Total
34116 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10284 | 1 Ufactory | 1 Xarm Studio | 2024-11-21 | 9.1 Critical |
| No authentication is required to control the robot inside the network, moreso the latest available user manual shows an option that lets the user to add a password to the robot but as in xarm_studio 1.3.0 the option is missing from the menu. Assuming manual control, even by forcefully removing the current operator from an active session. | ||||
| CVE-2020-10268 | 1 Kuka | 2 Kr C4, Kr C4 Firmware | 2024-11-21 | 6.1 Medium |
| Critical services for operation can be terminated from windows task manager, bringing the manipulator to a halt. After this a Re-Calibration of the brakes needs to be performed. Be noted that this only can be accomplished either by a Kuka technician or by Kuka issued calibration hardware that interfaces with the manipulator furthering the delay and increasing operational costs. | ||||
| CVE-2020-10262 | 1 Mi | 2 Xiaomi Xiaoai Speaker Pro Lx06, Xiaomi Xiaoai Speaker Pro Lx06 Firmware | 2024-11-21 | 6.8 Medium |
| An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsafe mode during the boot process, and use the mi_console command cascaded by the SN code shown on the product to get the root shell password, and then the attacker can (i) read Wi-Fi SSID or password, (ii) read the dialogue text files between users and XIAOMI XIAOAI speaker Pro LX06, (iii) use Text-To-Speech tools pretend XIAOMI speakers' voice achieve social engineering attacks, (iv) eavesdrop on users and record what XIAOMI XIAOAI speaker Pro LX06 hears, (v) modify system files, (vi) use commands to send any IR code through IR emitter on XIAOMI XIAOAI Speaker Pro (LX06), (vii) stop voice assistant service, (viii) enable the XIAOMI XIAOAI Speaker Pro’s SSH or TELNET service as a backdoor, (IX) tamper with the router configuration of the router in the local area networks. | ||||
| CVE-2020-10256 | 1 1password | 2 Command Line Interface, Scim | 2024-11-21 | 9.8 Critical |
| An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in beta versions of the 1Password SCIM bridge prior to 0.7.3. An insecure random number generator was used to generate various keys. An attacker with access to the user's encrypted data may be able to perform brute-force calculations of encryption keys and thus succeed at decryption. | ||||
| CVE-2020-10249 | 1 Meinbwa | 2 Direx-pro, Direx-pro Firmware | 2024-11-21 | 5.3 Medium |
| BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_soft.php3. | ||||
| CVE-2020-10234 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 6.5 Medium |
| The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged user to send an IOCTL to the device driver. If the user provides a NULL entry for the dwIoControlCode parameter, a kernel panic (aka BSOD) follows. The IOCTL codes can be found in the dispatch function: 0x8001E000, 0x8001E004, 0x8001E008, 0x8001E00C, 0x8001E010, 0x8001E014, 0x8001E020, 0x8001E024, 0x8001E040, 0x8001E044, and 0x8001E048. \DosDevices\AscRegistryFilter and \Device\AscRegistryFilter are affected. | ||||
| CVE-2020-10222 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 8.1 High |
| npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_property+2381 via a crafted PDF document. | ||||
| CVE-2020-10122 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.5 Medium |
| cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547). | ||||
| CVE-2020-10120 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.2 High |
| cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). | ||||
| CVE-2020-10119 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.8 Critical |
| cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shell (SEC-544). | ||||
| CVE-2020-10118 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.1 Critical |
| cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543). | ||||
| CVE-2020-10117 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.1 Critical |
| cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). | ||||
| CVE-2020-10115 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.2 High |
| cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537). | ||||
| CVE-2020-10110 | 1 Citrix | 1 Gateway Firmware | 2024-11-21 | 5.3 Medium |
| Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disputes this as not a vulnerability. There is no sensitive information disclosure through the cache headers on Citrix ADC. The "Via" header lists cache protocols and recipients between the start and end points for a request or a response. The "Age" header provides the age of the cached response in seconds. Both headers are commonly used for proxy cache and the information is not sensitive | ||||
| CVE-2020-10100 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer details associated with specific customers. However, the application does not properly implement access controls related to this functionality. As such, users of one company are able to access ticket data from other companies. Due to the multi-tenant nature of this application, users who can access ticket details from one organization to the next allows for users to exfiltrate potentially sensitive data of other companies. | ||||
| CVE-2020-10085 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge private merge request titles. | ||||
| CVE-2020-10084 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to the vulnerability_feedback endpoint could result in the exposure of a private project namespace | ||||
| CVE-2020-10082 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the designs for public issues was discovered. | ||||
| CVE-2020-10081 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import process could potentially be used to incorrectly access LFS objects not owned by the user. | ||||
| CVE-2020-10080 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to access the Contribution Analytics page of a private group. | ||||