Total
34159 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13665 | 1 Drupal | 1 Drupal | 2024-11-21 | 9.8 Critical |
| Access bypass vulnerability in Drupal Core allows JSON:API when JSON:API is in read/write mode. Only sites that have the read_only set to FALSE under jsonapi.settings config are vulnerable. This issue affects: Drupal Drupal Core 8.8.x versions prior to 8.8.8; 8.9.x versions prior to 8.9.1; 9.0.x versions prior to 9.0.1. | ||||
| CVE-2020-13661 | 1 Telerik | 1 Fiddler | 2024-11-21 | 8.8 High |
| Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose the Open On Browser option. Fixed in version 5.0.20204. | ||||
| CVE-2020-13657 | 1 Avast | 2 Avg Antivirus, Free Antivirus | 2024-11-21 | 5.5 Medium |
| An elevation of privilege vulnerability exists in Avast Free Antivirus and AVG AntiVirus Free before 20.4 due to improperly handling hard links. The vulnerability allows local users to take control of arbitrary files. | ||||
| CVE-2020-13631 | 9 Apple, Brocade, Canonical and 6 more | 20 Icloud, Ipados, Iphone Os and 17 more | 2024-11-21 | 5.5 Medium |
| SQLite before 3.32.0 allows a virtual table to be renamed to the name of one of its shadow tables, related to alter.c and build.c. | ||||
| CVE-2020-13522 | 1 Softperfect | 1 Ram Disk | 2024-11-21 | 7.1 High |
| An exploitable arbitrary file delete vulnerability exists in SoftPerfect RAM Disk 4.1 spvve.sys driver. A specially crafted I/O request packet (IRP) can allow an unprivileged user to delete any file on the filesystem. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13518 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c402084 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13517 | 1 Nzxt | 1 Cam | 2024-11-21 | 5.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406104 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13516 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver IRP 0x9c406144 functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) can cause the disclosure of sensitive information. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13511 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d4 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13510 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) using the IRP 0x9c4060d0 gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability. | ||||
| CVE-2020-13509 | 1 Nzxt | 1 Cam | 2024-11-21 | 6.5 Medium |
| An information disclosure vulnerability exists in the WinRing0x64 Driver Privileged I/O Read IRPs functionality of NZXT CAM 4.8.0. A specially crafted I/O request packet (IRP) Using the IRP 0x9c4060cc gives a low privilege user direct access to the IN instruction that is completely unrestrained at an elevated privilege level. An attacker can send a malicious IRP to trigger this vulnerability and this access could allow for information leakage of sensitive data. | ||||
| CVE-2020-13471 | 1 Apexmic | 2 Apm32f103, Apm32f103 Firmware | 2024-11-21 | 6.8 Medium |
| Apex Microelectronics APM32F103 devices allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | ||||
| CVE-2020-13466 | 1 St | 2 Stm32f103, Stm32f103 Firmware | 2024-11-21 | 6.8 Medium |
| STMicroelectronics STM32F103 devices through 2020-05-20 allow physical attackers to execute arbitrary code via a power glitch and a specific flash patch/breakpoint unit configuration. | ||||
| CVE-2020-13461 | 1 Tufin | 1 Securetrack | 2024-11-21 | 4.3 Medium |
| Username enumeration in present in Tufin SecureTrack. It's affecting all versions of SecureTrack. The vendor has decided not to fix this vulnerability. Vendor's response: "This attack requires access to the internal network. If an attacker is part of the internal network, they do not require access to TOS to know the usernames". | ||||
| CVE-2020-13444 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 6.5 Medium |
| Liferay Portal 7.x before 7.3.2, and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 5 does not sanitize the information returned by the DDMDataProvider API, which allows remote authenticated users to obtain the password to REST Data Providers. | ||||
| CVE-2020-13424 | 1 Xcloner | 1 Xcloner | 2024-11-21 | 6.5 Medium |
| The XCloner component before 3.5.4 for Joomla! allows Authenticated Local File Disclosure. | ||||
| CVE-2020-13420 | 1 Openiam | 1 Openiam | 2024-11-21 | 9.8 Critical |
| OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. | ||||
| CVE-2020-13417 | 4 Apple, Aviatrix, Linux and 1 more | 6 Macos, Controller, Gateway and 3 more | 2024-11-21 | 9.8 Critical |
| An Elevation of Privilege issue was discovered in Aviatrix VPN Client before 2.10.7, because of an incomplete fix for CVE-2020-7224. This affects Linux, macOS, and Windows installations for certain OpenSSL parameters. | ||||
| CVE-2020-13364 | 1 Zyxel | 8 Nas326, Nas326 Firmware, Nas520 and 5 more | 2024-11-21 | 8.8 High |
| A backdoor in certain Zyxel products allows remote TELNET access via a CGI script. This affects NAS520 V5.21(AASZ.4)C0, V5.21(AASZ.0)C0, V5.11(AASZ.3)C0, and V5.11(AASZ.0)C0; NAS542 V5.11(ABAG.0)C0, V5.20(ABAG.1)C0, and V5.21(ABAG.3)C0; NSA325 v2_V4.81(AALS.0)C0 and V4.81(AAAJ.1)C0; NSA310 4.22(AFK.0)C0 and 4.22(AFK.1)C0; NAS326 V5.21(AAZF.8)C0, V5.11(AAZF.4)C0, V5.11(AAZF.2)C0, and V5.11(AAZF.3)C0; NSA310S V4.75(AALH.2)C0; NSA320S V4.75(AANV.2)C0 and V4.75(AANV.1)C0; NSA221 V4.41(AFM.1)C0; and NAS540 V5.21(AATB.5)C0 and V5.21(AATB.3)C0. | ||||
| CVE-2020-13359 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.6 High |
| The Terraform API in GitLab CE/EE 12.10+ exposed the object storage signed URL on the delete operation allowing a malicious project maintainer to overwrite the Terraform state, bypassing audit and other business controls. Affected versions are >=12.10, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2. | ||||