Total
139 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8975 | 1 Zigor | 2 Zgr Tps200 Ng, Zgr Tps200 Ng Firmware | 2024-11-21 | 7.5 High |
| ZGR TPS200 NG in its 2.00 firmware version and 1.01 hardware version, allows a remote attacker with access to the web application and knowledge of the routes (URIs) used by the application, to access sensitive information about the system. | ||||
| CVE-2020-5364 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | 5.3 Medium |
| Dell EMC Isilon OneFS versions 8.2.2 and earlier contain an SNMPv2 vulnerability. The SNMPv2 services is enabled, by default, with a pre-configured community string. This community string allows read-only access to many aspects of the Isilon cluster, some of which are considered sensitive and can foster additional access. | ||||
| CVE-2020-27784 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in the Linux kernel, where accessing a deallocated instance in printer_ioctl() printer_ioctl() tries to access of a printer_dev instance. However, use-after-free arises because it had been freed by gprinter_free(). | ||||
| CVE-2020-27748 | 1 Freedesktop | 1 Xdg-utils | 2024-11-21 | 6.5 Medium |
| A flaw was found in the xdg-email component of xdg-utils-1.1.0-rc1 and newer. When handling mailto: URIs, xdg-email allows attachments to be discreetly added via the URI when being passed to Thunderbird. An attacker could potentially send a victim a URI that automatically attaches a sensitive file to a new email. If a victim user does not notice that an attachment was added and sends the email, this could result in sensitive information disclosure. It has been confirmed that the code behind this issue is in xdg-email and not in Thunderbird. | ||||
| CVE-2020-27134 | 1 Cisco | 2 Jabber, Jabber For Mobile Platforms | 2024-11-21 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-27133 | 1 Cisco | 2 Jabber, Jabber For Mobile Platforms | 2024-11-21 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-27132 | 1 Cisco | 2 Jabber, Jabber For Mobile Platforms | 2024-11-21 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-27127 | 1 Cisco | 2 Jabber, Jabber For Mobile Platforms | 2024-11-21 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-26085 | 1 Cisco | 1 Jabber | 2024-11-21 | 9.9 Critical |
| Multiple vulnerabilities in Cisco Jabber for Windows, Jabber for MacOS, and Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system (OS) with elevated privileges or gain access to sensitive information. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-25703 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.3 Medium |
| The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. This is fixed in moodle 3.9.3, 3.8.6, 3.7.9, and 3.10. | ||||
| CVE-2020-1774 | 2 Debian, Otrs | 2 Debian Linux, Otrs | 2024-11-21 | 4.5 Medium |
| When user downloads PGP or S/MIME keys/certificates, exported file has same name for private and public keys. Therefore it's possible to mix them and to send private key to the third-party instead of public key. This issue affects ((OTRS)) Community Edition: 5.0.42 and prior versions, 6.0.27 and prior versions. OTRS: 7.0.16 and prior versions. | ||||
| CVE-2020-1770 | 3 Debian, Opensuse, Otrs | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 2.4 Low |
| Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior versions. OTRS: 7.0.15 and prior versions. | ||||
| CVE-2020-14514 | 1 Nmfc | 1 Power Line Communications | 2024-11-21 | 4.3 Medium |
| All trailer Power Line Communications are affected. PLC bus traffic can be sniffed reliably via an active antenna up to 6 feet away. Further distances are also possible, subject to environmental conditions and receiver improvements. | ||||
| CVE-2020-13597 | 1 Projectcalico | 1 Calico | 2024-11-21 | 6 Medium |
| Clusters using Calico (version 3.14.0 and below), Calico Enterprise (version 2.8.2 and below), may be vulnerable to information disclosure if IPv6 is enabled but unused. A compromised pod with sufficient privilege is able to reconfigure the node’s IPv6 interface due to the node accepting route advertisement by default, allowing the attacker to redirect full or partial network traffic from the node to the compromised pod. | ||||
| CVE-2020-12352 | 3 Bluez, Linux, Redhat | 8 Bluez, Linux Kernel, Enterprise Linux and 5 more | 2024-11-21 | 6.5 Medium |
| Improper access control in BlueZ may allow an unauthenticated user to potentially enable information disclosure via adjacent access. | ||||
| CVE-2020-11879 | 1 Gnome | 1 Evolution | 2024-11-21 | 6.5 Medium |
| An issue was discovered in GNOME Evolution before 3.35.91. By using the proprietary (non-RFC6068) "mailto?attach=..." parameter, a website (or other source of mailto links) can make Evolution attach local files or directories to a composed email message without showing a warning to the user, as demonstrated by an attach=. value. | ||||
| CVE-2019-15580 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 6.5 Medium |
| An information exposure vulnerability exists in gitlab.com <v12.3.2, <v12.2.6, and <v12.1.10 when using the blocking merge request feature, it was possible for an unauthenticated user to see the head pipeline data of a public project even though pipeline visibility was restricted. | ||||
| CVE-2019-14849 | 1 Redhat | 2 3scale, 3scale Amp | 2024-11-21 | 5.4 Medium |
| A vulnerability was found in 3scale before version 2.6, did not set the HTTPOnly attribute on the user session cookie. An attacker could use this to conduct cross site scripting attacks and gain access to unauthorized information. | ||||
| CVE-2018-8292 | 2 Microsoft, Redhat | 3 Asp.net Core, Powershell Core, Rhel Dotnet | 2024-11-21 | N/A |
| An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0. | ||||
| CVE-2018-3139 | 5 Canonical, Debian, Hp and 2 more | 17 Ubuntu Linux, Debian Linux, Xp7 Command View and 14 more | 2024-11-21 | 3.1 Low |
| Vulnerability in the Java SE, Java SE Embedded component of Oracle Java SE (subcomponent: Networking). Supported versions that are affected are Java SE: 6u201, 7u191, 8u182 and 11; Java SE Embedded: 8u181. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets (in Java SE 8), that load and run untrusted code (e.g. code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g. code installed by an administrator). CVSS 3.0 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). | ||||