Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25195 | 1 Hosteng | 6 H0-ecom100, H0-ecom100 Firmware, H2-ecom100 and 3 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules are verified only on the client side when receiving input from the configuration web server, which may allow an attacker to bypass the check and send input to crash the device. | |||||
| CVE-2020-25151 | 1 Nexcom | 2 Nio 50, Nio 50 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). | |||||
| CVE-2020-25097 | 4 Debian, Fedoraproject, Netapp and 1 more | 4 Debian Linux, Fedora, Cloud Manager and 1 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. | |||||
| CVE-2020-25063 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020). | |||||
| CVE-2020-25059 | 1 Google | 1 Android | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020). | |||||
| CVE-2020-24940 | 1 Laravel | 1 Laravel | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. | |||||
| CVE-2020-24807 | 1 Socket.io-file Project | 1 Socket.io-file | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2020-24692 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | |||||
| CVE-2020-24679 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 10.0 HIGH | 7.5 HIGH |
| A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. | |||||
| CVE-2020-24672 | 1 Abb | 1 Base Software | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . | |||||
| CVE-2020-24649 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-24647 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | |||||
| CVE-2020-24615 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | |||||
| CVE-2020-24593 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. | |||||
| CVE-2020-24505 | 1 Intel | 33 Ethernet Network Adapter 700 Firmware, Ethernet Network Adapter V710-at2, Ethernet Network Adapter X710-am2 and 30 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers before version 7.3 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-24502 | 1 Intel | 10 Ethernet Network Adapter E810-cqda1, Ethernet Network Adapter E810-cqda1 For Ocp, Ethernet Network Adapter E810-cqda1 For Ocp 3.0 and 7 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.0.4 and before version 1.4.29.0 for Windows*, may allow an authenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2020-24496 | 1 Intel | 4 Ethernet Network Adapter X722-da2, Ethernet Network Adapter X722-da2 Firmware, Ethernet Network Adapter X722-da4 and 1 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1.4.3 may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-24491 | 1 Intel | 3 Core I3, Core I5, Core I7 | 2024-11-21 | 1.9 LOW | 4.4 MEDIUM |
| Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Processors supporting SGX may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-24486 | 3 Intel, Netapp, Siemens | 548 Bios, Core I3-l13g4, Core I5-l16g7 and 545 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-24453 | 1 Intel | 1 Epid Software Development Kit | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user to potentially enable an escalation of privilege via local access. | |||||