Export limit exceeded: 341223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 77025 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (77025 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27658 | 1 Synology | 1 Router Manager | 2024-11-21 | 7.1 High |
| Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. | ||||
| CVE-2020-27649 | 1 Synology | 1 Router Manager | 2024-11-21 | 8.3 High |
| Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-27645 | 1 1e | 1 Client | 2024-11-21 | 8.8 High |
| The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges. | ||||
| CVE-2020-27644 | 1 1e | 1 Client | 2024-11-21 | 8.8 High |
| The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\. | ||||
| CVE-2020-27640 | 1 Mitel | 4 Mivoice 6930, Mivoice 6930 Firmware, Mivoice 6940 and 1 more | 2024-11-21 | 8.1 High |
| The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. | ||||
| CVE-2020-27639 | 1 Mitel | 6 6873i Sip, 6873i Sip Firmware, 6930 Sip and 3 more | 2024-11-21 | 8.1 High |
| The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. | ||||
| CVE-2020-27638 | 3 Debian, Fastd Project, Fedoraproject | 3 Debian Linux, Fastd, Fedora | 2024-11-21 | 7.5 High |
| receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | ||||
| CVE-2020-27632 | 1 Siemens | 4 Simatic Mv420, Simatic Mv420 Firmware, Simatic Mv440 and 1 more | 2024-11-21 | 7.5 High |
| In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. | ||||
| CVE-2020-27623 | 1 Jetbrains | 1 Ideavim | 2024-11-21 | 7.5 High |
| JetBrains IdeaVim before version 0.58 might have caused an information leak in limited circumstances. | ||||
| CVE-2020-27614 | 1 Anydesk | 1 Anydesk | 2024-11-21 | 7.8 High |
| AnyDesk for macOS versions 6.0.2 and older have a vulnerability in the XPC interface that does not properly validate client requests and allows local privilege escalation. | ||||
| CVE-2020-27613 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 8.4 High |
| The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. | ||||
| CVE-2020-27611 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.3 High |
| BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | ||||
| CVE-2020-27610 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 High |
| The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. | ||||
| CVE-2020-27603 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 High |
| BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. | ||||
| CVE-2020-27589 | 1 Synopsys | 1 Hub-rest-api-python | 2024-11-21 | 7.5 High |
| Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. | ||||
| CVE-2020-27575 | 1 Maxum | 1 Rumpus | 2024-11-21 | 8.8 High |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation. | ||||
| CVE-2020-27574 | 1 Maxum | 1 Rumpus | 2024-11-21 | 8.8 High |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user. | ||||
| CVE-2020-27569 | 1 Aviatrix | 1 Openvpn | 2024-11-21 | 7.5 High |
| Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system. | ||||
| CVE-2020-27568 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security. | ||||
| CVE-2020-27554 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 7.5 High |
| Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. | ||||