Total
646 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-18972 | 1 Podofo Project | 1 Podofo | 2024-08-04 | 5.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor in PoDoFo v0.9.6 allows attackers to obtain sensitive information via 'IsNextToken' in the component 'src/base/PdfToenizer.cpp'. | ||||
| CVE-2020-18754 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2024-08-04 | 7.5 High |
| An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100. | ||||
| CVE-2020-18647 | 1 5none | 1 Nonecms | 2024-08-04 | 7.5 High |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/nonecms/vendor". | ||||
| CVE-2020-18646 | 1 5none | 1 Nonecms | 2024-08-04 | 7.5 High |
| Information Disclosure in NoneCMS v1.3 allows remote attackers to obtain sensitive information via the component "/public/index.php". | ||||
| CVE-2020-16268 | 1 1e | 1 Client | 2024-08-04 | 8.8 High |
| The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. | ||||
| CVE-2020-16263 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-08-04 | 9.1 Critical |
| Winston 1.5.4 devices have a CORS configuration that trusts arbitrary origins. This allows requests to be made and viewed by arbitrary origins. | ||||
| CVE-2020-16247 | 1 Philips | 1 Clinical Collaboration Platform | 2024-08-04 | 7.1 High |
| Philips Clinical Collaboration Platform, Versions 12.2.1 and prior. The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. | ||||
| CVE-2020-16212 | 1 Philips | 1 Patient Information Center Ix | 2024-08-04 | 6.8 Medium |
| In Patient Information Center iX (PICiX) Versions B.02, C.02, C.03, the product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource. The application on the surveillance station operates in kiosk mode, which is vulnerable to local breakouts that could allow an attacker with physical access to escape the restricted environment with limited privileges. | ||||
| CVE-2020-15816 | 1 Westerndigital | 1 Wd Discovery | 2024-08-04 | 8.8 High |
| In Western Digital WD Discovery before 4.0.251.0, a malicious application running with standard user permissions could potentially execute code in the application's process through library injection by using DYLD environment variables. | ||||
| CVE-2020-15264 | 1 Chocolatey | 1 Boxstarter | 2024-08-04 | 8 High |
| The Boxstarter installer before version 2.13.0 configures C:\ProgramData\Boxstarter to be in the system-wide PATH environment variable. However, this directory is writable by normal, unprivileged users. To exploit the vulnerability, place a DLL in this directory that a privileged service is looking for. For example, WptsExtensions.dll When Windows starts, it'll execute the code in DllMain() with SYSTEM privileges. Any unprivileged user can execute code with SYSTEM privileges. The issue is fixed in version 3.13.0 | ||||
| CVE-2020-15215 | 1 Electronjs | 1 Electron | 2024-08-04 | 5.6 Medium |
| Electron before versions 11.0.0-beta.6, 10.1.2, 9.3.1 or 8.5.2 is vulnerable to a context isolation bypass. Apps using both `contextIsolation` and `sandbox: true` are affected. Apps using both `contextIsolation` and `nodeIntegrationInSubFrames: true` are affected. This is a context isolation bypass, meaning that code running in the main world context in the renderer can reach into the isolated Electron context and perform privileged actions. | ||||
| CVE-2020-14130 | 1 Mi | 1 Xiaomi | 2024-08-04 | 5.3 Medium |
| Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version <3.0.210809 | ||||
| CVE-2020-14064 | 1 Icewarp | 1 Mail Server | 2024-08-04 | 6.5 Medium |
| IceWarp Email Server 12.3.0.1 has Incorrect Access Control for user accounts. | ||||
| CVE-2020-13946 | 3 Apache, Netapp, Redhat | 3 Cassandra, Oncommand Insight, Integration | 2024-08-04 | 5.9 Medium |
| In Apache Cassandra, all versions prior to 2.1.22, 2.2.18, 3.0.22, 3.11.8 and 4.0-beta2, it is possible for a local attacker without access to the Apache Cassandra process or configuration files to manipulate the RMI registry to perform a man-in-the-middle attack and capture user names and passwords used to access the JMX interface. The attacker can then use these credentials to access the JMX interface and perform unauthorised operations. Users should also be aware of CVE-2019-2684, a JRE vulnerability that enables this issue to be exploited remotely. | ||||
| CVE-2020-13670 | 1 Drupal | 1 Drupal | 2024-08-04 | 7.5 High |
| Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. | ||||
| CVE-2020-13469 | 1 Gigadevice | 2 Gd32vf103, Gd32vf103 Firmware | 2024-08-04 | 4.6 Medium |
| The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. | ||||
| CVE-2020-13470 | 1 Gigadevice | 4 Gd32f103, Gd32f103 Firmware, Gd32f130 and 1 more | 2024-08-04 | 4.6 Medium |
| Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. | ||||
| CVE-2020-13472 | 1 Gigadevice | 2 Gd32f103, Gd32f103 Firmware | 2024-08-04 | 4.6 Medium |
| The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. | ||||
| CVE-2020-13343 | 1 Gitlab | 1 Gitlab | 2024-08-04 | 7.5 High |
| An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template | ||||
| CVE-2020-13240 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-08-04 | 5.4 Medium |
| The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS. | ||||