Export limit exceeded: 345093 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 75892 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75892 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8810 | 1 Gurux | 1 Device Language Message Specification Director | 2024-11-21 | 8.1 High |
| An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes, it does not verify that the downloaded files are actual OBIS codes and doesn't check for path traversal. This allows the attacker exploiting CVE-2020-8809 to send executable files and place them in an autorun directory, or to place DLLs inside the existing GXDLMS Director installation (run on next execution of GXDLMS Director). This can be used to achieve code execution even if the user doesn't have any add-ins installed. | ||||
| CVE-2020-8809 | 1 Gurux | 1 Device Language Message Specification Director | 2024-11-21 | 8.1 High |
| Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810. | ||||
| CVE-2020-8808 | 1 Corsair | 1 Icue | 2024-11-21 | 7.8 High |
| The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow local non-privileged users (including low-integrity level processes) to read and write to arbitrary physical memory locations, and consequently gain NT AUTHORITY\SYSTEM privileges, via a function call such as MmMapIoSpace. | ||||
| CVE-2020-8806 | 1 Electriccoin | 1 Zcashd | 2024-11-21 | 7.5 High |
| Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double spending. A valid chain could be incorrectly rejected because timestamp requirements on block headers were not properly enforced. | ||||
| CVE-2020-8801 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.2 High |
| SuiteCRM through 7.11.11 allows PHAR Deserialization. | ||||
| CVE-2020-8800 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 8.8 High |
| SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection. | ||||
| CVE-2020-8795 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant project access to unauthorized users. | ||||
| CVE-2020-8787 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.5 High |
| SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid Bean ID to be submitted. | ||||
| CVE-2020-8782 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2024-11-21 | 7.5 High |
| Unauthenticated RPC server on ALEOS before 4.4.9, 4.9.5, and 4.14.0 allows remote code execution. | ||||
| CVE-2020-8781 | 1 Sierrawireless | 14 Airlink Es440, Airlink Es450, Airlink Gx400 and 11 more | 2024-11-21 | 7.8 High |
| Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to root from a low-privilege process. | ||||
| CVE-2020-8775 | 1 Pega | 1 Platform | 2024-11-21 | 8.9 High |
| Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | ||||
| CVE-2020-8774 | 1 Pega | 1 Pega Platform | 2024-11-21 | 8.8 High |
| Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. | ||||
| CVE-2020-8773 | 1 Pega | 1 Platform | 2024-11-21 | 8.9 High |
| The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2020-8763 | 2 Intel, Microsoft | 4 Realsense D415 Firmware, Realsense D435 Firmware, Realsense D435i Firmware and 1 more | 2024-11-21 | 7.8 High |
| Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Windows* 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8760 | 2 Intel, Netapp | 2 Active Management Technology Firmware, Cloud Backup | 2024-11-21 | 7.8 High |
| Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8754 | 2 Intel, Netapp | 3 Active Management Technology Firmware, Standard Manageability, Cloud Backup | 2024-11-21 | 7.5 High |
| Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2020-8753 | 1 Intel | 2 Active Management Technology Firmware, Standard Manageability | 2024-11-21 | 7.5 High |
| Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2020-8750 | 1 Intel | 1 Trusted Execution Engine | 2024-11-21 | 7.8 High |
| Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8749 | 2 Intel, Netapp | 2 Active Management Technology Firmware, Cloud Backup | 2024-11-21 | 8.8 High |
| Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2020-8744 | 2 Intel, Siemens | 9 Converged Security And Management Engine, Server Platform Services, Trusted Execution Engine and 6 more | 2024-11-21 | 7.8 High |
| Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14.0.45 and 14.5.25, Intel(R) TXE versions before 4.0.30 Intel(R) SPS versions before E3_05.01.04.200 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||