Total
316583 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10995 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports Sle and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplification attacks. An issue in the DNS protocol has been found that allow malicious parties to use recursive DNS services to attack third party authoritative name servers. The attack uses a crafted reply by an authoritative name server to amplify the resulting traffic between the recursive and other authoritative name servers. Both types of service can suffer degraded performance as an effect. This is triggered by random subdomains in the NSDNAME in NS records. PowerDNS Recursor 4.1.16, 4.2.2 and 4.3.1 contain a mitigation to limit the impact of this DNS protocol issue. | |||||
| CVE-2020-10994 | 3 Canonical, Fedoraproject, Python | 3 Ubuntu Linux, Fedora, Pillow | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a crafted JP2 file. | |||||
| CVE-2020-10993 | 1 Osmand | 1 Osmand | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. | |||||
| CVE-2020-10992 | 1 Azkaban Project | 1 Azkaban | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. | |||||
| CVE-2020-10991 | 1 Mulesoft | 1 Aplkit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java | |||||
| CVE-2020-10990 | 1 Accenture | 1 Mercury | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. | |||||
| CVE-2020-10989 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute malicious payloads via the WifiName POST parameter. | |||||
| CVE-2020-10988 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 allows unauthenticated remote attackers to start a telnetd service on the device. | |||||
| CVE-2020-10986 | 1 Tenda | 2 Ac15, Ac15 Firmware | 2024-11-21 | 7.1 HIGH | 6.5 MEDIUM |
| A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to reboot the device and cause denial of service via a payload hosted by an attacker-controlled web page. | |||||
| CVE-2020-10985 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php. | |||||
| CVE-2020-10984 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Gambio GX before 4.0.1.0 allows admin/admin.php CSRF. | |||||
| CVE-2020-10983 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php. | |||||
| CVE-2020-10982 | 1 Gambio | 1 Gambio Gx | 2024-11-21 | 4.0 MEDIUM | 4.9 MEDIUM |
| Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php. | |||||
| CVE-2020-10981 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. | |||||
| CVE-2020-10980 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration. | |||||
| CVE-2020-10979 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. | |||||
| CVE-2020-10978 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. | |||||
| CVE-2020-10977 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects. | |||||
| CVE-2020-10976 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget. | |||||
| CVE-2020-10975 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. | |||||