Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-17091 | 1 Microsoft | 1 Teams | 2020-12-01 | 4.4 MEDIUM | 7.8 HIGH |
| Microsoft Teams Remote Code Execution Vulnerability | |||||
| CVE-2020-17090 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-12-01 | 7.5 HIGH | 9.8 CRITICAL |
| Microsoft Defender for Endpoint Security Feature Bypass Vulnerability | |||||
| CVE-2020-16987 | 1 Microsoft | 1 Azure Sphere | 2020-12-01 | 7.2 HIGH | 7.8 HIGH |
| Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16984, CVE-2020-16991, CVE-2020-16994. | |||||
| CVE-2020-16984 | 1 Microsoft | 1 Azure Sphere | 2020-12-01 | 7.2 HIGH | 7.8 HIGH |
| Azure Sphere Unsigned Code Execution Vulnerability This CVE ID is unique from CVE-2020-16970, CVE-2020-16982, CVE-2020-16987, CVE-2020-16991, CVE-2020-16994. | |||||
| CVE-2020-13356 | 1 Gitlab | 1 Gitlab | 2020-12-01 | 6.4 MEDIUM | 8.2 HIGH |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: >=8.8.9, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | |||||
| CVE-2020-4592 | 1 Ibm | 1 Mq Appliance | 2020-12-01 | 3.5 LOW | 6.5 MEDIUM |
| IBM MQ Appliance 9.1.CD and LTS could allow an authenticated user, under nondefault configuration to cause a data corruption attack due to an error when using segmented messages. | |||||
| CVE-2020-16983 | 1 Microsoft | 1 Azure Sphere | 2020-12-01 | 7.2 HIGH | 6.2 MEDIUM |
| Azure Sphere Tampering Vulnerability | |||||
| CVE-2020-7765 | 1 Google | 1 Firebase\/util | 2020-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects the package @firebase/util before 0.3.4. This vulnerability relates to the deepExtend function within the DeepCopy.ts file. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program. | |||||
| CVE-2020-13958 | 1 Apache | 1 Openoffice | 2020-12-01 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click. | |||||
| CVE-2020-27629 | 1 Jetbrains | 1 Teamcity | 2020-12-01 | 5.0 MEDIUM | 5.3 MEDIUM |
| In JetBrains TeamCity before 2020.1.5, secure dependency parameters could be not masked in depending builds when there are no internal artifacts. | |||||
| CVE-2009-0501 | 1 Moodle | 1 Moodle | 2020-12-01 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the Calendar export feature in Moodle 1.8 before 1.8.8 and 1.9 before 1.9.4 allows attackers to obtain sensitive information and conduct "brute force attacks on user accounts" via unknown vectors. | |||||
| CVE-2011-4291 | 1 Moodle | 1 Moodle | 2020-12-01 | 4.0 MEDIUM | N/A |
| Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a denial of service (invalid database records) via a series of crafted ratings operations. | |||||
| CVE-2020-27191 | 1 Lionwiki | 1 Lionwiki | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-27623 | 1 Jetbrains | 1 Ideavim | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. | |||||
| CVE-2020-26224 | 1 Prestashop | 1 Prestashop | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9. | |||||
| CVE-2020-26548 | 1 Aviatrix | 1 Controller | 2020-11-30 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. | |||||
| CVE-2020-7772 | 1 Doc-path Project | 1 Doc-path | 2020-11-30 | 10.0 HIGH | 9.8 CRITICAL |
| This affects the package doc-path before 2.1.2. | |||||
| CVE-2020-12927 | 1 Amd | 1 Vbios Flash Tool Software Development Kit | 2020-11-30 | 7.2 HIGH | 7.8 HIGH |
| A potential vulnerability in a dynamically loaded AMD driver in AMD VBIOS Flash Tool SDK may allow any authenticated user to escalate privileges to NT authority system. | |||||
| CVE-2020-8354 | 1 Lenovo | 2 Notebook, Notebook Firmware | 2020-11-30 | 7.2 HIGH | 6.7 MEDIUM |
| A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some Lenovo Notebook models may allow arbitrary code execution. | |||||
| CVE-2020-12593 | 1 Symantec | 1 Endpoint Detection And Response | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| Symantec Endpoint Detection & Response, prior to 4.5, may be susceptible to an information disclosure issue, which is a type of vulnerability that could potentially allow unauthorized access to data. | |||||