Total
433 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11985 | 2 Apache, Redhat | 3 Http Server, Enterprise Linux, Rhel Software Collections | 2024-08-04 | 5.3 Medium |
| IP address spoofing when proxying using mod_remoteip and mod_rewrite For configurations using proxying with mod_remoteip and certain mod_rewrite rules, an attacker could spoof their IP address for logging and PHP scripts. Note this issue was fixed in Apache HTTP Server 2.4.24 but was retrospectively allocated a low severity CVE in 2020. | ||||
| CVE-2020-11614 | 1 Mids\' Reborn Hero Designer Project | 1 Mids\' Reborn Hero Designer | 2024-08-04 | 8.1 High |
| Mids' Reborn Hero Designer 2.6.0.7 downloads the update manifest, as well as update files, over cleartext HTTP. Additionally, the application does not perform file integrity validation for files after download. An attacker can perform a man-in-the-middle attack against this connection and replace executable files with malicious versions, which the operating system then executes under the context of the user running Hero Designer. | ||||
| CVE-2020-11493 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-08-04 | 8.1 High |
| In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject. | ||||
| CVE-2020-11470 | 1 Zoom | 1 Meetings | 2024-08-04 | 3.3 Low |
| Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement, which allows a local process (with the user's privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Zoom Client's microphone and camera access. | ||||
| CVE-2020-10831 | 1 Google | 1 Android | 2024-08-04 | 7.5 High |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can trigger an update to arbitrary touch-screen firmware. The Samsung ID is SVE-2019-16013 (March 2020). | ||||
| CVE-2020-10751 | 2 Kernel, Redhat | 4 Selinux, Enterprise Linux, Enterprise Linux Server and 1 more | 2024-08-04 | 6.1 Medium |
| A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it incorrectly assumed that an skb would only contain a single netlink message. The hook would incorrectly only validate the first netlink message in the skb and allow or deny the rest of the messages within the skb with the granted permission without further processing. | ||||
| CVE-2020-9885 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-08-04 | 5.5 Medium |
| An issue existed in the handling of iMessage tapbacks. The issue was resolved with additional verification. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. A user that is removed from an iMessage group could rejoin the group. | ||||
| CVE-2020-9230 | 1 Huawei | 2 Ws5800-10, Ws5800-10 Firmware | 2024-08-04 | 6.5 Medium |
| WS5800-10 version 10.0.3.25 has a denial of service vulnerability. Due to improper verification of specific message, an attacker may exploit this vulnerability to cause specific function to become abnormal. | ||||
| CVE-2020-9141 | 1 Huawei | 2 Emui, Magic Ui | 2024-08-04 | 9.1 Critical |
| There is a improper privilege management vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability can cause information disclosure and malfunctions due to insufficient verification of data authenticity. | ||||
| CVE-2020-8660 | 2 Envoyproxy, Redhat | 2 Envoy, Service Mesh | 2024-08-04 | 5.3 Medium |
| CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recognized as a TLS client) by a client using only TLS 1.3. Because TLS extensions (SNI, ALPN) were not inspected, those connections might have been matched to a wrong filter chain, possibly bypassing some security restrictions in the process. | ||||
| CVE-2020-7982 | 1 Openwrt | 2 Lede, Openwrt | 2024-08-04 | 8.1 High |
| An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification). | ||||
| CVE-2020-7487 | 1 Schneider-electric | 11 Ecostruxure Machine Expert, Modicon M218, Modicon M218 Firmware and 8 more | 2024-08-04 | 9.8 Critical |
| A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the attacker to execute malicious code on the Modicon M218, M241, M251, and M258 controllers. | ||||
| CVE-2020-6443 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-08-04 | 8.8 High |
| Insufficient data validation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to execute arbitrary code via a crafted HTML page. | ||||
| CVE-2020-6090 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2024-08-04 | 7.2 High |
| An exploitable code execution vulnerability exists in the Web-Based Management (WBM) functionality of WAGO PFC 200 03.03.10(15). A specially crafted series of HTTP requests can cause code execution resulting in remote code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-6081 | 1 Codesys | 1 Runtime | 2024-08-04 | 8.8 High |
| An exploitable code execution vulnerability exists in the PLC_Task functionality of 3S-Smart Software Solutions GmbH CODESYS Runtime 3.5.14.30. A specially crafted network request can cause remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2020-5964 | 2 Microsoft, Nvidia | 10 Windows, Geforce, Geforce Experience and 7 more | 2024-08-04 | 7.8 High |
| NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the service host component, in which the application resources integrity check may be missed. Such an attack may lead to code execution, denial of service or information disclosure. | ||||
| CVE-2020-1755 | 1 Moodle | 1 Moodle | 2024-08-04 | 5.3 Medium |
| In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, X-Forwarded-For headers could be used to spoof a user's IP, in order to bypass remote address checks. | ||||
| CVE-2021-46559 | 1 Moxa | 2 Tn-5900, Tn-5900 Firmware | 2024-08-04 | 7.5 High |
| The firmware on Moxa TN-5900 devices through 3.1 has a weak algorithm that allows an attacker to defeat an inspection mechanism for integrity protection. | ||||
| CVE-2021-45419 | 1 Starcharge | 4 Nova 360 Cabinet, Nova 360 Cabinet Firmware, Titan 180 Premium and 1 more | 2024-08-04 | 8.8 High |
| Certain Starcharge products are affected by Improper Input Validation. The affected products include: Nova 360 Cabinet <= 1.3.0.0.7b102 - Fixed: Beta1.3.0.1.0 and Titan 180 Premium <= 1.3.0.0.6 - Fixed: 1.3.0.0.9. | ||||
| CVE-2021-44850 | 1 Amd | 20 Xilinx Z-7007s, Xilinx Z-7007s Firmware, Xilinx Z-7010 and 17 more | 2024-08-04 | 6.8 Medium |
| On Xilinx Zynq-7000 SoC devices, physical modification of an SD boot image allows for a buffer overflow attack in the ROM. Because the Zynq-7000's boot image header is unencrypted and unauthenticated before use, an attacker can modify the boot header stored on an SD card so that a secure image appears to be unencrypted, and they will be able to modify the full range of register initialization values. Normally, these registers will be restricted when booting securely. Of importance to this attack are two registers that control the SD card's transfer type and transfer size. These registers could be modified a way that causes a buffer overflow in the ROM. | ||||