Total
317826 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14213 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| In Zammad before 3.3.1, a Customer has ticket access that should only be available to an Agent (e.g., read internal data, split, or merge). | |||||
| CVE-2020-14212 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted. | |||||
| CVE-2020-14210 | 1 Monitorapp | 2 Application Insight Web Application, Web Application Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. | |||||
| CVE-2020-14209 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Dolibarr before 11.0.5 allows low-privilege users to upload files of dangerous types, leading to arbitrary code execution. This occurs because .pht and .phar files can be uploaded. Also, a .htaccess file can be uploaded to reconfigure access control (e.g., to let .noexe files be executed as PHP code to defeat the .noexe protection mechanism). | |||||
| CVE-2020-14208 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SuiteCRM 7.11.13 is affected by stored Cross-Site Scripting (XSS) in the Documents preview functionality. This vulnerability could allow remote authenticated attackers to inject arbitrary web script or HTML. | |||||
| CVE-2020-14207 | 1 Divebook Project | 1 Divebook | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The DiveBook plugin 1.1.4 for WordPress was prone to a SQL injection within divelog.php, allowing unauthenticated users to retrieve data from the database via the divelog.php filter_diver parameter. | |||||
| CVE-2020-14206 | 1 Divebook Project | 1 Divebook | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The DiveBook plugin 1.1.4 for WordPress is prone to unauthenticated XSS within the filter function (via an arbitrary parameter). | |||||
| CVE-2020-14205 | 1 Divebook Project | 1 Divebook | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form because it fails to perform authorization checks. An attacker may leverage this issue to manipulate the integrity of dive logs. | |||||
| CVE-2020-14204 | 1 Ibi | 1 Webfocus Business Intelligence | 2024-11-21 | 5.8 MEDIUM | 8.2 HIGH |
| In WebFOCUS Business Intelligence 8.0 (SP6), the administration portal allows remote attackers to read arbitrary local files or forge server-side HTTP requests via a crafted HTTP request to /ibi_apps/WFServlet.cfg because XML external entity injection is possible. This is related to making changes to the application repository configuration. | |||||
| CVE-2020-14203 | 1 Ibi | 1 Webfocus Business Intelligence | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| WebFOCUS Business Intelligence 8.0 (SP6) allows a Cross-Site Request Forgery (CSRF) attack against administrative users within the /ibi_apps/WFServlet(.ibfs) endpoint. The impact may be creation of an administrative user. It can also be exploited in conjunction with CVE-2016-9044. | |||||
| CVE-2020-14202 | 1 Ibi | 1 Webfocus Business Intelligence | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebFOCUS Business Intelligence 8.0 (SP6) was prone to XSS via arbitrary URL parameters. | |||||
| CVE-2020-14201 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. | |||||
| CVE-2020-14199 | 1 Satoshilabs | 4 Trezor Model T, Trezor Model T Firmware, Trezor One and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| BIP-143 in the Bitcoin protocol specification mishandles the signing of a Segwit transaction, which allows attackers to trick a user into making two signatures in certain cases, potentially leading to a huge transaction fee. NOTE: this affects all hardware wallets. It was fixed in 1.9.1 for the Trezor One and 2.3.1 for the Trezor Model T. | |||||
| CVE-2020-14198 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Bitcoin Core 0.20.0 allows remote denial of service. | |||||
| CVE-2020-14196 | 1 Powerdns | 1 Recursor | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| In PowerDNS Recursor versions up to and including 4.3.1, 4.2.2 and 4.1.16, the ACL restricting access to the internal web server is not properly enforced. | |||||
| CVE-2020-14195 | 4 Debian, Fasterxml, Netapp and 1 more | 14 Debian Linux, Jackson-databind, Active Iq Unified Manager and 11 more | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | |||||
| CVE-2020-14194 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| Zulip Server before 2.1.5 allows reverse tabnapping via a topic header link. | |||||
| CVE-2020-14193 | 1 Atlassian | 1 Automation For Jira | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| Affected versions of Automation for Jira - Server allowed remote attackers to read and render files as mustache templates in files inside the WEB-INF/classes & <jira-installation>/jira/bin directories via a template injection vulnerability in Jira smart values using mustache partials. The affected versions are those before version 7.1.15. | |||||
| CVE-2020-14192 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| Affected versions of Atlassian Fisheye and Crucible allow remote attackers to view a product's SEN via an Information Disclosure vulnerability in the x-asen response header from Atlassian Analytics. The affected versions are before version 4.8.4. | |||||
| CVE-2020-14191 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. | |||||