CVE-2020-10xxx

There are 819 CVE in this subgroup.
Last updated: 
← Back to 2020
ID Summary Flags Max Score
CVE-2020-10001 An input validation issue was addressed with improved memory handling. This issue is fixed in macOS ...
CVE-2020-10002 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11....
CVE-2020-10003 An issue existed within the path validation logic for symlinks. This issue was addressed with improv...
CVE-2020-10004 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11....
CVE-2020-10005 A resource exhaustion issue was addressed with improved input validation. This issue is fixed in mac...
E
CVE-2020-10006 This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.0.1. A ...
CVE-2020-10007 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11....
CVE-2020-10008 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1....
CVE-2020-10009 A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11....
CVE-2020-10010 A path handling issue was addressed with improved validation. This issue is fixed in macOS Big Sur 1...
CVE-2020-10011 An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 14.2 a...
CVE-2020-10012 An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Su...
CVE-2020-10013 A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.0, iOS 14...
CVE-2020-10014 A parsing issue in the handling of directory paths was addressed with improved path validation. This...
CVE-2020-10015 An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac...
CVE-2020-10016 A memory corruption issue was addressed with improved state management. This issue is fixed in macOS...
CVE-2020-10017 An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Bi...
CVE-2020-10018 WebKitGTK through 2.26.4 and WPE WebKit through 2.26.4 (which are the versions right before 2.28.0) ...
CVE-2020-10019 Buffer Overflow in USB DFU requested length
S
CVE-2020-10020 Rejected reason: Number assigned to issue that does not qualify for a CVE...
R
CVE-2020-10021 Out-of-bounds write in USB Mass Storage with unaligned sizes
S
CVE-2020-10022 UpdateHub Module Copies a Variable-Size Hash String Into a Fixed-Size Array
S
CVE-2020-10023 Shell Subsystem Contains a Buffer Overflow Vulnerability In shell_spaces_trim
S
CVE-2020-10024 ARM Platform Uses Signed Integer Comparison When Validating Syscall Numbers
S
CVE-2020-10025 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10067. Reason: This candidat...
R
CVE-2020-10026 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-10021. Reason: This candidat...
R
CVE-2020-10027 ARC Platform Uses Signed Integer Comparison When Validating Syscall Numbers
S
CVE-2020-10028 Multiple Syscalls In GPIO Subsystem Performs No Argument Validation
S
CVE-2020-10029 The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range re...
E
CVE-2020-10030 An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker ...
CVE-2020-10037 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), S...
CVE-2020-10038 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), S...
CVE-2020-10039 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), S...
CVE-2020-10040 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), S...
CVE-2020-10041 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), S...
CVE-2020-10042 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), S...
CVE-2020-10043 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), S...
CVE-2020-10044 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), S...
CVE-2020-10045 A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), S...
CVE-2020-10048 A vulnerability has been identified in SIMATIC PCS 7 (All versions), SIMATIC WinCC (All versions < V...
CVE-2020-10049 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The s...
CVE-2020-10050 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The d...
CVE-2020-10051 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multi...
CVE-2020-10052 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The aff...
CVE-2020-10053 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The aff...
CVE-2020-10054 A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.12). The aff...
CVE-2020-10055 A vulnerability has been identified in Desigo CC (V4.x), Desigo CC (V3.x), Desigo CC Compact (V4.x),...
S
CVE-2020-10056 A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The l...
CVE-2020-10057 GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue e...
E
CVE-2020-10058 Multiple Syscalls In kscan Subsystem Performs No Argument Validation
S
CVE-2020-10059 UpdateHub Module Explicitly Disables TLS Verification
S
CVE-2020-10060 UpdateHub Might Dereference An Uninitialized Pointer
S
CVE-2020-10061 Error handling invalid packet sequence
S
CVE-2020-10062 Packet length decoding error in MQTT
S
CVE-2020-10063 Remote Denial of Service in CoAP Option Parsing Due To Integer Overflow
S
CVE-2020-10064 Improper Input Frame Validation in ieee802154 Processing
CVE-2020-10065 Missing Size Checks in Bluetooth HCI over SPI
CVE-2020-10066 Incorrect Error Handling in Bluetooth HCI core
S
CVE-2020-10067 Integer Overflow In is_in_region Allows User Thread To Access Kernel Memory
S
CVE-2020-10068 Zephyr Bluetooth DLE duplicate requests vulnerability
S
CVE-2020-10069 Zephyr Bluetooth unchecked packet data results in denial of service
CVE-2020-10070 MQTT buffer overflow on receive buffer
S
CVE-2020-10071 Insufficient publish message length validation in MQTT
S
CVE-2020-10072 Improper Handling of Insufficient Permissions or Privileges in zephyr
CVE-2020-10073 GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potent...
CVE-2020-10074 GitLab 10.1 through 12.8.1 has Incorrect Access Control. A scenario was discovered in which a GitLab...
CVE-2020-10075 GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially suscepti...
CVE-2020-10076 GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered wh...
CVE-2020-10077 GitLab EE 3.0 through 12.8.1 allows SSRF. An internal investigation revealed that a particular depre...
CVE-2020-10078 GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a st...
CVE-2020-10079 GitLab 7.10 through 12.8.1 has Incorrect Access Control. Under certain conditions where users should...
CVE-2020-10080 GitLab 8.3 through 12.8.1 allows Information Disclosure. It was possible for certain non-members to ...
CVE-2020-10081 GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS import ...
CVE-2020-10082 GitLab 12.2 through 12.8.1 allows Denial of Service. A denial of service vulnerability impacting the...
CVE-2020-10083 GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, proj...
CVE-2020-10084 GitLab EE 11.6 through 12.8.1 allows Information Disclosure. Sending a specially crafted request to ...
CVE-2020-10085 GitLab 12.3.5 through 12.8.1 allows Information Disclosure. A particular view was exposing merge pri...
CVE-2020-10086 GitLab 10.4 through 12.8.1 allows Directory Traversal. A particular endpoint was vulnerable to a dir...
CVE-2020-10087 GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mix...
CVE-2020-10088 GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was ...
CVE-2020-10089 GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively req...
CVE-2020-10090 GitLab 11.7 through 12.8.1 allows Information Disclosure. Under certain group conditions, group epic...
CVE-2020-10091 GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing pa...
CVE-2020-10092 GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particu...
CVE-2020-10093 A cross-site scripting (XSS) vulnerability in Lexmark Pro910 series inkjet and other discontinued pr...
CVE-2020-10094 A cross-site scripting (XSS) vulnerability in Lexmark CS31x before LW74.VYL.P273; CS41x before LW74....
CVE-2020-10095 Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device....
CVE-2020-10096 An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data ...
S
CVE-2020-10097 An issue was discovered in Zammad 3.0 through 3.2. It may respond with verbose error messages that d...
S
CVE-2020-10098 An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privi...
S
CVE-2020-10099 An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privi...
S
CVE-2020-10100 An issue was discovered in Zammad 3.0 through 3.2. It allows for users to view ticket customer detai...
S
CVE-2020-10101 An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non...
S
CVE-2020-10102 An issue was discovered in Zammad 3.0 through 3.2. The Forgot Password functionality is implemented ...
S
CVE-2020-10103 An XSS issue was discovered in Zammad 3.0 through 3.2. Malicious code can be provided by a low-privi...
S
CVE-2020-10104 An issue was discovered in Zammad 3.0 through 3.2. After authentication, it transmits sensitive info...
S
CVE-2020-10105 An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when s...
S
CVE-2020-10106 PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to SQL injection, as demonstrated by the e...
E
CVE-2020-10107 PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS, as demonstrated by the Expe...
E
CVE-2020-10108 In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented wi...
E S
CVE-2020-10109 In Twisted Web through 19.10.0, there was an HTTP request splitting vulnerability. When presented wi...
E
CVE-2020-10110 Citrix Gateway 11.1, 12.0, and 12.1 allows Information Exposure Through Caching. NOTE: Citrix disput...
E
CVE-2020-10111 Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citri...
E
CVE-2020-10112 Citrix Gateway 11.1, 12.0, and 12.1 allows Cache Poisoning. NOTE: Citrix disputes this as not a vuln...
E
CVE-2020-10113 cPanel before 84.0.20 allows self XSS via a temporary character-set specification (SEC-515)....
CVE-2020-10114 cPanel before 84.0.20 allows stored self-XSS via the HTML file editor (SEC-535)....
CVE-2020-10115 cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. ...
CVE-2020-10116 cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo accounts...
CVE-2020-10117 cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542)....
CVE-2020-10118 cPanel before 84.0.20 allows a demo account to modify files via Branding API calls (SEC-543)....
CVE-2020-10119 cPanel before 84.0.20 allows a demo account to achieve remote code execution via a cpsrvd rsync shel...
CVE-2020-10120 cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync s...
CVE-2020-10121 cPanel before 84.0.20 allows a demo account to achieve code execution via PassengerApps APIs (SEC-54...
CVE-2020-10122 cPanel before 84.0.20 allows a webmail or demo account to delete arbitrary files (SEC-547)....
CVE-2020-10123 The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately...
E
CVE-2020-10124 NCR SelfServ ATMs running APTRA XFS 05.01.00 do not encrypt, authenticate, or verify the integrity o...
CVE-2020-10125 NCR SelfServ ATMs running APTRA XFS 04.02.01 and 05.01.00 implement 512-bit RSA certificates to vali...
CVE-2020-10126 NCR SelfServ ATMs running APTRA XFS 05.01.00 do not properly validate softare updates for the bunch ...
CVE-2020-10128 SearchBlox product before V-9.2.1 is vulnerable to Stored-Cross Site Scripting
CVE-2020-10129 CVE-2020-10129
CVE-2020-10130 CVE-2020-10130
CVE-2020-10131 CVE-2020-10131
CVE-2020-10132 CVE-2020-10132
CVE-2020-10134 Bluetooth devices supporting LE and specific BR/EDR implementations are vulnerable to method confusion attacks
CVE-2020-10135 Bluetooth devices supporting BR/EDR v5.2 and earlier are vulnerable to impersonation attacks
E
CVE-2020-10136 IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic
S
CVE-2020-10137 Z-Wave devices based on Silicon Labs 700 series chipsets using S2 do not adequately authenticate or ...
CVE-2020-10138 Acronis Cyber Backup 12.5 and Cyber Protect 15 include an OpenSSL component that specifies an OPENSS...
CVE-2020-10139 Acronis True Image 2021 includes an OpenSSL component that specifies an OPENSSLDIR variable as a sub...
CVE-2020-10140 Acronis True Image 2021 fails to properly set ACLs of the C:\ProgramData\Acronis directory. Because ...
CVE-2020-10143 Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR variable as C:\openssl\. ...
CVE-2020-10145 The Adobe ColdFusion installer fails to set a secure access-control list (ACL) on the default instal...
CVE-2020-10146 Microsoft Teams displayName stored cross-site scripting vulnerability
E S
CVE-2020-10148 SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands
KEV S
CVE-2020-10173 Comtrend VR-3033 DE11-416SSG-C01_R02.A2pvI042j1.d26m devices have Multiple Authenticated Command Inj...
E
CVE-2020-10174 init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely reuses a preexisting temporary...
S
CVE-2020-10175 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2020-10176 ASSA ABLOY Yale WIPC-301W 2.x.2.29 through 2.x.2.43_p1 devices allow Eval Injection of commands....
E
CVE-2020-10177 Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c....
S
CVE-2020-10178 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11637. Reason: This candidat...
R
CVE-2020-10180 The ESET AV parsing engine allows virus-detection bypass via a crafted BZ2 Checksum field in an arch...
CVE-2020-10181 goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrar...
KEV E
CVE-2020-10184 The verify endpoint in YubiKey Validation Server before 2.40 does not check the length of SQL querie...
E
CVE-2020-10185 The sync endpoint in YubiKey Validation Server before 2.40 allows remote attackers to replay an OTP....
E
CVE-2020-10187 Doorkeeper version 5.0.0 and later contains an information disclosure vulnerability that allows an a...
S
CVE-2020-10188 utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code...
S
CVE-2020-10189 Zoho ManageEngine Desktop Central before 10.0.474 allows remote code execution because of deserializ...
KEV E
CVE-2020-10190 An issue was discovered in MunkiReport before 5.3.0. An authenticated user could achieve SQL Injecti...
E
CVE-2020-10191 An issue was discovered in MunkiReport before 5.3.0. An authenticated actor can send a custom XSS pa...
E
CVE-2020-10192 An issue was discovered in Munkireport before 5.3.0.3923. An unauthenticated actor can send a custom...
E
CVE-2020-10193 ESET Archive Support Module before 1294 allows virus-detection bypass via crafted RAR Compression In...
CVE-2020-10194 cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows authenticated u...
S
CVE-2020-10195 The popup-builder plugin before 3.64.1 for WordPress allows information disclosure and settings modi...
E
CVE-2020-10196 An XSS vulnerability in the popup-builder plugin before 3.64.1 for WordPress allows remote attackers...
E
CVE-2020-10199 Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2)....
KEV E S
CVE-2020-10203 Sonatype Nexus Repository before 3.21.2 allows XSS....
S
CVE-2020-10204 Sonatype Nexus Repository before 3.21.2 allows Remote Code Execution....
S
CVE-2020-10206 Use of a Hard-coded Password in VNCserver in Amino Communications AK45x series, AK5xx series, AK65x ...
E
CVE-2020-10207 Use of Hard-coded Credentials in EntoneWebEngine in Amino Communications AK45x series, AK5xx series,...
E
CVE-2020-10208 Command Injection in EntoneWebEngine in Amino Communications AK45x series, AK5xx series, AK65x serie...
E
CVE-2020-10209 Command Injection in the CPE WAN Management Protocol (CWMP) registration in Amino Communications AK4...
E
CVE-2020-10210 Because of hard-coded SSH keys for the root user in Amino Communications AK45x series, AK5xx series,...
E
CVE-2020-10211 A remote code execution vulnerability in UCB component of Mitel MiVoice Connect before 19.1 SP1 coul...
CVE-2020-10212 upload.php in Responsive FileManager 9.13.4 and 9.14.0 allows SSRF via the url parameter because fil...
E
CVE-2020-10213 An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute...
E
CVE-2020-10214 An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow...
E
CVE-2020-10215 An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute...
E
CVE-2020-10216 An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. They allow remote attackers to execute...
E
CVE-2020-10218 A Blind SQL Injection issue was discovered in Sapplica Sentrifugo 3.2 via the index.php/holidaygroup...
E S
CVE-2020-10220 An issue was discovered in rConfig through 3.9.4. The web interface is prone to a SQL injection via ...
E
CVE-2020-10221 lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbi...
KEV E
CVE-2020-10222 npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to Heap Corruption at npdf!nitro::get_propert...
E
CVE-2020-10223 npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corr...
E
CVE-2020-10224 An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Onli...
E
CVE-2020-10225 An unauthenticated file upload vulnerability has been identified in admin/gallery.php in PHPGurukul ...
CVE-2020-10227 A cross-site scripting (XSS) vulnerability in the messages module of vtecrm vtenext 19 CE allows att...
E
CVE-2020-10228 A file upload vulnerability in vtecrm vtenext 19 CE allows authenticated users to upload files with ...
CVE-2020-10229 A CSRF issue in vtecrm vtenext 19 CE allows attackers to carry out unwanted actions on an administra...
E
CVE-2020-10230 CentOS-WebPanel.com (aka CWP) CentOS Web Panel (for CentOS 6 and 7) allows SQL Injection via the /cw...
E
CVE-2020-10231 TP-Link NC200 through 2.1.8_Build_171109, NC210 through 1.0.9_Build_171214, NC220 through 1.3.0_Buil...
E S
CVE-2020-10232 In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability...
S
CVE-2020-10233 In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a heap-based buffer over-read in ntfs...
E S
CVE-2020-10234 The AscRegistryFilter.sys kernel driver in IObit Advanced SystemCare 13.2 allows an unprivileged use...
E
CVE-2020-10235 An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation ...
E S
CVE-2020-10236 An issue was discovered in Froxlor before 0.10.14. It created files with static names in /tmp during...
S
CVE-2020-10237 An issue was discovered in Froxlor through 0.10.15. The installer wrote configuration parameters inc...
CVE-2020-10238 An issue was discovered in Joomla! before 3.9.16. Various actions in com_templates lack the required...
CVE-2020-10239 An issue was discovered in Joomla! before 3.9.16. Incorrect Access Control in the SQL fieldtype of c...
CVE-2020-10240 An issue was discovered in Joomla! before 3.9.16. Missing length checks in the user table can lead t...
CVE-2020-10241 An issue was discovered in Joomla! before 3.9.16. Missing token checks in the image actions of com_t...
CVE-2020-10242 An issue was discovered in Joomla! before 3.9.16. Inadequate handling of CSS selectors in the Protos...
CVE-2020-10243 An issue was discovered in Joomla! before 3.9.16. The lack of type casting of a variable in a SQL st...
CVE-2020-10244 JPaseto before 0.3.0 generates weak hashes when using v2.local tokens....
CVE-2020-10245 CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer ove...
E
CVE-2020-10246 MISP 2.4.122 has reflected XSS via unsanitized URL parameters. This is related to app/View/Users/sta...
S
CVE-2020-10247 MISP 2.4.122 has Persistent XSS in the sighting popover tool. This is related to app/View/Elements/E...
S
CVE-2020-10248 BWA DiREX-Pro 1.2181 devices allow remote attackers to discover passwords via a direct request to va...
E
CVE-2020-10249 BWA DiREX-Pro 1.2181 devices allow full path disclosure via an invalid name array parameter to val_s...
E
CVE-2020-10250 BWA DiREX-Pro 1.2181 devices allow remote attackers to execute arbitrary OS commands via shell metac...
E
CVE-2020-10251 In ImageMagick 7.0.9, an out-of-bounds read vulnerability exists within the ReadHEICImageByID functi...
E S
CVE-2020-10252 An issue was discovered in ownCloud before 10.4. Because of an SSRF issue (via the apps/files_sharin...
E
CVE-2020-10254 An issue was discovered in ownCloud before 10.4. An attacker can bypass authentication on a password...
E
CVE-2020-10255 Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of inte...
CVE-2020-10256 An issue was discovered in beta versions of the 1Password command-line tool prior to 0.5.5 and in be...
CVE-2020-10257 The ThemeREX Addons plugin before 2020-03-09 for WordPress lacks access control on the /trx_addons/v...
E
CVE-2020-10262 An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.58.10. Attackers can activate the failsa...
E
CVE-2020-10263 An issue was discovered on XIAOMI XIAOAI speaker Pro LX06 1.52.4. Attackers can get root shell by ac...
E
CVE-2020-10264 RTDE Interface allows unauthenticated reading of robot data and unauthenticated writing of registers and outputs
CVE-2020-10265 RVD#1443: UR dashboard server enables unauthenticated remote control of core robot functions
CVE-2020-10266 RVD#1487: No integrity checks on UR+ platform artifacts when installed in the robot
CVE-2020-10267 RVD#1489: Unprotected intelectual property in Universal Robots controller CB 3.1 across firmware versions
E
CVE-2020-10268 RVD#2550: Terminate Critical Services in KUKA controller KR C4
CVE-2020-10269 RVD#2566: Hardcoded Credentials on MiRX00 wireless Access Point
CVE-2020-10270 RVD#2557: Hardcoded Credentials on MiRX00 Control Dashboard
E
CVE-2020-10271 RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones
E
CVE-2020-10272 RVD#2554: MiR ROS computational graph presents no authentication mechanisms
E
CVE-2020-10273 RVD#2560: Unprotected intellectual property in Mobile Industrial Robots (MiR) controllers
CVE-2020-10274 RVD#2556: MiR REST API allows for data exfiltration by unauthorized attackers (e.g. indoor maps)
CVE-2020-10275 RVD#2565: Weak token generation for the REST API.
CVE-2020-10276 RVD#2558: Default credentials on SICK PLC allows disabling safety features
CVE-2020-10277 RVD#2562: Booting from a live image leads to exfiltration of sensible information and privilege escalation
CVE-2020-10278 RVD#2561: Unprotected BIOS allows user to boot from live OS image.
CVE-2020-10279 RVD#2569: Insecure operating system defaults in MiR robots
CVE-2020-10280 RVD#2568: Apache server is vulnerable to a DoS
CVE-2020-10281 RVD#3315: Cleartext transmission of sensitive information in MAVLink protocol version 1.0 and 2.0
CVE-2020-10282 RVD#3316: No authentication in MAVLink protocol
CVE-2020-10283 RVD#3317: MAVLink version handshaking allows for an attacker to bypass authentication
E
CVE-2020-10284 RVD#3321: No Authentication required to exert manual control of the robot
CVE-2020-10285 RVD#3322: Weak authentication implementation make the system vulnerable to a brute-force attack over adjacent networks
CVE-2020-10286 RVD#3323: Mismanaged permission implementation leads to privilege escalation, exfiltration of sensitive information, and DoS
CVE-2020-10287 RVD#3326: Hardcoded default credentials on IRC 5 OPC Server
CVE-2020-10288 RVD#3327: No authentication required for accesing ABB IRC5 FTP server
CVE-2020-10289 RVD#2401: Use of unsafe yaml load, ./src/actionlib/tools/library.py:132
S
CVE-2020-10290 RVD#1495: Universal Robots URCaps execute with unbounded privileges
CVE-2020-10291 RVD#3336: System information disclosure without authentication on KUKA simulators
CVE-2020-10292 Service DoS through arbitrary pointer dereferencing on KUKA simulator
CVE-2020-10364 The SSH daemon on MikroTik routers through v6.44.3 could allow remote attackers to generate CPU acti...
E M
CVE-2020-10365 LogicalDoc before 8.3.3 allows SQL Injection. LogicalDoc populates the list of available documents b...
E
CVE-2020-10366 LogicalDoc before 8.3.3 allows /servlet.gupld Directory Traversal, a different vulnerability than CV...
E
CVE-2020-10367 Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not pres...
CVE-2020-10368 Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not pres...
CVE-2020-10369 Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not pres...
CVE-2020-10370 Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth fi...
CVE-2020-10372 Ramp AltitudeCDN Altimeter before 2.4.0 allows authenticated Stored XSS via the vdms/ipmapping.jsp l...
E
CVE-2020-10374 A webserver component in Paessler PRTG Network Monitor 19.2.50 to PRTG 20.1.56 allows unauthenticate...
M
CVE-2020-10375 An issue was discovered in New Media Smarty before 9.10. Passwords are stored in the database in an ...
E
CVE-2020-10376 Technicolor TC7337NET 08.89.17.23.03 devices allow remote attackers to discover passwords by sniffin...
CVE-2020-10377 A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an...
CVE-2020-10378 In libImaging/PcxDecode.c in Pillow before 7.1.0, an out-of-bounds read can occur when reading PCX f...
S
CVE-2020-10379 In Pillow before 7.1.0, there are two Buffer Overflows in libImaging/TiffDecode.c....
S
CVE-2020-10380 RMySQL through 0.10.19 allows SQL Injection....
CVE-2020-10381 An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all version...
S
CVE-2020-10382 An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all version...
S
CVE-2020-10383 An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all version...
S
CVE-2020-10384 An issue was discovered in the MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 software in all version...
CVE-2020-10385 A stored cross-site scripting (XSS) vulnerability exists in the WPForms Contact Form (aka wpforms-li...
E
CVE-2020-10386 admin/imagepaster/image-upload.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers...
E
CVE-2020-10387 Path Traversal in admin/download.php in Chadha PHPKB Standard Multi-Language 9 allows remote attacke...
E
CVE-2020-10388 The way the Referer header in article.php is handled in Chadha PHPKB Standard Multi-Language 9 allow...
E
CVE-2020-10389 admin/save-settings.php in Chadha PHPKB Standard Multi-Language 9 allows remote attackers to achieve...
E
CVE-2020-10390 OS Command Injection in export.php (vulnerable function called from include/functions-article.php) i...
E
CVE-2020-10391 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10392 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10393 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10394 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10395 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10396 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10397 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10398 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10399 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10400 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10401 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10402 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10403 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10404 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10405 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10406 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10407 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10408 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10409 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10410 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10411 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10412 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10413 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10414 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10415 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10416 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10417 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10418 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10419 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10420 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10421 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10422 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10423 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10424 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10425 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10426 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10427 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10428 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10429 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10430 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10431 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10432 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10433 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10434 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10435 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10436 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10437 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10438 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10439 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10440 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10441 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10442 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10443 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10444 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10445 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10446 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10447 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10448 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10449 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10450 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10451 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10452 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10453 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10454 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10455 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10456 The way URIs are handled in admin/header.php in Chadha PHPKB Standard Multi-Language 9 allows Reflec...
E
CVE-2020-10457 Path Traversal in admin/imagepaster/image-renaming.php in Chadha PHPKB Standard Multi-Language 9 all...
E
CVE-2020-10458 Path Traversal in admin/imagepaster/operations.php in Chadha PHPKB Standard Multi-Language 9 allows ...
E
CVE-2020-10459 Path Traversal in admin/assetmanager/assetmanager.php (vulnerable function saved in admin/assetmanag...
E
CVE-2020-10460 admin/include/operations.php (via admin/email-harvester.php) in Chadha PHPKB Standard Multi-Language...
E
CVE-2020-10461 The way comments in article.php (vulnerable function in include/functions-article.php) are handled i...
E
CVE-2020-10462 Reflected XSS in admin/edit-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to ...
E
CVE-2020-10463 Reflected XSS in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers ...
E
CVE-2020-10464 Reflected XSS in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers t...
E
CVE-2020-10465 Reflected XSS in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers ...
E
CVE-2020-10466 Reflected XSS in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers ...
E
CVE-2020-10467 Reflected XSS in admin/edit-comment.php in Chadha PHPKB Standard Multi-Language 9 allows attackers t...
E
CVE-2020-10468 Reflected XSS in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to i...
E
CVE-2020-10469 Reflected XSS in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attac...
E
CVE-2020-10470 Reflected XSS in admin/manage-fields.php in Chadha PHPKB Standard Multi-Language 9 allows attackers ...
E
CVE-2020-10471 Reflected XSS in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attacker...
E
CVE-2020-10472 Reflected XSS in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attacke...
E
CVE-2020-10473 Reflected XSS in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attack...
E
CVE-2020-10474 Reflected XSS in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attacker...
E
CVE-2020-10475 Reflected XSS in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers...
E
CVE-2020-10476 Reflected XSS in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attacker...
E
CVE-2020-10477 Reflected XSS in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to...
E
CVE-2020-10478 CSRF in admin/manage-settings.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to chan...
E
CVE-2020-10479 CSRF in admin/add-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a new n...
E
CVE-2020-10480 CSRF in admin/add-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a n...
E
CVE-2020-10481 CSRF in admin/add-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a n...
E
CVE-2020-10482 CSRF in admin/add-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a n...
E
CVE-2020-10483 CSRF in admin/ajax-hub.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to post a comm...
E
CVE-2020-10484 CSRF in admin/add-field.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to create a c...
E
CVE-2020-10485 CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to dele...
E
CVE-2020-10486 CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to dele...
E
CVE-2020-10487 CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to dele...
E
CVE-2020-10488 CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a...
E
CVE-2020-10489 CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delet...
E
CVE-2020-10490 CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to d...
E
CVE-2020-10491 CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to a...
E
CVE-2020-10492 CSRF in admin/manage-templates.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to del...
E
CVE-2020-10493 CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a...
E
CVE-2020-10494 CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a new...
E
CVE-2020-10495 CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a...
E
CVE-2020-10496 CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an...
E
CVE-2020-10497 CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to de...
E
CVE-2020-10498 CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a...
E
CVE-2020-10499 CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close...
E
CVE-2020-10500 CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply t...
E
CVE-2020-10501 CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to e...
E
CVE-2020-10502 CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to appr...
E
CVE-2020-10503 CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disa...
E
CVE-2020-10504 CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a...
E
CVE-2020-10505 ALLE INFORMATION CO., LTD. School Manage System - SQL Injection
S
CVE-2020-10506 ALLE INFORMATION CO., LTD. School Manage System - Path Traversal
S
CVE-2020-10507 ALLE INFORMATION CO., LTD. School Manage System - Security Misconfiguration
S
CVE-2020-10508 Sunnet eHRD - Sensitive Data Exposure
S
CVE-2020-10509 Sunnet eHRD - Cross-Site Scripting
S
CVE-2020-10510 Sunnet eHRD - Broken Access Control
S
CVE-2020-10511 HGiga C&Cmail - Broken Access Control
S
CVE-2020-10512 HGiga C&Cmail - SQL Injection
S
CVE-2020-10513 iCatch DVR - Broken Access Control
S
CVE-2020-10514 iCatch DVR - Command Injection
S
CVE-2020-10515 STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System r...
CVE-2020-10516 Improper access control in GitHub Enterprise Server leading to privilege escalation of organization member
CVE-2020-10517 Improper access control in GitHub Enterprise Server leading to the enumeration of private repository names
CVE-2020-10518 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server
CVE-2020-10519 Unsafe configuration options in GitHub Pages leading to remote code execution on GitHub Enterprise Server
CVE-2020-10531 An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An int...
S
CVE-2020-10532 The AD Helper component in WatchGuard Fireware before 5.8.5.10317 allows remote attackers to discove...
E
CVE-2020-10534 In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to ...
S
CVE-2020-10535 GitLab 12.8.x before 12.8.6, when sign-up is enabled, allows remote attackers to bypass email domain...
CVE-2020-10537 An issue was discovered in Epikur before 20.1.1. A Glassfish 4.1 server with a default configuration...
E
CVE-2020-10538 An issue was discovered in Epikur before 20.1.1. It stores the secret passwords of the users as MD5 ...
E
CVE-2020-10539 An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort() func...
E
CVE-2020-10540 Untis WebUntis before 2020.9.6 allows CSRF for certain combinations of rights and modules....
CVE-2020-10541 Zoho ManageEngine OpManager before 12.4.179 allows remote code execution via a specially crafted Mai...
CVE-2020-10543 Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular ex...
S
CVE-2020-10544 An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web applicatio...
CVE-2020-10546 rConfig 3.9.4 and previous versions has unauthenticated compliancepolicies.inc.php SQL injection. Be...
E
CVE-2020-10547 rConfig 3.9.4 and previous versions has unauthenticated compliancepolicyelements.inc.php SQL injecti...
E
CVE-2020-10548 rConfig 3.9.4 and previous versions has unauthenticated devices.inc.php SQL injection. Because, by d...
E
CVE-2020-10549 rConfig 3.9.4 and previous versions has unauthenticated snippets.inc.php SQL injection. Because, by ...
E
CVE-2020-10551 QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by an...
CVE-2020-10552 An issue was discovered in Psyprax before 3.2.2. The Firebird database is accessible with the defaul...
CVE-2020-10553 An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini conta...
CVE-2020-10554 An issue was discovered in Psyprax beforee 3.2.2. Passwords used to encrypt the data are stored in t...
CVE-2020-10557 An issue was discovered in AContent through 1.4. It allows the user to run commands on the server wi...
E
CVE-2020-10558 The driving interface of Tesla Model 3 vehicles in any release before 2020.4.10 allows Denial of Ser...
E
CVE-2020-10560 An issue was discovered in Open Source Social Network (OSSN) through 5.3. A user-controlled file pat...
E
CVE-2020-10561 An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippse...
CVE-2020-10562 An issue was discovered in DEVOME GRR before 3.4.1c. admin_edit_room.php mishandles file uploads....
S
CVE-2020-10563 An issue was discovered in DEVOME GRR before 3.4.1c. frmcontactlist.php mishandles a SQL query....
S
CVE-2020-10564 An issue was discovered in the File Upload plugin before 4.13.0 for WordPress. A directory traversal...
E
CVE-2020-10565 grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the addre...
CVE-2020-10566 grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, mishandles font loading by ...
CVE-2020-10567 An issue was discovered in Responsive Filemanager through 9.14.0. In the ajax_calls.php file in the ...
E
CVE-2020-10568 The sitepress-multilingual-cms (WPML) plugin before 4.3.7-b.2 for WordPress has CSRF due to a loose ...
E
CVE-2020-10569 SysAid On-Premise 20.1.11, by default, allows the AJP protocol port, which is vulnerable to a GhostC...
E
CVE-2020-10570 The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow physicall...
CVE-2020-10571 An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not...
S
CVE-2020-10573 An issue was discovered in Janus through 0.9.1. janus_audiobridge.c has a double mutex unlock when l...
S
CVE-2020-10574 An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually ...
S
CVE-2020-10575 An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mi...
S
CVE-2020-10576 An issue was discovered in Janus through 0.9.1. plugins/janus_voicemail.c in the VoiceMail plugin ha...
S
CVE-2020-10577 An issue was discovered in Janus through 0.9.1. janus.c has multiple concurrent threads that misuse ...
S
CVE-2020-10578 An arbitrary file read vulnerability exists in system/controller/backend/template.php in QCMS v3.0.1...
E
CVE-2020-10579 A directory traversal on the /admin/sysmon.php script of Invigo Automatic Device Management (ADM) th...
CVE-2020-10580 A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) t...
E
CVE-2020-10581 Multiple session validity check issues in several administration functionalities of Invigo Automatic...
CVE-2020-10582 A SQL injection on the /admin/display_errors.php script of Invigo Automatic Device Management (ADM) ...
E
CVE-2020-10583 The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote a...
E
CVE-2020-10584 A directory traversal on the /admin/search_by.php script of Invigo Automatic Device Management (ADM)...
CVE-2020-10587 antiX and MX Linux allow local users to achieve root access via "persist-config --command /bin/sh" b...
E
CVE-2020-10588 v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/add.sh and /etc/v2rayL/re...
E
CVE-2020-10589 v2rayL 2.1.3 allows local users to achieve root access because /etc/v2rayL/config.json is owned by a...
E
CVE-2020-10590 Replicated Classic 2.x versions have an improperly secured API that exposes sensitive data from the ...
CVE-2020-10591 An issue was discovered in Walmart Labs Concord before 1.44.0. CORS Access-Control-Allow-Origin head...
CVE-2020-10592 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cau...
CVE-2020-10593 Tor before 0.3.5.10, 0.4.x before 0.4.1.9, and 0.4.2.x before 0.4.2.7 allows remote attackers to cau...
CVE-2020-10594 An issue was discovered in drf-jwt 1.15.x before 1.15.1. It allows attackers with access to a notion...
CVE-2020-10595 pam-krb5 before 4.9 has a buffer overflow that might cause remote code execution in situations invol...
S
CVE-2020-10596 OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in ...
E
CVE-2020-10597 Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Multiple out-of-bounds read vulne...
CVE-2020-10598 In BD Pyxis MedStation ES System v1.6.1 and Pyxis Anesthesia (PAS) ES System v1.6.1, a restricted de...
CVE-2020-10599 VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX compo...
M
CVE-2020-10600 OSIsoft PI System
S
CVE-2020-10601 VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module allow weak hashing algorithm and ins...
M
CVE-2020-10602 In OSIsoft PI System multiple products and versions, an authenticated remote attacker could crash PI...
CVE-2020-10603 WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attac...
CVE-2020-10604 In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash ...
CVE-2020-10605 Grundfos CIM 500 before v06.16.00 responds to unauthenticated requests for password storage files....
CVE-2020-10606 In OSIsoft PI System multiple products and versions, a local attacker can exploit incorrect permissi...
CVE-2020-10607 In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused...
CVE-2020-10608 In OSIsoft PI System multiple products and versions, a local attacker can plant a binary and bypass ...
CVE-2020-10609 Grundfos CIM 500 v06.16.00 stores plaintext credentials, which may allow sensitive information to be...
CVE-2020-10610 In OSIsoft PI System multiple products and versions, a local attacker can modify a search path and p...
CVE-2020-10611 Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows r...
CVE-2020-10612 Opto 22 SoftPAC Project Version 9.6 and prior. SoftPACAgent communicates with SoftPACMonitor over ne...
CVE-2020-10613 Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows r...
CVE-2020-10614 In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write acc...
CVE-2020-10615 Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows r...
CVE-2020-10616 Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC does not specify the path of multiple importe...
CVE-2020-10617 There are multiple ways an unauthenticated attacker could perform SQL injection on WebAccess/NMS (ve...
CVE-2020-10618 LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to sensitive informat...
CVE-2020-10619 An attacker could use a specially crafted URL to delete files outside the WebAccess/NMS's (versions ...
CVE-2020-10620 Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credential...
CVE-2020-10621 Multiple issues exist that allow files to be uploaded and executed on the WebAccess/NMS (versions pr...
CVE-2020-10622 LCDS LAquis SCADA Versions 4.3.1 and prior. The affected product is vulnerable to arbitrary file cre...
M
CVE-2020-10623 Multiple vulnerabilities could allow an attacker with low privileges to perform SQL injection on Web...
CVE-2020-10624 ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes a ...
CVE-2020-10625 WebAccess/NMS (versions prior to 3.0.2) allows an unauthenticated remote user to create a new admin ...
CVE-2020-10626 In Fazecast jSerialComm, Version 2.2.2 and prior, an uncontrolled search path element vulnerability ...
CVE-2020-10627 Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to com...
M
CVE-2020-10628 ControlEdge PLC (R130.2, R140, R150, and R151) and RTU (R101, R110, R140, R150, and R151) exposes un...
CVE-2020-10629 WebAccess/NMS (versions prior to 3.0.2) does not sanitize XML input. Specially crafted XML input cou...
CVE-2020-10630 SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly ne...
M
CVE-2020-10631 An attacker could use a specially crafted URL to delete or read files outside the WebAccess/NMS's (v...
CVE-2020-10632 ICSA-20-140-02 Emerson OpenEnterprise
S
CVE-2020-10633 A non-persistent XSS (cross-site scripting) vulnerability exists in eWON Flexy and Cosy (all firmwar...
CVE-2020-10634 SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacke...
M
CVE-2020-10635 ICSA-20-098-05 KUKA.Sim Pro Improper Enforcement of Message Integrity During Transmission in a Communication Channel
S
CVE-2020-10636 ICSA-20-140-02 Emerson OpenEnterprise
S
CVE-2020-10637 Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runti...
CVE-2020-10638 Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflo...
CVE-2020-10639 Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runti...
CVE-2020-10640 ICSA-20-140-02 Emerson OpenEnterprise
S
CVE-2020-10641 An unprotected logging route may allow an attacker to write endless log statements into the database...
CVE-2020-10642 In Rockwell Automation RSLinx Classic versions 4.11.00 and prior, an authenticated local attacker co...
CVE-2020-10643 OSIsoft PI System
S
CVE-2020-10644 The affected product lacks proper validation of user-supplied data, which can result in deserializat...
CVE-2020-10646 Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The...
CVE-2020-10647 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2020-10648 Das U-Boot through 2020.01 allows attackers to bypass verified boot restrictions and subsequently bo...
E S
CVE-2020-10649 DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead t...
E
CVE-2020-10650 A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauth...
E S
CVE-2020-10654 Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. T...
CVE-2020-10655 The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a ...
CVE-2020-10656 The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a ...
CVE-2020-10657 The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a ...
CVE-2020-10658 The Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.9.1 contains a ...
CVE-2020-10659 Entrust Entelligence Security Provider (ESP) before 10.0.60 on Windows mishandles errors during SSL ...
CVE-2020-10660 HashiCorp Vault and Vault Enterprise versions 0.9.0 through 1.3.3 may, under certain circumstances, ...
CVE-2020-10661 HashiCorp Vault and Vault Enterprise versions 0.11.0 through 1.3.3 may, under certain circumstances,...
CVE-2020-10663 The JSON gem through 2.2.0 for Ruby, as used in Ruby 2.4 through 2.4.9, 2.5 through 2.5.7, and 2.6 t...
CVE-2020-10664 The IGMP component in VxWorks 6.8.3 IPNET CVE patches created in 2019 has a NULL Pointer Dereference...
CVE-2020-10665 Docker Desktop allows local privilege escalation to NT AUTHORITY\SYSTEM because it mishandles the co...
E
CVE-2020-10666 The restapps (aka Rest Phone apps) module for Sangoma FreePBX and PBXact 13, 14, and 15 through 15.0...
CVE-2020-10667 The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Stored X...
E
CVE-2020-10668 The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflecte...
E
CVE-2020-10669 The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to authenti...
E
CVE-2020-10670 The web application exposed by the Canon Oce Colorwave 500 4.0.0.0 printer is vulnerable to Reflecte...
E
CVE-2020-10671 The Canon Oce Colorwave 500 4.0.0.0 printer's web application is missing any form of CSRF protection...
E
CVE-2020-10672 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg...
S
CVE-2020-10673 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg...
S
CVE-2020-10674 PerlSpeak through 2.01 allows attackers to execute arbitrary OS commands, as demonstrated by use of ...
CVE-2020-10675 The Library API in buger jsonparser through 2019-12-04 allows attackers to cause a denial of service...
E S
CVE-2020-10676 In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allo...
CVE-2020-10678 In Octopus Deploy before 2020.1.5, for customers running on-premises Active Directory linked to thei...
CVE-2020-10681 The Filemanager in CMS Made Simple 2.2.13 has stored XSS via a .pxd file, as demonstrated by m1_file...
E
CVE-2020-10682 The Filemanager in CMS Made Simple 2.2.13 allows remote code execution via a .php.jpegd JPEG file, a...
E
CVE-2020-10683 dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, whi...
S
CVE-2020-10684 A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2...
CVE-2020-10685 A flaw was found in Ansible Engine affecting Ansible Engine versions 2.7.x before 2.7.17 and 2.8.x b...
S
CVE-2020-10686 A flaw was found in Keycloak version 8.0.2 and 9.0.0, and was fixed in Keycloak version 9.0.1, where...
CVE-2020-10687 A flaw was discovered in all versions of Undertow before Undertow 2.2.0.Final, where HTTP request sm...
CVE-2020-10688 A cross-site scripting (XSS) flaw was found in RESTEasy in versions before 3.11.1.Final and before 4...
E S
CVE-2020-10689 A flaw was found in the Eclipse Che up to version 7.8.x, where it did not properly restrict access t...
E S
CVE-2020-10690 There is a use-after-free in kernel versions before 5.5 due to a race condition between the release ...
S
CVE-2020-10691 An archive traversal flaw was found in all ansible-engine versions 2.9.x prior to 2.9.7, when runnin...
S
CVE-2020-10692 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2020-10693 A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation proc...
S
CVE-2020-10694 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2020-10695 An insecure modification flaw in the /etc/passwd file was found in the redhat-sso-7 container. An at...
CVE-2020-10696 A path traversal flaw was found in Buildah in versions before 1.14.5. This flaw allows an attacker t...
E S
CVE-2020-10697 A flaw was found in Ansible Tower when running Openshift. Tower runs a memcached, which is accessed ...
CVE-2020-10698 A flaw was found in Ansible Tower when running jobs. This flaw allows an attacker to access the stdo...
S
CVE-2020-10699 A flaw was found in Linux, in targetcli-fb versions 2.1.50 and 2.1.51 where the socket used by targe...
S
CVE-2020-10700 A use-after-free flaw was found in the way samba AD DC LDAP servers, handled 'Paged Results' control...
CVE-2020-10701 A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent re...
S
CVE-2020-10702 A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM...
CVE-2020-10703 A NULL pointer dereference was found in the libvirt API responsible introduced in upstream version 3...
E S
CVE-2020-10704 A flaw was found when using samba as an Active Directory Domain Controller. Due to the way samba han...
CVE-2020-10705 A flaw was discovered in Undertow in versions before Undertow 2.1.1.Final where certain requests to ...
CVE-2020-10706 A flaw was found in OpenShift Container Platform where OAuth tokens are not encrypted when the encry...
CVE-2020-10707 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-11612. Reason: This candidat...
R
CVE-2020-10708 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2020-10709 A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 applicatio...
CVE-2020-10710 A flaw was found where the Plaintext Candlepin password is disclosed while updating Red Hat Satellit...
CVE-2020-10711 A NULL pointer dereference flaw was found in the Linux kernel's SELinux subsystem in versions before...
S
CVE-2020-10712 A flaw was found in OpenShift Container Platform version 4.1 and later. Sensitive information was fo...
CVE-2020-10713 A flaw was found in grub2, prior to version 2.06. An attacker may use the GRUB 2 flaw to hijack and ...
CVE-2020-10714 A flaw was found in WildFly Elytron version 1.11.3.Final and before. When using WildFly Elytron FORM...
M
CVE-2020-10715 A content spoofing vulnerability was found in the openshift/console 3.11 and 4.x. This flaw allows a...
S
CVE-2020-10716 A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properl...
CVE-2020-10717 A potential DoS flaw was found in the virtio-fs shared file system daemon (virtiofsd) implementation...
S
CVE-2020-10718 A flaw was found in Wildfly before wildfly-embedded-13.0.0.Final, where the embedded managed process...
CVE-2020-10719 A flaw was found in Undertow in versions before 2.1.1.Final, regarding the processing of invalid HTT...
CVE-2020-10720 A flaw was found in the Linux kernel's implementation of GRO in versions before 5.2. This flaw allow...
S
CVE-2020-10721 A flaw was found in the fabric8-maven-plugin 4.0.0 and later. When using a wildfly-swarm or thorntai...
CVE-2020-10722 A vulnerability was found in DPDK versions 18.05 and above. A missing check for an integer overflow ...
S
CVE-2020-10723 A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an inte...
S
CVE-2020-10724 A vulnerability was found in DPDK versions 18.11 and above. The vhost-crypto library code is missing...
S
CVE-2020-10725 A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentati...
S
CVE-2020-10726 A vulnerability was found in DPDK versions 19.11 and above. A malicious container that has direct ac...
S
CVE-2020-10727 A flaw was found in ActiveMQ Artemis management API from version 2.7.0 up until 2.12.0, where a user...
CVE-2020-10728 A flaw was found in automationbroker/apb container in versions up to and including 2.0.4-1. This con...
CVE-2020-10729 A flaw was found in the use of insufficiently random values in Ansible. Two random password lookups ...
E
CVE-2020-10730 A NULL pointer dereference, or possible use-after-free flaw was found in Samba AD LDAP server in ver...
CVE-2020-10731 A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16, where ...
CVE-2020-10732 A flaw was found in the Linux kernel's implementation of Userspace core dumps. This flaw allows an a...
S
CVE-2020-10733 The Windows installer for PostgreSQL 9.5 - 12 invokes system-provided executables that do not have f...
CVE-2020-10734 A vulnerability was found in keycloak in the way that the OIDC logout endpoint does not have CSRF pr...
CVE-2020-10735 A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, whe...
S
CVE-2020-10736 An authorization bypass vulnerability was found in Ceph versions 15.2.0 before 15.2.2, where the cep...
CVE-2020-10737 A race condition was found in the mkhomedir tool shipped with the oddjob package in versions before ...
S
CVE-2020-10738 A flaw was found in Moodle versions 3.8 before 3.8.3, 3.7 before 3.7.6, 3.6 before 3.6.10, 3.5 befor...
S
CVE-2020-10739 Istio 1.4.x before 1.4.9 and Istio 1.5.x before 1.5.4 contain the following vulnerability when telem...
S
CVE-2020-10740 A vulnerability was found in Wildfly in versions before 20.0.0.Final, where a remote deserialization...
CVE-2020-10741 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-12826. Reason: This candidat...
R
CVE-2020-10742 A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the...
CVE-2020-10743 It was discovered that OpenShift Container Platform's (OCP) distribution of Kibana could open in an ...
CVE-2020-10744 An incomplete fix was found for the fix of the flaw CVE-2020-1733 ansible: insecure temporary direct...
CVE-2020-10745 A flaw was found in all Samba versions before 4.10.17, before 4.11.11 and before 4.12.4 in the way i...
CVE-2020-10746 A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permi...
CVE-2020-10747 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2020-10748 A flaw was found in Keycloak's data filter, in version 10.0.1, where it allowed the processing of da...
CVE-2020-10749 A vulnerability was found in all versions of containernetworking/plugins before version 0.8.6, that ...
CVE-2020-10750 Sensitive information written to a log file vulnerability was found in jaegertracing/jaeger before v...
S
CVE-2020-10751 A flaw was found in the Linux kernels SELinux LSM hook implementation before version 5.7, where it i...
S
CVE-2020-10752 A flaw was found in the OpenShift API Server, where it failed to sufficiently protect OAuthTokens by...
S
CVE-2020-10753 A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is rel...
S
CVE-2020-10754 It was found that nmcli, a command line interface to NetworkManager did not honour 802-1x.ca-path an...
S
CVE-2020-10755 An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1...
CVE-2020-10756 An out-of-bounds read vulnerability was found in the SLiRP networking implementation of the QEMU emu...
S
CVE-2020-10757 A flaw was found in the Linux Kernel in versions after 4.5-rc1 in the way mremap handled DAX Huge Pa...
E S
CVE-2020-10758 A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty r...
S
CVE-2020-10759 A PGP signature bypass flaw was found in fwupd (all versions), which could lead to the installation ...
E
CVE-2020-10760 A use-after-free flaw was found in all samba LDAP server versions before 4.10.17, before 4.11.11, be...
CVE-2020-10761 An assertion failure issue was found in the Network Block Device(NBD) Server in all QEMU versions be...
S
CVE-2020-10762 An information-disclosure flaw was found in the way that gluster-block before 0.5.1 logs the output ...
M
CVE-2020-10763 An information-disclosure flaw was found in the way Heketi before 10.1.0 logs sensitive information....
CVE-2020-10764 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2020-10765 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w...
R
CVE-2020-10766 A logic bug flaw was found in Linux kernel before 5.8-rc1 in the implementation of SSBD. A bug in th...
S
CVE-2020-10767 A flaw was found in the Linux kernel before 5.8-rc1 in the implementation of the Enhanced IBPB (Indi...
S
CVE-2020-10768 A flaw was found in the Linux Kernel before 5.8-rc1 in the prctl() function, where it can be used to...
S
CVE-2020-10769 A buffer over-read flaw was found in RH kernel versions before 5.0 in crypto_authenc_extractkeys in ...
E S
CVE-2020-10770 A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an ...
E
CVE-2020-10771 A flaw was found in Infinispan version 10, where it is possible to perform various actions that coul...
CVE-2020-10772 An incomplete fix for CVE-2020-12662 was shipped for Unbound in Red Hat Enterprise Linux 7, as part ...
CVE-2020-10773 A stack information leak flaw was found in s390/s390x in the Linux kernel’s memory manager functiona...
S
CVE-2020-10774 A memory disclosure flaw was found in the Linux kernel's versions before 4.18.0-193.el8 in the sysct...
CVE-2020-10775 An Open redirect vulnerability was found in ovirt-engine versions 4.4 and earlier, where it allows r...
CVE-2020-10776 A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for t...
M
CVE-2020-10777 A cross-site scripting flaw was found in Report Menu feature of Red Hat CloudForms 4.7 and 5. An att...
CVE-2020-10778 In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dro...
CVE-2020-10779 Red Hat CloudForms 4.7 and 5 leads to insecure direct object references (IDOR) and functional level ...
CVE-2020-10780 Red Hat CloudForms 4.7 and 5 is affected by CSV Injection flaw, a crafted payload stays dormant till...
CVE-2020-10781 A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a l...
S
CVE-2020-10782 An exposure of sensitive information flaw was found in Ansible version 3.7.0. Sensitive information,...
CVE-2020-10783 Red Hat CloudForms 4.7 and 5 is affected by a role-based privilege escalation flaw. An attacker with...
CVE-2020-10786 A remote command execution in Vesta Control Panel through 0.9.8-26 allows any authenticated user to ...
S
CVE-2020-10787 An elevation of privilege in Vesta Control Panel through 0.9.8-26 allows an attacker to gain root sy...
CVE-2020-10788 openITCOCKPIT before 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than gen...
S
CVE-2020-10789 openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS co...
S
CVE-2020-10790 openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which le...
S
CVE-2020-10791 app/Plugin/GrafanaModule/Controller/GrafanaConfigurationController.php in openITCOCKPIT before 3.7.3...
S
CVE-2020-10792 openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAG...
S
CVE-2020-10793 CodeIgniter through 4.0.0 allows remote attackers to gain privileges via a modified Email ID to the ...
CVE-2020-10794 Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to unauthenticated path traversal that allows an attacker ...
E
CVE-2020-10795 Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup func...
E
CVE-2020-10797 An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5...
S
CVE-2020-10799 The svglib package through 0.9.3 for Python allows XXE attacks via an svg2rlg call....
E S
CVE-2020-10800 lix through 15.8.7 allows man-in-the-middle attackers to execute arbitrary code by modifying the HTT...
CVE-2020-10802 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discover...
S
CVE-2020-10803 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered wh...
S
CVE-2020-10804 In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retr...
CVE-2020-10806 eZ Publish Kernel before 5.4.14.1, 6.x before 6.13.6.2, and 7.x before 7.5.6.2 and eZ Publish Legacy...
CVE-2020-10807 auth_svc in Caldera before 2.6.5 allows authentication bypass (for REST API requests) via a forged "...
S
CVE-2020-10808 Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Back...
E S
CVE-2020-10809 An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function ...
E
CVE-2020-10810 An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5...
E
CVE-2020-10811 An issue was discovered in HDF5 through 1.12.0. A heap-based buffer over-read exists in the function...
E
CVE-2020-10812 An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference exists in the function H5...
E
CVE-2020-10813 A buffer overflow vulnerability in FTPDMIN 0.96 allows attackers to crash the server via a crafted p...
E
CVE-2020-10814 A buffer overflow vulnerability in Code::Blocks 17.12 allows an attacker to execute arbitrary code v...
E
CVE-2020-10816 Zoho ManageEngine Applications Manager 14780 and before allows a remote unauthenticated attacker to ...
CVE-2020-10817 The custom-searchable-data-entry-system (aka Custom Searchable Data Entry System) plugin through 1.7...
E
CVE-2020-10818 Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters...
E
CVE-2020-10819 Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter....
E
CVE-2020-10820 Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter....
E
CVE-2020-10821 Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter....
E
CVE-2020-10823 A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, V...
E
CVE-2020-10824 A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900...
E
CVE-2020-10825 A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Dra...
E
CVE-2020-10826 /cgi-bin/activate.cgi on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows rem...
E
CVE-2020-10827 A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before ...
E
CVE-2020-10828 A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before ...
E
CVE-2020-10829 An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipset...
CVE-2020-10830 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can vi...
CVE-2020-10831 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attacke...
CVE-2020-10832 An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Kernel Wi-...
CVE-2020-10833 An issue was discovered on Samsung mobile devices with Q(10.0) software. The DeX Lockscreen allows a...
CVE-2020-10834 An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can view notificat...
CVE-2020-10835 An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem ch...
CVE-2020-10836 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets)...
CVE-2020-10837 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. T...
CVE-2020-10838 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. PROCA allows a u...
CVE-2020-10839 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attacke...
CVE-2020-10840 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) sof...
CVE-2020-10841 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) sof...
CVE-2020-10842 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) ...
CVE-2020-10843 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) ...
CVE-2020-10844 An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), and Q(10.0) software. There i...
CVE-2020-10845 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There i...
CVE-2020-10846 An issue was discovered on Samsung mobile devices with P(9.x) and Q(10.x) software. Attackers can en...
CVE-2020-10847 An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial...
CVE-2020-10848 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chip...
CVE-2020-10849 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exyn...
CVE-2020-10850 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets)...
CVE-2020-10851 An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack...
CVE-2020-10852 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There i...
CVE-2020-10853 An issue was discovered on Samsung mobile devices with P(9.0) software. Gallery leaks cached data. T...
CVE-2020-10854 An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel ...
CVE-2020-10855 An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory...
CVE-2020-10857 Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted cont...
CVE-2020-10858 Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone due t...
CVE-2020-10859 Zoho ManageEngine Desktop Central before 10.0.484 allows authenticated arbitrary file writes during ...
CVE-2020-10860 An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerab...
E
CVE-2020-10861 An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar...
E
CVE-2020-10862 An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar...
E
CVE-2020-10863 An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar...
E
CVE-2020-10864 An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar...
E
CVE-2020-10865 An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar...
E
CVE-2020-10866 An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar...
E
CVE-2020-10867 An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar...
E
CVE-2020-10868 An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx librar...
E
CVE-2020-10870 Zim through 0.72.1 creates temporary directories with predictable names. A malicious user could pred...
CVE-2020-10871 In OpenWrt LuCI git-20.x, remote unauthenticated attackers can retrieve the list of installed packag...
E S
CVE-2020-10874 Motorola FX9500 devices allow remote attackers to read database files....
E
CVE-2020-10875 Motorola FX9500 devices allow remote attackers to conduct absolute path traversal attacks, as demons...
E
CVE-2020-10876 The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) does not correct...
E
CVE-2020-10878 Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING...
S
CVE-2020-10879 rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.cr...
E S
CVE-2020-10881 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP...
CVE-2020-10882 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
E
CVE-2020-10883 This vulnerability allows local attackers to escalate privileges on affected installations of TP-Lin...
E
CVE-2020-10884 This vulnerability allows network-adjacent attackers execute arbitrary code on affected installation...
E
CVE-2020-10885 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP...
CVE-2020-10886 This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP...
CVE-2020-10887 This vulnerability allows a firewall bypass on affected installations of TP-Link Archer A7 Firmware ...
CVE-2020-10888 This vulnerability allows remote attackers to bypass authentication on affected installations of TP-...
CVE-2020-10889 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10890 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10891 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10892 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10893 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10894 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2020-10895 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10896 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10897 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10898 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10899 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10900 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10901 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2020-10902 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10903 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2020-10904 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10905 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2020-10906 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10907 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10908 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10909 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10910 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10911 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10912 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10913 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo...
CVE-2020-10914 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VE...
CVE-2020-10915 This vulnerability allows remote attackers to execute arbitrary code on affected installations of VE...
CVE-2020-10916 This vulnerability allows network-adjacent attackers to escalate privileges on affected installation...
CVE-2020-10917 This vulnerability allows remote attackers to execute arbitrary code on affected installations of NE...
CVE-2020-10918 This vulnerability allows remote attackers to bypass authentication on affected installations of C-M...
CVE-2020-10919 This vulnerability allows remote attackers to disclose sensitive information on affected installatio...
CVE-2020-10920 This vulnerability allows remote attackers to execute arbitrary code on affected installations of C-...
CVE-2020-10921 This vulnerability allows remote attackers to issue commands on affected installations of C-MORE HMI...
CVE-2020-10922 This vulnerability allows remote attackers to create a denial-of-service condition on affected insta...
CVE-2020-10923 This vulnerability allows network-adjacent attackers to bypass authentication on affected installati...
CVE-2020-10924 This vulnerability allows network-adjacent attackers to bypass authentication on affected installati...
CVE-2020-10925 This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded infor...
CVE-2020-10926 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2020-10927 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2020-10928 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2020-10929 This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installat...
CVE-2020-10930 This vulnerability allows network-adjacent attackers to disclose sensitive information on affected i...
CVE-2020-10931 Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via...
E S
CVE-2020-10932 An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can ...
CVE-2020-10933 An issue was discovered in Ruby 2.5.x through 2.5.7, 2.6.x through 2.6.5, and 2.7.0. If a victim cal...
E
CVE-2020-10934 Acyba AcyMailing before 6.9.2 mishandles file uploads by admins....
CVE-2020-10935 Zulip Server before 2.1.3 allows XSS via a Markdown link, with resultant account takeover....
E
CVE-2020-10936 Sympa before 6.2.56 allows privilege escalation....
E
CVE-2020-10937 An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities ...
CVE-2020-10938 GraphicsMagick before 1.3.35 has an integer overflow and resultant heap-based buffer overflow in Huf...
CVE-2020-10939 Insecure, default path permissions in PHOENIX CONTACT PC WORX SRT through 1.14 allow for local privi...
CVE-2020-10940 Local Privilege Escalation can occur in PHOENIX CONTACT PORTICO SERVER through 3.0.7 when installed ...
CVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by ...
CVE-2020-10942 In the Linux kernel before 5.5.8, get_raw_socket in drivers/vhost/net.c lacks validation of an sk_fa...
E S
CVE-2020-10944 HashiCorp Nomad and Nomad Enterprise up to 0.10.4 contained a cross-site scripting vulnerability suc...
S
CVE-2020-10945 Centreon before 19.10.7 exposes Session IDs in server responses....
CVE-2020-10946 Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or H...
E
CVE-2020-10947 Mac Endpoint for Sophos Central before 9.9.6 and Mac Endpoint for Sophos Home before 2.2.6 allow Pri...
CVE-2020-10948 Jon Hedley AlienForm2 (typically installed as af.cgi or alienform.cgi) 2.0.2 is vulnerable to Remote...
E
CVE-2020-10951 Western Digital My Cloud Home and ibi devices before 2.2.0 allow clickjacking on sign-in pages....
CVE-2020-10952 GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images....
CVE-2020-10953 In GitLab EE 11.7 through 12.9, the NPM feature is vulnerable to a path traversal issue....
CVE-2020-10954 GitLab through 12.9 is affected by a potential DoS in repository archive download....
CVE-2020-10955 GitLab EE/CE 11.1 through 12.9 is vulnerable to parameter tampering on an upload feature that allows...
CVE-2020-10956 GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature....
CVE-2020-10957 In Dovecot before 2.3.10.1, unauthenticated sending of malformed parameters to a NOOP command causes...
E
CVE-2020-10958 In Dovecot before 2.3.10.1, a crafted SMTP/LMTP message triggers an unauthenticated use-after-free b...
E
CVE-2020-10959 resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to forc...
E S
CVE-2020-10960 In MediaWiki before 1.34.1, users can add various Cascading Style Sheets (CSS) classes (which can af...
E S
CVE-2020-10962 In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access con...
CVE-2020-10963 FrozenNode Laravel-Administrator through 5.0.12 allows unrestricted file upload (and consequently Re...
E
CVE-2020-10964 Serendipity before 2.3.4 on Windows allows remote attackers to execute arbitrary code because the fi...
CVE-2020-10965 Teradici PCoIP Management Console 20.01.0 and 19.11.1 is vulnerable to unauthenticated password rese...
E S
CVE-2020-10966 In the Password Reset Module in VESTA Control Panel through 0.9.8-25 and Hestia Control Panel before...
E S
CVE-2020-10967 In Dovecot before 2.3.10.1, remote unauthenticated attackers can crash the lmtp or submission proces...
E
CVE-2020-10968 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg...
S
CVE-2020-10969 FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadg...
S
CVE-2020-10971 An issue was discovered on Wavlink Jetstream devices where a crafted POST request can be sent to adm...
CVE-2020-10972 An issue was discovered where a page is exposed that has the current administrator password in clear...
CVE-2020-10973 An issue was discovered in Wavlink WN530HG4, Wavlink WN531G3, Wavlink WN533A8, and Wavlink WN551K1 a...
CVE-2020-10974 An issue was discovered affecting a backup feature where a crafted POST request returns the current ...
CVE-2020-10975 GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users ...
CVE-2020-10976 GitLab EE/CE 8.17 to 12.9 is vulnerable to information leakage when querying a merge request widget....
CVE-2020-10977 GitLab EE/CE 8.5 to 12.9 is vulnerable to a an path traversal when moving an issue between projects....
E
CVE-2020-10978 GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved...
CVE-2020-10979 GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized...
CVE-2020-10980 GitLab EE/CE 8.0.rc1 to 12.9 is vulnerable to a blind SSRF in the FogBugz integration....
CVE-2020-10981 GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descripti...
CVE-2020-10982 Gambio GX before 4.0.1.0 allows SQL Injection in admin/gv_mail.php....
E
CVE-2020-10983 Gambio GX before 4.0.1.0 allows SQL Injection in admin/mobile.php....
E
CVE-2020-10984 Gambio GX before 4.0.1.0 allows admin/admin.php CSRF....
E
CVE-2020-10985 Gambio GX before 4.0.1.0 allows XSS in admin/coupon_admin.php....
E
CVE-2020-10986 A CSRF issue in the /goform/SysToolReboot endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows r...
E
CVE-2020-10987 The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to...
KEV E
CVE-2020-10988 A hard-coded telnet credential in the tenda_login binary of Tenda AC15 AC1900 version 15.03.05.19 al...
E
CVE-2020-10989 An XSS issue in the /goform/WifiBasicSet endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows re...
E
CVE-2020-10990 An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serialize...
S
CVE-2020-10991 Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java...
E
CVE-2020-10992 Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserMan...
E
CVE-2020-10993 Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java....
E
CVE-2020-10994 In libImaging/Jpeg2KDecode.c in Pillow before 7.1.0, there are multiple out-of-bounds reads via a cr...
S
CVE-2020-10995 PowerDNS Recursor from 4.1.0 up to and including 4.3.0 does not sufficiently defend against amplific...
CVE-2020-10996 An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadverten...
CVE-2020-10997 Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup fil...
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.