Total
34188 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21530 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 5.5 Medium |
| fig2dev 3.2.7b contains a segmentation fault in the read_objects function in read.c. | ||||
| CVE-2020-21528 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file. | ||||
| CVE-2020-21493 | 1 Xiuno | 1 Xiunobbs | 2024-11-21 | 5.3 Medium |
| An issue in the component route\user.php of Xiuno BBS v4.0.4 allows attackers to enumerate usernames. | ||||
| CVE-2020-21480 | 1 Rgcms Project | 1 Rgcms | 2024-11-21 | 7.2 High |
| An arbitrary file write vulnerability in RGCMS v1.06 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2020-21468 | 1 Redislabs | 1 Redis | 2024-11-21 | 7.5 High |
| A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7 | ||||
| CVE-2020-21431 | 1 Hongcms Project | 1 Hongcms | 2024-11-21 | 6.5 Medium |
| HongCMS v3.0 contains an arbitrary file read and write vulnerability in the component /admin/index.php/template/edit. | ||||
| CVE-2020-21406 | 2 Rk Max Smart Tv Box Project, V88 Smart Tv Box Project | 4 Rk Max Smart Tv Box, Rk Max Smart Tv Box Firmware, V88 Smart Tv Box and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNextDisplayInterface service. | ||||
| CVE-2020-21125 | 1 Ureport Project | 1 Ureport | 2024-11-21 | 9.8 Critical |
| An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code. | ||||
| CVE-2020-21048 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 6.5 Medium |
| An issue in the dither.c component of libsixel prior to v1.8.4 allows attackers to cause a denial of service (DOS) via a crafted PNG file. | ||||
| CVE-2020-21014 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.5 Medium |
| emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. | ||||
| CVE-2020-20813 | 1 Openvpn | 1 Openvpn | 2024-11-21 | 7.5 High |
| Control Channel in OpenVPN 2.4.7 and earlier allows remote attackers to cause a denial of service via crafted reset packet. | ||||
| CVE-2020-20664 | 1 Libiec Iccp Mod Project | 1 Libiec Iccp Mod | 2024-11-21 | 6.5 Medium |
| libiec_iccp_mod v1.5 contains a segmentation violation in the component server_example1.c. | ||||
| CVE-2020-20634 | 1 Elementor | 1 Website Builder | 2024-11-21 | 6.5 Medium |
| Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog. | ||||
| CVE-2020-20495 | 1 Bludit | 1 Bludit | 2024-11-21 | 9.1 Critical |
| bludit v3.13.0 contains an arbitrary file deletion vulnerability in the backup plugin via the `deleteBackup' parameter. | ||||
| CVE-2020-20299 | 1 Weiphp | 1 Weiphp | 2024-11-21 | 7.5 High |
| WeiPHP 5.0 does not properly restrict access to pages, related to using POST. | ||||
| CVE-2020-20269 | 1 Caret | 1 Caret | 2024-11-21 | 9.8 Critical |
| A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22. | ||||
| CVE-2020-20178 | 1 Whohas Project | 1 Whohas | 2024-11-21 | 7.5 High |
| Ethereum 0xe933c0cd9784414d5f278c114904f5a84b396919#code.sol latest version is affected by a denial of service vulnerability in the affected payout function. Once the length of this array is too long, it will result in an exception. Attackers can make attacks by creating a series of account addresses. | ||||
| CVE-2020-1960 | 2 Apache, Redhat | 2 Flink, Jboss Fuse | 2024-11-21 | 4.7 Medium |
| A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. | ||||
| CVE-2020-1957 | 2 Apache, Debian | 2 Shiro, Debian Linux | 2024-11-21 | 9.8 Critical |
| Apache Shiro before 1.5.2, when using Apache Shiro with Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | ||||
| CVE-2020-1954 | 4 Apache, Netapp, Oracle and 1 more | 15 Cxf, Oncommand Workflow Automation, Snapmanager and 12 more | 2024-11-21 | 5.3 Medium |
| Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX. | ||||