Total
79935 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27191 | 1 Lionwiki | 1 Lionwiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-27187 | 1 Kde | 1 Partition Manager | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges. | |||||
| CVE-2020-27185 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service. | |||||
| CVE-2020-27180 | 1 Konzept-ix | 1 Publixone | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter. | |||||
| CVE-2020-27178 | 1 Apereo | 1 Central Authentication Service | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication. | |||||
| CVE-2020-27176 | 1 Marktext | 1 Marktext | 2024-11-21 | 6.8 MEDIUM | 8.3 HIGH |
| Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product. | |||||
| CVE-2020-27174 | 1 Amazon | 1 Firecracker | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host. | |||||
| CVE-2020-27173 | 1 Vm-superio Project | 1 Vm-superio | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host. | |||||
| CVE-2020-27157 | 1 Veritas | 1 Aptare | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account. | |||||
| CVE-2020-27155 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one. | |||||
| CVE-2020-27154 | 1 Mitel | 1 Businesscti Enterprise | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user information and application data. | |||||
| CVE-2020-27153 | 3 Bluez, Debian, Opensuse | 3 Bluez, Debian Linux, Leap | 2024-11-21 | 7.5 HIGH | 8.6 HIGH |
| In BlueZ before 5.55, a double free was found in the gatttool disconnect_cb() routine from shared/att.c. A remote attacker could potentially cause a denial of service or code execution, during service discovery, due to a redundant disconnect MGMT event. | |||||
| CVE-2020-27151 | 1 Katacontainers | 1 Kata Containers | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on the worker nodes. | |||||
| CVE-2020-27150 | 1 Moxa | 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set. | |||||
| CVE-2020-27148 | 1 Tibco | 1 Ebx Add-ons | 2024-11-21 | 5.5 MEDIUM | 7.1 HIGH |
| The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below. | |||||
| CVE-2020-27131 | 1 Cisco | 1 Security Manager | 2024-11-21 | 10.0 HIGH | 8.1 HIGH |
| Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities. | |||||
| CVE-2020-27125 | 1 Cisco | 1 Security Manager | 2024-11-21 | 5.0 MEDIUM | 7.4 HIGH |
| A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by viewing source code. A successful exploit could allow the attacker to view static credentials, which the attacker could use to carry out further attacks. | |||||
| CVE-2020-27059 | 1 Google | 1 Android | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| In onAuthenticated of AuthenticationClient.java, there is a possible tapjacking attack when requesting the user's fingerprint due to an overlaid window. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android; Versions: Android-8.0, Android-8.1, Android-9, Android-10, 11; Android ID: A-159249069. | |||||
| CVE-2020-27055 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In isSubmittable and showWarningMessagesIfAppropriate of WifiConfigController.java and WifiConfigController2.java, there is a possible insecure WiFi configuration due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-161378819 | |||||
| CVE-2020-27054 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| In onFactoryReset of BluetoothManagerService.java, there is a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-159061926 | |||||