Export limit exceeded: 10062 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10062 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12417 | 4 Canonical, Mozilla, Opensuse and 1 more | 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 8.8 High |
| Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | ||||
| CVE-2020-12412 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 Medium |
| By navigating a tab using the history API, an attacker could cause the address bar to display the incorrect domain (with the https:// scheme, a blocked port number such as '1', and without a lock icon) while controlling the page contents. This vulnerability affects Firefox < 70. | ||||
| CVE-2020-12357 | 3 Intel, Netapp, Siemens | 568 Bios, Core I3-l13g4, Core I5-l16g7 and 565 more | 2024-11-21 | 6.7 Medium |
| Improper initialization in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12326 | 1 Intel | 1 Thunderbolt Dch Driver | 2024-11-21 | 5.5 Medium |
| Improper initialization in some Intel(R) Thunderbolt(TM) DCH drivers for Windows* before version 72 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-12301 | 1 Intel | 16 S2600bpbr, S2600bpbr Firmware, S2600bpqr and 13 more | 2024-11-21 | 8.2 High |
| Improper initialization in BIOS firmware for Intel(R) Server Board Families S2600ST, S2600BP and S2600WF may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12283 | 1 Sourcegraph | 1 Sourcegraph | 2024-11-21 | 6.1 Medium |
| Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. | ||||
| CVE-2020-12243 | 9 Apple, Broadcom, Canonical and 6 more | 28 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 25 more | 2024-11-21 | 7.5 High |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | ||||
| CVE-2020-12142 | 2 Arubanetworks, Silver-peak | 44 Nx-1000, Nx-10k, Nx-11k and 41 more | 2024-11-21 | 4.8 Medium |
| 1. IPSec UDP key material can be retrieved from machine-to-machine interfaces and human-accessible interfaces by a user with admin credentials. Such a user, with the required system knowledge, could use this material to decrypt in-flight communication. 2. The vulnerability requires administrative access and shell access to the EdgeConnect appliance. An admin user can access IPSec seed and nonce parameters using the CLI, REST APIs, and the Linux shell. | ||||
| CVE-2020-12100 | 5 Canonical, Debian, Dovecot and 2 more | 7 Ubuntu Linux, Debian Linux, Dovecot and 4 more | 2024-11-21 | 7.5 High |
| In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. | ||||
| CVE-2020-12043 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2024-11-21 | 9.8 Critical |
| The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted. | ||||
| CVE-2020-12025 | 1 Rockwellautomation | 1 Studio 5000 Logix Designer | 2024-11-21 | 3.3 Low |
| Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. | ||||
| CVE-2020-12020 | 1 Baxter | 4 Em1200, Em1200 Firmware, Em2400 and 1 more | 2024-11-21 | 6.1 Medium |
| Baxter ExactaMix EM 2400 Versions 1.10, 1.11, and 1.13 and ExactaMix EM1200 Versions 1.1, 1.2, and 1.4 does not restrict non administrative users from gaining access to the operating system and editing the application startup script. Successful exploitation of this vulnerability may allow an attacker to alter the startup script as the limited-access user. | ||||
| CVE-2020-11991 | 1 Apache | 1 Cocoon | 2024-11-21 | 7.5 High |
| When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. | ||||
| CVE-2020-11934 | 1 Canonical | 1 Ubuntu Linux | 2024-11-21 | 5.9 Medium |
| It was discovered that snapctl user-open allowed altering the $XDG_DATA_DIRS environment variable when calling the system xdg-open. OpenURL() in usersession/userd/launcher.go would alter $XDG_DATA_DIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this to bypass intended access restrictions to control how the host system xdg-open script opens the URL and, for example, execute a script shipped with the snap without confinement. This issue did not affect Ubuntu Core systems. Fixed in snapd versions 2.45.1ubuntu0.2, 2.45.1+18.04.2 and 2.45.1+20.04.2. | ||||
| CVE-2020-11931 | 2 Canonical, Pulseaudio | 2 Ubuntu Linux, Pulseaudio | 2024-11-21 | 3.3 Low |
| An Ubuntu-specific modification to Pulseaudio to provide security mediation for Snap-packaged applications was found to have a bypass of intended access restriction for snaps which plugs any of pulseaudio, audio-playback or audio-record via unloading the pulseaudio snap policy module. This issue affects: pulseaudio 1:8.0 versions prior to 1:8.0-0ubuntu3.12; 1:11.1 versions prior to 1:11.1-1ubuntu7.7; 1:13.0 versions prior to 1:13.0-1ubuntu1.2; 1:13.99.1 versions prior to 1:13.99.1-1ubuntu3.2; | ||||
| CVE-2020-11885 | 1 Wso2 | 1 Enterprise Integrator | 2024-11-21 | 7.2 High |
| WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file. | ||||
| CVE-2020-11882 | 1 Telefonica | 1 O2 Business | 2024-11-21 | 6.1 Medium |
| The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user. | ||||
| CVE-2020-11795 | 1 Jetbrains | 1 Space | 2024-11-21 | 7.5 High |
| In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. | ||||
| CVE-2020-11688 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. | ||||
| CVE-2020-11665 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 4.3.1 and earlier handles loginRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | ||||