Total
2183 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-11989 | 1 Apache | 1 Shiro | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Apache Shiro before 1.5.3, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | |||||
| CVE-2020-11986 | 1 Apache | 1 Netbeans | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project. Apache NetBeans up to and including 12.0 did not request consent from the user for the analysis of the project at load time. This in turn will run potentially malicious code, from an external source, without the consent of the user. | |||||
| CVE-2020-11974 | 1 Apache | 1 Dolphinscheduler | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In DolphinScheduler 1.2.0 and 1.2.1, with mysql connectorj a remote code execution vulnerability exists when choosing mysql as database. | |||||
| CVE-2020-11960 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Xiaomi router R3600 ROM before 1.0.50 is affected by a vulnerability when checking backup file in c_upload interface let attacker able to extract malicious file under any location in /tmp, lead to possible RCE and DoS | |||||
| CVE-2020-11928 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin. | |||||
| CVE-2020-11830 | 1 Oppo | 1 Qualityprotect | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. | |||||
| CVE-2020-11800 | 3 Debian, Opensuse, Zabbix | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-11715 | 1 Panasonic | 2 P99, P99 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support." | |||||
| CVE-2020-11518 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. | |||||
| CVE-2020-10857 | 1 Zulip | 1 Zulip Desktop | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution. | |||||
| CVE-2020-10731 | 1 Redhat | 1 Openstack Platform | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines. | |||||
| CVE-2020-10661 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
| HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. | |||||
| CVE-2020-10383 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module. | |||||
| CVE-2020-10284 | 1 Ufactory | 1 Xarm Studio | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session. | |||||
| CVE-2020-10119 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). | |||||
| CVE-2020-10118 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). | |||||
| CVE-2020-10074 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab account could be taken over through an expired link. | |||||
| CVE-2020-0447 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168251617 | |||||
| CVE-2020-0446 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264528 | |||||
| CVE-2020-0445 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible out of bounds write due to a missing bounds check.Product: AndroidVersions: Android SoCAndroid ID: A-168264527 | |||||