Total
34584 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28281 | 1 Set-object-value Project | 1 Set-object-value | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28280 | 1 Predefine Project | 1 Predefine | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28279 | 1 Flattenizer Project | 1 Flattenizer | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28278 | 1 Shvl Project | 1 Shvl | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28277 | 1 Dset Project | 1 Dset | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28276 | 1 Deep-set Project | 1 Deep-set | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28274 | 1 Deepref Project | 1 Deepref | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28273 | 1 Set-in Project | 1 Set-in | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28272 | 1 Keyget Project | 1 Keyget | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28267 | 1 Set Project | 1 Set | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | |||||
| CVE-2020-28251 | 1 Netscout | 7 Airmagnet Enterprise, Sensor4-r1s1w1-e, Sensor4-r2s1-e and 4 more | 2024-11-21 | 9.3 HIGH | 8.1 HIGH |
| NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise. | |||||
| CVE-2020-28247 | 1 Lettre | 1 Lettre | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs. | |||||
| CVE-2020-28190 | 1 Terra-master | 1 Tos | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates. | |||||
| CVE-2020-28185 | 1 Terra-master | 1 Tos | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. | |||||
| CVE-2020-28175 | 1 Almico | 1 Speedfan | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges | |||||
| CVE-2020-28096 | 1 Foscammall | 2 Foscam X1, Foscam X1 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. | |||||
| CVE-2020-28094 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. | |||||
| CVE-2020-28093 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. | |||||
| CVE-2020-28054 | 1 Tsmmanager | 1 Tsmmanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request. | |||||
| CVE-2020-28039 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | |||||