Total
8190 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-0602 | 1 Google | 1 Android | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| In onCreateOptionsMenu of WifiNetworkDetailsFragment.java, there is a possible way for guest users to view and modify Wi-Fi settings for all configured APs due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11Android ID: A-177573895 | |||||
| CVE-2021-0291 | 1 Juniper | 2 Junos, Junos Os Evolved | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| An Exposure of System Data vulnerability in Juniper Networks Junos OS and Junos OS Evolved, where a sensitive system-level resource is not being sufficiently protected, allows a network-based unauthenticated attacker to send specific traffic which partially reaches this resource. A high rate of specific traffic may lead to a partial Denial of Service (DoS) as the CPU utilization of the RE is significantly increased. The SNMP Agent Extensibility (agentx) process should only be listening to TCP port 705 on the internal routing instance. External connections destined to port 705 should not be allowed. This issue affects: Juniper Networks Junos OS: 15.1 versions prior to 15.1R7-S9; 17.3 versions prior to 17.3R3-S12; 17.4 versions prior to 17.4R2-S13, 17.4R3-S5; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R2-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R3-S2; 19.3 versions prior to 19.3R2-S6, 19.3R3-S2; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3; 20.1 versions prior to 20.1R2; 20.2 versions prior to 20.2R2; 20.3 versions prior to 20.3R2. Juniper Networks Junos OS Evolved versions prior to 20.3R2-EVO. This issue does not affect Juniper Networks Junos OS versions prior to 13.2R1. | |||||
| CVE-2021-0210 | 1 Juniper | 1 Junos | 2024-11-21 | 5.0 MEDIUM | 6.8 MEDIUM |
| An Information Exposure vulnerability in J-Web of Juniper Networks Junos OS allows an unauthenticated attacker to elevate their privileges over the target system through opportunistic use of an authenticated users session. This issue affects: Juniper Networks Junos OS 12.3 versions prior to 12.3R12-S17; 17.3 versions prior to 17.3R3-S10; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R1-S6, 19.1R2-S2, 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3, 19.2R3-S1; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. | |||||
| CVE-2020-9849 | 1 Apple | 6 Icloud, Ipados, Itunes and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.0, iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0. A remote attacker may be able to leak memory. | |||||
| CVE-2020-9525 | 1 Cs2-network | 1 P2p | 2024-11-21 | 6.8 MEDIUM | 8.1 HIGH |
| CS2 Network P2P through 3.x, as used in millions of Internet of Things devices, suffers from an authentication flaw that allows remote attackers to perform a man-in-the-middle attack, as demonstrated by eavesdropping on user video/audio streams, capturing credentials, and compromising devices. | |||||
| CVE-2020-9387 | 1 Mahara | 1 Mahara | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
| In Mahara 19.04 before 19.04.5 and 19.10 before 19.10.3, account details are shared in the Elasticsearch results for accounts that are not accessible when the config setting 'Isolated institutions' is turned on. | |||||
| CVE-2020-9386 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, file metadata information is disclosed to group members in the Elasticsearch result list despite them not having access to that artefact anymore. | |||||
| CVE-2020-9337 | 1 Golfbuddyglobal | 1 Course Manager | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In GolfBuddy Course Manager 1.1, passwords are sent (with base64 encoding) via a GET request. | |||||
| CVE-2020-9282 | 1 Mahara | 1 Mahara | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Mahara 18.10 before 18.10.5, 19.04 before 19.04.4, and 19.10 before 19.10.2, certain personal information is discoverable inspecting network responses on the 'Edit access' screen when sharing portfolios. | |||||
| CVE-2020-9043 | 1 Wpcentral | 1 Wpcentral | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. | |||||
| CVE-2020-8975 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2024-11-21 | N/A | 7.5 HIGH |
| ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system. | |||||
| CVE-2020-8832 | 2 Canonical, Netapp | 60 Ubuntu Linux, Aff 8300, Aff 8300 Firmware and 57 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The fix for the Linux kernel in Ubuntu 18.04 LTS for CVE-2019-14615 ("The Linux kernel did not properly clear data structures on context switches for certain Intel graphics processors.") was discovered to be incomplete, meaning that in versions of the kernel before 4.15.0-91.92, an attacker could use this vulnerability to expose sensitive information. | |||||
| CVE-2020-8232 | 1 Ui | 12 Edgeswitch Firmware, Ep-16-xg, Ep-s16 and 9 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed read only users could obtain unauthorized information through SNMP community pages. | |||||
| CVE-2020-8169 | 4 Debian, Haxx, Siemens and 1 more | 6 Debian Linux, Curl, Simatic Tim 1531 Irc and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |||||
| CVE-2020-7944 | 1 Puppet | 1 Continuous Delivery | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report. | |||||
| CVE-2020-7932 | 1 Openmicroscopy | 1 Omero.web | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed. | |||||
| CVE-2020-7801 | 1 Mysyngeryss | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) vulnerability. The affected product is vulnerable to information exposure over the SNMP protocol. This is a different issue than CVE-2019-16879, CVE-2019-20045, CVE-2019-20046, CVE-2020-7800, and CVE-2020-7802. | |||||
| CVE-2020-7696 | 1 React-native-fast-image Project | 1 React-native-fast-image | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| This affects all versions of package react-native-fast-image. When an image with source={{uri: "...", headers: { host: "somehost.com", authorization: "..." }} is loaded, all other subsequent images will use the same headers, this can lead to signing credentials or other session tokens being leaked to other servers. | |||||
| CVE-2020-7568 | 1 Schneider-electric | 2 Modicon M221, Modicon M221 Firmware | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modicon M221 (all references, all versions) that could allow non sensitive information disclosure when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. | |||||
| CVE-2020-7510 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow attacker to obtain private keys. | |||||