Vulnerabilities (CVE)

Filtered by CWE-20
Total 10060 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-1984 2 Microsoft, Paloaltonetworks 2 Windows, Secdo 2024-02-04 7.2 HIGH 7.8 HIGH
Secdo tries to execute a script at a hardcoded path if present, which allows a local authenticated user with 'create folders or append data' access to the root of the OS disk (C:\) to gain system privileges if the path does not already exist or is writable. This issue affects all versions of Secdo for Windows.
CVE-2020-1732 1 Redhat 4 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Continuous Delivery, Openshift Application Runtimes and 1 more 2024-02-04 4.9 MEDIUM 4.2 MEDIUM
A flaw was found in Soteria before 1.0.1, in a way that multiple requests occurring concurrently causing security identity corruption across concurrent threads when using EE Security with WildFly Elytron which can lead to the possibility of being handled using the identity from another request.
CVE-2018-21055 2 Google, Qualcomm 2 Android, Msm8996 2024-02-04 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with N(7.0) (Qualcomm models using MSM8996 chipsets) software. A device can be rooted with a custom image to execute arbitrary scripts in the INIT context. The Samsung ID is SVE-2018-11940 (September 2018).
CVE-2020-3319 1 Cisco 2 Webex Network Recording Player, Webex Player 2024-02-04 4.3 MEDIUM 3.3 LOW
A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. The vulnerability exists due to insufficient validation of certain elements with a Webex recording stored in either the Advanced Recording Format (ARF) or the Webex Recording Format (WRF). An attacker could exploit this vulnerability by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to cause the Webex player application to crash when trying to view the malicious file. This vulnerability affects Cisco Webex Network Recording Player and Webex Player releases earlier than Release 3.0 MR3 Security Patch 2 and 4.0 MR3.
CVE-2017-18867 1 Netgear 10 D6100, D6100 Firmware, D7800 and 7 more 2024-02-04 4.6 MEDIUM 6.8 MEDIUM
Certain NETGEAR devices are affected by incorrect configuration of security settings. This affects D6100 before 1.0.0.55, D7800 before V1.0.1.24, R7100LG before V1.0.0.32, WNDR4300v1 before 1.0.2.90, and WNDR4500v3 before 1.0.0.48.
CVE-2020-3648 1 Qualcomm 2 Msm8909w, Msm8909w Firmware 2024-02-04 4.6 MEDIUM 7.8 HIGH
u'Possible out of bound write in DSP driver code due to lack of check of data received from user' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W
CVE-2017-18840 1 Netgear 20 M4200, M4200 Firmware, M4300-12x12f and 17 more 2024-02-04 2.1 LOW 6.2 MEDIUM
Certain NETGEAR devices are affected by denial of service. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.
CVE-2019-20776 1 Google 1 Android 2024-02-04 2.1 LOW 5.5 MEDIUM
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A TZ trusted application can crash via crafted input. The LG ID is LVE-SMP-190005 (July 2019).
CVE-2020-10115 1 Cpanel 1 Cpanel 2024-02-04 9.0 HIGH 7.2 HIGH
cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537).
CVE-2020-9343 2 Microsoft, Signotec 2 Windows, Signopad-api\/web 2024-02-04 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in signotec signoPAD-API/Web (formerly Websocket Pad Server) before 3.1.1 on Windows. It is possible to perform a Denial of Service attack because the implementation doesn't limit the parsing of nested JSON structures. If a victim visits an attacker-controlled website, this vulnerability can be exploited via WebSocket data with a deeply nested JSON array.
CVE-2020-5859 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2024-02-04 5.0 MEDIUM 7.5 HIGH
On BIG-IP 15.1.0.1, specially formatted HTTP/3 messages may cause TMM to produce a core file.
CVE-2020-16142 1 Mercedes-benz 2 C220, Comand 2024-02-04 2.9 LOW 3.5 LOW
On Mercedes-Benz C Class AMG Premium Plus c220 BlueTec vehicles, the Bluetooth stack mishandles %x and %c format-string specifiers in a device name in the COMAND infotainment software.
CVE-2020-13941 1 Apache 1 Solr 2024-02-04 6.5 MEDIUM 8.8 HIGH
Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access.
CVE-2020-3240 1 Cisco 2 Ucs Director, Ucs Director Express For Big Data 2024-02-04 8.5 HIGH 7.3 HIGH
Multiple vulnerabilities in the REST API of Cisco UCS Director and Cisco UCS Director Express for Big Data may allow a remote attacker to bypass authentication or conduct directory traversal attacks on an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
CVE-2020-13268 1 Gitlab 1 Gitlab 2024-02-04 5.0 MEDIUM 5.3 MEDIUM
A specially crafted request could be used to confirm the existence of files hosted on object storage services, without disclosing their contents. This vulnerability affects GitLab CE/EE 12.10 and later through 13.0.1
CVE-2020-1986 2 Microsoft, Paloaltonetworks 2 Windows, Secdo 2024-02-04 4.9 MEDIUM 5.5 MEDIUM
Improper input validation vulnerability in Secdo allows an authenticated local user with 'create folders or append data' access to the root of the OS disk (C:\) to cause a system crash on every login. This issue affects all versions Secdo for Windows.
CVE-2020-9826 1 Apple 3 Ipad Os, Iphone Os, Mac Os X 2024-02-04 5.0 MEDIUM 7.5 HIGH
A denial of service issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5. A remote attacker may be able to cause a denial of service.
CVE-2020-10068 1 Zephyrproject 1 Zephyr 2024-02-04 3.3 LOW 6.5 MEDIUM
In the Zephyr project Bluetooth subsystem, certain duplicate and back-to-back packets can cause incorrect behavior, resulting in a denial of service. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
CVE-2020-2166 1 Jenkins 1 Pipeline\ 2024-02-04 6.5 MEDIUM 8.8 HIGH
Jenkins Pipeline: AWS Steps Plugin 1.40 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability.
CVE-2020-11122 1 Qualcomm 20 Apq8098, Apq8098 Firmware, Bitra and 17 more 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
u'Null Pointer exception while playing crafted mkv file as data stream get deleted on secondary invalid configuration' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8098, Bitra, Kamorta, SA6155P, Saipan, SM6150, SM7150, SM8150, SM8250, SXR2130