debian Linux, Fedora, Go | 2020-12-16 | 5.1 MEDIUM | 7.5 HIGH |
| Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. | |||||
| CVE-2020-7793 | 1 Ua-parser-js Project | 1 Ua-parser-js | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). | |||||
| CVE-2020-29669 | 1 Macally | 2 Wifisd2-2a82, Wifisd2-2a82 Firmware | 2020-12-15 | 9.0 HIGH | 8.8 HIGH |
| In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its own password. This process has a vulnerability which can be used to take over the administrator account and results in shell access. As the admin user may read the /etc/shadow file, the password hashes of each user (including root) can be dumped. The root hash can be cracked easily which results in a complete system compromise. | |||||
| CVE-2020-35234 | 1 Wp-ecommerce | 1 Easy Wp Smtp | 2020-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| The easy-wp-smtp plugin before 1.4.4 for WordPress allows Administrator account takeover, as exploited in the wild in December 2020. If an attacker can list the wp-content/plugins/easy-wp-smtp/ directory, then they can discover a log file (such as #############_debug_log.txt) that contains all password-reset links. The attacker can request a reset of the Administrator password and then use a link found there. | |||||
| CVE-2020-35235 | 1 Themexa | 1 Secure File Manager | 2020-12-15 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-8424 | 1 Cups Easy Project | 1 Cups Easy | 2020-12-15 | 6.8 MEDIUM | 8.8 HIGH |
| Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php. | |||||
| CVE-2020-27024 | 1 Google | 1 Android | 2020-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732 | |||||
| CVE-2020-10003 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-12-15 | 4.6 MEDIUM | 7.8 HIGH |
| An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. | |||||
| CVE-2020-10010 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2020-12-15 | 4.6 MEDIUM | 7.8 HIGH |
| A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A local attacker may be able to elevate their privileges. | |||||
| CVE-2020-9876 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-12-15 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. | |||||
| CVE-2020-9883 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-12-15 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-25696 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2020-12-15 | 7.6 HIGH | 7.5 HIGH |
| A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-5635 | 1 Necplatforms | 2 Aterm Sa3500g, Aterm Sa3500g Firmware | 2020-12-15 | 5.8 MEDIUM | 8.8 HIGH |
| Aterm SA3500G firmware versions prior to Ver. 3.5.9 allows an attacker on the adjacent network to send a specially crafted request to a specific URL, which may result in an arbitrary command execution. | |||||
| CVE-2020-0463 | 1 Google | 1 Android | 2020-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531 | |||||
| CVE-2020-0466 | 1 Google | 1 Android | 2020-12-15 | 7.2 HIGH | 7.8 HIGH |
| In do_epoll_ctl and ep_loop_check_proc of eventpoll.c, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-147802478References: Upstream kernel | |||||
| CVE-2020-28860 | 1 Openasset | 1 Digital Asset Management | 2020-12-15 | 6.5 MEDIUM | 8.8 HIGH |
| OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. | |||||