Total
34130 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15938 | 1 Fortinet | 1 Fortios | 2024-11-21 | 4 Medium |
| When traffic other than HTTP/S (eg: SSH traffic, etc...) traverses the FortiGate in version below 6.2.5 and below 6.4.2 on port 80/443, it is not redirected to the transparent proxy policy for processing, as it doesn't have a valid HTTP header. | ||||
| CVE-2020-15917 | 3 Claws-mail, Fedoraproject, Opensuse | 4 Claws-mail, Fedora, Backports Sle and 1 more | 2024-11-21 | 9.8 Critical |
| common/session.c in Claws Mail before 3.17.6 has a protocol violation because suffix data after STARTTLS is mishandled. | ||||
| CVE-2020-15912 | 1 Tesla | 2 Model 3, Model 3 Firmware | 2024-11-21 | 6.5 Medium |
| Tesla Model 3 vehicles allow attackers to open a door by leveraging access to a legitimate key card, and then using NFC Relay. NOTE: the vendor has developed Pin2Drive to mitigate this issue | ||||
| CVE-2020-15903 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 9.8 Critical |
| An issue was found in Nagios XI before 5.7.3. There is a privilege escalation vulnerability in backend scripts that ran as root where some included files were editable by nagios user. This issue was fixed in version 5.7.3. | ||||
| CVE-2020-15901 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| In Nagios XI before 5.7.3, ajaxhelper.php allows remote authenticated attackers to execute arbitrary commands via cmdsubsys. | ||||
| CVE-2020-15898 | 1 Arista | 49 7050cx3-32s, 7050cx3m-32s, 7050qx-32s and 46 more | 2024-11-21 | 5.3 Medium |
| In Arista EOS malformed packets can be incorrectly forwarded across VLAN boundaries in one direction. This vulnerability is only susceptible to exploitation by unidirectional traffic (ex. UDP) and not bidirectional traffic (ex. TCP). This affects: EOS 7170 platforms version 4.21.4.1F and below releases in the 4.21.x train; EOS X-Series versions 4.21.11M and below releases in the 4.21.x train; 4.22.6M and below releases in the 4.22.x train; 4.23.4M and below releases in the 4.23.x train; 4.24.2.1F and below releases in the 4.24.x train. | ||||
| CVE-2020-15897 | 1 Arista | 1 Eos | 2024-11-21 | 7.5 High |
| Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router. | ||||
| CVE-2020-15877 | 1 Librenms | 1 Librenms | 2024-11-21 | 8.8 High |
| An issue was discovered in LibreNMS before 1.65.1. It has insufficient access control for normal users because of "'guard' => 'admin'" instead of "'middleware' => ['can:admin']" in routes/web.php. | ||||
| CVE-2020-15871 | 1 Sonatype | 1 Nexus Repository Manager 3 | 2024-11-21 | 8.8 High |
| Sonatype Nexus Repository Manager OSS/Pro version before 3.25.1 allows Remote Code Execution. | ||||
| CVE-2020-15868 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 7.5 High |
| Sonatype Nexus Repository Manager OSS/Pro before 3.26.0 has Incorrect Access Control. | ||||
| CVE-2020-15867 | 1 Gogs | 1 Gogs | 2024-11-21 | 7.2 High |
| The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a "Product UI does not Warn User of Unsafe Actions" issue. | ||||
| CVE-2020-15836 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The authentication function passes untrusted data to the operating system without proper sanitization. A crafted request can be sent to execute arbitrary commands as root. | ||||
| CVE-2020-15832 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The poof.cgi script contains undocumented code that provides the ability to remotely reboot the device. An adversary with the private key (but not the root password) can remotely reboot the device. | ||||
| CVE-2020-15828 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.5 Medium |
| In JetBrains TeamCity before 2020.1.1, project parameter values can be retrieved by a user without appropriate permissions. | ||||
| CVE-2020-15825 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 8.8 High |
| In JetBrains TeamCity before 2020.1, users with the Modify Group permission can elevate other users' privileges. | ||||
| CVE-2020-15820 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack before 2020.2.6881, the markdown parser could disclose hidden file existence. | ||||
| CVE-2020-15818 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.3 Medium |
| In JetBrains YouTrack before 2020.2.8527, the subtasks workflow could disclose issue existence. | ||||
| CVE-2020-15817 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 8.8 High |
| In JetBrains YouTrack before 2020.1.1331, an external user could execute commands against arbitrary issues. | ||||
| CVE-2020-15715 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 9.9 Critical |
| rConfig 3.9.5 could allow a remote authenticated attacker to execute arbitrary code on the system, because of an error in the search.crud.php script. An attacker could exploit this vulnerability using the nodeId parameter. | ||||
| CVE-2020-15709 | 1 Canonical | 1 Add-apt-repository | 2024-11-21 | 5.5 Medium |
| Versions of add-apt-repository before 0.98.9.2, 0.96.24.32.14, 0.96.20.10, and 0.92.37.8ubuntu0.1~esm1, printed a PPA (personal package archive) description to the terminal as-is, which allowed PPA owners to provide ANSI terminal escapes to modify terminal contents in unexpected ways. | ||||