Total
34204 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-3284 | 1 Cisco | 87 A99-rp2-se, A99-rp2-se Firmware, A99-rp2-tr and 84 more | 2024-11-21 | 9.8 Critical |
| A vulnerability in the enhanced Preboot eXecution Environment (PXE) boot loader for Cisco IOS XR 64-bit Software could allow an unauthenticated, remote attacker to execute unsigned code during the PXE boot process on an affected device. The PXE boot loader is part of the BIOS and runs over the management interface of hardware platforms that are running Cisco IOS XR Software only. The vulnerability exists because internal commands that are issued when the PXE network boot process is loading a software image are not properly verified. An attacker could exploit this vulnerability by compromising the PXE boot server and replacing a valid software image with a malicious one. Alternatively, the attacker could impersonate the PXE boot server and send a PXE boot reply with a malicious file. A successful exploit could allow the attacker to execute unsigned code on the affected device. Note: To fix this vulnerability, both the Cisco IOS XR Software and the BIOS must be upgraded. The BIOS code is included in Cisco IOS XR Software but might require additional installation steps. For further information, see the Fixed Software section of this advisory. | ||||
| CVE-2020-3232 | 1 Cisco | 2 Asr 920-12sz-im, Ios Xe | 2024-11-21 | 7.7 High |
| A vulnerability in the Simple Network Management Protocol (SNMP) implementation in Cisco ASR 920 Series Aggregation Services Router model ASR920-12SZ-IM could allow an authenticated, remote attacker to cause the device to reload. The vulnerability is due to incorrect handling of data that is returned for Cisco Discovery Protocol queries to SNMP. An attacker could exploit this vulnerability by sending a request for Cisco Discovery Protocol information by using SNMP. An exploit could allow the attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. | ||||
| CVE-2020-3213 | 1 Cisco | 1 Ios Xe | 2024-11-21 | 6.7 Medium |
| A vulnerability in the ROMMON of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to those of the root user of the underlying operating system. The vulnerability is due to the ROMMON allowing for special parameters to be passed to the device at initial boot up. An attacker could exploit this vulnerability by sending parameters to the device at initial boot up. An exploit could allow the attacker to elevate from a Priv15 user to the root user and execute arbitrary commands with the privileges of the root user. | ||||
| CVE-2020-3141 | 1 Cisco | 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more | 2024-11-21 | 8.8 High |
| Multiple vulnerabilities in the web management framework of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-36767 | 2 Linux, Vareille | 2 Linux Kernel, Tinyfiledialogs | 2024-11-21 | 7.5 High |
| tinyfiledialogs (aka tiny file dialogs) before 3.8.0 allows shell metacharacters in titles, messages, and other input data. | ||||
| CVE-2020-36766 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 3.3 Low |
| An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct. | ||||
| CVE-2020-36765 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in Navigation in Google Chrome prior to 85.0.4183.83 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2020-36519 | 1 Mimecast | 1 Email Security | 2024-11-21 | 4.9 Medium |
| Mimecast Email Security before 2020-01-10 allows any admin to spoof any domain, and pass DMARC alignment via SPF. This occurs through misuse of the address rewrite feature. (The domain being spoofed must be a customer in the Mimecast grid from which the spoofing occurs.) | ||||
| CVE-2020-36472 | 1 Max7301 Project | 1 Max7301 | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander<EI> types that they contain. | ||||
| CVE-2020-36471 | 1 Generator Project | 1 Generator | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds. | ||||
| CVE-2020-36470 | 1 Disrustor Project | 1 Disrustor | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references. | ||||
| CVE-2020-36469 | 1 Appendix Project | 1 Appendix | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally. | ||||
| CVE-2020-36468 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer. | ||||
| CVE-2020-36467 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object. | ||||
| CVE-2020-36466 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types. | ||||
| CVE-2020-36465 | 1 Generic-array Project | 1 Generic-array | 2024-11-21 | 7.5 High |
| An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. | ||||
| CVE-2020-36453 | 1 Scottqueue Project | 1 Scottqueue | 2024-11-21 | 8.1 High |
| An issue was discovered in the scottqueue crate through 2020-11-15 for Rust. There are unconditional implementations of Send and Sync for Queue<T>. | ||||
| CVE-2020-36433 | 1 Aeplay | 1 Chunky | 2024-11-21 | 7.5 High |
| An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement. | ||||
| CVE-2020-36427 | 1 Gnome | 1 Gthumb | 2024-11-21 | 5.5 Medium |
| GNOME gThumb before 3.10.1 allows an application crash via a malformed JPEG image. | ||||
| CVE-2020-36394 | 1 Pam Setquota Project | 1 Pam Setquota | 2024-11-21 | 7.0 High |
| pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home. | ||||