Total
34582 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25816 | 1 Hashicorp | 1 Vault | 2024-11-21 | 4.9 MEDIUM | 6.8 MEDIUM |
| HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4. | |||||
| CVE-2020-25813 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. | |||||
| CVE-2020-25777 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | |||||
| CVE-2020-25766 | 1 Misp | 1 Misp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. | |||||
| CVE-2020-25753 | 1 Enphase | 2 Envoy, Envoy Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. | |||||
| CVE-2020-25737 | 2 Hackolade, Microsoft | 2 Hackolade, Windows | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application. | |||||
| CVE-2020-25736 | 1 Acronis | 1 True Image | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | |||||
| CVE-2020-25698 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | |||||
| CVE-2020-25612 | 1 Mitel | 1 Micollab | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege to access user files due to insufficient access control. Successful exploit could potentially allow an attacker to gain access to sensitive information. | |||||
| CVE-2020-25610 | 1 Mitel | 1 Micollab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web conference due to insufficient access control for conference codes. | |||||
| CVE-2020-25601 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evtchn_destroy(). In particular, the FIFO event channel model allows guests to have a large number of event channels active at a time. Closing all of these (when resetting all event channels or when cleaning up after the guest) may take extended periods of time. So far, there was no arrangement for preemption at suitable intervals, allowing a CPU to spend an almost unbounded amount of time in the processing of these operations. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. All Xen versions are vulnerable in principle. Whether versions 4.3 and older are vulnerable depends on underlying hardware characteristics. | |||||
| CVE-2020-25594 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unauthenticated HTTP requests. Fixed in 1.6.2 & 1.5.7. | |||||
| CVE-2020-25400 | 1 Taskcafe Project | 1 Taskcafe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remote attackers to access sensitive data such as access token. | |||||
| CVE-2020-25286 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | |||||
| CVE-2020-25281 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020). | |||||
| CVE-2020-25280 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020). | |||||
| CVE-2020-25265 | 1 Appimage | 1 Libappimage | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. | |||||
| CVE-2020-25255 | 1 Hyland | 1 Onbase | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows remote attackers to cause a denial of service (outage of connection-request processing) via a long user ID, which triggers an exception and a large log entry. | |||||
| CVE-2020-25250 | 1 Hyland | 1 Onbase | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. Client applications can write arbitrary data to the server logs. | |||||
| CVE-2020-25249 | 1 Hyland | 1 Onbase | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. The server typically logs activity only when a client application specifies that logging is desired. This can be problematic for use cases in a regulated industry, where server-side logging is required in additional situations. | |||||