Total
34193 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26242 | 1 Ethereum | 1 Go Ethereum | 2024-11-21 | 6.5 Medium |
| Go Ethereum, or "Geth", is the official Golang implementation of the Ethereum protocol. In Geth before version 1.9.18, there is a Denial-of-service (crash) during block processing. This is fixed in 1.9.18. | ||||
| CVE-2020-26224 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 7.5 High |
| In PrestaShop before version 1.7.6.9 an attacker is able to list all the orders placed on the website without being logged by abusing the function that allows a shopping cart to be recreated from an order already placed. The problem is fixed in 1.7.6.9. | ||||
| CVE-2020-26191 | 1 Dell | 1 Emc Powerscale Onefs | 2024-11-21 | 7.8 High |
| Dell EMC PowerScale OneFS versions 8.1.0 - 9.1.0 contain a privilege escalation vulnerability. A user with ISI_PRIV_JOB_ENGINE may use the PermissionRepair job to grant themselves the highest level of RBAC privileges thus being able to read arbitrary data, tamper with system software or deny service to users. | ||||
| CVE-2020-26181 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-11-21 | 7 High |
| Dell EMC Isilon OneFS versions 8.1 and later and Dell EMC PowerScale OneFS version 9.0.0 contain a privilege escalation vulnerability on a SmartLock Compliance mode cluster. The compadmin user connecting using ISI PRIV LOGIN SSH or ISI PRIV LOGIN CONSOLE can elevate privileges to the root user if they have ISI PRIV HARDENING privileges. | ||||
| CVE-2020-26112 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| The email quota cache in cPanel before 90.0.10 allows overwriting of files. | ||||
| CVE-2020-26102 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | ||||
| CVE-2020-26098 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.8 Critical |
| cPanel before 88.0.3 mishandles the Exim filter path, leading to remote code execution (SEC-485). | ||||
| CVE-2020-26041 | 1 Hoosk | 1 Hoosk | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Hoosk CmS v1.8.0. There is an Remote Code Execution vulnerability in install/index.php | ||||
| CVE-2020-26034 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 Medium |
| An account-enumeration issue was discovered in Zammad before 3.4.1. The Create User functionality is implemented in a way that would enable an anonymous user to guess valid user email addresses. The application responds differently depending on whether the input supplied was recognized as associated with a valid user. | ||||
| CVE-2020-25863 | 5 Debian, Fedoraproject, Opensuse and 2 more | 6 Debian Linux, Fedora, Leap and 3 more | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector could crash. This was addressed in epan/dissectors/packet-multipart.c by correcting the deallocation of invalid MIME parts. | ||||
| CVE-2020-25850 | 1 Hgiga | 2 Msr45 Isherlock-user, Ssr45 Isherlock-user | 2024-11-21 | 8.1 High |
| The function, view the source code, of HGiga MailSherlock does not validate specific characters. Remote attackers can use this flaw to download arbitrary system files. | ||||
| CVE-2020-25838 | 1 Microfocus | 1 Filr | 2024-11-21 | 6.5 Medium |
| Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affecting all 3.x and 4.x versions. The vulnerability could be exploited to disclose unauthorized sensitive information. | ||||
| CVE-2020-25837 | 1 Microfocus | 1 Self Service Password Reset | 2024-11-21 | 7.5 High |
| Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) product. The vulnerability affects versions 4.4.0.0 to 4.4.0.6 and 4.5.0.1 and 4.5.0.2. In certain configurations the vulnerability could disclose sensitive information. | ||||
| CVE-2020-25829 | 2 Opensuse, Powerdns | 3 Backports Sle, Leap, Recursor | 2024-11-21 | 7.5 High |
| An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3.5. A remote attacker can cause the cached records for a given name to be updated to the Bogus DNSSEC validation state, instead of their actual DNSSEC Secure state, via a DNS ANY query. This results in a denial of service for installation that always validate (dnssec=validate), and for clients requesting validation when on-demand validation is enabled (dnssec=process). | ||||
| CVE-2020-25825 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 7.5 High |
| In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in the task logs. | ||||
| CVE-2020-25816 | 1 Hashicorp | 1 Vault | 2024-11-21 | 6.8 Medium |
| HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch token to outlive their TTL because expiration time was not scheduled correctly. Fixed in 1.4.7 and 1.5.4. | ||||
| CVE-2020-25813 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 5.3 Medium |
| In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users. | ||||
| CVE-2020-25777 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 5.4 Medium |
| Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request attack where an attacker could bypass the Web Threat Protection feature of the product. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | ||||
| CVE-2020-25766 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. | ||||
| CVE-2020-25753 | 1 Enphase | 2 Envoy, Envoy Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin password is set to the last 6 digits of the serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. | ||||