Export limit exceeded: 75870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7907 | 1 Jetbrains | 1 Scala | 2024-11-21 | 7.5 High |
| In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. | ||||
| CVE-2020-7906 | 1 Jetbrains | 1 Rider | 2024-11-21 | 7.5 High |
| In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3. | ||||
| CVE-2020-7905 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. | ||||
| CVE-2020-7904 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.4 High |
| In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. | ||||
| CVE-2020-7882 | 2 Hancom, Microsoft | 2 Anysign4pc, Windows | 2024-11-21 | 7.5 High |
| Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') | ||||
| CVE-2020-7881 | 2 Afreecatv, Microsoft | 2 Afreecatv, Windows | 2024-11-21 | 7.5 High |
| The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length. | ||||
| CVE-2020-7880 | 2 Douzone, Microsoft | 2 Neors, Windows | 2024-11-21 | 7.5 High |
| The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. | ||||
| CVE-2020-7879 | 1 Iptime | 2 C200, C200 Firmware | 2024-11-21 | 8.8 High |
| This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. | ||||
| CVE-2020-7877 | 2 Mastersoft, Microsoft | 3 Zook Agent, Zook Viewer, Windows | 2024-11-21 | 8 High |
| A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command. | ||||
| CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2024-11-21 | 7.5 High |
| DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | ||||
| CVE-2020-7874 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 8.8 High |
| Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. | ||||
| CVE-2020-7873 | 1 Ksystem | 1 K-system Wellcomm | 2024-11-21 | 8.8 High |
| Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. | ||||
| CVE-2020-7872 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 7.8 High |
| DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this and arbitrary code execution. | ||||
| CVE-2020-7871 | 1 Cnesty | 1 Helpcom | 2024-11-21 | 7.5 High |
| A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to. | ||||
| CVE-2020-7867 | 1 Helpu | 1 Helpuviewer | 2024-11-21 | 8 High |
| An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator. | ||||
| CVE-2020-7866 | 1 Tobesoft | 1 Xplatform | 2024-11-21 | 8.8 High |
| When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation | ||||
| CVE-2020-7865 | 1 Inoguard | 1 Execm Coreb2b | 2024-11-21 | 8.8 High |
| A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system. | ||||
| CVE-2020-7864 | 1 Dext5 | 1 Dext5 Editor | 2024-11-21 | 7.8 High |
| Parameter manipulation can bypass authentication to cause file upload and execution. This will execute the remote code. This issue affects: Raonwiz DEXT5Editor versions prior to 3.5.1405747.1100.03. | ||||
| CVE-2020-7863 | 1 Raonwiz | 1 Raon K Upload | 2024-11-21 | 8.8 High |
| A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to execute arbitrary commands on a target system as the user. However, the victim must run the Internet Explorer browser with administrator privileges because of the cross-domain policy. | ||||
| CVE-2020-7862 | 1 Helpu | 4 Helpuftclient, Helpuftserver, Helpuserver and 1 more | 2024-11-21 | 7 High |
| A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process. | ||||