Total
34147 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11602 | 1 Google | 1 Android | 2024-11-21 | 2.4 Low |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Google Assistant leaks clipboard contents on a locked device. The Samsung ID is SVE-2019-16558 (April 2020). | ||||
| CVE-2020-11601 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is unauthorized access to applications in the Secure Folder via floating icons. The Samsung ID is SVE-2019-16195 (April 2020). | ||||
| CVE-2020-11595 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path. | ||||
| CVE-2020-11592 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database. | ||||
| CVE-2020-11591 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.3 Medium |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name. | ||||
| CVE-2020-11590 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.3 Medium |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to HealthPage.aspx and obtain the internal server name. | ||||
| CVE-2020-11588 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 5.3 Medium |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP GET request to two files that contain customer data and application paths. | ||||
| CVE-2020-11587 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server. | ||||
| CVE-2020-11554 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 7.5 High |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4. | ||||
| CVE-2020-11550 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote leak of sensitive/arbitrary Wi-Fi information, such as SSIDs and Pre-Shared-Keys (PSK). | ||||
| CVE-2020-11533 | 1 Ivanti | 1 Workspace Control | 2024-11-21 | 5.5 Medium |
| Ivanti Workspace Control before 10.4.30.0, when SCCM integration is enabled, allows local users to obtain sensitive information (keying material). | ||||
| CVE-2020-11527 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 High |
| In Zoho ManageEngine OpManager before 12.4.181, an unauthenticated remote attacker can send a specially crafted URI to read arbitrary files. | ||||
| CVE-2020-11519 | 1 Winmagic | 1 Securedoc | 2024-11-21 | 7.8 High |
| The SDDisk2k.sys driver of WinMagic SecureDoc v8.5 and earlier allows local users to read or write to physical disc sectors via a \\.\SecureDocDevice handle. Exploiting this vulnerability results in privileged code execution. | ||||
| CVE-2020-11518 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 9.8 Critical |
| Zoho ManageEngine ADSelfService Plus before 5815 allows unauthenticated remote code execution. | ||||
| CVE-2020-11484 | 2 Intel, Nvidia | 2 Bmc Firmware, Dgx-1 | 2024-11-21 | 4.9 Medium |
| NVIDIA DGX servers, all DGX-1 with BMC firmware versions prior to 3.38.30, contains a vulnerability in the AMI BMC firmware in which an attacker with administrative privileges can obtain the hash of the BMC/IPMI user password, which may lead to information disclosure. | ||||
| CVE-2020-11458 | 1 Misp | 1 Misp | 2024-11-21 | 4.9 Medium |
| app/Model/feed.php in MISP before 2.4.124 allows administrators to choose arbitrary files that should be ingested by MISP. This does not cause a leak of the full contents of a file, but does cause a leaks of strings that match certain patterns. Among the data that can leak are passwords from database.php or GPG key passphrases from config.php. | ||||
| CVE-2020-11450 | 1 Microstrategy | 1 Microstrategy Web | 2024-11-21 | 7.5 High |
| Microstrategy Web 10.4 exposes the JVM configuration, CPU architecture, installation folder, and other information through the URL /MicroStrategyWS/happyaxis.jsp. An attacker could use this vulnerability to learn more about the environment the application is running in. This issue has been mitigated in all versions of the product 11.0 and higher. | ||||
| CVE-2020-11447 | 1 Bell | 2 Home Hub 3000, Home Hub 3000 Firmware | 2024-11-21 | 4.3 Medium |
| An issue was discovered on Bell HomeHub 3000 SG48222070 devices. Remote authenticated users can retrieve the serial number via cgi/json-req - this is an information leak because the serial number is intended to prove an actor's physical access to the device. | ||||
| CVE-2020-11445 | 1 Tp-link | 30 Kc200, Kc200 Firmware, Kc300s2 and 27 more | 2024-11-21 | 5.3 Medium |
| TP-Link cloud cameras through 2020-02-09 allow remote attackers to bypass authentication and obtain sensitive information via vectors involving a Wi-Fi session with GPS enabled, aka CNVD-2020-04855. | ||||
| CVE-2020-11440 | 1 Windriver | 1 Vxworks | 2024-11-21 | 7.5 High |
| httpRpmFs in WebCLI in Wind River VxWorks 5.5 through 7 SR0640 has no check for an escape from the web root. | ||||