Total
65641 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-9884 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
CVE-2020-7185 | 1 Hp | 1 Intelligent Management Center | 2023-12-10 | 9.0 HIGH | 8.8 HIGH |
A tvxlanlegend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
CVE-2020-9937 | 1 Apple | 7 Icloud, Ipados, Iphone Os and 4 more | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
CVE-2020-8259 | 1 Nextcloud | 1 Nextcloud Server | 2023-12-10 | 5.5 MEDIUM | 8.1 HIGH |
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys. | |||||
CVE-2021-0206 | 1 Juniper | 17 Junos, Nfx150, Nfx250 and 14 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS allows an attacker to send a specific packet causing the packet forwarding engine (PFE) to crash and restart, resulting in a Denial of Service (DoS). By continuously sending these specific packets, an attacker can repeatedly disable the PFE causing a sustained Denial of Service (DoS). This issue only affects Juniper Networks NFX Series, SRX Series platforms when SSL Proxy is configured. This issue affects Juniper Networks Junos OS on NFX Series and SRX Series: 18.3 versions prior to 18.3R3-S4; 18.4 versions prior to 18.4R3-S1; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3; 19.2 versions prior to 19.2R1-S2, 19.2R2; 19.3 versions prior to 19.3R2. This issue does not affect Juniper Networks Junos OS versions on NFX Series and SRX Series prior to 18.3R1. | |||||
CVE-2020-27264 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol of the insulin pump and its AnyDana-i and AnyDana-A mobile applications use deterministic keys, which allows unauthenticated, physically proximate attackers to brute-force the keys via Bluetooth Low Energy. | |||||
CVE-2020-25694 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client application that creates additional database connections only reuses the basic connection parameters while dropping security-relevant parameters, an opportunity for a man-in-the-middle attack, or the ability to observe clear-text transmissions, could exist. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
CVE-2020-15931 | 1 Netwrix | 1 Account Lockout Examiner | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed (ID 4771) event on a Domain Controller. | |||||
CVE-2021-24123 | 1 Blubrry | 1 Powerpress | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privilege accounts (admin+) being able to upload arbitrary files, such as php, leading to RCE. | |||||
CVE-2020-5680 | 1 Ec-cube | 1 Ec-cube | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. | |||||
CVE-2020-6548 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2023-12-10 | 9.3 HIGH | 8.8 HIGH |
Heap buffer overflow in Skia in Google Chrome prior to 84.0.4147.125 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | |||||
CVE-2020-7566 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2023-12-10 | 4.3 MEDIUM | 7.3 HIGH |
A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption keys when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | |||||
CVE-2020-28033 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | |||||
CVE-2021-22159 | 1 Proofpoint | 1 Insider Threat Management | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
Insider Threat Management Windows Agent Local Privilege Escalation Vulnerability The Proofpoint Insider Threat Management (formerly ObserveIT) Agent for Windows before 7.4.3, 7.5.4, 7.6.5, 7.7.5, 7.8.4, 7.9.3, 7.10.2, and 7.11.0.25 as well as versions 7.3 and earlier is missing authentication for a critical function, which allows a local authenticated Windows user to run arbitrary commands with the privileges of the Windows SYSTEM user. Agents for MacOS, Linux, and ITM Cloud are not affected. | |||||
CVE-2019-14719 | 1 Verifone | 2 Mx900, Mx900 Firmware | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
Verifone MX900 series Pinpad Payment Terminals with OS 30251000 allow multiple arbitrary command injections, as demonstrated by the file manager. | |||||
CVE-2019-19878 | 1 Br-automation | 1 Industrial Automation Aprol | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in B&R Industrial Automation APROL before R4.2 V7.08. An attacker can get access to historical data from AprolSqlServer by bypassing authentication, a different vulnerability than CVE-2019-16358. | |||||
CVE-2021-28042 | 1 Deutschepost | 1 Mailoptimizer | 2023-12-10 | 8.3 HIGH | 7.8 HIGH |
Deutsche Post Mailoptimizer 4.3 before 2020-11-09 allows Directory Traversal via a crafted ZIP archive to the Upload feature or the MO Connect component. This can lead to remote code execution. | |||||
CVE-2020-5137 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-29143 | 1 Open-emr | 1 Openemr | 2023-12-10 | 6.5 MEDIUM | 7.2 HIGH |
A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | |||||
CVE-2020-0089 | 1 Google | 1 Android | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
In the audio server, there is a missing permission check. This could lead to local escalation of privilege regarding audio settings with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137015603 |