Total
316187 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10592 | 2 Opensuse, Torproject | 3 Backports, Leap, Tor | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. | |||||
| CVE-2020-10591 | 1 Walmart | 1 Concord | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey. | |||||
| CVE-2020-10590 | 1 Replicated | 1 Replicated Classic | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console. | |||||
| CVE-2020-10589 | 1 V2rayl Project | 1 V2rayl | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a low-privileged user but contains commands that are executed as root, after v2rayL.service is restarted via Sudo. | |||||
| CVE-2020-10588 | 1 V2rayl Project | 1 V2rayl | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/remove.sh are owned by a low-privileged user but execute as root via Sudo. | |||||
| CVE-2020-10587 | 2 Antixlinux, Mxlinux | 2 Antix Linux, Mx Linux | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration. | |||||
| CVE-2020-10584 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to read arbitrary server files accessible to the user running the application. | |||||
| CVE-2020-10583 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application. | |||||
| CVE-2020-10582 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to execute arbitrary SQL requests (including data reading and modification) on the database. | |||||
| CVE-2020-10581 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Multiple session validity check issues in several administration functionalities of Invigo Automatic Device Management (ADM) through 5.0 allow remote attackers to read potentially sensitive data hosted by the application. | |||||
| CVE-2020-10580 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application. | |||||
| CVE-2020-10579 | 1 Invigo | 1 Automatic Device Management | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote attackers to list the content of arbitrary server directories accessible to the user running the application. | |||||
| CVE-2020-10578 | 1 Q-cms | 1 Qcms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. | |||||
| CVE-2020-10577 | 1 Meetecho | 1 Janus | 2024-11-21 | 5.8 MEDIUM | 4.8 MEDIUM |
| An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse the source property of a session, leading to a race condition when claiming sessions. | |||||
| CVE-2020-10576 | 1 Meetecho | 1 Janus | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin has a race condition that could cause a server crash. | |||||
| CVE-2020-10575 | 1 Meetecho | 1 Janus | 2024-11-21 | 4.0 MEDIUM | 4.2 MEDIUM |
| An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times. | |||||
| CVE-2020-10574 | 1 Meetecho | 1 Janus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation. | |||||
| CVE-2020-10573 | 1 Meetecho | 1 Janus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when listing private rooms in AudioBridge. | |||||
| CVE-2020-10571 | 1 Psd-tools Project | 1 Psd-tools | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data. | |||||
| CVE-2020-10570 | 1 Telegram | 1 Telegram | 2024-11-21 | 3.6 LOW | 6.1 MEDIUM |
| The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature. | |||||