Total
79826 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25736 | 1 Acronis | 1 True Image | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | |||||
| CVE-2020-25733 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | |||||
| CVE-2020-25728 | 1 Alfresco | 1 Reset Password | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. | |||||
| CVE-2020-25727 | 1 Flexsolution | 1 Reset Password | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. | |||||
| CVE-2020-25722 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | |||||
| CVE-2020-25721 | 1 Samba | 1 Samba | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets. | |||||
| CVE-2020-25719 | 5 Canonical, Debian, Fedoraproject and 2 more | 17 Ubuntu Linux, Debian Linux, Fedora and 14 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. | |||||
| CVE-2020-25718 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | |||||
| CVE-2020-25717 | 5 Canonical, Debian, Fedoraproject and 2 more | 25 Ubuntu Linux, Debian Linux, Fedora and 22 more | 2024-11-21 | 8.5 HIGH | 8.1 HIGH |
| A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | |||||
| CVE-2020-25716 | 1 Redhat | 1 Cloudforms | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected | |||||
| CVE-2020-25712 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25710 | 4 Debian, Fedoraproject, Openldap and 1 more | 7 Debian Linux, Fedora, Openldap and 4 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a malicious packet processed by OpenLDAP to force a failed assertion in csnNormalize23(). The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25709 | 4 Apple, Debian, Openldap and 1 more | 5 Mac Os X, Macos, Debian Linux and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAP’s slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-25708 | 2 Libvncserver Project, Redhat | 2 Libvncserver, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this flaw to send a specially crafted message that, when processed by the VNC server, would lead to a floating point exception, resulting in a denial of service. | |||||
| CVE-2020-25705 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version | |||||
| CVE-2020-25699 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | |||||
| CVE-2020-25698 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do so. Versions affected: 3.5 to 3.5.14, 3.7 to 3.7.8, 3.8 to 3.8.5, 3.9 to 3.9.2 and earlier unsupported versions. Fixed in 3.9.3, 3.8.6, 3.7.9, 3.5.15, and 3.10. | |||||
| CVE-2020-25697 | 1 X.org | 1 X Server | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
| A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11 clients. This flaw allows an attacker to take control of an X application by impersonating the server it is expecting to connect to. | |||||
| CVE-2020-25696 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-11-21 | 7.6 HIGH | 7.5 HIGH |
| A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. If an interactive psql session uses \gset when querying a compromised server, the attacker can execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25695 | 2 Debian, Postgresql | 2 Debian Linux, Postgresql | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||