Total
34159 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14165 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 5.3 Medium |
| The UniversalAvatarResource.getAvatars resource in Jira Server and Data Center before version 8.9.0 allows remote attackers to obtain information about custom project avatars names via an Improper authorization vulnerability. | ||||
| CVE-2020-14150 | 1 Gnu | 1 Bison | 2024-11-21 | 5.5 Medium |
| GNU Bison before 3.5.4 allows attackers to cause a denial of service (application crash). NOTE: there is a risk only if Bison is used with untrusted input, and an observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug reports were intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | ||||
| CVE-2020-14131 | 1 Mi | 1 Xiaomi | 2024-11-21 | 9.8 Critical |
| The Xiaomi Security Center expresses heartfelt thanks to ADLab of VenusTech ! At the same time, we also welcome more outstanding and professional security experts and security teams to join the Mi Security Center (MiSRC) to jointly ensure the safe access of millions of Xiaomi users worldwide Life. | ||||
| CVE-2020-14129 | 1 Mi | 1 Xiaomi | 2024-11-21 | 9.8 Critical |
| A logic vulnerability exists in a Xiaomi product. The vulnerability is caused by an identity verification failure, which can be exploited by an attacker who can obtain a brief elevation of privilege. | ||||
| CVE-2020-14126 | 1 Mi | 1 Sound | 2024-11-21 | 7.5 High |
| Information leakage vulnerability exists in the Mi Sound APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. | ||||
| CVE-2020-14114 | 1 Mi | 1 Smarthome | 2024-11-21 | 7.5 High |
| information leakage vulnerability exists in the Xiaomi SmartHome APP. This vulnerability is caused by illegal calls of some sensitive JS interfaces, which can be exploited by attackers to leak sensitive information. | ||||
| CVE-2020-14105 | 1 Mi | 2 Mi 10, Miui | 2024-11-21 | 5.5 Medium |
| The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | ||||
| CVE-2020-14103 | 1 Mi | 2 Mi 10, Miui | 2024-11-21 | 5.5 Medium |
| The application in the mobile phone can read the SNO information of the device, Xiaomi 10 MIUI < 2020.01.15. | ||||
| CVE-2020-14101 | 1 Mi | 4 Ax1800, Ax1800 Firmware, Rm1800 and 1 more | 2024-11-21 | 7.5 High |
| The data collection SDK of the router web management interface caused the leakage of the token. This affects Xiaomi router AX1800rom version < 1.0.336 and Xiaomi route RM1800 root version < 1.0.26. | ||||
| CVE-2020-14097 | 1 Mi | 2 Redmi Ax6, Redmi Ax6 Firmware | 2024-11-21 | 7.5 High |
| Wrong nginx configuration, causing specific paths to be downloaded without authorization. This affects Xiaomi router AX6 ROM version < 1.0.18. | ||||
| CVE-2020-14058 | 4 Fedoraproject, Netapp, Redhat and 1 more | 4 Fedora, Cloud Manager, Enterprise Linux and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Squid before 4.12 and 5.x before 5.0.3. Due to use of a potentially dangerous function, Squid and the default certificate validation helper are vulnerable to a Denial of Service when opening a TLS connection to an attacker-controlled server for HTTPS. This occurs because unrecognized error values are mapped to NULL, but later code expects that each error value is mapped to a valid error string. | ||||
| CVE-2020-14031 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 7.2 High |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The outbox functionality of the TXT File module can be used to delete all/most files in a folder. Because the product usually runs as NT AUTHORITY\SYSTEM, the only files that will not be deleted are those currently being run by the system and/or files that have special security attributes (e.g., Windows Defender files). | ||||
| CVE-2020-14021 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 4.9 Medium |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. The ASP.net SMS module can be used to read and validate the source code of ASP files. By altering the path, it can be made to read any file on the Operating System, usually with NT AUTHORITY\SYSTEM privileges. | ||||
| CVE-2020-14005 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-11-21 | 8.8 High |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | ||||
| CVE-2020-13991 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. | ||||
| CVE-2020-13962 | 5 Fedoraproject, Mumble, Opensuse and 2 more | 5 Fedora, Mumble, Leap and 2 more | 2024-11-21 | 7.5 High |
| Qt 5.12.2 through 5.14.2, as used in unofficial builds of Mumble 1.3.0 and other products, mishandles OpenSSL's error queue, which can cause a denial of service to QSslSocket users. Because errors leak in unrelated TLS sessions, an unrelated session may be disconnected when any handshake fails. (Mumble 1.3.1 is not affected, regardless of the Qt version.) | ||||
| CVE-2020-13960 | 1 Dlink | 4 Dir-600m, Dir-600m Firmware, Dsl-2730u and 1 more | 2024-11-21 | 7.5 High |
| D-Link DSL 2730-U IN_1.10 and IN_1.11 and DIR-600M 3.04 devices have the domain.name string in the DNS resolver search path by default, which allows remote attackers to provide valid DNS responses (and also offer Internet services such as HTTP) for names that otherwise would have had an NXDOMAIN error, by registering a subdomain of the domain.name domain name. | ||||
| CVE-2020-13958 | 1 Apache | 1 Openoffice | 2024-11-21 | 7.8 High |
| A vulnerability in Apache OpenOffice scripting events allows an attacker to construct documents containing hyperlinks pointing to an executable on the target users file system. These hyperlinks can be triggered unconditionally. In fixed versions no internal protocol may be called from the document event handler and other hyperlinks require a control-click. | ||||
| CVE-2020-13952 | 1 Apache | 1 Superset | 2024-11-21 | 8.1 High |
| In the course of work on the open source project it was discovered that authenticated users running queries against Hive and Presto database engines could access information via a number of templated fields including the contents of query description metadata database, the hashed version of the authenticated users’ password, and access to connection information including the plaintext password for the current connection. It would also be possible to run arbitrary methods on the database connection object for the Presto or Hive connection, allowing the user to bypass security controls internal to Superset. This vulnerability is present in every Apache Superset version < 0.37.2. | ||||
| CVE-2020-13951 | 1 Apache | 1 Openmeetings | 2024-11-21 | 7.5 High |
| Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. | ||||