Total
34584 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29448 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | |||||
| CVE-2020-29439 | 1 Tesla | 2 Model X, Model X Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.) | |||||
| CVE-2020-29396 | 2 Odoo, Python | 2 Odoo, Python | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. | |||||
| CVE-2020-29279 | 1 74cms | 1 74cms | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseController.class.php in 74CMS before 6.0.48 allows remote code execution. | |||||
| CVE-2020-29227 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution. | |||||
| CVE-2020-29194 | 1 Panasonic | 2 Wv-s2231l, Wv-s2231l Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI. | |||||
| CVE-2020-29189 | 1 Terra-master | 1 Tos | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS | |||||
| CVE-2020-29159 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) can be a privileged Role, if configured by an admin. This behvaior was unintended. | |||||
| CVE-2020-29069 | 1 Modern Honey Network Project | 1 Modern Honey Network | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| _get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allows attackers to cause a denial-of-service via an IP address that is absent from a local geolocation database, because the code tries to uppercase a return value even if that value is not a string. | |||||
| CVE-2020-29057 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack. | |||||
| CVE-2020-29041 | 1 Sesame-system | 1 Web-sesame | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the source code of the application, facilitating its comprehension (code review). Specifically, JavaScript source maps were inadvertently included in the production Webpack configuration. These maps contain sources used to generate the bundle, configuration settings (e.g., API keys), and developers' comments. | |||||
| CVE-2020-29022 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3 | |||||
| CVE-2020-29000 | 1 Mygeeni | 2 Gnc-cw013, Gnc-cw013 Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTSP service that allows a remote attacker to take full control of the device with a high-privileged account. By sending a crafted message, an attacker is able to remotely deliver a telnet session. Any attacker that has the ability to control DNS can exploit this vulnerability to remotely login to the device and gain access to the camera system. | |||||
| CVE-2020-28991 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go. | |||||
| CVE-2020-28984 | 2 Debian, Spip | 2 Debian Linux, Spip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters. | |||||
| CVE-2020-28975 | 1 Scikit-learn | 1 Scikit-learn | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, allows attackers to cause a denial of service (segmentation fault) via a crafted model SVM (introduced via pickle, json, or any other model permanence standard) with a large value in the _n_support array. NOTE: the scikit-learn vendor's position is that the behavior can only occur if the library's API is violated by an application that changes a private attribute. | |||||
| CVE-2020-28953 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. | |||||
| CVE-2020-28925 | 1 Boltcms | 1 Bolt | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. | |||||
| CVE-2020-28922 | 1 Pcanalyser | 1 Pc Analyser | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write arbitrary physical memory. This could lead to arbitrary Ring-0 code execution and escalation of privileges. | |||||
| CVE-2020-28921 | 1 Pcanalyser | 1 Pc Analyser | 2024-11-21 | 7.2 HIGH | 8.8 HIGH |
| An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. | |||||