Total
34252 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35308 | 1 Conquest Dicom Server Project | 1 Conquest Dicom Server | 2024-11-21 | 9.8 Critical |
| CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code. | ||||
| CVE-2020-35236 | 1 Amazee | 1 Lagoon | 2024-11-21 | 5.3 Medium |
| The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion. | ||||
| CVE-2020-35235 | 1 Themexa | 1 Secure File Manager | 2024-11-21 | 8.8 High |
| vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35214 | 1 Atomix | 1 Atomix | 2024-11-21 | 8.1 High |
| An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations. | ||||
| CVE-2020-35211 | 1 Atomix | 1 Atomix | 2024-11-21 | 7.5 High |
| An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext. | ||||
| CVE-2020-35209 | 1 Atomix | 1 Atomix | 2024-11-21 | 7.5 High |
| An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. | ||||
| CVE-2020-35175 | 1 Frappe | 1 Frappe | 2024-11-21 | 5.3 Medium |
| Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API. | ||||
| CVE-2020-35173 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2024-11-21 | 9.8 Critical |
| The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER). | ||||
| CVE-2020-35149 | 2 Mquery Project, Redhat | 2 Mquery, Acm | 2024-11-21 | 5.3 Medium |
| lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation. | ||||
| CVE-2020-35121 | 1 Keysight | 1 Database Connector | 2024-11-21 | 8.8 High |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. | ||||
| CVE-2020-35112 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 8.8 High |
| If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | ||||
| CVE-2020-35111 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-11-21 | 4.3 Medium |
| When an extension with the proxy permission registered to receive <all_urls>, the proxy.onRequest callback was not triggered for view-source URLs. While web content cannot navigate to such URLs, a user opening View Source could have inadvertently leaked their IP address. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | ||||
| CVE-2020-2984 | 1 Oracle | 1 Configuration Manager | 2024-11-21 | 7.1 High |
| Vulnerability in the Oracle Configuration Manager product of Oracle Enterprise Manager (component: Discovery and collection script). The supported version that is affected is 12.1.2.0.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configuration Manager. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Configuration Manager accessible data as well as unauthorized update, insert or delete access to some of Oracle Configuration Manager accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). | ||||
| CVE-2020-2983 | 1 Oracle | 1 Data Masking And Subsetting | 2024-11-21 | 7.1 High |
| Vulnerability in the Oracle Data Masking and Subsetting product of Oracle Enterprise Manager (component: Data Masking). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Masking and Subsetting. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Data Masking and Subsetting accessible data as well as unauthorized update, insert or delete access to some of Oracle Data Masking and Subsetting accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). | ||||
| CVE-2020-2982 | 1 Oracle | 1 Enterprise Manager Base Platform | 2024-11-21 | 7.1 High |
| Vulnerability in the Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Enterprise Config Management). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Enterprise Manager Base Platform. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Enterprise Manager Base Platform accessible data. CVSS 3.1 Base Score 7.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N). | ||||
| CVE-2020-2981 | 1 Oracle | 1 Berkeley Db | 2024-11-21 | 7 High |
| Vulnerability in the Data Store component of Oracle Berkeley DB. The supported version that is affected is Prior to 18.1.40. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Data Store executes to compromise Data Store. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Data Store. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2020-2978 | 1 Oracle | 1 Database | 2024-11-21 | 4.1 Medium |
| Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N). | ||||
| CVE-2020-2977 | 1 Oracle | 1 Application Express | 2024-11-21 | 4.6 Medium |
| Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having Valid User Account privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N). | ||||
| CVE-2020-2976 | 1 Oracle | 1 Application Express | 2024-11-21 | 5.4 Medium |
| Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||
| CVE-2020-2975 | 1 Oracle | 1 Application Express | 2024-11-21 | 5.4 Medium |
| Vulnerability in the Oracle Application Express component of Oracle Database Server. Supported versions that are affected are 5.1-19.2. Easily exploitable vulnerability allows low privileged attacker having SQL Workshop privilege with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). | ||||