Total
601 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26272 | 1 Electronjs | 1 Electron | 2024-11-21 | 6.4 MEDIUM | 5.4 MEDIUM |
| The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue. | |||||
| CVE-2020-26261 | 1 Jupyterhub | 1 Systemdspawner | 2024-11-21 | 3.3 LOW | 7.9 HIGH |
| jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15 | |||||
| CVE-2020-26186 | 1 Dell | 2 Inspiron 5675, Inspiron 5675 Firmware | 2024-11-21 | 7.2 HIGH | 6.8 MEDIUM |
| Dell Inspiron 5675 BIOS versions prior to 1.4.1 contain a UEFI BIOS RuntimeServices overwrite vulnerability. A local attacker with access to system memory may exploit this vulnerability by overwriting the RuntimeServices structure to execute arbitrary code in System Management Mode (SMM). | |||||
| CVE-2020-26086 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information. | |||||
| CVE-2020-26084 | 1 Cisco | 1 Edge Fog Fabric | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. | |||||
| CVE-2020-25459 | 1 Webank | 1 Federated Ai Technology Enabler | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | |||||
| CVE-2020-25073 | 1 Debian | 1 Freedombox | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. | |||||
| CVE-2020-24511 | 3 Debian, Intel, Netapp | 5 Debian Linux, Microcode, Fas\/aff Bios and 2 more | 2024-11-21 | 2.1 LOW | 6.5 MEDIUM |
| Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |||||
| CVE-2020-22535 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | |||||
| CVE-2020-21503 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. | |||||
| CVE-2020-21356 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. | |||||
| CVE-2020-20948 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | |||||
| CVE-2020-1981 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.2 HIGH | 7.0 HIGH |
| A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. | |||||
| CVE-2020-1945 | 5 Apache, Canonical, Fedoraproject and 2 more | 50 Ant, Ubuntu Linux, Fedora and 47 more | 2024-11-21 | 3.3 LOW | 6.3 MEDIUM |
| Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | |||||
| CVE-2020-19155 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | |||||
| CVE-2020-18972 | 1 Podofo Project | 1 Podofo | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | |||||
| CVE-2020-18754 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. | |||||
| CVE-2020-18647 | 1 5none | 1 Nonecms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor". | |||||
| CVE-2020-18646 | 1 5none | 1 Nonecms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php". | |||||
| CVE-2020-16263 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins. | |||||