Total
316956 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29448 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center before version 6.13.18, from 6.14.0 before 7.4.6, and from 7.5.0 before 7.8.3 allowed unauthenticated remote attackers to read arbitrary files within WEB-INF and META-INF directories via an incorrect path access check. | |||||
| CVE-2020-29447 | 1 Atlassian | 1 Crucible | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the file upload request feature of code reviews. The affected versions are before version 4.7.4, and from version 4.8.0 before 4.8.5. | |||||
| CVE-2020-29446 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory. The affected versions are before version 4.8.5. | |||||
| CVE-2020-29443 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 3.3 LOW | 3.9 LOW |
| ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a buffer index is not validated. | |||||
| CVE-2020-29441 | 1 Outsystems | 1 Outsystems | 2024-11-21 | 6.4 MEDIUM | 7.2 HIGH |
| An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files. | |||||
| CVE-2020-29440 | 1 Tesla | 2 Model X, Model X Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to pair a new key fob with the body control module (BCM). This allows an attacker (who is inside a vehicle, or is otherwise able to send data over the CAN bus) to start and drive the vehicle with a spoofed key fob. | |||||
| CVE-2020-29439 | 1 Tesla | 2 Model X, Model X Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authentication needed for a body control module (BCM) to initiate a Bluetooth wake-up action. (The full VIN is visible from outside the vehicle.) | |||||
| CVE-2020-29438 | 1 Tesla | 2 Model X, Model X Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signature verification. This allows attackers to construct firmware that retrieves an unlock code from a secure enclave chip. | |||||
| CVE-2020-29437 | 1 Orangehrm | 1 Orangehrm | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint. | |||||
| CVE-2020-29436 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure the system to gain access to content outside of NXRM via an XXE vulnerability. Fixed in version 3.29.0. | |||||
| CVE-2020-29396 | 2 Odoo, Python | 2 Odoo, Python | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation. | |||||
| CVE-2020-29395 | 1 Myeventon | 1 Eventon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. | |||||
| CVE-2020-29394 | 1 Genivi | 1 Diagnostic Log And Trace | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument). | |||||
| CVE-2020-29392 | 1 Lock Password Manager Safe App Project | 1 Lock Password Manager Safe App | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacker with physical access can unlock the password manager without knowing the master password set by the user. | |||||
| CVE-2020-29390 | 1 Zeroshell | 1 Zeroshell | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubmit parameter that could allow an unauthenticated attacker to execute a system command by using shell metacharacters and the %0a character. | |||||
| CVE-2020-29389 | 1 Docker | 1 Crux Linux Docker Image | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. System using the Crux Linux Docker container deployed by affected versions of the Docker image may allow an attacker to achieve root access with a blank password. | |||||
| CVE-2020-29384 | 3 Advsys, Apple, Linux | 3 Pngout, Macos, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow. | |||||
| CVE-2020-29383 | 1 Vsolcn | 4 V1600d-mini, V1600d-mini Firmware, V1600d4l and 1 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images. | |||||
| CVE-2020-29382 | 1 Vsolcn | 6 V1600d, V1600d Firmware, V1600g1 and 3 more | 2024-11-21 | 2.1 LOW | 7.8 HIGH |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images. | |||||
| CVE-2020-29381 | 1 Vsolcn | 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. Command injection can occur in "upload tftp syslog" and "upload tftp configuration" in the CLI via a crafted filename. | |||||