Total
22706 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11977 | 1 Apache | 1 Syncope | 2020-09-24 | 8.5 HIGH | 7.2 HIGH |
| In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, including but not limited to file read, file write, and code execution. | |||||
| CVE-2020-0379 | 1 Google | 1 Android | 2020-09-23 | 2.9 LOW | 5.7 MEDIUM |
| In the Bluetooth service, there is a possible spoofing attack due to a logic error. This could lead to remote information disclosure of sensitive information with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10 Android-11Android ID: A-150156492 | |||||
| CVE-2020-10766 | 1 Linux | 1 Linux Kernel | 2020-09-23 | 2.1 LOW | 5.5 MEDIUM |
| A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-10767 | 1 Linux | 1 Linux Kernel | 2020-09-23 | 1.9 LOW | 5.5 MEDIUM |
| A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indirect Branch Prediction Barrier). The IBPB mitigation will be disabled when STIBP is not available or when the Enhanced Indirect Branch Restricted Speculation (IBRS) is available. This flaw allows a local attacker to perform a Spectre V2 style attack when this configuration is active. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-10768 | 1 Linux | 1 Linux Kernel | 2020-09-22 | 2.1 LOW | 5.5 MEDIUM |
| A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to enable indirect branch speculation after it has been disabled. This call incorrectly reports it as being 'force disabled' when it is not and opens the system to Spectre v2 attacks. The highest threat from this vulnerability is to confidentiality. | |||||
| CVE-2020-24457 | 1 Intel | 100 Core I7-10510u, Core I7-10510u Firmware, Core I7-10510y and 97 more | 2020-09-22 | 4.6 MEDIUM | 7.6 HIGH |
| Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow an unauthenticated user to potentially enable escalation of privilege, denial of service and/or information disclosure via physical access. | |||||
| CVE-2020-16097 | 1 Gallagher | 1 Command Centre | 2020-09-22 | 2.1 LOW | 4.6 MEDIUM |
| On controllers running versions of v8.20 prior to vCR8.20.200221b (distributed in v8.20.1093(MR2)), v8.10 prior to vGR8.10.179 (distributed in v8.10.1211(MR5)), v8.00 prior to vGR8.00.165 (Distributed in v8.00.1228(MR6)), v7.90 prior to vGR7.90.165 (distributed in v7.90.1038(MRX)), v7.80 or earlier, It is possible to retrieve site keys used for securing MIFARE Plus and Desfire using debug ports on T Series readers. | |||||
| CVE-2020-7531 | 1 Schneider-electric | 1 Scadapack 7x Remote Connect | 2020-09-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and prior) which allows an attacker to place executables in a specific folder and run code whenever RemoteConnect is executed by the user. | |||||
| CVE-2020-13315 | 1 Gitlab | 1 Gitlab | 2020-09-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service. | |||||
| CVE-2020-25280 | 1 Google | 1 Android | 2020-09-21 | 4.6 MEDIUM | 6.8 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020). | |||||
| CVE-2020-12787 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2020-09-18 | 4.3 MEDIUM | 7.5 HIGH |
| Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | |||||
| CVE-2018-16487 | 1 Lodash | 1 Lodash | 2020-09-18 | 6.8 MEDIUM | 5.6 MEDIUM |
| A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype. | |||||
| CVE-2020-8817 | 1 Dataiku | 1 Data Science Studio | 2020-09-18 | 5.5 MEDIUM | 8.1 HIGH |
| Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" metadata. | |||||
| CVE-2020-25286 | 1 Wordpress | 1 Wordpress | 2020-09-17 | 5.0 MEDIUM | 5.3 MEDIUM |
| In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | |||||
| CVE-2020-1523 | 1 Microsoft | 1 Sharepoint Server | 2020-09-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A tampering vulnerability exists when Microsoft SharePoint Server fails to properly handle profile data, aka 'Microsoft SharePoint Server Tampering Vulnerability'. This CVE ID is unique from CVE-2020-1440. | |||||
| CVE-2020-0870 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2020-09-17 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists when the Shell infrastructure component improperly handles objects in memory, aka 'Shell infrastructure component Elevation of Privilege Vulnerability'. | |||||
| CVE-2020-1285 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-09-17 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. | |||||
| CVE-2020-1252 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-09-17 | 6.8 MEDIUM | 7.8 HIGH |
| A remote code execution vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Remote Code Execution Vulnerability'. | |||||
| CVE-2020-14608 | 1 Oracle | 1 Fusion Middleware Mapviewer | 2020-09-17 | 6.4 MEDIUM | 8.2 HIGH |
| Vulnerability in the Oracle Fusion Middleware MapViewer product of Oracle Fusion Middleware (component: Tile Server). The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Fusion Middleware MapViewer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Fusion Middleware MapViewer accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware MapViewer accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N). | |||||
| CVE-2020-1228 | 1 Microsoft | 4 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 1 more | 2020-09-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A denial of service vulnerability exists in Windows DNS when it fails to properly handle queries, aka 'Windows DNS Denial of Service Vulnerability'. This CVE ID is unique from CVE-2020-0836. | |||||