Total
34199 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35781 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 8.3 High |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | ||||
| CVE-2020-35780 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 7.1 High |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | ||||
| CVE-2020-35779 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 7.5 High |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | ||||
| CVE-2020-35769 | 2 Microsoft, Webmin | 2 Windows, Webmin | 2024-11-21 | 9.8 Critical |
| miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program. | ||||
| CVE-2020-35716 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 7.5 High |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. | ||||
| CVE-2020-35711 | 1 Arc-swap Project | 1 Arc-swap | 2024-11-21 | 7.5 High |
| An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map. | ||||
| CVE-2020-35693 | 2 Google, Samsung | 8 Android, Galaxy A3, Galaxy Note 4 and 5 more | 2024-11-21 | 8.8 High |
| On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5. | ||||
| CVE-2020-35652 | 1 Digium | 1 Asterisk | 2024-11-21 | 6.5 Medium |
| An issue was discovered in res_pjsip_diversion.c in Sangoma Asterisk before 13.38.0, 14.x through 16.x before 16.15.0, 17.x before 17.9.0, and 18.x before 18.1.0. A crash can occur when a SIP message is received with a History-Info header that contains a tel-uri, or when a SIP 181 response is received that contains a tel-uri in the Diversion header. | ||||
| CVE-2020-35614 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Joomla! 3.9.0 through 3.9.22. Improper handling of the username leads to a user enumeration attack vector in the backend login page. | ||||
| CVE-2020-35610 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| An issue was discovered in Joomla! 2.5.0 through 3.9.22. The autosuggestion feature of com_finder did not respect the access level of the corresponding terms. | ||||
| CVE-2020-35593 | 1 Bmc | 1 Patrol Agent | 2024-11-21 | 7.8 High |
| BMC PATROL Agent through 20.08.00 allows local privilege escalation via vectors involving pconfig +RESTART -host. | ||||
| CVE-2020-35587 | 1 Mersive | 2 Solstice, Solstice Firmware | 2024-11-21 | 7.5 High |
| In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is directly associated with a negative impact, or instead only facilitates an attack technique | ||||
| CVE-2020-35575 | 1 Tp-link | 54 Archer C5, Archer C5 Firmware, Archer C7 and 51 more | 2024-11-21 | 9.8 Critical |
| A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices. | ||||
| CVE-2020-35556 | 1 Acronis | 1 Cyber Protect | 2024-11-21 | 7.5 High |
| An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur. | ||||
| CVE-2020-35555 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020). | ||||
| CVE-2020-35552 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020). | ||||
| CVE-2020-35550 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020). | ||||
| CVE-2020-35549 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). | ||||
| CVE-2020-35548 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020). | ||||
| CVE-2020-35547 | 1 Mitel | 1 Micollab | 2024-11-21 | 9.1 Critical |
| A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. | ||||