Export limit exceeded: 76516 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76516 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15050 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | 7.5 High |
| An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal. | ||||
| CVE-2020-15046 | 1 Supermicro | 3 X10drh-it, X10drh-it Bios, X10drh-it Firmware | 2024-11-21 | 8.8 High |
| The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88. | ||||
| CVE-2020-15014 | 1 Pramod | 1 Blogcms | 2024-11-21 | 8.8 High |
| pramodmahato BlogCMS through 2019-12-31 has admin/changepass.php CSRF. | ||||
| CVE-2020-15012 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 8.6 High |
| A Directory Traversal issue was discovered in Sonatype Nexus Repository Manager 2.x before 2.14.19. A user that requests a crafted path can traverse up the file system to get access to content on disk (that the user running nxrm also has access to). | ||||
| CVE-2020-15009 | 1 Asus | 1 Screenpad2 Upgrade Tool | 2024-11-21 | 7.8 High |
| AsusScreenXpertServicec.exe and ScreenXpertUpgradeServiceManager.exe in ScreenPad2_Upgrade_Tool.msi V1.0.3 for ASUS PCs with ScreenPad 1.0 (UX450FDX, UX550GDX and UX550GEX) could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name. | ||||
| CVE-2020-15008 | 1 Connectwise | 1 Connectwise Automate | 2024-11-21 | 7.5 High |
| A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user supplied table name with little validation, the table name can be modified to allow arbitrary update commands to be run. Usage of other SQL injection techniques such as timing attacks, it is possible to perform full data extraction as well. Patched in 2020.7 and in a hotfix for 2019.12. | ||||
| CVE-2020-14999 | 2 Acronis, Microsoft | 2 Agent, Windows | 2024-11-21 | 7.5 High |
| A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data. | ||||
| CVE-2020-14990 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 7.1 High |
| IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link. | ||||
| CVE-2020-14987 | 1 Bloomreach | 1 Experience Manager | 2024-11-21 | 7.2 High |
| An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for administrators to write and run Groovy scripts within the updater editor. An attacker must use an AST transforming annotation such as @Grab. | ||||
| CVE-2020-14979 | 2 Evga, Winring0 Project | 2 Precision X1, Winring0 | 2024-11-21 | 7.8 High |
| The WinRing0.sys and WinRing0x64.sys drivers 1.2.0 in EVGA Precision X1 through 1.0.6 allow local users, including low integrity processes, to read and write to arbitrary memory locations. This allows any user to gain NT AUTHORITY\SYSTEM privileges by mapping \Device\PhysicalMemory into the calling process. | ||||
| CVE-2020-14978 | 1 F-secure | 1 Safe | 2024-11-21 | 8.1 High |
| An issue was discovered in F-Secure SAFE 17.7 on macOS. Due to incorrect client version verification, an attacker can connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. | ||||
| CVE-2020-14977 | 1 F-secure | 1 Safe | 2024-11-21 | 8.1 High |
| An issue was discovered in F-Secure SAFE 17.7 on macOS. The XPC services use the PID to identify the connecting client, which allows an attacker to perform a PID reuse attack and connect to a privileged XPC service, and execute privileged commands on the system. NOTE: the attacker needs to execute code on an already compromised machine. | ||||
| CVE-2020-14975 | 1 Iobit | 1 Iobit Unlocker | 2024-11-21 | 7.8 High |
| The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to delete, move, or copy arbitrary files via IOCTL code 0x222124. | ||||
| CVE-2020-14974 | 1 Iobit | 1 Iobit Unlocker | 2024-11-21 | 7.1 High |
| The driver in IOBit Unlocker 1.1.2 allows a low-privileged user to unlock a file and kill processes (even ones running as SYSTEM) that hold a handle, via IOCTL code 0x222124. | ||||
| CVE-2020-14971 | 1 Pi-hole | 1 Pi-hole | 2024-11-21 | 7.8 High |
| Pi-hole through 5.0 allows code injection in piholedhcp (the Static DHCP Leases section) by modifying Teleporter backup files and then restoring them. This occurs in settings.php. To exploit this, an attacker would request a backup of limited files via teleporter.php. These are placed into a .tar.gz archive. The attacker then modifies the host parameter in dnsmasq.d files, and then compresses and uploads these files again. | ||||
| CVE-2020-14969 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| app/Model/Attribute.php in MISP 2.4.127 lacks an ACL lookup on attribute correlations. This occurs when querying the attribute restsearch API, revealing metadata about a correlating but unreachable attribute. | ||||
| CVE-2020-14966 | 2 Jsrsasign Project, Netapp | 2 Jsrsasign, Max Data | 2024-11-21 | 7.5 High |
| An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. It allows a malleability in ECDSA signatures by not checking overflows in the length of a sequence and '0' characters appended or prepended to an integer. The modified signatures are verified as valid. This could have a security-relevant impact if an application relied on a single canonical signature. | ||||
| CVE-2020-14960 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter, | ||||
| CVE-2020-14957 | 1 Arswp | 1 Windows Cleanup Assistant | 2024-11-21 | 7.8 High |
| In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCD. | ||||
| CVE-2020-14956 | 1 Arswp | 1 Windows Cleanup Assistant | 2024-11-21 | 7.8 High |
| In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCA. | ||||