Total
82447 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9321 | 1 Traefik | 1 Traefik | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| configurationwatcher.go in Traefik 2.x before 2.1.4 and TraefikEE 2.0.0 mishandles the purging of certificate contents from providers before logging. | |||||
| CVE-2020-9318 | 1 Red-gate | 1 Sql Monitor | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Red Gate SQL Monitor 9.0.13 through 9.2.14 allows an administrative user to perform a SQL injection attack by configuring the SNMP alert settings in the UI. This is fixed in 9.2.15. | |||||
| CVE-2020-9315 | 1 Oracle | 1 Iplanet Web Server | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Oracle iPlanet Web Server 7.0.x has Incorrect Access Control for admingui/version URIs in the Administration console, as demonstrated by unauthenticated read access to encryption keys. NOTE: a related support policy can be found in the www.oracle.com references attached to this CVE. | |||||
| CVE-2020-9309 | 1 Silverstripe | 2 Mimevalidator, Recipe | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions (for example HTML code in a TXT file). When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Uploads stored as protected or draft files are allowed by default for authorised users only, but can also be enabled through custom logic as well as modules such as silverstripe/userforms. Sites using the previously optional silverstripe/mimevalidator module can configure MIME whitelists rather than extension whitelists, and hence prevent this issue. Sites on the Common Web Platform (CWP) use this module by default, and are not affected. | |||||
| CVE-2020-9308 | 3 Canonical, Fedoraproject, Libarchive | 3 Ubuntu Linux, Fedora, Libarchive | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| archive_read_support_format_rar5.c in libarchive before 3.4.2 attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a SIGSEGV or possibly unspecified other impact. | |||||
| CVE-2020-9306 | 1 Tesla | 1 Solarcity Solar Monitoring Gateway | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| Tesla SolarCity Solar Monitoring Gateway through 5.46.43 has a "Use of Hard-coded Credentials" issue because Digi ConnectPort X2e uses a .pyc file to store the cleartext password for the python user account. | |||||
| CVE-2020-9301 | 1 Linuxfoundation | 1 Spinnaker | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Nolan Ray from Apple Information Security identified a security vulnerability in Spinnaker, all versions prior to version 1.23.4, 1.22.4 or 1.21.5. The vulnerability exists within the handling of SpEL expressions that allows an attacker to read and write arbitrary files within the orca container via authenticated HTTP POST requests. | |||||
| CVE-2020-9298 | 1 Spinnaker | 1 Orca | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Spinnaker template resolution functionality is vulnerable to Server-Side Request Forgery (SSRF), which allows an attacker to send requests on behalf of Spinnaker potentially leading to sensitive data disclosure. | |||||
| CVE-2020-9290 | 1 Fortinet | 2 Forticlient, Forticlient Virtual Private Network | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An Unsafe Search Path vulnerability in FortiClient for Windows online installer 6.2.3 and below may allow a local attacker with control over the directory in which FortiClientOnlineInstaller.exe and FortiClientVPNOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | |||||
| CVE-2020-9289 | 1 Fortinet | 1 Fortimanager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiManager 6.2.3 and below, FortiAnalyzer 6.2.3 and below may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key. | |||||
| CVE-2020-9287 | 1 Fortinet | 1 Forticlient Emergency Management Server | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
| An Unsafe Search Path vulnerability in FortiClient EMS online installer 6.2.1 and below may allow a local attacker with control over the directory in which FortiClientEMSOnlineInstaller.exe resides to execute arbitrary code on the system via uploading malicious Filter Library DLL files in that directory. | |||||
| CVE-2020-9283 | 2 Debian, Golang | 2 Debian Linux, Package Ssh | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| golang.org/x/crypto before v0.0.0-20200220183623-bac4c82f6975 for Go allows a panic during signature verification in the golang.org/x/crypto/ssh package. A client can attack an SSH server that accepts public keys. Also, a server can attack any SSH client. | |||||
| CVE-2020-9280 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In SilverStripe through 4.5, files uploaded via Forms to folders migrated from Silverstripe CMS 3.x may be put to the default "/Uploads" folder instead. This affects installations which allowed upload folder protection via the optional silverstripe/secureassets module under 3.x. This module is installed and enabled by default on the Common Web Platform (CWP). The vulnerability only affects files uploaded after an upgrade to 4.x. | |||||
| CVE-2020-9276 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277. | |||||
| CVE-2020-9274 | 4 Canonical, Debian, Fedoraproject and 1 more | 5 Ubuntu Linux, Debian Linux, Extra Packages For Enterprise Linux and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Pure-FTPd 1.0.49. An uninitialized pointer vulnerability has been detected in the diraliases linked list. When the *lookup_alias(const char alias) or print_aliases(void) function is called, they fail to correctly detect the end of the linked list and try to access a non-existent list member. This is related to init_aliases in diraliases.c. | |||||
| CVE-2020-9273 | 5 Debian, Fedoraproject, Opensuse and 2 more | 9 Debian Linux, Fedora, Backports Sle and 6 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| In ProFTPD 1.3.7, it is possible to corrupt the memory pool by interrupting the data transfer channel. This triggers a use-after-free in alloc_pool in pool.c, and possible remote code execution. | |||||
| CVE-2020-9272 | 3 Opensuse, Proftpd, Siemens | 7 Backports Sle, Leap, Proftpd and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ProFTPD 1.3.7 has an out-of-bounds (OOB) read vulnerability in mod_cap via the cap_text.c cap_to_text function. | |||||
| CVE-2020-9270 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| ICE Hrm 26.2.0 is vulnerable to CSRF that leads to password reset via service.php. | |||||
| CVE-2020-9269 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| SOPlanning 1.45 is vulnerable to authenticated SQL Injection that leads to command execution via the users parameter, as demonstrated by export_ical.php. | |||||
| CVE-2020-9268 | 1 Soplanning | 1 Soplanning | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| SoPlanning 1.45 is vulnerable to SQL Injection in the OrderBy clause, as demonstrated by the projets.php?order=nom_createur&by= substring. | |||||