Search Results (312888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-10953 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue.
CVE-2020-10952 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images.
CVE-2020-10951 1 Westerndigital 2 Ibi, My Cloud Home 2024-11-21 4.7 Medium
Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages.
CVE-2020-10948 1 Alienform2 Project 1 Alienform2 2024-11-21 9.8 Critical
Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote Command Execution via eval injection, a different issue than CVE-2002-0934. An unauthenticated, remote attacker can exploit this via a series of crafted requests.
CVE-2020-10947 1 Sophos 2 Anti-virus For Sophos Central, Anti-virus For Sophos Home 2024-11-21 8.8 High
Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Privilege Escalation.
CVE-2020-10946 1 Centreon 3 Centreon Host-monitoring Widget, Centreon Service-monitoring Widget, Centreon Tactical-overview Widget 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in versions 1.6.4, 18.10.3, 19.04.3, and 19.0.1 of the Centreon host-monitoring widget; 1.6.4, 18.10.5, 19.04.3, 19.10.2 of the Centreon service-monitoring widget; and 1.0.3, 18.10.1, 19.04.1, 19.10.1 of the Centreon tactical-overview widget.
CVE-2020-10945 1 Centreon 2 Centreon, Widget-host-monitoring 2024-11-21 4.3 Medium
Centreon before 19.10.7 exposes Session IDs in server responses.
CVE-2020-10944 1 Hashicorp 1 Nomad 2024-11-21 5.4 Medium
HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability such that files from a malicious workload could cause arbitrary JavaScript to execute in the web UI. Fixed in 0.10.5.
CVE-2020-10942 5 Canonical, Debian, Linux and 2 more 6 Ubuntu Linux, Debian Linux, Linux Kernel and 3 more 2024-11-21 5.3 Medium
In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_family field, which might allow attackers to trigger kernel stack corruption via crafted system calls.
CVE-2020-10941 3 Arm, Debian, Fedoraproject 4 Mbed Crypto, Mbed Tls, Debian Linux and 1 more 2024-11-21 5.9 Medium
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
CVE-2020-10940 1 Phoenixcontact 3 Portico Server 16 Client, Portico Server 1 Client, Portico Server 4 Client 2024-11-21 7.8 High
Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed to run as a service.
CVE-2020-10939 1 Phoenixcontact 1 Pc Worx Srt 2024-11-21 7.8 High
Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privilege escalation.
CVE-2020-10938 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports and 1 more 2024-11-21 9.8 Critical
GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in HuffmanDecodeImage in magick/compress.c.
CVE-2020-10937 1 Protocol 1 Ipfs 2024-11-21 7.5 High
An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this.
CVE-2020-10936 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 7.8 High
Sympa before 6.2.56 allows privilege escalation.
CVE-2020-10935 1 Zulip 1 Zulip Server 2024-11-21 5.4 Medium
Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover.
CVE-2020-10934 1 Acyba 1 Acymailing 2024-11-21 7.2 High
Acyba AcyMailing before 6.9.2 mishandles file uploads by admins.
CVE-2020-10933 5 Debian, Fedoraproject, Linux and 2 more 8 Debian Linux, Fedora, Linux Kernel and 5 more 2024-11-21 5.3 Medium
An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim calls BasicSocket#read_nonblock(requested_size, buffer, exception: false), the method resizes the buffer to fit the requested size, but no data is copied. Thus, the buffer string provides the previous value of the heap. This may expose possibly sensitive data from the interpreter.
CVE-2020-10932 3 Arm, Debian, Fedoraproject 3 Mbed Tls, Debian Linux, Fedora 2024-11-21 4.7 Medium
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS.
CVE-2020-10931 1 Memcached 1 Memcached 2024-11-21 7.5 High
Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c.