Vulnerabilities (CVE)

Total 316187 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-10592 2 Opensuse, Torproject 3 Backports, Leap, Tor 2024-11-21 7.8 HIGH 7.5 HIGH
Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002.
CVE-2020-10591 1 Walmart 1 Concord 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey.
CVE-2020-10590 1 Replicated 1 Replicated Classic 2024-11-21 5.0 MEDIUM 7.5 HIGH
Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console.
CVE-2020-10589 1 V2rayl Project 1 V2rayl 2024-11-21 7.2 HIGH 7.8 HIGH
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo.
CVE-2020-10588 1 V2rayl Project 1 V2rayl 2024-11-21 7.2 HIGH 7.8 HIGH
v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo.
CVE-2020-10587 2 Antixlinux, Mxlinux 2 Antix Linux, Mx Linux 2024-11-21 7.2 HIGH 7.8 HIGH
antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration.
CVE-2020-10584 1 Invigo 1 Automatic Device Management 2024-11-21 5.0 MEDIUM 7.5 HIGH
A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application.
CVE-2020-10583 1 Invigo 1 Automatic Device Management 2024-11-21 9.0 HIGH 8.8 HIGH
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application.
CVE-2020-10582 1 Invigo 1 Automatic Device Management 2024-11-21 7.5 HIGH 9.8 CRITICAL
A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database.
CVE-2020-10581 1 Invigo 1 Automatic Device Management 2024-11-21 5.0 MEDIUM 7.5 HIGH
Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application.
CVE-2020-10580 1 Invigo 1 Automatic Device Management 2024-11-21 6.5 MEDIUM 8.8 HIGH
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.
CVE-2020-10579 1 Invigo 1 Automatic Device Management 2024-11-21 5.0 MEDIUM 7.5 HIGH
A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application.
CVE-2020-10578 1 Q-cms 1 Qcms 2024-11-21 5.0 MEDIUM 7.5 HIGH
An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1.
CVE-2020-10577 1 Meetecho 1 Janus 2024-11-21 5.8 MEDIUM 4.8 MEDIUM
An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions.
CVE-2020-10576 1 Meetecho 1 Janus 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash.
CVE-2020-10575 1 Meetecho 1 Janus 2024-11-21 4.0 MEDIUM 4.2 MEDIUM
An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.
CVE-2020-10574 1 Meetecho 1 Janus 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.
CVE-2020-10573 1 Meetecho 1 Janus 2024-11-21 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge.
CVE-2020-10571 1 Psd-tools Project 1 Psd-tools 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.
CVE-2020-10570 1 Telegram 1 Telegram 2024-11-21 3.6 LOW 6.1 MEDIUM
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature.