Total
317065 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12777 | 1 Combodo | 1 Itop | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. | |||||
| CVE-2020-12776 | 1 Openfind | 1 Mail2000 | 2024-11-21 | 9.0 HIGH | 6.6 MEDIUM |
| Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. | |||||
| CVE-2020-12775 | 1 Moica | 1 Hicos | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service. | |||||
| CVE-2020-12774 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2024-11-21 | 4.6 MEDIUM | 8.2 HIGH |
| D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. | |||||
| CVE-2020-12773 | 1 Realtek | 1 Adsl Router Soc Firmware | 2024-11-21 | 6.5 MEDIUM | 9.6 CRITICAL |
| A security misconfiguration vulnerability exists in the SDK of some Realtek ADSL/PON Modem SoC firmware, which allows attackers using a default password to execute arbitrary commands remotely via the build-in network monitoring tool. | |||||
| CVE-2020-12772 | 2 Igniterealtime, Microsoft | 2 Spark, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.) | |||||
| CVE-2020-12771 | 6 Canonical, Debian, Linux and 3 more | 37 Ubuntu Linux, Debian Linux, Linux Kernel and 34 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. btree_gc_coalesce in drivers/md/bcache/btree.c has a deadlock if a coalescing operation fails. | |||||
| CVE-2020-12770 | 5 Canonical, Debian, Fedoraproject and 2 more | 36 Ubuntu Linux, Debian Linux, Fedora and 33 more | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
| An issue was discovered in the Linux kernel through 5.6.11. sg_write lacks an sg_remove_request call in a certain failure case, aka CID-83c6f2390040. | |||||
| CVE-2020-12769 | 5 Canonical, Debian, Linux and 2 more | 36 Ubuntu Linux, Debian Linux, Linux Kernel and 33 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in the Linux kernel before 5.4.17. drivers/spi/spi-dw.c allows attackers to cause a panic via concurrent calls to dw_spi_irq and dw_spi_transfer_one, aka CID-19b61392c5a8. | |||||
| CVE-2020-12768 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| ** DISPUTED ** An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will. | |||||
| CVE-2020-12767 | 2 Debian, Libexif Project | 2 Debian Linux, Libexif | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | |||||
| CVE-2020-12766 | 1 Solis | 1 Gnuteca | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. | |||||
| CVE-2020-12765 | 1 Solis | 1 Miolo | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. | |||||
| CVE-2020-12764 | 1 Solis | 1 Gnuteca | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. | |||||
| CVE-2020-12763 | 1 Trendnet | 2 Tv-ip512wn, Tv-ip512wn Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long "Authorization: Basic" RTSP header. | |||||
| CVE-2020-12761 | 1 Enlightenment | 1 Imlib2 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. | |||||
| CVE-2020-12760 | 1 Opennms | 2 Opennms Horizon, Opennms Meridian | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions. | |||||
| CVE-2020-12759 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. | |||||
| CVE-2020-12758 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. | |||||
| CVE-2020-12757 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2. | |||||