Total
82350 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8442 | 1 Ossec | 1 Ossec | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client. | |||||
| CVE-2020-8438 | 1 Arris | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS commands via the hidden /forms/nslookupHandler form, as demonstrated by the nslookuptarget=|cat${IFS} substring. | |||||
| CVE-2020-8437 | 1 Bittorrent | 1 Utorrent | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded dictionaries, which allows a remote attacker to cause a denial of service. | |||||
| CVE-2020-8435 | 1 Metagauss | 1 Registrationmagic | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injection via the rm_analytics_show_form rm_form_id parameter. | |||||
| CVE-2020-8429 | 1 Kinetica | 1 Kinetica | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input for the function getLogs. This lack of sanitisation could be exploited to allow an authenticated attacker to run remote code on the underlying operating system. The logFile parameter in the getLogs function was used as a variable in a command to read log files; however, due to poor input sanitisation, it was possible to bypass a replacement and break out of the command. | |||||
| CVE-2020-8428 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows local users to cause a denial of service (OOPS) or possibly obtain sensitive information from kernel memory, aka CID-d0cb50185ae9. One attack vector may be an open system call for a UNIX domain socket, if the socket is being moved to a new parent directory and its old parent directory is being removed. | |||||
| CVE-2020-8424 | 1 Cups Easy Project | 1 Cups Easy | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via passwordmychange.php. | |||||
| CVE-2020-8423 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. | |||||
| CVE-2020-8420 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of com_templates causes a CSRF vulnerability. | |||||
| CVE-2020-8419 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of various components cause CSRF vulnerabilities. | |||||
| CVE-2020-8417 | 1 Codesnippets | 1 Code Snippets | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer check on the import menu. | |||||
| CVE-2020-8416 | 1 Iktm | 1 Bearftp | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume of connections to the PASV mode port. | |||||
| CVE-2020-8351 | 1 Lenovo | 1 Pcmanager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8350 | 1 Lenovo | 2 Thinkpad Stack Wireless Router, Thinkpad Stack Wireless Router Firmware | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
| An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmware version 1.1.3.4 that could allow escalation of privilege. | |||||
| CVE-2020-8345 | 1 Lenovo | 1 Hardware Scan | 2024-11-21 | 4.4 MEDIUM | 7.3 HIGH |
| A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantage hardware scan feature prior to version 1.0.46.11 that could allow escalation of privilege. | |||||
| CVE-2020-8342 | 1 Lenovo | 1 System Update | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that could allow escalation of privilege. | |||||
| CVE-2020-8338 | 1 Lenovo | 1 Diagnostics | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that could allow a user with local access to execute code on the system. | |||||
| CVE-2020-8327 | 1 Lenovo | 1 Vantage | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Interface Foundation bundled in Lenovo Vantage prior to version 10.2003.10.0 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8326 | 1 Lenovo | 1 Drivers Management | 2024-11-21 | 6.9 MEDIUM | 7.3 HIGH |
| An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.1046 that could allow an authenticated user to execute code with elevated privileges. | |||||
| CVE-2020-8319 | 1 Lenovo | 1 System Interface Foundation | 2024-11-21 | 7.2 HIGH | 7.3 HIGH |
| A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to version 1.1.19.3 that could allow an authenticated user to execute code with elevated privileges. | |||||