Total
1261 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6476 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in tab strip in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. | |||||
| CVE-2020-6471 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-6469 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Insufficient policy enforcement in developer tools in Google Chrome prior to 83.0.4103.61 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a crafted Chrome Extension. | |||||
| CVE-2020-6456 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient validation of untrusted input in clipboard in Google Chrome prior to 81.0.4044.92 allowed a local attacker to bypass site isolation via crafted clipboard contents. | |||||
| CVE-2020-6446 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6445 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Insufficient policy enforcement in trusted types in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass content security policy via a crafted HTML page. | |||||
| CVE-2020-6441 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in omnibox in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | |||||
| CVE-2020-6439 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Insufficient policy enforcement in navigations in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to bypass security UI via a crafted HTML page. | |||||
| CVE-2020-6431 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Insufficient policy enforcement in full screen in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to spoof security UI via a crafted HTML page. | |||||
| CVE-2020-6166 | 1 Webfactoryltd | 1 Minimal Coming Soon \& Maintenance Mode | 2024-11-21 | 5.5 MEDIUM | 5.4 MEDIUM |
| A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes. | |||||
| CVE-2020-6165 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| SilverStripe 4.5.0 allows attackers to read certain records that should not have been placed into a result set. This affects silverstripe/recipe-cms. The automatic permission-checking mechanism in the silverstripe/graphql module does not provide complete protection against lists that are limited (e.g., through pagination), resulting in records that should have failed a permission check being added to the final result set. GraphQL endpoints are configured by default (e.g., for assets), but the admin/graphql endpoint is access protected by default. This limits the vulnerability to all authenticated users, including those with limited permissions (e.g., where viewing records exposed through admin/graphql requires administrator permissions). However, if custom GraphQL endpoints have been configured for a specific implementation (usually under /graphql), this vulnerability could also be exploited through unauthenticated requests. This vulnerability only applies to reading records; it does not allow unauthorised changing of records. | |||||
| CVE-2020-5974 | 1 Nvidia | 1 Jetpack Software Development Kit | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA JetPack SDK, version 4.2 and 4.3, contains a vulnerability in its installation scripts in which permissions are incorrectly set on certain directories, which can lead to escalation of privileges. | |||||
| CVE-2020-5906 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP. | |||||
| CVE-2020-5896 | 1 F5 | 2 Big-ip Access Policy Manager, Big-ip Access Policy Manager Client | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| On versions 7.1.5-7.1.9, the BIG-IP Edge Client's Windows Installer Service's temporary folder has weak file and folder permissions. | |||||
| CVE-2020-5798 | 1 Druva | 1 Insync | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions. | |||||
| CVE-2020-5551 | 1 Toyota | 1 Display Control Unit | 2024-11-21 | 5.4 MEDIUM | 8.8 HIGH |
| Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected. | |||||
| CVE-2020-5355 | 1 Dell | 1 Emc Isilon Onefs | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Dell Isilon OneFS versions 8.2.2 and earlier SSHD process improperly allows Transmission Control Protocol (TCP) and stream forwarding. This provides the remotesupport user and users with restricted shells more access than is intended. | |||||
| CVE-2020-5353 | 1 Dell | 2 Emc Isilon Onefs, Emc Powerscale Onefs | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| The Dell Isilon OneFS versions 8.2.2 and earlier and Dell EMC PowerScale OneFS version 9.0.0 default configuration for Network File System (NFS) allows access to an 'admin' home directory. An attacker may leverage a spoofed Unique Identifier (UID) over NFS to rewrite sensitive files to gain administrative access to the system. | |||||
| CVE-2020-5342 | 1 Dell | 1 Digital Delivery | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Dell Digital Delivery versions prior to 3.5.2015 contain an incorrect default permissions vulnerability. A locally authenticated low-privileged malicious user could exploit this vulnerability to run an arbitrary executable with administrative privileges on the affected system. | |||||
| CVE-2020-5231 | 1 Apereo | 1 Opencast | 2024-11-21 | 4.0 MEDIUM | 4.8 MEDIUM |
| In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not including the role ROLE_ADMIN. ROLE_COURSE_ADMIN is a non-standard role in Opencast which is referenced neither in the documentation nor in any code (except for tests) but only in the security configuration. From the name – implying an admin for a specific course – users would never expect that this role allows user creation. This issue is fixed in 7.6 and 8.1 which both ship a new default security configuration. | |||||