Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13931 | 1 Apache | 1 Tomee | 2020-12-23 | 6.8 MEDIUM | 9.8 CRITICAL |
| If Apache TomEE 8.0.0-M1 - 8.0.3, 7.1.0 - 7.1.3, 7.0.0-M1 - 7.0.8, 1.0.0 - 1.7.5 is configured to use the embedded ActiveMQ broker, and the broker config is misconfigured, a JMX port is opened on TCP port 1099, which does not include authentication. CVE-2020-11969 previously addressed the creation of the JMX management interface, however the incomplete fix did not cover this edge case. | |||||
| CVE-2007-4045 | 2 Apple, Fedoraproject | 2 Cups, Fedora | 2020-12-23 | 5.0 MEDIUM | N/A |
| The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of service problem in SSL negotiation. | |||||
| CVE-2020-4988 | 1 Ibm | 1 Loopback | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| Loopback 8.0.0 contains a vulnerability that could allow an attacker to manipulate or pollute Javascript values and cause a denial of service or possibly execute code. IBM X-Force ID: 192706. | |||||
| CVE-2020-35555 | 1 Google | 1 Android | 2020-12-22 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020). | |||||
| CVE-2020-27640 | 1 Mitel | 4 Mivoice 6930, Mivoice 6930 Firmware, Mivoice 6940 and 1 more | 2020-12-22 | 4.8 MEDIUM | 8.1 HIGH |
| The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. | |||||
| CVE-2020-35548 | 1 Google | 1 Android | 2020-12-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020). | |||||
| CVE-2020-35549 | 1 Google | 1 Android | 2020-12-21 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). | |||||
| CVE-2020-27639 | 1 Mitel | 6 6873i Sip, 6873i Sip Firmware, 6930 Sip and 3 more | 2020-12-21 | 4.8 MEDIUM | 8.1 HIGH |
| The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. | |||||
| CVE-2020-7203 | 1 Hp | 1 Ilo Amplifier Pack | 2020-12-21 | 7.5 HIGH | 9.8 CRITICAL |
| A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70. The vulnerability could be exploited to allow remote code execution. | |||||
| CVE-2020-24693 | 1 Mitel | 1 Micontact Center Business | 2020-12-18 | 2.1 LOW | 3.3 LOW |
| The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization. | |||||
| CVE-2020-35550 | 1 Google | 1 Android | 2020-12-18 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020). | |||||
| CVE-2020-35552 | 1 Google | 1 Android | 2020-12-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020). | |||||
| CVE-2020-35380 | 1 Gjson Project | 1 Gjson | 2020-12-17 | 5.0 MEDIUM | 7.5 HIGH |
| GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. | |||||
| CVE-2020-35470 | 1 Envoyproxy | 1 Envoy | 2020-12-16 | 5.8 MEDIUM | 8.8 HIGH |
| Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters). | |||||
| CVE-2020-35471 | 1 Envoyproxy | 1 Envoy | 2020-12-16 | 5.0 MEDIUM | 7.5 HIGH |
| Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. | |||||
| CVE-2019-2708 | 1 Oracle | 1 Berkeley Db | 2020-12-15 | 2.1 LOW | 3.3 LOW |
| Vulnerability in the Data Store component of Oracle Berkeley DB. Supported versions that are affected are Prior to 6.138, prior to 6.2.38 and prior to 18.1.32. Easily exploitable vulnerability allows low privileged attacker having Local Logon privilege with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Data Store. CVSS 3.0 Base Score 3.3 (Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). | |||||
| CVE-2008-1945 | 6 Canonical, Debian, Opensuse and 3 more | 9 Ubuntu Linux, Debian Linux, Opensuse and 6 more | 2020-12-15 | 2.1 LOW | N/A |
| QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004. | |||||
| CVE-2007-1322 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-12-15 | 2.1 LOW | N/A |
| QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction. | |||||
| CVE-2020-35235 | 1 Themexa | 1 Secure File Manager | 2020-12-15 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-0469 | 1 Google | 1 Android | 2020-12-15 | 2.1 LOW | 5.5 MEDIUM |
| In addEscrowToken of LockSettingsService.java, there is a possible loss of the synthetic password due to logic error. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168692734 | |||||