Total
317075 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12767 | 2 Debian, Libexif Project | 2 Debian Linux, Libexif | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| exif_entry_get_value in exif-entry.c in libexif 0.6.21 has a divide-by-zero error. | |||||
| CVE-2020-12766 | 1 Solis | 1 Gnuteca | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Gnuteca 3.8 allows action=main:search:simpleSearch SQL Injection via the exemplaryStatusId parameter. | |||||
| CVE-2020-12765 | 1 Solis | 1 Miolo | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Solis Miolo 2.0 allows index.php?module=install&action=view&item= Directory Traversal. | |||||
| CVE-2020-12764 | 1 Solis | 1 Gnuteca | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Gnuteca 3.8 allows file.php?folder=/&file= Directory Traversal. | |||||
| CVE-2020-12763 | 1 Trendnet | 2 Tv-ip512wn, Tv-ip512wn Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long "Authorization: Basic" RTSP header. | |||||
| CVE-2020-12761 | 1 Enlightenment | 1 Imlib2 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. | |||||
| CVE-2020-12760 | 1 Opennms | 2 Opennms Horizon, Opennms Meridian | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions. | |||||
| CVE-2020-12759 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook. | |||||
| CVE-2020-12758 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. | |||||
| CVE-2020-12757 | 1 Hashicorp | 1 Vault | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| HashiCorp Vault and Vault Enterprise 1.4.0 and 1.4.1, when configured with the GCP Secrets Engine, may incorrectly generate GCP Credentials with the default time-to-live lease duration instead of the engine-configured setting. This may lead to generated GCP credentials being valid for longer than intended. Fixed in 1.4.2. | |||||
| CVE-2020-12755 | 1 Kde | 1 Kio-extras | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| fishProtocol::establishConnection in fish/fish.cpp in KDE kio-extras through 20.04.0 makes a cacheAuthentication call even if the user had not set the keepPassword option. This may lead to unintended KWallet storage of a password. | |||||
| CVE-2020-12754 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020). | |||||
| CVE-2020-12753 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020). | |||||
| CVE-2020-12752 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020). | |||||
| CVE-2020-12751 | 1 Google | 1 Android | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020). | |||||
| CVE-2020-12750 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via SPEN. The Samsung ID is SVE-2020-17019 (May 2020). | |||||
| CVE-2020-12749 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The S.LSI Wi-Fi drivers have a buffer overflow. The Samsung ID is SVE-2020-16906 (May 2020). | |||||
| CVE-2020-12748 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can bypass the locked-state protection mechanism and designate a different preferred SIM card. The Samsung ID is SVE-2020-16594 (May 2020). | |||||
| CVE-2020-12747 | 2 Google, Samsung | 3 Android, Exynos980\(9630\), Exynos990\(9830\) | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020). | |||||
| CVE-2020-12746 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020). | |||||