Total
34565 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11601 | 1 Google | 1 Android | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 (April 2020). | |||||
| CVE-2020-11595 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path. | |||||
| CVE-2020-11592 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database. | |||||
| CVE-2020-11591 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name. | |||||
| CVE-2020-11590 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name. | |||||
| CVE-2020-11588 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths. | |||||
| CVE-2020-11587 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server. | |||||
| CVE-2020-11554 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4. | |||||
| CVE-2020-11550 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). | |||||
| CVE-2020-11533 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). | |||||
| CVE-2020-11527 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | |||||
| CVE-2020-11519 | 1 Winmagic | 1 Securedoc | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution. | |||||
| CVE-2020-11518 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. | |||||
| CVE-2020-11484 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure. | |||||
| CVE-2020-11458 | 1 Misp | 1 Misp | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php. | |||||
| CVE-2020-11450 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher. | |||||
| CVE-2020-11447 | 1 Bell | 2 Home Hub 3000, Home Hub 3000 Firmware | 2024-11-21 | N/A | 4.3 MEDIUM |
| An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device. | |||||
| CVE-2020-11445 | 1 Tp-link | 30 Kc200, Kc200 Firmware, Kc300s2 and 27 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | |||||
| CVE-2020-11440 | 1 Windriver | 1 Vxworks | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. | |||||
| CVE-2020-11282 | 1 Qualcomm | 425 Apq8009, Apq8009w, Apq8017 and 422 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control when using mmap with the kgsl driver with a special offset value that can be provided to map the memstore of the GPU to user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | |||||