Total
83837 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8574 | 1 Netapp | 1 Active Iq Unified Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users. | |||||
| CVE-2020-8572 | 1 Netapp | 2 Element Healthtools, Element Os | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information. | |||||
| CVE-2020-8571 | 1 Netapp | 1 Storagegrid | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.0.4 are susceptible to a vulnerability which allows an unauthenticated remote attacker to cause a Denial of Service (DoS). | |||||
| CVE-2020-8570 | 1 Kubernetes | 1 Java | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code. | |||||
| CVE-2020-8545 | 1 Circl | 1 Ail Framework | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Global.py in AIL framework 2.8 allows path traversal. | |||||
| CVE-2020-8543 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| OX App Suite through 7.10.3 has Improper Input Validation. | |||||
| CVE-2020-8539 | 1 Kia | 2 Head Unit, Head Unit Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.191209 may allow an attacker to inject unauthorized commands, by executing the micomd executable deamon, to trigger unintended functionalities. In addition, this executable may be used by an attacker to inject commands to generate CAN frames that are sent into the M-CAN bus (Multimedia CAN bus) of the vehicle. | |||||
| CVE-2020-8517 | 3 Canonical, Opensuse, Squid-cache | 3 Ubuntu Linux, Leap, Squid | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentication credentials parser in ext_lm_group_acl may write to memory outside the credentials buffer. On systems with memory access protections, this can result in the helper process being terminated unexpectedly. This leads to the Squid process also terminating and a denial of service for all clients using the proxy. | |||||
| CVE-2020-8511 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the File Repository component, a different issue than CVE-2020-7935 and CVE-2020-8500. | |||||
| CVE-2020-8509 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerationServlet, leading to sensitive information disclosure. | |||||
| CVE-2020-8507 | 1 Rogersmedia | 1 Citytv Video | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics. | |||||
| CVE-2020-8500 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| ** DISPUTED ** In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality. | |||||
| CVE-2020-8495 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 6.0 MEDIUM | 7.5 HIGH |
| In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H491delegate servlet allows an attacker with Timekeeper or Supervisor privileges to gain unauthorized administrative privileges within the application via the delegate, delegateRole, and delegatorUserId parameters. | |||||
| CVE-2020-8494 | 1 Kronos | 1 Web Time And Attendance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.webta.H402editUser servlet allows an attacker with Timekeeper, Master Timekeeper, or HR Admin privileges to gain unauthorized administrative privileges within the application via the emp_id, userid, pw1, pw2, supervisor, and timekeeper parameters. | |||||
| CVE-2020-8489 | 1 Abb | 1 800xa Information Management | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Information Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting the runtime values to be stored in the archive, or making Information Management history services unavailable. | |||||
| CVE-2020-8488 | 1 Abb | 1 800xa Batch Management | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA Batch Management (all published versions) enables an attacker authenticated on the local system to inject data, affecting User Interface update during batch execution and/or compare/printing functionalities. | |||||
| CVE-2020-8485 | 1 Abb | 1 800xa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | |||||
| CVE-2020-8484 | 1 Abb | 1 800xa | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI (all published versions) enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash. | |||||
| CVE-2020-8482 | 1 Abb | 1 Device Library Wizard | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| Insecure storage of sensitive information in ABB Device Library Wizard versions 6.0.X, 6.0.3.1 and 6.0.3.2 allows unauthenticated low privilege user to read file that contains confidential data | |||||
| CVE-2020-8477 | 1 Abb | 1 800xa Information Manager | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| The installations for ABB System 800xA Information Manager versions 5.1, 6.0 to 6.0.3.2 and 6.1 wrongly contain an auxiliary component. An attacker is able to use this for an XSS-like attack to an authenticated local user, which might lead to execution of arbitrary code. | |||||