Total
9151 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-28368 | 3 Debian, Fedoraproject, Xen | 3 Debian Linux, Fedora, Xen | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys from outside the guest) via a side-channel attack on a power/energy monitoring interface, aka a "Platypus" attack. NOTE: there is only one logically independent fix: to change the access control for each such interface in Xen. | |||||
| CVE-2020-28243 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | |||||
| CVE-2020-28242 | 4 Asterisk, Debian, Fedoraproject and 1 more | 4 Certified Asterisk, Debian Linux, Fedora and 1 more | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x before 17.8.1, and 18.x before 18.0.1 and Certified Asterisk before 16.8-cert5. If Asterisk is challenged on an outbound INVITE and the nonce is changed in each response, Asterisk will continually send INVITEs in a loop. This causes Asterisk to consume more and more memory since the transaction will never terminate (even if the call is hung up), ultimately leading to a restart or shutdown of Asterisk. Outbound authentication must be configured on the endpoint for this to occur. | |||||
| CVE-2020-28241 | 3 Debian, Fedoraproject, Maxmind | 3 Debian Linux, Fedora, Libmaxminddb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. | |||||
| CVE-2020-28169 | 3 Debian, Microsoft, Td-agent-builder Project | 3 Debian Linux, Windows, Td-agent-builder | 2024-11-21 | 6.9 MEDIUM | 7.0 HIGH |
| The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM. | |||||
| CVE-2020-28049 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 3.3 LOW | 6.3 MEDIUM |
| An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - for a short time period - allows local unprivileged users to create a connection to the X server without providing proper authentication. A local attacker can thus access X server display contents and, for example, intercept keystrokes or access the clipboard. This is caused by a race condition during Xauthority file creation. | |||||
| CVE-2020-28040 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | |||||
| CVE-2020-28039 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | |||||
| CVE-2020-28038 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.5.2 allows stored XSS via post slugs. | |||||
| CVE-2020-28037 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | |||||
| CVE-2020-28036 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | |||||
| CVE-2020-28035 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | |||||
| CVE-2020-28034 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WordPress before 5.5.2 allows XSS associated with global variables. | |||||
| CVE-2020-28033 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | |||||
| CVE-2020-28032 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | |||||
| CVE-2020-28030 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | |||||
| CVE-2020-27918 | 4 Apple, Debian, Fedoraproject and 1 more | 11 Icloud, Ipados, Iphone Os and 8 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes 12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-27845 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Outside In Technology and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| There's a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg's conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability. | |||||
| CVE-2020-27844 | 3 Debian, Oracle, Uclouvain | 3 Debian Linux, Outside In Technology, Openjpeg | 2024-11-21 | 8.3 HIGH | 7.8 HIGH |
| A flaw was found in openjpeg's src/lib/openjp2/t2.c in versions prior to 2.4.0. This flaw allows an attacker to provide crafted input to openjpeg during conversion and encoding, causing an out-of-bounds write. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-27843 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Outside In Technology and 1 more | 2024-11-21 | 7.1 HIGH | 5.5 MEDIUM |
| A flaw was found in OpenJPEG in versions prior to 2.4.0. This flaw allows an attacker to provide specially crafted input to the conversion or encoding functionality, causing an out-of-bounds read. The highest threat from this vulnerability is system availability. | |||||