Total
316104 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27988 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | |||||
| CVE-2020-27986 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| ** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." | |||||
| CVE-2020-27985 | 1 Securityonionsolutions | 1 Security Onion | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup. | |||||
| CVE-2020-27982 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IceWarp 11.4.5.0 allows XSS via the language parameter. | |||||
| CVE-2020-27980 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users. | |||||
| CVE-2020-27978 | 1 Shibboleth | 1 Identity Provider | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session. | |||||
| CVE-2020-27977 | 1 Capasystems | 1 Capainstaller | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| CapaSystems CapaInstaller before 6.0.101 does not properly assign, modify, or check privileges for an actor who attempts to edit registry values, allowing an attacker to escalate privileges. | |||||
| CVE-2020-27976 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| osCommerce Phoenix CE before 1.0.5.4 allows OS command injection remotely. Within admin/mail.php, a from POST parameter can be passed to the application. This affects the PHP mail function, and the sendmail -f option. | |||||
| CVE-2020-27975 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| osCommerce Phoenix CE before 1.0.5.4 allows admin/define_language.php CSRF. | |||||
| CVE-2020-27974 | 1 Quadient | 1 Mail Accounting | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NeoPost Mail Accounting Software Pro 5.0.6 allows php/Commun/FUS_SCM_BlockStart.php?code= XSS. | |||||
| CVE-2020-27970 | 1 Yandex | 1 Yandex Browser | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Yandex Browser before 20.10.0 allows remote attackers to spoof the address bar | |||||
| CVE-2020-27969 | 1 Yandex | 1 Yandex Browser | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| Yandex Browser for Android 20.8.4 allows remote attackers to perform SOP bypass and addresss bar spoofing | |||||
| CVE-2020-27958 | 1 Osu | 1 Ohio Supercomputer Center Open Ondemand | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | |||||
| CVE-2020-27957 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The RandomGameUnit extension for MediaWiki through 1.35 was not properly escaping various title-related data. When certain varieties of games were created within MediaWiki, their names or titles could be manipulated to generate stored XSS within the RandomGameUnit extension. | |||||
| CVE-2020-27956 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). | |||||
| CVE-2020-27955 | 1 Git Large File Storage Project | 1 Git Large File Storage | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Git LFS 2.12.0 allows Remote Code Execution. | |||||
| CVE-2020-27952 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2020-27951 | 1 Apple | 3 Ipados, Iphone Os, Watchos | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This issue was addressed with improved checks. This issue is fixed in watchOS 6.3, iOS 12.5, iOS 14.3 and iPadOS 14.3, watchOS 7.2. Unauthorized code execution may lead to an authentication policy violation. | |||||
| CVE-2020-27949 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace. | |||||
| CVE-2020-27948 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||