Total
5095 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23489 | 1 Wwbn | 1 Avideo | 2024-11-21 | 8.8 High |
| The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin. | ||||
| CVE-2020-22176 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 7.5 High |
| PHPGurukul Hospital Management System in PHP v4.0 has a sensitive information disclosure vulnerability in multiple areas. Remote unauthenticated users can exploit the vulnerability to obtain user sensitive information. | ||||
| CVE-2020-20698 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.2 High |
| A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file. | ||||
| CVE-2020-20444 | 1 Openclinic Project | 1 Openclinic | 2024-11-21 | 7.2 High |
| Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability . | ||||
| CVE-2020-1996 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.3 Medium |
| A missing authorization vulnerability in the management server component of PAN-OS Panorama allows a remote unauthenticated user to inject messages into the management server ms.log file. This vulnerability can be leveraged to obfuscate an ongoing attack or fabricate log entries in the ms.log file This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.9. | ||||
| CVE-2020-1963 | 1 Apache | 1 Ignite | 2024-11-21 | 9.1 Critical |
| Apache Ignite uses H2 database to build SQL distributed execution engine. H2 provides SQL functions which could be used by attacker to access to a filesystem. | ||||
| CVE-2020-1720 | 2 Postgresql, Redhat | 8 Postgresql, Decision Manager, Enterprise Linux and 5 more | 2024-11-21 | 3.1 Low |
| A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption. This issue affects PostgreSQL versions before 12.2, before 11.7, before 10.12 and before 9.6.17. | ||||
| CVE-2020-19890 | 1 Dbhcms Project | 1 Dbhcms | 2024-11-21 | 4.9 Medium |
| DBHcms v1.2.0 has an Arbitrary file read vulnerability in dbhcms\mod\mod.editor.php $_GET['file'] is filename,and as there is no filter function for security, you can read any file's content. | ||||
| CVE-2020-19038 | 1 Halo | 1 Halo | 2024-11-21 | 9.1 Critical |
| File Deletion vulnerability in Halo 0.4.3 via delBackup. | ||||
| CVE-2020-18888 | 1 Puppycms | 1 Puppycms | 2024-11-21 | 7.5 High |
| Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php. | ||||
| CVE-2020-18757 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2024-11-21 | 7.5 High |
| An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet. | ||||
| CVE-2020-18753 | 1 Dcce | 2 Mac1100 Plc, Mac1100 Plc Firmware | 2024-11-21 | 9.8 Critical |
| An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet. | ||||
| CVE-2020-16260 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.5 High |
| Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation. | ||||
| CVE-2020-16029 | 1 Google | 1 Chrome | 2024-11-21 | 8.8 High |
| Inappropriate implementation in PDFium in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. | ||||
| CVE-2020-16027 | 1 Google | 1 Chrome | 2024-11-21 | 6.5 Medium |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information from the user's disk via a crafted Chrome Extension. | ||||
| CVE-2020-15943 | 1 Gantt-chart Project | 1 Gantt-chart | 2024-11-21 | 8.1 High |
| An issue was discovered in the Gantt-Chart module before 5.5.4 for Jira. Due to a missing privilege check, it is possible to read and write to the module configuration of other users. This can also be used to deliver an XSS payload to other users' dashboards. To exploit this vulnerability, an attacker has to be authenticated. | ||||
| CVE-2020-15780 | 4 Canonical, Linux, Opensuse and 1 more | 6 Ubuntu Linux, Linux Kernel, Leap and 3 more | 2024-11-21 | 6.7 Medium |
| An issue was discovered in drivers/acpi/acpi_configfs.c in the Linux kernel before 5.7.7. Injection of malicious ACPI tables via configfs could be used by attackers to bypass lockdown and secure boot restrictions, aka CID-75b0cea7bf30. | ||||
| CVE-2020-15518 | 1 Veeam | 2 Veeam Availability Suite, Veeam Backup \& Replication | 2024-11-21 | 8.8 High |
| VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | ||||
| CVE-2020-15412 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 Medium |
| An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form. | ||||
| CVE-2020-15360 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 7.8 High |
| com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | ||||