Total
34582 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24333 | 1 Arista | 1 Cloudvision Portal | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API. | |||||
| CVE-2020-24285 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. | |||||
| CVE-2020-24246 | 1 Peplink | 110 Balance 1350, Balance 1350 Firmware, Balance 20 and 107 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. | |||||
| CVE-2020-24242 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. | |||||
| CVE-2020-24231 | 1 Jumpmind | 1 Symmetricds | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution. | |||||
| CVE-2020-24216 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private. | |||||
| CVE-2020-24165 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | N/A | 8.8 HIGH |
| An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties. | |||||
| CVE-2020-24089 | 2 Iobit, Microsoft | 2 Malware Fighter, Windows | 2024-11-21 | N/A | 5.5 MEDIUM |
| An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS). | |||||
| CVE-2020-24088 | 2 Foxconn, Microsoft | 2 Live Update Utility, Windows | 2024-11-21 | N/A | 7.8 HIGH |
| An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges. | |||||
| CVE-2020-24003 | 1 Microsoft | 1 Skype | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client's microphone and camera access. | |||||
| CVE-2020-23864 | 1 Iobit | 1 Malware Fighter | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An issue exits in IOBit Malware Fighter version 8.0.2.547. Local escalation of privileges is possible by dropping a malicious DLL file into the WindowsApps folder. | |||||
| CVE-2020-23811 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| xxl-job 2.2.0 allows Information Disclosure of username, model, and password via job/admin/controller/UserController.java. | |||||
| CVE-2020-23768 | 1 Phpyun | 1 Phpyun | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability was discovered in alipay_function.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and telephone numbers. | |||||
| CVE-2020-23741 | 1 Amoisoft | 1 Anyview | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| In AnyView (network police) network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash (BSOD). | |||||
| CVE-2020-23738 | 1 Advancedsystemcare | 1 Advanced Systemcare | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in Advanced SystemCare 13 PRO 13.5.0.174. Attackers can use a constructed program to cause a computer crash (BSOD) | |||||
| CVE-2020-23736 | 1 Dadajiasu | 1 Dada Accelerator | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in DaDa accelerator 5.6.19.816,, attackers can use constructed programs to cause computer crashes (BSOD). | |||||
| CVE-2020-23727 | 1 Antiy | 1 Antiy Zhijia Terminal Defense System | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in the Antiy Zhijia Terminal Defense System 5.0.2.10121559 and an attacker can cause a computer crash (BSOD). | |||||
| CVE-2020-23726 | 1 Wisecleaner | 1 Wise Care 365 | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| There is a local denial of service vulnerability in Wise Care 365 5.5.4, attackers can cause computer crash (BSOD). | |||||
| CVE-2020-23691 | 1 Yfcmf | 1 Yfcmf | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| YFCMF v2.3.1 has a Remote Command Execution (RCE) vulnerability in the index.php. | |||||
| CVE-2020-23680 | 1 Text2pdf Project | 1 Text2pdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts. | |||||