Vulnerabilities (CVE)

Total 64013 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-24423 2 Adobe, Microsoft 2 Media Encoder, Windows 2023-12-10 6.9 MEDIUM 7.8 HIGH
Adobe Media Encoder version 14.4 (and earlier) for Windows is affected by an uncontrolled search path vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2020-1847 1 Huawei 12 Nip6300, Nip6300 Firmware, Nip6600 and 9 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
There is a denial of service vulnerability in some Huawei products. There is no protection against the attack scenario of specific protocol. A remote, unauthorized attackers can construct attack scenarios, which leads to denial of service.Affected product versions include:NIP6300 versions V500R001C30,V500R001C60;NIP6600 versions V500R001C30,V500R001C60;Secospace USG6300 versions V500R001C30,V500R001C60;Secospace USG6500 versions V500R001C30,V500R001C60;Secospace USG6600 versions V500R001C30,V500R001C60;USG9500 versions V500R001C30,V500R001C60.
CVE-2020-14374 3 Canonical, Dpdk, Opensuse 3 Ubuntu Linux, Data Plane Development Kit, Leap 2023-12-10 7.2 HIGH 8.8 HIGH
A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A flawed bounds checking in the copy_data function leads to a buffer overflow allowing an attacker in a virtual machine to write arbitrary data to any address in the vhost_crypto application. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
CVE-2020-12927 1 Amd 1 Vbios Flash Tool Software Development Kit 2023-12-10 7.2 HIGH 7.8 HIGH
A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system.
CVE-2020-36182 4 Debian, Fasterxml, Netapp and 1 more 45 Debian Linux, Jackson-databind, Cloud Backup and 42 more 2023-12-10 6.8 MEDIUM 8.1 HIGH
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.
CVE-2021-27885 1 E107 1 E107 2023-12-10 6.8 MEDIUM 8.8 HIGH
usersettings.php in e107 through 2.3.0 lacks a certain e_TOKEN protection mechanism.
CVE-2020-12511 1 Pepperl-fuchs 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more 2023-12-10 6.8 MEDIUM 8.8 HIGH
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to a Cross-Site Request Forgery (CSRF) in the web interface.
CVE-2020-4952 2 Ibm, Linux 2 Security Guardium, Linux Kernel 2023-12-10 9.0 HIGH 8.8 HIGH
IBM Security Guardium 11.2 could allow an authenticated user to gain root access due to improper access control. IBM X-Force ID: 192028.
CVE-2020-7751 1 Chaijis 1 Pathval 2023-12-10 6.5 MEDIUM 7.2 HIGH
pathval before version 1.1.1 is vulnerable to prototype pollution.
CVE-2020-35938 1 Pickplugins 2 Post Grid, Team Showcase 2023-12-10 6.0 MEDIUM 8.8 HIGH
PHP Object injection vulnerabilities in the Post Grid plugin before 2.0.73 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to post_grid_import_xml_layouts.
CVE-2021-25135 1 Hpe 10 Cloudline Cl3100 Gen10 Server, Cloudline Cl3100 Gen10 Server Firmware, Cloudline Cl4100 Gen10 Server and 7 more 2023-12-10 7.2 HIGH 7.8 HIGH
The Baseboard Management Controller(BMC) in HPE Cloudline CL5800 Gen9 Server; HPE Cloudline CL5200 Gen9 Server; HPE Cloudline CL4100 Gen10 Server; HPE Cloudline CL3100 Gen10 Server; HPE Cloudline CL5800 Gen10 Server BMC firmware has a local buffer overlfow in spx_restservice setsmtp_func function.
CVE-2020-28186 1 Terra-master 1 Tos 2023-12-10 6.8 MEDIUM 7.3 HIGH
Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the forget password functionality and achieve account takeover.
CVE-2020-13769 1 Ivanti 1 Endpoint Manager 2023-12-10 6.5 MEDIUM 8.8 HIGH
LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request.
CVE-2020-16102 1 Gallagher 1 Command Centre 2023-12-10 6.4 MEDIUM 8.2 HIGH
Improper Authentication vulnerability in Gallagher Command Centre Server allows an unauthenticated remote attacker to create items with invalid configuration, potentially causing the server to crash and fail to restart. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1299(MR2); 8.20 versions prior to 8.20.1218(MR4); 8.10 versions prior to 8.10.1253(MR6); 8.00 versions prior to 8.00.1252(MR7); version 7.90 and prior versions.
CVE-2020-14819 1 Oracle 1 One-to-one Fulfillment 2023-12-10 5.8 MEDIUM 8.2 HIGH
Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Print Server). The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle One-to-One Fulfillment accessible data as well as unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
CVE-2020-25170 1 Bbraun 1 Onlinesuite Application Package 2023-12-10 6.8 MEDIUM 7.8 HIGH
An Excel Macro Injection vulnerability exists in the export feature in the B. Braun OnlineSuite Version AP 3.0 and earlier via multiple input fields that are mishandled in an Excel export.
CVE-2020-27180 1 Konzept-ix 1 Publixone 2023-12-10 5.0 MEDIUM 7.5 HIGH
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.
CVE-2020-27905 1 Apple 4 Ipados, Iphone Os, Tvos and 1 more 2023-12-10 9.3 HIGH 7.8 HIGH
A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. A malicious application may be able to execute arbitrary code with system privileges.
CVE-2020-6108 1 F2fs-tools Project 1 F2fs-tools 2023-12-10 6.8 MEDIUM 7.8 HIGH
An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-14351 3 Debian, Linux, Redhat 3 Debian Linux, Linux Kernel, Enterprise Linux 2023-12-10 4.6 MEDIUM 7.8 HIGH
A flaw was found in the Linux kernel. A use-after-free memory flaw was found in the perf subsystem allowing a local attacker with permission to monitor perf events to corrupt memory and possibly escalate privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.