Total
332 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7548 | 1 Schneider-electric | 14 Acti9 Powertag Link, Acti9 Powertag Link Firmware, Acti9 Powertag Link Hd and 11 more | 2024-08-04 | 9.8 Critical |
| A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wiser Series Gateways (see security notification for version information) that could allow unauthorized users to login. | ||||
| CVE-2020-7241 | 1 Wpseeds | 1 Wp Database Backup | 2024-08-04 | 7.5 High |
| The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the directory wp-content/uploads/db-backup/. This might allow attackers to read ZIP archives by guessing random ID numbers, guessing date strings with a 2020_{0..1}{0..2}_{0..3}{0..9} format, guessing UNIX timestamps, and making HTTPS requests with the complete guessed URL. | ||||
| CVE-2020-2099 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-08-04 | 8.6 High |
| Jenkins 2.213 and earlier, LTS 2.204.1 and earlier improperly reuses encryption key parameters in the Inbound TCP Agent Protocol/3, allowing unauthorized attackers with knowledge of agent names to obtain the connection secrets for those agents, which can be used to connect to Jenkins, impersonating those agents. | ||||
| CVE-2020-1905 | 1 Whatsapp | 1 Whatsapp | 2024-08-04 | 3.3 Low |
| Media ContentProvider URIs used for opening attachments in other apps were generated sequentially prior to WhatsApp for Android v2.20.185, which could have allowed a malicious third party app chosen to open the file to guess the URIs for previously opened attachments until the opener app is terminated. | ||||
| CVE-2020-1759 | 3 Fedoraproject, Linuxfoundation, Redhat | 5 Fedora, Ceph, Ceph Storage and 2 more | 2024-08-04 | 6.4 Medium |
| A vulnerability was found in Red Hat Ceph Storage 4 and Red Hat Openshift Container Storage 4.2 where, A nonce reuse vulnerability was discovered in the secure mode of the messenger v2 protocol, which can allow an attacker to forge auth tags and potentially manipulate the data by leveraging the reuse of a nonce in a session. Messages encrypted using a reused nonce value are susceptible to serious confidentiality and integrity attacks. | ||||
| CVE-2020-1731 | 1 Redhat | 1 Keycloak Operator | 2024-08-04 | 9.1 Critical |
| A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift namespace. | ||||
| CVE-2020-1472 | 9 Canonical, Debian, Fedoraproject and 6 more | 20 Ubuntu Linux, Debian Linux, Fedora and 17 more | 2024-08-04 | 5.5 Medium |
| An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. | ||||
| CVE-2020-0644 | 1 Microsoft | 6 Windows 10, Windows 8.1, Windows Rt 8.1 and 3 more | 2024-08-04 | 7.8 High |
| An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0635. | ||||
| CVE-2020-0407 | 1 Google | 1 Android | 2024-08-04 | 4.4 Medium |
| In various functions in fscrypt_ice.c and related files in some implementations of f2fs encryption that use encryption hardware which only supports 32-bit IVs (Initialization Vectors), 64-bit IVs are used and later are truncated to 32 bits. This may cause IV reuse and thus weakened disk encryption. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-153450752References: N/A | ||||
| CVE-2021-46010 | 1 Totolink | 2 A3100r, A3100r Firmware | 2024-08-04 | 8.8 High |
| Totolink A3100R V5.9c.4577 suffers from Use of Insufficiently Random Values via the web configuration. The SESSION_ID is predictable. An attacker can hijack a valid session and conduct further malicious operations. | ||||
| CVE-2021-45486 | 3 Linux, Oracle, Redhat | 6 Linux Kernel, Communications Cloud Native Core Binding Support Function, Communications Cloud Native Core Network Exposure Function and 3 more | 2024-08-04 | 3.5 Low |
| In the IPv4 implementation in the Linux kernel before 5.12.4, net/ipv4/route.c has an information leak because the hash table is very small. | ||||
| CVE-2021-45458 | 1 Apache | 1 Kylin | 2024-08-04 | 7.5 High |
| Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions. | ||||
| CVE-2021-45487 | 1 Netbsd | 1 Netbsd | 2024-08-04 | 7.5 High |
| In NetBSD through 9.2, the IPv4 ID generation algorithm does not use appropriate cryptographic measures. | ||||
| CVE-2021-45488 | 1 Netbsd | 1 Netbsd | 2024-08-04 | 7.5 High |
| In NetBSD through 9.2, there is an information leak in the TCP ISN (ISS) generation algorithm. | ||||
| CVE-2021-44151 | 1 Reprisesoftware | 1 Reprise License Manager | 2024-08-04 | 7.5 High |
| An issue was discovered in Reprise RLM 14.2. As the session cookies are small, an attacker can hijack any existing sessions by bruteforcing the 4 hex-character session cookie on the Windows version (the Linux version appears to have 8 characters). An attacker can obtain the static part of the cookie (cookie name) by first making a request to any page on the application (e.g., /goforms/menu) and saving the name of the cookie sent with the response. The attacker can then use the name of the cookie and try to request that same page, setting a random value for the cookie. If any user has an active session, the page should return with the authorized content, when a valid cookie value is hit. | ||||
| CVE-2021-41993 | 1 Pingidentity | 2 Pingid, Pingid Windows Login | 2024-08-04 | 6.6 Medium |
| A misconfiguration of RSA in PingID Android app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | ||||
| CVE-2021-41994 | 1 Pingidentity | 2 Pingid, Pingid Windows Login | 2024-08-04 | 6.6 Medium |
| A misconfiguration of RSA in PingID iOS app prior to 1.19 is vulnerable to pre-computed dictionary attacks, leading to an offline MFA bypass when using PingID Windows Login. | ||||
| CVE-2021-41829 | 1 Zohocorp | 1 Manageengine Remote Access Plus | 2024-08-04 | 7.5 High |
| Zoho ManageEngine Remote Access Plus before 10.1.2121.1 relies on the application's build number to calculate a certain encryption key. | ||||
| CVE-2021-41694 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2024-08-04 | 9.8 Critical |
| An Incorrect Access Control vulnerability exists in Premiumdatingscript 4.2.7.7 via the password change procedure in requests\user.php. | ||||
| CVE-2021-41061 | 1 Riot-os | 1 Riot | 2024-08-04 | 5.5 Medium |
| In RIOT-OS 2021.01, nonce reuse in 802.15.4 encryption in the ieee820154_security component allows attackers to break encryption by triggering reboots. | ||||