ReportizFlow
Filtered by vendor
Subscriptions
Total
442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28900 | 1 Nagios | 2 Fusion, Nagios Xi | 2024-11-21 | 9.8 Critical |
| Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.5 and earlier allows for Escalation of Privileges or Code Execution as root via vectors related to an untrusted update package to upgrade_to_latest.sh. | ||||
| CVE-2020-27670 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in Xen through 4.14.x allowing x86 guest OS users to cause a denial of service (data corruption), cause a data leak, or possibly gain privileges because an AMD IOMMU page-table entry can be half-updated. | ||||
| CVE-2020-26893 | 1 Clamxav | 1 Clamxav | 2024-11-21 | 7.8 High |
| An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client verification in the helper tool. | ||||
| CVE-2020-26547 | 1 Monal | 1 Monal | 2024-11-21 | 9.8 Critical |
| Monal before 4.9 does not implement proper sender verification on MAM and Message Carbon (XEP-0280) results. This allows a remote attacker (able to send stanzas to a victim) to inject arbitrary messages into the local history, with full control over the sender and receiver displayed to the victim. | ||||
| CVE-2020-25019 | 1 Jitsi | 1 Meet Electron | 2024-11-21 | 7.5 High |
| jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | ||||
| CVE-2020-24672 | 1 Abb | 1 Base Software | 2024-11-21 | 9.8 Critical |
| A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . | ||||
| CVE-2020-24587 | 7 Arista, Cisco, Debian and 4 more | 333 C-100, C-100 Firmware, C-110 and 330 more | 2024-11-21 | 2.6 Low |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. | ||||
| CVE-2020-24395 | 1 Hom.ee | 2 Brain Cube, Brain Cube Core | 2024-11-21 | 6.8 Medium |
| The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker with physical access to install compromised firmware. This occurs because of insufficient validation of the firmware image file and can lead to code execution on the device. | ||||
| CVE-2020-24045 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 7.2 High |
| A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to a restricted shell, allowing execution of a small number of tools of the operating system. The restricted shell can be bypassed by presenting a fake vmware-tools ISO image to the guest virtual machine running SpamTitan Gateway. This ISO image should contain a valid Perl script at the vmware-freebsd-tools/vmware-tools-distrib/vmware-install.pl path. The fake ISO image will be mounted and the script wmware-install.pl will be executed with super-user privileges as soon as the hidden option to install VMware Tools is selected in the main menu of the restricted shell (option number 5). The contents of the script can be whatever the attacker wants, including a backdoor or similar. | ||||
| CVE-2020-23906 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 5.5 Medium |
| FFmpeg N-98388-g76a3ee996b allows attackers to cause a denial of service (DoS) via a crafted audio file due to insufficient verification of data authenticity. | ||||
| CVE-2020-1755 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.3 Medium |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks. | ||||
| CVE-2020-1677 | 1 Juniper | 1 Mist Cloud Ui | 2024-11-21 | 7.2 High |
| When SAML authentication is enabled, Juniper Networks Mist Cloud UI might incorrectly handle child elements in SAML responses, allowing a remote attacker to modify a valid SAML response without invalidating its cryptographic signature to bypass SAML authentication security controls. This issue affects all Juniper Networks Mist Cloud UI versions prior to September 2 2020. | ||||
| CVE-2020-19769 | 1 Rtb1 Project | 1 Rtb1 | 2024-11-21 | 7.5 High |
| A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. | ||||
| CVE-2020-19768 | 1 Tokensale Project | 1 Tokensale | 2024-11-21 | 7.5 High |
| A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. | ||||
| CVE-2020-17049 | 3 Microsoft, Redhat, Samba | 13 Windows Server 1903, Windows Server 1909, Windows Server 2004 and 10 more | 2024-11-21 | 6.6 Medium |
| A security feature bypass vulnerability exists in the way Key Distribution Center (KDC) determines if a service ticket can be used for delegation via Kerberos Constrained Delegation (KCD). To exploit the vulnerability, a compromised service that is configured to use KCD could tamper with a service ticket that is not valid for delegation to force the KDC to accept it. The update addresses this vulnerability by changing how the KDC validates service tickets used with KCD. | ||||
| CVE-2020-16250 | 2 Hashicorp, Redhat | 3 Vault, Openshift, Openshift Data Foundation | 2024-11-21 | 8.2 High |
| HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. | ||||
| CVE-2020-16122 | 2 Canonical, Packagekit Project | 2 Ubuntu Linux, Packagekit | 2024-11-21 | 8.2 High |
| PackageKit's apt backend mistakenly treated all local debs as trusted. The apt security model is based on repository trust and not on the contents of individual files. On sites with configured PolicyKit rules this may allow users to install malicious packages. | ||||
| CVE-2020-15899 | 1 Grin | 1 Grin | 2024-11-21 | 7.5 High |
| Grin 3.0.0 before 4.0.0 has insufficient validation of data related to Mimblewimble. | ||||
| CVE-2020-15699 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Joomla! through 3.9.19. Missing validation checks on the usergroups table object can result in a broken site configuration. | ||||
| CVE-2020-15262 | 1 Webpack-subresource-integrity Project | 1 Webpack-subresource-integrity | 2024-11-21 | 3.7 Low |
| In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-level chunks are unaffected. This issue is patched in version 1.5.1. | ||||