Total
314967 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26102 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | |||||
| CVE-2020-26101 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 9.8 CRITICAL |
| In cPanel before 88.0.3, insecure RNDC credentials are used for BIND on a templated VM (SEC-549). | |||||
| CVE-2020-26100 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | |||||
| CVE-2020-26099 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). | |||||
| CVE-2020-26098 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). | |||||
| CVE-2020-26097 | 1 Planet | 4 Nvr-1615, Nvr-1615 Firmware, Nvr-915 and 1 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** The firmware of the PLANET Technology Corp NVR-915 and NVR-1615 before 2020-10-28 embeds default credentials for root access via telnet. By exposing telnet on the Internet, remote root access on the device is possible. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-26088 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a. | |||||
| CVE-2020-26086 | 1 Cisco | 1 Telepresence Collaboration Endpoint | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the video endpoint API (xAPI) of Cisco TelePresence Collaboration Endpoint (CE) Software could allow an authenticated, remote attacker to gain access to sensitive information on an affected device. The vulnerability is due to improper storage of sensitive information on an affected device. An attacker could exploit this vulnerability by accessing information that should not be accessible to users with low privileges. A successful exploit could allow the attacker to gain access to sensitive information. | |||||
| CVE-2020-26085 | 1 Cisco | 1 Jabber | 2024-11-21 | 9.0 HIGH | 9.9 CRITICAL |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-26084 | 1 Cisco | 1 Edge Fog Fabric | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the REST API of Cisco Edge Fog Fabric could allow an authenticated, remote attacker to access files outside of their authorization sphere on an affected device. The vulnerability is due to incorrect authorization enforcement on an affected system. An attacker could exploit this vulnerability by sending a crafted request to the API. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. | |||||
| CVE-2020-26083 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative credentials to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. To exploit this vulnerability, an attacker would need to have valid administrative credentials. | |||||
| CVE-2020-26082 | 1 Cisco | 8 Asyncos, Email Security Appliance C170, Email Security Appliance C190 and 5 more | 2024-11-21 | N/A | 5.8 MEDIUM |
| A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device. The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email. | |||||
| CVE-2020-26081 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system. | |||||
| CVE-2020-26080 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 4.0 MEDIUM | 4.1 MEDIUM |
| A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains on an affected system. The vulnerability is due to improper domain access control. An attacker could exploit this vulnerability by manipulating JSON payloads to target different domains on an affected system. A successful exploit could allow the attacker to manage user information for users in different domains on an affected system. | |||||
| CVE-2020-26079 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the web UI of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to obtain hashes of user passwords on an affected device. The vulnerability is due to insufficient protection of user credentials. An attacker could exploit this vulnerability by logging in as an administrative user and crafting a call for user information. A successful exploit could allow the attacker to obtain hashes of user passwords on an affected device. | |||||
| CVE-2020-26078 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the file system of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to overwrite files on an affected system. The vulnerability is due to insufficient file system protections. An attacker could exploit this vulnerability by crafting API requests and sending them to an affected system. A successful exploit could allow the attacker to overwrite files on an affected system. | |||||
| CVE-2020-26077 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the access control functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to view lists of users from different domains that are configured on an affected system. The vulnerability is due to improper access control. An attacker could exploit this vulnerability by sending an API request that alters the domain for a requested user list on an affected system. A successful exploit could allow the attacker to view lists of users from different domains on the affected system. | |||||
| CVE-2020-26076 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device. | |||||
| CVE-2020-26075 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device. | |||||
| CVE-2020-26072 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 5.5 MEDIUM | 8.7 HIGH |
| A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. | |||||