Total
34215 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8088 | 1 Usebb | 1 Usebb | 2024-11-21 | 9.8 Critical |
| panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-8004 | 1 St | 2 Stm32f1, Stm32f1 Firmware | 2024-11-21 | 7.5 High |
| STMicroelectronics STM32F1 devices have Incorrect Access Control. | ||||
| CVE-2020-7978 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 12.6 and later through 12.7.2 allows Denial of Service. | ||||
| CVE-2020-7976 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control. | ||||
| CVE-2020-7974 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 10.1 through 12.7.2 allows Information Disclosure. | ||||
| CVE-2020-7969 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure. | ||||
| CVE-2020-7958 | 1 Oneplus | 2 Oneplus 7 Pro, Oneplus 7 Pro Firmware | 2024-11-21 | 6.0 Medium |
| An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to contain functionality that allows a privileged user (root) in the Rich Execution Environment (REE) to obtain bitmap images from the fingerprint sensor because of Leftover Debug Code. The issue is that the Trusted Application (TA) supports an extended number of commands beyond what is needed to implement a fingerprint authentication system compatible with Android. An attacker who is in the position to send commands to the TA (for example, the root user) is able to send a sequence of these commands that will result in the TA sending a raw fingerprint image to the REE. This means that the Trusted Execution Environment (TEE) no longer protects identifiable fingerprint data from the REE. | ||||
| CVE-2020-7952 | 1 Valvesoftware | 1 Dota 2 | 2024-11-21 | 7.8 High |
| rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is affected by memory corruption. | ||||
| CVE-2020-7950 | 1 Valvesoftware | 1 Dota 2 | 2024-11-21 | 7.8 High |
| meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a vulnerable function call. | ||||
| CVE-2020-7949 | 1 Valvesoftware | 1 Dota 2 | 2024-11-21 | 7.8 High |
| schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or denial of service by creating a gaming server and inviting a victim to this server, because a crafted map is mishandled during a GetValue call. | ||||
| CVE-2020-7943 | 2 Puppet, Redhat | 5 Puppet Enterprise, Puppet Server, Puppetdb and 2 more | 2024-11-21 | 7.5 High |
| Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13 | ||||
| CVE-2020-7941 | 1 Plone | 1 Plone | 2024-11-21 | 9.8 Critical |
| A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PUT (overwrite) some content without needing write permission. | ||||
| CVE-2020-7938 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. | ||||
| CVE-2020-7931 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 8.8 High |
| In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template. | ||||
| CVE-2020-7927 | 1 Mongodb | 1 Ops Manager | 2024-11-21 | 8.1 High |
| Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2. | ||||
| CVE-2020-7914 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. | ||||
| CVE-2020-7905 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. | ||||
| CVE-2020-7815 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 7.8 High |
| XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____COMPONENT____ of TOBESOFT XPLATFORM allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows. | ||||
| CVE-2020-7803 | 2 Imgtech, Microsoft | 2 Zoneplayer, Windows | 2024-11-21 | 7.8 High |
| IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution. | ||||
| CVE-2020-7791 | 1 I18n Project | 1 I18n | 2024-11-21 | 7.5 High |
| This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs. | ||||