Export limit exceeded: 75746 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75746 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5524 | 1 Nec | 6 Aterm Wf1200c, Aterm Wf1200c Firmware, Aterm Wg1200cr and 3 more | 2024-11-21 | 8.8 High |
| Aterm series (Aterm WF1200C firmware Ver1.2.1 and earlier, Aterm WG1200CR firmware Ver1.2.1 and earlier, Aterm WG2600HS firmware Ver1.3.2 and earlier) allows an attacker on the same network segment to execute arbitrary OS commands with root privileges via UPnP function. | ||||
| CVE-2020-5523 | 9 77bank, Ashikagabank, Hokkaidobank and 6 more | 9 77 Bank, Ashigin, Dogin and 6 more | 2024-11-21 | 7.4 High |
| Android App 'MyPallete' and some of the Android banking applications based on 'MyPallete' do not verify X.509 certificates from servers, and also do not properly validate certificates with host-mismatch, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-5522 | 1 Fujixerox | 1 Easy Netprint | 2024-11-21 | 7.4 High |
| The kantan netprint App for Android 2.0.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-5521 | 1 Fujixerox | 1 Easy Netprint | 2024-11-21 | 7.4 High |
| The kantan netprint App for iOS 2.0.2 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-5520 | 1 Fujixerox | 1 Netprint | 2024-11-21 | 7.4 High |
| The netprint App for iOS 3.2.3 and earlier does not verify X.509 certificates from servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-5515 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 7.2 High |
| Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | ||||
| CVE-2020-5511 | 1 Small Crm Project | 1 Small Crm | 2024-11-21 | 8.8 High |
| PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | ||||
| CVE-2020-5509 | 1 Phpgurukul | 1 Car Rental Portal | 2024-11-21 | 7.2 High |
| PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image. | ||||
| CVE-2020-5496 | 2 Fontforge, Opensuse | 2 Fontforge, Leap | 2024-11-21 | 8.8 High |
| FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. | ||||
| CVE-2020-5427 | 1 Vmware | 1 Spring Cloud Data Flow | 2024-11-21 | 7.2 High |
| In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | ||||
| CVE-2020-5425 | 1 Vmware | 1 Single Sign-on For Tanzu | 2024-11-21 | 7.9 High |
| Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication. | ||||
| CVE-2020-5423 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-11-21 | 7.5 High |
| CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM. | ||||
| CVE-2020-5420 | 1 Cloudfoundry | 2 Cf-deployment, Gorouter | 2024-11-21 | 7.7 High |
| Cloud Foundry Routing (Gorouter) versions prior to 0.206.0 allow a malicious developer with "cf push" access to cause denial-of-service to the CF cluster by pushing an app that returns specially crafted HTTP responses that crash the Gorouters. | ||||
| CVE-2020-5417 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-11-21 | 8.8 High |
| Cloud Foundry CAPI (Cloud Controller), versions prior to 1.97.0, when used in a deployment where an app domain is also the system domain (which is true in the default CF Deployment manifest), were vulnerable to developers maliciously or accidentally claiming certain sensitive routes, potentially resulting in the developer's app handling some requests that were expected to go to certain system components. | ||||
| CVE-2020-5411 | 1 Pivotal Software | 1 Spring Batch | 2024-11-21 | 8.1 High |
| When configured to enable default typing, Jackson contained a deserialization vulnerability that could lead to arbitrary code execution. Jackson fixed this vulnerability by blacklisting known "deserialization gadgets". Spring Batch configures Jackson with global default typing enabled which means that through the previous exploit, arbitrary code could be executed if all of the following is true: * Spring Batch's Jackson support is being leveraged to serialize a job's ExecutionContext. * A malicious user gains write access to the data store used by the JobRepository (where the data to be deserialized is stored). In order to protect against this type of attack, Jackson prevents a set of untrusted gadget classes from being deserialized. Spring Batch should be proactive against blocking unknown "deserialization gadgets" when enabling default typing. | ||||
| CVE-2020-5407 | 1 Pivotal Software | 1 Spring Security | 2024-11-21 | 8.8 High |
| Spring Security versions 5.2.x prior to 5.2.4 and 5.3.x prior to 5.3.2 contain a signature wrapping vulnerability during SAML response validation. When using the spring-security-saml2-service-provider component, a malicious user can carefully modify an otherwise valid SAML response and append an arbitrary assertion that Spring Security will accept as valid. | ||||
| CVE-2020-5403 | 1 Pivotal | 1 Reactor Netty | 2024-11-21 | 7.5 High |
| Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. | ||||
| CVE-2020-5402 | 1 Cloudfoundry | 2 Cf-deployment, User Account And Authentication | 2024-11-21 | 8.8 High |
| In Cloud Foundry UAA, versions prior to 74.14.0, a CSRF vulnerability exists due to the OAuth2 state parameter not being checked in the callback function when authenticating with external identity providers. | ||||
| CVE-2020-5399 | 2 Cloudfoundry, Pivotal Software | 2 Credhub, Cloud Foundry Cf-deployment | 2024-11-21 | 7.4 High |
| Cloud Foundry CredHub, versions prior to 2.5.10, connects to a MySQL database without TLS even when configured to use TLS. A malicious user with access to the network between CredHub and its MySQL database may eavesdrop on database connections and thereby gain unauthorized access to CredHub and other components. | ||||
| CVE-2020-5398 | 4 Netapp, Oracle, Redhat and 1 more | 34 Data Availability Services, Snapcenter, Application Testing Suite and 31 more | 2024-11-21 | 7.5 High |
| In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | ||||