Total
34145 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11157 | 1 Qualcomm | 34 Apq8053, Apq8053 Firmware, Apq8076 and 31 more | 2024-11-21 | 7.5 High |
| u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, APQ8076, MDM9640, MDM9650, MSM8905, MSM8917, MSM8937, MSM8940, MSM8953, QCA6174A, QCA9886, QCM2150, QM215, SDM429, SDM439, SDM450, SDM632 | ||||
| CVE-2020-11103 | 1 Webswing | 1 Webswing | 2024-11-21 | 9.8 Critical |
| JsLink in Webswing before 2.6.12 LTS, and 2.7.x and 20.x before 20.1, allows remote code execution. | ||||
| CVE-2020-11054 | 2 Fedoraproject, Qutebrowser | 2 Fedora, Qutebrowser | 2024-11-21 | 3.5 Low |
| In qutebrowser versions less than 1.11.1, reloading a page with certificate errors shows a green URL. After a certificate error was overridden by the user, qutebrowser displays the URL as yellow (colors.statusbar.url.warn.fg). However, when the affected website was subsequently loaded again, the URL was mistakenly displayed as green (colors.statusbar.url.success_https). While the user already has seen a certificate error prompt at this point (or set content.ssl_strict to false, which is not recommended), this could still provide a false sense of security. This has been fixed in 1.11.1 and 1.12.0. All versions of qutebrowser are believed to be affected, though versions before v0.11.x couldn't be tested. Backported patches for older versions (greater than or equal to 1.4.0 and less than or equal to 1.10.2) are available, but no further releases are planned. | ||||
| CVE-2020-11021 | 1 Http-client Project | 1 Http-client | 2024-11-21 | 6.3 Medium |
| Actions Http-Client (NPM @actions/http-client) before version 1.0.8 can disclose Authorization headers to incorrect domain in certain redirect scenarios. The conditions in which this happens are if consumers of the http-client: 1. make an http request with an authorization header 2. that request leads to a redirect (302) and 3. the redirect url redirects to another domain or hostname Then the authorization header will get passed to the other domain. The problem is fixed in version 1.0.8. | ||||
| CVE-2020-11014 | 1 Simpleledger | 1 Electron-cash-slp | 2024-11-21 | 6.1 Medium |
| Electron-Cash-SLP before version 3.6.2 has a vulnerability. All token creators that use the "Mint Tool" feature of the Electron Cash SLP Edition are at risk of sending the minting authority baton to the wrong SLP address. Sending the mint baton to the wrong address will give another party the ability to issue new tokens or permanently destroy future minting capability. This is fixed version 3.6.2. | ||||
| CVE-2020-10981 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab EE/CE 9.0 to 12.9 allows a maintainer to modify other maintainers' pipeline trigger descriptions within the same project. | ||||
| CVE-2020-10979 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab EE/CE 11.10 to 12.9 is leaking information on restricted CI pipelines metrics to unauthorized users. | ||||
| CVE-2020-10978 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| GitLab EE/CE 8.11 to 12.9 is leaking information on Issues opened in a public project and then moved to a private project through Web-UI and GraphQL API. | ||||
| CVE-2020-10975 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| GitLab EE/CE 10.8 to 12.9 is leaking metadata and comments on vulnerabilities to unauthorized users on the vulnerability feedback page. | ||||
| CVE-2020-10952 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. | ||||
| CVE-2020-10941 | 3 Arm, Debian, Fedoraproject | 4 Mbed Crypto, Mbed Tls, Debian Linux and 1 more | 2024-11-21 | 5.9 Medium |
| Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. | ||||
| CVE-2020-10937 | 1 Protocol | 1 Ipfs | 2024-11-21 | 7.5 High |
| An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this. | ||||
| CVE-2020-10868 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 7.5 High |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to launch the Repair App RPC call from a Low Integrity process. | ||||
| CVE-2020-10864 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a reboot via RPC from a Low Integrity process. | ||||
| CVE-2020-10863 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 7.5 High |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to trigger a shutdown via RPC from a Low Integrity process via TempShutDownMachine. | ||||
| CVE-2020-10862 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 7.8 High |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Local Privilege Escalation (LPE) via RPC. | ||||
| CVE-2020-10861 | 2 Avast, Microsoft | 2 Antivirus, Windows | 2024-11-21 | 7.5 High |
| An issue was discovered in Avast Antivirus before 20. The aswTask RPC endpoint for the TaskEx library in the Avast Service (AvastSvc.exe) allows attackers to achieve Arbitrary File Deletion from Avast Program Path via RPC, when Self Defense is Enabled. | ||||
| CVE-2020-10857 | 1 Zulip | 1 Zulip Desktop | 2024-11-21 | 9.8 Critical |
| Zulip Desktop before 5.0.0 improperly uses shell.openExternal and shell.openItem with untrusted content, leading to remote code execution. | ||||
| CVE-2020-10855 | 1 Google | 1 Android | 2024-11-21 | 4.6 Medium |
| An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via AppTray. The Samsung ID is SVE-2019-16192 (January 2020). | ||||
| CVE-2020-10854 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020). | ||||