Total
34120 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11848 | 1 Microfocus | 1 Arcsight Management Center | 2024-11-21 | 7.5 High |
| Denial of service vulnerability on Micro Focus ArcSight Management Center. Affecting all versions prior to version 2.9.5. The vulnerability could cause the server to become unavailable, causing a denial of service. | ||||
| CVE-2020-11843 | 1 Netiq | 1 Access Manager | 2024-11-21 | 6.5 Medium |
| This allows the information exposure to unauthorized users. This issue affects NetIQ Access Manager using version 4.5 or before | ||||
| CVE-2020-11842 | 1 Microfocus | 1 Verastream Host Integrator | 2024-11-21 | 7.5 High |
| Information disclosure vulnerability in Micro Focus Verastream Host Integrator (VHI) product, affecting versions earlier than 7.8 Update 1 (7.8.49 or 7.8.0.49). The vulnerability allows an unauthenticated attackers to view information they may not have been authorized to view. | ||||
| CVE-2020-11841 | 1 Microfocus | 1 Arcsight Management Center | 2024-11-21 | 4.3 Medium |
| Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | ||||
| CVE-2020-11840 | 1 Microfocus | 1 Arcsight Management Center | 2024-11-21 | 4.3 Medium |
| Unauthorized information disclosure vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting unauthorized information disclosure. | ||||
| CVE-2020-11836 | 2 Google, Oppo | 19 Android, A12, A15 and 16 more | 2024-11-21 | 5.5 Medium |
| OPPO Android Phone with MTK chipset and Android 8.1/9/10/11 versions have an information leak vulnerability. The “adb shell getprop ro.vendor.aee.enforcing” or “adb shell getprop ro.vendor.aee.enforcing” return no. | ||||
| CVE-2020-11830 | 1 Oppo | 1 Qualityprotect | 2024-11-21 | 9.8 Critical |
| QualityProtect has a vulnerability to execute arbitrary system commands, affected product is com.oppo.qualityprotect V2.0. | ||||
| CVE-2020-11829 | 1 Oppo | 1 Coloros | 2024-11-21 | 9.8 Critical |
| Dynamic loading of services in the backup and restore SDK leads to elevated privileges, affected product is com.coloros.codebook V2.0.0_5493e40_200722. | ||||
| CVE-2020-11800 | 3 Debian, Opensuse, Zabbix | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 9.8 Critical |
| Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-11797 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 7.5 High |
| An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files. | ||||
| CVE-2020-11790 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 9.8 Critical |
| NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. | ||||
| CVE-2020-11788 | 1 Netgear | 24 D6200, D6200 Firmware, D7000 and 21 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36. | ||||
| CVE-2020-11767 | 2 Envoyproxy, Istio | 2 Envoy, Istio | 2024-11-21 | 3.1 Low |
| Istio through 1.5.1 and Envoy through 1.14.1 have a data-leak issue. If there is a TCP connection (negotiated with SNI over HTTPS) to *.example.com, a request for a domain concurrently configured explicitly (e.g., abc.example.com) is sent to the server(s) listening behind *.example.com. The outcome should instead be 421 Misdirected Request. Imagine a shared caching forward proxy re-using an HTTP/2 connection for a large subnet with many users. If a victim is interacting with abc.example.com, and a server (for abc.example.com) recycles the TCP connection to the forward proxy, the victim's browser may suddenly start sending sensitive data to a *.example.com server. This occurs because the forward proxy between the victim and the origin server reuses connections (which obeys the specification), but neither Istio nor Envoy corrects this by sending a 421 error. Similarly, this behavior voids the security model browsers have put in place between domains. | ||||
| CVE-2020-11732 | 1 Davidlingren | 1 Media Library Assistant | 2024-11-21 | 7.5 High |
| The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download. | ||||
| CVE-2020-11725 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 7.8 High |
| snd_ctl_elem_add in sound/core/control.c in the Linux kernel through 5.6.3 has a count=info->owner line, which later affects a private_size*count multiplication for unspecified "interesting side effects." NOTE: kernel engineers dispute this finding, because it could be relevant only if new callers were added that were unfamiliar with the misuse of the info->owner field to represent data unrelated to the "owner" concept. The existing callers, SNDRV_CTL_IOCTL_ELEM_ADD and SNDRV_CTL_IOCTL_ELEM_REPLACE, have been designed to misuse the info->owner field in a safe way | ||||
| CVE-2020-11715 | 1 Panasonic | 2 P99, P99 Firmware | 2024-11-21 | 9.8 Critical |
| Panasonic P99 devices through 2020-04-10 have Incorrect Access Control. NOTE: the vendor states that all affected products are at "End-of-software-support." | ||||
| CVE-2020-11693 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 7.5 High |
| JetBrains YouTrack before 2020.1.659 was vulnerable to DoS that could be caused by attaching a malformed TIFF file to an issue. | ||||
| CVE-2020-11691 | 1 Jetbrains | 1 Hub | 2024-11-21 | 7.5 High |
| In JetBrains Hub before 2020.1.12099, content spoofing in the Hub OAuth error message was possible. | ||||
| CVE-2020-11686 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 2.7 Low |
| In JetBrains TeamCity before 2019.1.4, a project administrator was able to retrieve some TeamCity server settings. | ||||
| CVE-2020-11674 | 1 Cerner | 1 Medico | 2024-11-21 | 8.8 High |
| Cerner medico 26.00 allows variable reuse, possibly causing data corruption. | ||||