Total
317815 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12732 | 1 Depstech | 2 Wifi Digital Microscope 3, Wifi Digital Microscope 3 Firmware | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| DEPSTECH WiFi Digital Microscope 3 has a default SSID of Jetion_xxxxxxxx with a password of 12345678. | |||||
| CVE-2020-12731 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The MagicMotion Flamingo 2 application for Android stores data on an sdcard under com.vt.magicmotion/files/Pictures, whence it can be read by other applications. | |||||
| CVE-2020-12730 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2024-11-21 | 2.9 LOW | 5.3 MEDIUM |
| MagicMotion Flamingo 2 lacks BLE encryption, enabling data sniffing and packet forgery. | |||||
| CVE-2020-12729 | 1 Magicsmotion | 2 Flamingo 2, Flamingo 2 Firmware | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| MagicMotion Flamingo 2 has a lack of access control for reading from device descriptors. | |||||
| CVE-2020-12725 | 1 Redash | 1 Redash | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Havoc Research discovered an authenticated Server-Side Request Forgery (SSRF) via the "JSON" data source of Redash open-source 8.0.0 and prior. Possibly, other connectors are affected. The SSRF is potent and provides a lot of flexibility in terms of being able to craft HTTP requests e.g., by adding headers, selecting any HTTP verb, etc. | |||||
| CVE-2020-12723 | 5 Fedoraproject, Netapp, Opensuse and 2 more | 16 Fedora, Oncommand Workflow Automation, Snap Creator Framework and 13 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | |||||
| CVE-2020-12720 | 1 Vbulletin | 1 Vbulletin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| vBulletin before 5.5.6pl1, 5.6.0 before 5.6.0pl1, and 5.6.1 before 5.6.1pl1 has incorrect access control. | |||||
| CVE-2020-12719 | 1 Wso2 | 7 Api Manager, Api Manager Analytics, Api Microgateway and 4 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| XXE during an EventPublisher update can occur in Management Console in WSO2 API Manager 3.0.0 and earlier, API Manager Analytics 2.5.0 and earlier, API Microgateway 2.2.0, Enterprise Integrator 6.4.0 and earlier, IS as Key Manager 5.9.0 and earlier, Identity Server 5.9.0 and earlier, and Identity Server Analytics 5.6.0 and earlier. | |||||
| CVE-2020-12718 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle. | |||||
| CVE-2020-12717 | 4 Alberta, Gov, Health and 1 more | 4 Abtracetogether, Protego Safe, Covidsafe and 1 more | 2024-11-21 | 3.3 LOW | 6.5 MEDIUM |
| The COVIDSafe (Australia) app 1.0 and 1.1 for iOS allows a remote attacker to crash the app, and consequently interfere with COVID-19 contact tracing, via a Bluetooth advertisement containing manufacturer data that is too short. This occurs because of an erroneous OpenTrace manuData.subdata call. The ABTraceTogether (Alberta), ProteGO (Poland), and TraceTogether (Singapore) apps were also affected. | |||||
| CVE-2020-12715 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| RainbowFish PacsOne Server 6.8.4 has Incorrect Access Control. | |||||
| CVE-2020-12714 | 1 Ciphermail | 2 Gateway, Webmail Messenger | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| An issue was discovered in CipherMail Community Gateway Virtual Appliances and Professional/Enterprise Gateway Virtual Appliances versions 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger Virtual Appliances 1.1.1 through 3.1.1-0. A Diffie-Hellman parameter of insufficient size could allow man-in-the-middle compromise of communications between CipherMail products and external SMTP clients. | |||||
| CVE-2020-12713 | 1 Ciphermail | 2 Gateway, Webmail Messenger | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in CipherMail Community Gateway and Professional/Enterprise Gateway 1.0.1 through 4.7.1-0 and CipherMail Webmail Messenger 1.1.1 through 3.1.1-0. Attackers with administrative access to the web interface have multiple options to escalate their privileges to the Unix root account. | |||||
| CVE-2020-12712 | 1 Sos-berlin | 1 Jobscheduler | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability based on insecure user/password encryption in the JOE (job editor) component of SOS JobScheduler 1.12 and 1.13 allows attackers to decrypt the user/password that is optionally stored with a user's profile. | |||||
| CVE-2020-12708 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043. | |||||
| CVE-2020-12707 | 1 Lepton-cms | 1 Lepton Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements. | |||||
| CVE-2020-12706 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php | |||||
| CVE-2020-12705 | 1 Lepton-cms | 1 Leptoncms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0. | |||||
| CVE-2020-12704 | 1 Ulicms | 1 Ulicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| UliCMS before 2020.2 has PageController stored XSS. | |||||
| CVE-2020-12703 | 1 Ulicms | 1 Ulicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| UliCMS before 2020.2 has XSS during PackageController uninstall. | |||||