Total
9888 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-0212 | 1 Juniper | 1 Contrail Networking | 2024-11-21 | 5 Medium |
| An Information Exposure vulnerability in Juniper Networks Contrail Networking allows a locally authenticated attacker able to read files to retrieve administrator credentials stored in plaintext thereby elevating their privileges over the system. This issue affects: Juniper Networks Contrail Networking versions prior to 1911.31. | ||||
| CVE-2021-0210 | 1 Juniper | 1 Junos | 2024-11-21 | 6.8 Medium |
| An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3, 19.2R3-S1; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. | ||||
| CVE-2021-0003 | 1 Intel | 2 Ethernet Controller E810, Ethernet Controller E810 Firmware | 2024-11-21 | 5.5 Medium |
| Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2021-0002 | 2 Fedoraproject, Intel | 3 Fedora, Ethernet Controller E810, Ethernet Controller E810 Firmware | 2024-11-21 | 7.1 High |
| Improper conditions check in some Intel(R) Ethernet Controllers 800 series Linux drivers before version 1.4.11 may allow an authenticated user to potentially enable information disclosure or denial of service via local access. | ||||
| CVE-2020-9849 | 1 Apple | 6 Icloud, Ipados, Itunes and 3 more | 2024-11-21 | 6.5 Medium |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory. | ||||
| CVE-2020-9733 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2024-11-21 | 7.5 High |
| An AEM java servlet in AEM versions 6.5.5.0 (and below) and 6.4.8.1 (and below) executes with the permissions of a high privileged service user. If exploited, this could lead to read-only access to sensitive data in an AEM repository. | ||||
| CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2024-11-21 | 8.1 High |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | ||||
| CVE-2020-9387 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.3 Medium |
| In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on. | ||||
| CVE-2020-9386 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.3 Medium |
| In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore. | ||||
| CVE-2020-9337 | 1 Golfbuddyglobal | 1 Course Manager | 2024-11-21 | 6.5 Medium |
| In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. | ||||
| CVE-2020-9282 | 1 Mahara | 1 Mahara | 2024-11-21 | 6.5 Medium |
| In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios. | ||||
| CVE-2020-9043 | 1 Wpcentral | 1 Wpcentral | 2024-11-21 | 8.8 High |
| The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. | ||||
| CVE-2020-8908 | 5 Google, Netapp, Oracle and 2 more | 20 Guava, Active Iq Unified Manager, Commerce Guided Search and 17 more | 2024-11-21 | 3.3 Low |
| A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured. | ||||
| CVE-2020-8832 | 2 Canonical, Netapp | 60 Ubuntu Linux, Aff 8300, Aff 8300 Firmware and 57 more | 2024-11-21 | 5.5 Medium |
| The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. | ||||
| CVE-2020-8695 | 4 Debian, Fedoraproject, Intel and 1 more | 605 Debian Linux, Fedora, Celeron 3855u and 602 more | 2024-11-21 | 5.5 Medium |
| Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2020-8694 | 1 Intel | 598 Celeron 3855u, Celeron 3855u Firmware, Celeron 3865u and 595 more | 2024-11-21 | 5.5 Medium |
| Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-8647 | 4 Debian, Linux, Opensuse and 1 more | 6 Debian Linux, Linux Kernel, Leap and 3 more | 2024-11-21 | 6.1 Medium |
| There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize function in drivers/tty/vt/vt.c. | ||||
| CVE-2020-8555 | 3 Fedoraproject, Kubernetes, Redhat | 3 Fedora, Kubernetes, Openshift | 2024-11-21 | 6.3 Medium |
| The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services). | ||||
| CVE-2020-8554 | 3 Kubernetes, Oracle, Redhat | 5 Kubernetes, Communications Cloud Native Core Network Slice Selection Function, Communications Cloud Native Core Policy and 2 more | 2024-11-21 | 6.3 Medium |
| Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect. | ||||
| CVE-2020-8481 | 1 Abb | 1 800xa System | 2024-11-21 | 9.8 Critical |
| For ABB products ABB Ability™ System 800xA and related system extensions versions 5.1, 6.0 and 6.1, Compact HMI versions 5.1 and 6.0, Control Builder Safe 1.0, 1.1 and 2.0, Symphony Plus -S+ Operations 3.0 to 3.2 Symphony Plus -S+ Engineering 1.1 to 2.2, Composer Harmony 5.1, 6.0 and 6.1, Melody Composer 5.3, 6.1/6.2 and SPE for Melody 1.0SPx (Composer 6.3), Harmony OPC Server (HAOPC) Standalone 6.0, 6.1 and 7.0, ABB Ability™ System 800xA/ Advant® OCS Control Builder A 1.3 and 1.4, Advant® OCS AC100 OPC Server 5.1, 6.0 and 6.1, Composer CTK 6.1 and 6.2, AdvaBuild 3.7 SP1 and SP2, OPCServer for MOD 300 (non-800xA) 1.4, OPC Data Link 2.1 and 2.2, Knowledge Manager 8.0, 9.0 and 9.1, Manufacturing Operations Management 1812 and 1909, confidential data is written in an unprotected file. An attacker who successfully exploited this vulnerability could take full control of the computer. | ||||