Total
34116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10766 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Rhel E4s and 1 more | 2024-11-21 | 5.5 Medium |
| A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in the logic handling allows an attacker with a local account to disable SSBD protection during a context switch when additional speculative execution mitigations are in place. This issue was introduced when the per task/process conditional STIPB switching was added on top of the existing SSBD switching. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-10731 | 1 Redhat | 2 Openstack, Openstack Platform | 2024-11-21 | 9.9 Critical |
| A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where it does not have SELinux enabled. This flaw causes sVirt, an important isolation mechanism, to be disabled for all running virtual machines. | ||||
| CVE-2020-10678 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 8.8 High |
| In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to their Octopus server, an authenticated user can leverage a bug to escalate privileges. | ||||
| CVE-2020-10661 | 1 Hashicorp | 1 Vault | 2024-11-21 | 9.1 Critical |
| HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances, have existing nested-path policies grant access to Namespaces created after-the-fact. Fixed in 1.3.4. | ||||
| CVE-2020-10622 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 7.8 High |
| LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file creation by unauthorized users | ||||
| CVE-2020-10592 | 2 Opensuse, Torproject | 3 Backports, Leap, Tor | 2024-11-21 | 7.5 High |
| Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cause a Denial of Service (CPU consumption), aka TROVE-2020-002. | ||||
| CVE-2020-10591 | 1 Walmart | 1 Concord | 2024-11-21 | 7.5 High |
| An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin headers have a potentially unsafe dependency on Origin headers, and are not configurable. This allows remote attackers to discover host information, nodes, API metadata, and references to usernames via api/v1/apikey. | ||||
| CVE-2020-10590 | 1 Replicated | 1 Replicated Classic | 2024-11-21 | 7.5 High |
| Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the Replicated Admin Console configuration. An attacker with network access to the Admin Console port (8800) on the Replicated Classic server could retrieve the TLS Keypair (Cert and Key) used to configure the Admin Console. | ||||
| CVE-2020-10587 | 2 Antixlinux, Mxlinux | 2 Antix Linux, Mx Linux | 2024-11-21 | 7.8 High |
| antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" because of the Sudo configuration. | ||||
| CVE-2020-10578 | 1 Q-cms | 1 Qcms | 2024-11-21 | 7.5 High |
| An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1. | ||||
| CVE-2020-10570 | 1 Telegram | 1 Telegram | 2024-11-21 | 6.1 Medium |
| The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physically proximate attackers to bypass intended restrictions on message reading and message replying. This might be interpreted as a bypass of the passcode feature. | ||||
| CVE-2020-10558 | 1 Tesla | 1 Model 3 Web Interface | 2024-11-21 | 6.5 Medium |
| The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Service to occur due to improper process separation, which allows attackers to disable the speedometer, web browser, climate controls, turn signal visual and sounds, navigation, autopilot notifications, along with other miscellaneous functions from the main screen. | ||||
| CVE-2020-10541 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mail Server Settings v1 API request. This was fixed in 12.5.108. | ||||
| CVE-2020-10535 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain restrictions within the two-day grace period for an unconfirmed email address. | ||||
| CVE-2020-10519 | 1 Github | 1 Github | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program. | ||||
| CVE-2020-10518 | 1 Github | 1 Github | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. | ||||
| CVE-2020-10517 | 1 Github | 1 Github | 2024-11-21 | 4.3 Medium |
| An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2024-11-21 | 7.5 High |
| Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | ||||
| CVE-2020-10383 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an unauthenticated remote code execution in the com_mb24sysapi module. | ||||
| CVE-2020-10382 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2024-11-21 | 8.8 High |
| An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all versions through 2.5.0. There is an authenticated remote code execution in the backup-scheduler. | ||||