Export limit exceeded: 345124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75910 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9049 | 1 Johnsoncontrols | 2 C-cure Web, Victor Web | 2024-11-21 | 7.1 High |
| A vulnerability in specified versions of American Dynamics victor Web Client and Software House C•CURE Web Client could allow an unauthenticated attacker on the network to create and sign their own JSON Web Token and use it to execute an HTTP API Method without the need for valid authentication/authorization. Under certain circumstances, this could be used by an attacker to impact system availability by conducting a Denial of Service attack. | ||||
| CVE-2020-9048 | 2 Johnsoncontrols, Tyco | 2 Victor Web Client, C-cure Web Client | 2024-11-21 | 7.1 High |
| A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducting a Denial of Service attack. | ||||
| CVE-2020-9046 | 1 Johnsoncontrols | 1 Kantech Entrapass | 2024-11-21 | 8.8 High |
| A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files. | ||||
| CVE-2020-9044 | 1 Johnsoncontrols | 20 Metasys Application And Data Server, Metasys Extended Application And Data Server, Metasys Lonworks Control Server and 17 more | 2024-11-21 | 7.5 High |
| XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 and prior; Metasys Extended Application and Data Server (ADX) versions 10.1 and prior; Metasys Open Data Server (ODS) versions 10.1 and prior; Metasys Open Application Server (OAS) version 10.1; Metasys Network Automation Engine (NAE55 only) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys Network Integration Engine (NIE55/NIE59) versions 9.0.1, 9.0.2, 9.0.3, 9.0.5, 9.0.6; Metasys NAE85 and NIE85 versions 10.1 and prior; Metasys LonWorks Control Server (LCS) versions 10.1 and prior; Metasys System Configuration Tool (SCT) versions 13.2 and prior; Metasys Smoke Control Network Automation Engine (NAE55, UL 864 UUKL/ORD-C100-13 UUKLC 10th Edition Listed) version 8.1. | ||||
| CVE-2020-9043 | 1 Wpcentral | 1 Wpcentral | 2024-11-21 | 8.8 High |
| The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key. | ||||
| CVE-2020-9042 | 1 Couchbase | 1 Couchbase Server | 2024-11-21 | 8.8 High |
| In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request. | ||||
| CVE-2020-9041 | 1 Couchbase | 2 Couchbase Server, Sync Gateway | 2024-11-21 | 7.5 High |
| In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connections. | ||||
| CVE-2020-9040 | 1 Couchbase | 1 Couchbase Server Java Sdk | 2024-11-21 | 7.5 High |
| Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty component due to missing hostname verification. | ||||
| CVE-2020-9034 | 1 Microchip | 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more | 2024-11-21 | 7.5 High |
| Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users. | ||||
| CVE-2020-9017 | 1 Litecart | 1 Litecart | 2024-11-21 | 8.0 High |
| LiteCart through 2.2.1 allows CSV injection via a customer's profile. | ||||
| CVE-2020-9005 | 1 Valvesoftware | 1 Dota 2 | 2024-11-21 | 7.8 High |
| meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled. | ||||
| CVE-2020-9004 | 1 Wowza | 1 Streaming Engine | 2024-11-21 | 8.8 High |
| A remote authenticated authorization-bypass vulnerability in Wowza Streaming Engine 4.8.0 and earlier allows any read-only user to issue requests to the administration panel in order to change functionality. For example, a read-only user may activate the Java JMX port in unauthenticated mode and execute OS commands under root privileges. This issue was resolved in Wowza Streaming Engine 4.8.5. | ||||
| CVE-2020-9002 | 1 Iportalis | 1 Iportalis Control Portal | 2024-11-21 | 7.5 High |
| An issue was discovered in iPortalis iCS 7.1.13.0. An attacker can gain privileges by intercepting a request and changing UserRoleKey=COMPANY_ADMIN to UserRoleKey=DOMAIN_ADMIN (to achieve Domain Administrator access). | ||||
| CVE-2020-9000 | 1 Iportalis | 1 Iportalis Control Portal | 2024-11-21 | 7.5 High |
| An issue was discovered in iPortalis iCS 7.1.13.0. Attackers can send a sequence of requests to rapidly cause .NET Input Validation errors. This increases the size of the log file on the remote server until memory is exhausted, therefore consuming the maximum amount of resources (triggering a denial of service condition). | ||||
| CVE-2020-8997 | 1 Abbott | 2 Freestyle Libre, Freestyle Libre Firmware | 2024-11-21 | 8.8 High |
| Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in August 2018) and FreeStyle Libre 2 outside the U.S (announced in October 2018). | ||||
| CVE-2020-8987 | 1 Avast | 2 Antitrack, Avg Antitrack | 2024-11-21 | 7.4 High |
| Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites but does not validate certificates, and thus a man-in-the-middle can host a malicious website using a self-signed certificate. No special action necessary by the victim using AntiTrack with "Allow filtering of HTTPS traffic for tracking detection" enabled. (This is the default configuration.) | ||||
| CVE-2020-8985 | 1 Zend | 1 Zendto | 2024-11-21 | 8.8 High |
| ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functionality. | ||||
| CVE-2020-8984 | 1 Zend | 1 Zendto | 2024-11-21 | 7.5 High |
| lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-For header. | ||||
| CVE-2020-8983 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | 7.5 High |
| An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020, which allows remote code execution. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8982. | ||||
| CVE-2020-8982 | 1 Citrix | 1 Sharefile Storagezones Controller | 2024-11-21 | 7.5 High |
| An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones (aka storage zones) Controller, including the most recent 5.10.x releases as of May 2020. RCE and file access is granted to everything hosted by ShareFile, be it on-premise or inside Citrix Cloud itself (both are internet facing). NOTE: unlike most CVEs, exploitability depends on the product version that was in use when a particular setup step was performed, NOT the product version that is in use during a current assessment of a CVE consumer's product inventory. Specifically, the vulnerability can be exploited if a storage zone was created by one of these product versions: 5.9.0, 5.8.0, 5.7.0, 5.6.0, 5.5.0, or earlier. This CVE differs from CVE-2020-7473 and CVE-2020-8983. | ||||