Total
35017 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35552 | 1 Google | 1 Android | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the GPS daemon on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (non-Qualcomm chipsets) software. Attackers can obtain sensitive location information because the configuration file is incorrect. The Samsung ID is SVE-2020-18678 (December 2020). | ||||
| CVE-2020-35550 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020). | ||||
| CVE-2020-35549 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). | ||||
| CVE-2020-35548 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered in Finder on Samsung mobile devices with Q(10.0) software. A call to a non-existent provider allows attackers to cause a denial of service. The Samsung ID is SVE-2020-18629 (December 2020). | ||||
| CVE-2020-35547 | 1 Mitel | 1 Micollab | 2024-11-21 | 9.1 Critical |
| A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an unauthenticated attacker to gain access (view and modify) to user data. | ||||
| CVE-2020-35471 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 High |
| Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. | ||||
| CVE-2020-35470 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 8.8 High |
| Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters). | ||||
| CVE-2020-35453 | 1 Hashicorp | 1 Vault | 2024-11-21 | 5.3 Medium |
| HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1. | ||||
| CVE-2020-35388 | 1 Rockoa | 1 Xinhu | 2024-11-21 | 7.5 High |
| rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. | ||||
| CVE-2020-35381 | 3 Fedoraproject, Jsonparser Project, Redhat | 3 Fedora, Jsonparser, Acm | 2024-11-21 | 7.5 High |
| jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. | ||||
| CVE-2020-35380 | 1 Gjson Project | 1 Gjson | 2024-11-21 | 7.5 High |
| GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. | ||||
| CVE-2020-35364 | 1 Huorong | 1 Internet Security | 2024-11-21 | 9.8 Critical |
| Beijing Huorong Internet Security 5.0.55.2 allows a non-admin user to escalate privileges by injecting code into a process, and then waiting for a Huorong services restart or a system reboot. | ||||
| CVE-2020-35308 | 1 Conquest Dicom Server Project | 1 Conquest Dicom Server | 2024-11-21 | 9.8 Critical |
| CONQUEST DICOM SERVER before 1.5.0 has a code execution vulnerability which can be exploited by attackers to execute malicious code. | ||||
| CVE-2020-35236 | 1 Amazee | 1 Lagoon | 2024-11-21 | 5.3 Medium |
| The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control associated with project deletion. | ||||
| CVE-2020-35235 | 1 Themexa | 1 Secure File Manager | 2024-11-21 | 8.8 High |
| vendor/elfinder/php/connector.minimal.php in the secure-file-manager plugin through 2.5 for WordPress loads elFinder code without proper access control. Thus, any authenticated user can run the elFinder upload command to achieve remote code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35214 | 1 Atomix | 1 Atomix | 2024-11-21 | 8.1 High |
| An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations. | ||||
| CVE-2020-35211 | 1 Atomix | 1 Atomix | 2024-11-21 | 7.5 High |
| An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext. | ||||
| CVE-2020-35209 | 1 Atomix | 1 Atomix | 2024-11-21 | 7.5 High |
| An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. | ||||
| CVE-2020-35175 | 1 Frappe | 1 Frappe | 2024-11-21 | 5.3 Medium |
| Frappe Framework 12 and 13 does not properly validate the HTTP method for the frappe.client API. | ||||
| CVE-2020-35173 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2024-11-21 | 9.8 Critical |
| The Amaze File Manager application before 3.4.2 for Android does not properly restrict intents for controlling the FTP server (aka services.ftpservice.FTPReceiver.ACTION_START_FTPSERVER and services.ftpservice.FTPReceiver.ACTION_STOP_FTPSERVER). | ||||