Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28039 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | |||||
| CVE-2020-28035 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | |||||
| CVE-2020-27664 | 1 Strapi | 1 Strapi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| admin/src/containers/InputModalStepperProvider/index.js in Strapi before 3.2.5 has unwanted /proxy?url= functionality. | |||||
| CVE-2020-27619 | 3 Fedoraproject, Oracle, Python | 3 Fedora, Communications Cloud Native Core Network Function Cloud Native Environment, Python | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Python 3 through 3.9.0, the Lib/test/multibytecodec_support.py CJK codec tests call eval() on content retrieved via HTTP. | |||||
| CVE-2020-27544 | 1 Foldingathome | 1 Client Advanced Control | 2024-11-21 | N/A | 9.8 CRITICAL |
| An issue was discovered in FoldingAtHome Client Advanced Control GUI before commit 9b619ae64443997948a36dda01b420578de1af77, allows remote attackers to execute arbitrary code via crafted payload to function parse_message in file Connection.py. | |||||
| CVE-2020-27195 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| HashiCorp Nomad and Nomad Enterprise version 0.9.0 up to 0.12.5 client file sandbox feature can be subverted using either the template or artifact stanzas. Fixed in 0.12.6, 0.11.5, and 0.10.6 | |||||
| CVE-2020-26943 | 1 Openstack | 1 Blazar-dashboard | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| An issue was discovered in OpenStack blazar-dashboard before 1.3.1, 2.0.0, and 3.0.0. A user allowed to access the Blazar dashboard in Horizon may trigger code execution on the Horizon host as the user the Horizon service runs under (because the Python eval function is used). This may result in Horizon host unauthorized access and further compromise of the Horizon service. All setups using the Horizon dashboard with the blazar-dashboard plugin are affected. | |||||
| CVE-2020-26728 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. | |||||
| CVE-2020-26098 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). | |||||
| CVE-2020-26041 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | |||||
| CVE-2020-25753 | 1 Enphase | 2 Envoy, Envoy Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. | |||||
| CVE-2020-25207 | 1 Jetbrains | 1 Toolbox | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol handler. | |||||
| CVE-2020-25069 | 1 Usvn | 1 Usvn | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit view. | |||||
| CVE-2020-25061 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. lge_property allows property overwrites. The LG ID is LVE-SMP-200016 (July 2020). | |||||
| CVE-2020-25058 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The network_management service does not properly restrict configuration changes. The LG ID is LVE-SMP-200012 (July 2020). | |||||
| CVE-2020-25057 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not properly restrict APK installations. The LG ID is LVE-SMP-200011 (July 2020). | |||||
| CVE-2020-25053 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020). | |||||
| CVE-2020-25016 | 1 Rgb-rust Project | 1 Rgb-rust | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. | |||||
| CVE-2020-24743 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | |||||
| CVE-2020-24653 | 1 Expo | 1 Expo | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceOnly policy when WHEN_UNLOCKED_THIS_DEVICE_ONLY is used. | |||||