Total
29681 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26268 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.4 Medium |
| In affected versions of TensorFlow the tf.raw_ops.ImmutableConst operation returns a constant tensor created from a memory mapped file which is assumed immutable. However, if the type of the tensor is not an integral type, the operation crashes the Python interpreter as it tries to write to the memory area. If the file is too small, TensorFlow properly returns an error as the memory area has fewer bytes than what is needed for the tensor it creates. However, as soon as there are enough bytes, the above snippet causes a segmentation fault. This is because the allocator used to return the buffer data is not marked as returning an opaque handle since the needed virtual method is not overridden. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | ||||
| CVE-2020-26163 | 1 Bigbluebutton | 1 Greenlight | 2024-11-21 | 8.8 High |
| BigBlueButton Greenlight before 2.5.6 allows HTTP header (Host and Origin) attacks, which can result in Account Takeover if a victim follows a spoofed password-reset link. | ||||
| CVE-2020-26147 | 5 Arista, Debian, Linux and 2 more | 15 C-65, C-65 Firmware, C-75 and 12 more | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Linux kernel 5.8.9. The WEP, WPA, WPA2, and WPA3 implementations reassemble fragments even though some of them were sent in plaintext. This vulnerability can be abused to inject packets and/or exfiltrate selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. | ||||
| CVE-2020-26109 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). | ||||
| CVE-2020-26108 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.8 Critical |
| cPanel before 88.0.13 mishandles file-extension dispatching, leading to code execution (SEC-488). | ||||
| CVE-2020-26100 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 9.8 Critical |
| chsh in cPanel before 88.0.3 allows a Jailshell escape (SEC-497). | ||||
| CVE-2020-26099 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). | ||||
| CVE-2020-25779 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 3.3 Low |
| Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domain Name homograph attack (Puny-code) could be used to add a malicious website to the approved websites list of Trend Micro Antivirus for Mac to bypass the web threat protection feature. | ||||
| CVE-2020-25716 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-11-21 | 8.1 High |
| A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected | ||||
| CVE-2020-25673 | 3 Fedoraproject, Linux, Netapp | 22 Fedora, Linux Kernel, Active Iq Unified Manager and 19 more | 2024-11-21 | 5.5 Medium |
| A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to leak and eventually hanging-up the system. | ||||
| CVE-2020-25659 | 3 Cryptography.io, Oracle, Redhat | 5 Cryptography, Communications Cloud Native Core Network Function Cloud Native Environment, Enterprise Linux and 2 more | 2024-11-21 | 5.9 Medium |
| python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | ||||
| CVE-2020-25657 | 3 Fedoraproject, M2crypto Project, Redhat | 5 Fedora, M2crypto, Enterprise Linux and 2 more | 2024-11-21 | 5.9 Medium |
| A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-25654 | 3 Clusterlabs, Debian, Redhat | 4 Pacemaker, Debian Linux, Enterprise Linux and 1 more | 2024-11-21 | 7.2 High |
| An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. | ||||
| CVE-2020-25619 | 1 Solarwinds | 1 N-central | 2024-11-21 | 4.4 Medium |
| An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the Communication Channel to Intended Endpoints. An attacker can leverage an SSH feature (port forwarding with a temporary key pair) to access network services on the 127.0.0.1 interface, even though this feature was only intended for user-to-agent communication. | ||||
| CVE-2020-25473 | 1 Newsscriptphp | 1 News Script Php Pro | 2024-11-21 | 6.5 Medium |
| SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookies. | ||||
| CVE-2020-25463 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25461 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25214 | 1 Overwolf | 1 Overwolf | 2024-11-21 | 8.1 High |
| In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is not an endpoint. | ||||
| CVE-2020-25204 | 1 Innogames | 1 God Kings | 2024-11-21 | 5.5 Medium |
| The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.innogames.core.frontend.notifications.receivers.LocalNotificationBroadcastReceiver. The purpose of this broadcast receiver is to show an in-game push notification to the player. However, the application does not enforce any authorization schema on the broadcast receiver, allowing any application to send fully customizable in-game push notifications. | ||||
| CVE-2020-25203 | 1 Framer | 1 Framer Preview | 2024-11-21 | 5.5 Medium |
| The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other applications. By calling the intent with the action set to android.intent.action.VIEW, any other application is able to load any website/web content into the application's context, which is shown as a full-screen overlay to the user. | ||||