Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13535 | 1 Kepware | 1 Linkmaster | 2022-08-05 | 7.2 HIGH | 7.8 HIGH |
| A privilege escalation vulnerability exists in Kepware LinkMaster 3.0.94.0. In its default configuration, an attacker can globally overwrite service configuration to execute arbitrary code with NT SYSTEM privileges. | |||||
| CVE-2020-29361 | 2 Debian, P11-kit Project | 2 Debian Linux, P11-kit | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc. | |||||
| CVE-2020-35416 | 1 Onlineonly | 1 Phpjabbers Appointment Scheduler | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-0368 | 1 Google | 1 Android | 2022-08-05 | 2.1 LOW | 3.3 LOW |
| In queryInternal of CallLogProvider.java, there is a possible permission bypass due to improper input validation. This could lead to local information disclosure of voicemail metadata with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143230980 | |||||
| CVE-2020-35460 | 2 Mpxj, Oracle | 2 Mpxj, Primavera Unifier | 2022-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| common/InputStreamHelper.java in Packwood MPXJ before 8.3.5 allows directory traversal in the zip stream handler flow, leading to the writing of files to arbitrary locations. | |||||
| CVE-2020-28396 | 1 Siemens | 6 Sicam A8000 Cp-8000, Sicam A8000 Cp-8000 Firmware, Sicam A8000 Cp-8021 and 3 more | 2022-08-05 | 4.9 MEDIUM | 7.3 HIGH |
| A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021 (All versions < V16), SICAM A8000 CP-8022 (All versions < V16). A web server misconfiguration of the affected device can cause insecure ciphers usage by a userĀ“s browser. An attacker in a privileged position could decrypt the communication and compromise confidentiality and integrity of the transmitted information. | |||||
| CVE-2020-35176 | 3 Awstats, Debian, Fedoraproject | 3 Awstats, Debian Linux, Fedora | 2022-08-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. | |||||
| CVE-2020-29563 | 1 Westerndigital | 6 My Cloud Ex2 Ultra, My Cloud Ex4100, My Cloud Mirror Gen 2 and 3 more | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authentication bypass vulnerability could allow an unauthenticated user to gain access to the device. | |||||
| CVE-2020-13987 | 4 Contiki-os, Open-iscsi Project, Siemens and 1 more | 11 Contiki, Open-iscsi, Sentron 3va Com100 and 8 more | 2022-08-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. | |||||
| CVE-2020-27730 | 2 F5, Netapp | 2 Nginx Controller, Cloud Backup | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute paths when calling system utilities. | |||||
| CVE-2020-15023 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2022-08-05 | 4.3 MEDIUM | 5.9 MEDIUM |
| Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exchange. By capturing an attempted (and even failed) WPS authentication attempt, it is possible to brute force the overall authentication exchange. This allows an attacker to obtain the recovered WPS PIN in minutes or even seconds, and eventually obtain the Wi-Fi PSK key, gaining access to the Wi=Fi network. | |||||
| CVE-2020-17515 | 1 Apache | 1 Airflow | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions prior to 1.10.13. This is same as CVE-2020-13944 but the implemented fix in Airflow 1.10.13 did not fix the issue completely. | |||||
| CVE-2020-35135 | 1 Infolific | 1 Ultimate Category Excluder | 2022-08-05 | 6.8 MEDIUM | 8.8 HIGH |
| The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. | |||||
| CVE-2020-27828 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2022-08-05 | 6.8 MEDIUM | 7.8 HIGH |
| There's a flaw in jasper's jpc encoder in versions prior to 2.0.23. Crafted input provided to jasper by an attacker could cause an arbitrary out-of-bounds write. This could potentially affect data confidentiality, integrity, or application availability. | |||||
| CVE-2020-26201 | 1 Askey | 2 Ap5100w, Ap5100w Firmware | 2022-08-05 | 10.0 HIGH | 9.8 CRITICAL |
| Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating System (rlx-linux) level. This allows an attacker to gain unauthorized access as an admin or root user to the device Operating System via Telnet or SSH. | |||||
| CVE-2020-27783 | 6 Debian, Fedoraproject, Lxml and 3 more | 8 Debian Linux, Fedora, Lxml and 5 more | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability was discovered in python-lxml's clean module. The module's parser didn't properly imitate browsers, which caused different behaviors between the sanitizer and the user's page. A remote attacker could exploit this flaw to run arbitrary HTML/JS code. | |||||
| CVE-2020-13584 | 2 Fedoraproject, Webkitgtk | 2 Fedora, Webkitgtk | 2022-08-05 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The victim needs to visit a malicious web site to trigger this vulnerability. | |||||
| CVE-2020-29395 | 1 Myeventon | 1 Eventon | 2022-08-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. | |||||
| CVE-2020-28926 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2022-08-05 | 7.5 HIGH | 9.8 CRITICAL |
| ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. | |||||
| CVE-2020-12262 | 1 Intelbras | 6 Tip200, Tip200 Firmware, Tip200lite and 3 more | 2022-08-05 | 3.5 LOW | 5.4 MEDIUM |
| Intelbras TIP200 60.61.75.15, TIP200LITE 60.61.75.15, and TIP300 65.61.75.15 devices allow /cgi-bin/cgiServer.exx?page= XSS. | |||||