Total
596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3315 | 1 Cisco | 19 1100-4g Integrated Services Router, 1100-6g Integrated Services Router, 1100-lte Integrated Services Router and 16 more | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass the configured file policies on an affected system. The vulnerability is due to errors in how the Snort detection engine handles specific HTTP responses. An attacker could exploit this vulnerability by sending crafted HTTP packets that would flow through an affected system. A successful exploit could allow the attacker to bypass the configured file policies and deliver a malicious payload to the protected network. | |||||
| CVE-2020-11931 | 2 Canonical, Pulseaudio | 2 Ubuntu Linux, Pulseaudio | 2023-12-10 | 2.1 LOW | 3.3 LOW |
| An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; | |||||
| CVE-2020-5742 | 1 Plex | 1 Media Server | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. | |||||
| CVE-2020-13240 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2023-12-10 | 5.5 MEDIUM | 5.4 MEDIUM |
| The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. | |||||
| CVE-2020-11934 | 1 Canonical | 1 Ubuntu Linux | 2023-12-10 | 1.9 LOW | 5.9 MEDIUM |
| It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2. | |||||
| CVE-2020-10867 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to bypass intended access restrictions on tasks from an untrusted process, when Self Defense is enabled. | |||||
| CVE-2020-13469 | 1 Gigadevice | 2 Gd32vf103, Gd32vf103 Firmware | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
| The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. | |||||
| CVE-2020-12020 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2023-12-10 | 3.6 LOW | 6.1 MEDIUM |
| Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user. | |||||
| CVE-2020-13472 | 1 Gigadevice | 2 Gd32f103, Gd32f103 Firmware | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
| The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. | |||||
| CVE-2020-10271 | 4 Aliasrobotics, Enabled-robotics, Mobile-industrial-robotics and 1 more | 20 Mir100, Mir1000, Mir1000 Firmware and 17 more | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| MiR100, MiR200 and other MiR robots use the Robot Operating System (ROS) default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as appropriate. Currently, the ROS computational graph can be accessed fully from the wired exposed ports. In combination with other flaws such as CVE-2020-10269, the computation graph can also be fetched and interacted from wireless networks. This allows a malicious operator to take control of the ROS logic and correspondingly, the complete robot given that MiR's operations are centered around the framework (ROS). | |||||
| CVE-2020-5887 | 1 F5 | 13 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 10 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| On versions 15.1.0-15.1.0.1, 15.0.0-15.0.1.2, and 14.1.0-14.1.2.3, BIG-IP Virtual Edition (VE) may expose a mechanism for remote attackers to access local daemons and bypass port lockdown settings. | |||||
| CVE-2020-25073 | 1 Debian | 1 Freedombox | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. | |||||
| CVE-2020-11582 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2023-12-10 | 3.3 LOW | 8.8 HIGH |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) | |||||
| CVE-2020-13946 | 2 Apache, Netapp | 2 Cassandra, Oncommand Insight | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
| In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. | |||||
| CVE-2020-13470 | 1 Gigadevice | 4 Gd32f103, Gd32f103 Firmware, Gd32f130 and 1 more | 2023-12-10 | 2.1 LOW | 4.6 MEDIUM |
| Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. | |||||
| CVE-2020-9291 | 1 Fortinet | 1 Forticlient | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
| An Insecure Temporary File vulnerability in FortiClient for Windows 6.2.1 and below may allow a local user to gain elevated privileges via exhausting the pool of temporary file names combined with a symbolic link attack. | |||||
| CVE-2020-5386 | 1 Dell | 1 Emc Elastic Cloud Storage | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Dell EMC ECS, versions prior to 3.5, contains an Exposure of Resource vulnerability. A remote unauthenticated attacker can access the list of DT (Directory Table) objects of all internally running services and gain knowledge of sensitive data of the system. | |||||
| CVE-2020-6774 | 1 Bosch | 2 Recording Station, Recording Station Firmware | 2023-12-10 | 7.2 HIGH | 8.8 HIGH |
| Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. | |||||
| CVE-2020-10238 | 1 Joomla | 1 Joomla\! | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required ACL checks, leading to various potential attack vectors. | |||||
| CVE-2020-12142 | 2 Arubanetworks, Silver-peak | 44 Nx-1000, Nx-10k, Nx-11k and 41 more | 2023-12-10 | 4.0 MEDIUM | 4.9 MEDIUM |
| 1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. | |||||