Total
401 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25636 | 1 Redhat | 1 Ansible | 2024-11-21 | 3.6 LOW | 6.6 MEDIUM |
| A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace separation for file transfers. Files are written directly to the root bucket, making possible to have collisions when running multiple ansible processes. This issue affects mainly the service availability. | |||||
| CVE-2020-25351 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vulnerability allowed remote authenticated attackers to read files on the system via a crafted request sent to to the /lib/crud/configcompare.crud.php script. | |||||
| CVE-2020-22124 | 1 Joyplus-cms Project | 1 Joyplus-cms | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access sensitive information. | |||||
| CVE-2020-1908 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
| Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of Siri to interact with the WhatsApp application even after the phone was locked. | |||||
| CVE-2020-1726 | 2 Libpod Project, Redhat | 3 Libpod, Enterprise Linux, Openshift Container Platform | 2024-11-21 | 5.8 MEDIUM | 5.9 MEDIUM |
| A flaw was discovered in Podman where it incorrectly allows containers when created to overwrite existing files in volumes, even if they are mounted as read-only. When a user runs a malicious container or a container based on a malicious image with an attached volume that is used for the first time, it is possible to trigger the flaw and overwrite files in the volume.This issue was introduced in version 1.6.0. | |||||
| CVE-2020-15224 | 1 Openenclave | 1 Openenclave | 2024-11-21 | 2.7 LOW | 6.8 MEDIUM |
| In Open Enclave before version 0.12.0, an information disclosure vulnerability exists when an enclave application using the syscalls provided by the sockets.edl is loaded by a malicious host application. An attacker who successfully exploited the vulnerability could read privileged data from the enclave heap across trust boundaries. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would not allow an attacker to elevate user rights directly, but it could be used to obtain information otherwise considered confidential in an enclave, which could be used in further compromises. The issue has been addressed in version 0.12.0 and the current master branch. Users will need to to recompile their applications against the patched libraries to be protected from this vulnerability. | |||||
| CVE-2020-15175 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 6.4 MEDIUM | 7.4 HIGH |
| In GLPI before version 9.5.2, the `pluginimage.send.php` endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folders contained in “/files/”. Some of the sensitive information that is compromised are the user sessions, logs, and more. An attacker would be able to get the Administrators session token and use that to authenticate. The issue is patched in version 9.5.2. | |||||
| CVE-2020-13953 | 1 Apache | 1 Tapestry | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run. | |||||
| CVE-2020-12743 | 1 Gazie Project | 1 Gazie | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hidden_req POST parameter. | |||||
| CVE-2020-12470 | 1 Mono | 1 Monox | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. | |||||
| CVE-2020-11976 | 1 Apache | 2 Fortress, Wicket | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5 | |||||
| CVE-2020-11642 | 1 Br-automation | 1 Sitemanager | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows authenticated users to impact availability of SiteManager instances. | |||||
| CVE-2020-11641 | 1 Br-automation | 1 Sitemanager | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
| A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows authenticated users to read sensitive files from SiteManager instances. | |||||
| CVE-2020-11469 | 1 Zoom | 1 Meetings | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Zoom Client for Meetings through 4.6.8 on macOS copies runwithroot to a user-writable temporary directory during installation, which allows a local process (with the user's privileges) to obtain root access by replacing runwithroot. | |||||
| CVE-2020-10516 | 1 Github | 1 Github | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2020-10105 | 1 Zammad | 1 Zammad | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Zammad 3.0 through 3.2. It returns source code of static resources when submitting an OPTIONS request, rather than a GET request. Disclosure of source code allows for an attacker to formulate more precise attacks. Source code was disclosed for the file 404.html (/zammad/public/404.html) | |||||
| CVE-2019-7306 | 2 Byobu, Canonical | 2 Byobu, Ubuntu Linux | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| Byobu Apport hook may disclose sensitive information since it automatically uploads the local user's .screenrc which may contain private hostnames, usernames and passwords. This issue affects: byobu | |||||
| CVE-2019-7305 | 3 Canonical, Debian, Extplorer | 3 Ubuntu Linux, Debian Linux, Extplorer | 2024-11-21 | 7.5 HIGH | 5.8 MEDIUM |
| Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system directories world-accessible over HTTP. Introduced in the Makefile patch file debian/patches/debian-changes-2.1.0b6+dfsg-1 or debian/patches/adds-a-makefile.patch, this can lead to data leakage, information disclosure and potentially remote code execution on the web server. This issue affects all versions of eXtplorer in Ubuntu and Debian | |||||
| CVE-2019-4398 | 1 Ibm | 2 Cloud Orchestrator, Cloud Orchestrator Enterprise | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 could allow a local user to obtain sensitive information from SessionManagement cookies. IBM X-Force ID: 162259. | |||||
| CVE-2019-3897 | 1 Redhat | 2 Certification, Enterprise Linux | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue. | |||||