Total
34125 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14429 | 1 Netgear | 32 Mk62, Mk62 Firmware, Mk63 and 29 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects MK62 before 1.0.4.92, MK63 before 1.0.4.92, MR60 before 1.0.4.92, MS60 before 1.0.4.92, RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBS750 before 3.2.15.25, RBR750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | ||||
| CVE-2020-14428 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | ||||
| CVE-2020-14427 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | ||||
| CVE-2020-14426 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by disclosure of administrative credentials. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBK853 before 3.2.10.11, RBR850 before 3.2.10.11, RBS850 before 3.2.10.11, RBK842 before 3.2.10.11, RBR840 before 3.2.10.11, and RBS840 before 3.2.10.11. | ||||
| CVE-2020-14425 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 7.8 High |
| Foxit Reader before 10.0 allows Remote Command Execution via the app.opencPDFWebPage JavsScript API. An attacker can execute local files and bypass the security dialog. | ||||
| CVE-2020-14384 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jbossweb | 2024-11-21 | 7.5 High |
| A flaw was found in JBossWeb in versions before 7.5.31.Final-redhat-3. The fix for CVE-2020-13935 was incomplete in JBossWeb, leaving it vulnerable to a denial of service attack when sending multiple requests with invalid payload length in a WebSocket frame. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-14325 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-11-21 | 9.1 Critical |
| Red Hat CloudForms before 5.11.7.0 was vulnerable to the User Impersonation authorization flaw which allows malicious attacker to create existent and non-existent role-based access control user, with groups and roles. With a selected group of EvmGroup-super_administrator, an attacker can perform any API request as a super administrator. | ||||
| CVE-2020-14316 | 2 Kubevirt, Redhat | 3 Kubevirt, Container Native Virtualization, Openshift Virtualization | 2024-11-21 | 9.9 Critical |
| A flaw was found in kubevirt 0.29 and earlier. Virtual Machine Instances (VMIs) can be used to gain access to the host's filesystem. Successful exploitation allows an attacker to assume the privileges of the VM process on the host system. In worst-case scenarios an attacker can read and modify any file on the system where the VMI is running. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-14313 | 1 Redhat | 1 Quay | 2024-11-21 | 4.3 Medium |
| An information disclosure vulnerability was found in Red Hat Quay in versions before 3.3.1. This flaw allows an attacker who can create a build trigger in a repository, to disclose the names of robot accounts and the existence of private repositories within any namespace. | ||||
| CVE-2020-14292 | 1 Health | 1 Covidsafe | 2024-11-21 | 5.7 Medium |
| In the COVIDSafe application through 1.0.21 for Android, unsafe use of the Bluetooth transport option in the GATT connection allows attackers to trick the application into establishing a connection over Bluetooth BR/EDR transport, which reveals the public Bluetooth address of the victim's phone without authorisation, bypassing the Bluetooth address randomisation protection in the user's phone. | ||||
| CVE-2020-14275 | 1 Hcltechsw | 1 Hcl Commerce | 2024-11-21 | 9.8 Critical |
| Security vulnerability in HCL Commerce 9.0.0.5 through 9.0.0.13, 9.0.1.0 through 9.0.1.14 and 9.1 through 9.1.4 could allow denial of service, disclosure of user personal data, and performing of unauthorized administrative operations. | ||||
| CVE-2020-14274 | 1 Hcltechsw | 1 Hcl Commerce | 2024-11-21 | 7.5 High |
| Information disclosure vulnerability in HCL Commerce 9.0.1.9 through 9.0.1.14 and 9.1 through 9.1.4 could allow a remote attacker to obtain user personal data via unknown vectors. | ||||
| CVE-2020-14255 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 7.5 High |
| HCL Digital Experience 9.5 containers include vulnerabilities that could expose sensitive data to unauthorized parties via crafted requests. These affect containers only. These do not affect traditional on-premise installations. | ||||
| CVE-2020-14221 | 1 Hcltech | 1 Digital Experience | 2024-11-21 | 4.9 Medium |
| HCL Digital Experience 8.5, 9.0, and 9.5 exposes information about the server to unauthorized users. | ||||
| CVE-2020-14201 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 6.5 Medium |
| Dolibarr CRM before 11.0.5 allows privilege escalation. This could allow remote authenticated attackers to upload arbitrary files via societe/document.php in which "disabled" is changed to "enabled" in the HTML source code. | ||||
| CVE-2020-14198 | 1 Bitcoin | 1 Bitcoin Core | 2024-11-21 | 7.5 High |
| Bitcoin Core 0.20.0 allows remote denial of service. | ||||
| CVE-2020-14191 | 1 Atlassian | 2 Crucible, Fisheye | 2024-11-21 | 7.5 High |
| Affected versions of Atlassian Fisheye/Crucible allow remote attackers to impact the application's availability via a Denial of Service (DoS) vulnerability in the MessageBundleResource within Atlassian Gadgets. The affected versions are before version 4.8.4. | ||||
| CVE-2020-14189 | 1 Atlassian | 1 Jira Comment | 2024-11-21 | 9.8 Critical |
| The execute function in in the Atlassian gajira-comment GitHub Action before version 2.0.2 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue comment. | ||||
| CVE-2020-14188 | 1 Atlassian | 1 Jira Create | 2024-11-21 | 9.8 Critical |
| The preprocessArgs function in the Atlassian gajira-create GitHub Action before version 2.0.1 allows remote attackers to execute arbitrary code in the context of a GitHub runner by creating a specially crafted GitHub issue. | ||||
| CVE-2020-14180 | 1 Atlassian | 1 Jira Service Desk | 2024-11-21 | 4.3 Medium |
| Affected versions of Atlassian Jira Service Desk Server and Data Center allow remote attackers authenticated as a non-administrator user to view Project Request-Types and Descriptions, via an Information Disclosure vulnerability in the editform request-type-fields resource. The affected versions are before version 4.12.0. | ||||