Total
646 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-35215 | 1 Atomix | 1 Atomix | 2024-08-04 | 6.5 Medium |
An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states. | ||||
CVE-2020-28145 | 1 Wuzhicms | 1 Wuzhicms | 2024-08-04 | 7.5 High |
Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachment\admin\index.php, which allows attackers to access sensitive information. | ||||
CVE-2020-27872 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2024-08-04 | 8.8 High |
This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7450 1.2.0.62_1.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mini_httpd service, which listens on TCP port 80 by default. The issue results from improper state tracking in the password recovery process. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-11365. | ||||
CVE-2020-27601 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-08-04 | 3.5 Low |
In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js. | ||||
CVE-2020-27361 | 1 Akkadianlabs | 1 Akkadian Provisioning Manager | 2024-08-04 | 7.5 High |
An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. | ||||
CVE-2020-26650 | 1 Atomx | 1 Atomxcms | 2024-08-04 | 5.3 Medium |
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php | ||||
CVE-2020-26602 | 1 Google | 1 Android | 2024-08-04 | 7.5 High |
An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020). | ||||
CVE-2020-26272 | 1 Electronjs | 1 Electron | 2024-08-04 | 5.4 Medium |
The Electron framework lets you write cross-platform desktop applications using JavaScript, HTML and CSS. In affected versions of Electron IPC messages sent from the main process to a subframe in the renderer process, through webContents.sendToFrame, event.reply or when using the remote module, can in some cases be delivered to the wrong frame. If your app uses remote, calls webContents.sendToFrame, or calls event.reply in an IPC message handler then it is impacted by this issue. This has been fixed in versions 9.4.0, 10.2.0, 11.1.0, and 12.0.0-beta.9. There are no workarounds for this issue. | ||||
CVE-2020-26261 | 1 Jupyterhub | 1 Systemdspawner | 2024-08-04 | 7.9 High |
jupyterhub-systemdspawner enables JupyterHub to spawn single-user notebook servers using systemd. In jupyterhub-systemdspawner before version 0.15 user API tokens issued to single-user servers are specified in the environment of systemd units. These tokens are incorrectly accessible to all users. In particular, the-littlest-jupyterhub is affected, which uses systemdspawner by default. This is patched in jupyterhub-systemdspawner v0.15 | ||||
CVE-2020-25459 | 1 Webank | 1 Federated Ai Technology Enabler | 2024-08-04 | 7.5 High |
An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Federated AI Technology Enabler) 0.1 through 1.4.2 allows attackers to read sensitive information during the training process of machine learning joint modeling. | ||||
CVE-2020-25073 | 1 Debian | 1 Freedombox | 2024-08-04 | 5.3 Medium |
FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-status page of the Apache HTTP Server, because a connection from the Tor onion service (or from PageKite) is considered a local connection. This affects both the freedombox and plinth packages of some Linux distributions, but only if the Apache mod_status module is enabled. | ||||
CVE-2020-25039 | 2 Opensuse, Sylabs | 2 Leap, Singularity | 2024-08-04 | 8.1 High |
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution. | ||||
CVE-2020-25040 | 2 Opensuse, Sylabs | 2 Leap, Singularity | 2024-08-04 | 8.8 High |
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039. | ||||
CVE-2020-24511 | 4 Debian, Intel, Netapp and 1 more | 11 Debian Linux, Microcode, Fas\/aff Bios and 8 more | 2024-08-04 | 6.5 Medium |
Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
CVE-2020-22535 | 1 Pbootcms | 1 Pbootcms | 2024-08-04 | 6.5 Medium |
Incorrect Access Control vulnerability in PbootCMS 2.0.6 via the list parameter in the update function in upgradecontroller.php. | ||||
CVE-2020-22647 | 1 Smartconrtactgames Project | 1 Smartconrtactgames | 2024-08-04 | 9.1 Critical |
An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions. | ||||
CVE-2020-21503 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2024-08-04 | 7.5 High |
waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. | ||||
CVE-2020-20948 | 1 Jeecg | 1 Jeecg | 2024-08-04 | 7.5 High |
An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | ||||
CVE-2020-21356 | 1 Popojicms | 1 Popojicms | 2024-08-04 | 5.3 Medium |
An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. | ||||
CVE-2020-19155 | 1 Jflyfox | 1 Jfinal Cms | 2024-08-04 | 8.8 High |
Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. |