Export limit exceeded: 339717 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 76431 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76431 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13895 | 1 P5-crypt-perl Project | 1 P5-crypt-perl | 2024-11-21 | 8.8 High |
| Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail. | ||||
| CVE-2020-13894 | 1 Dext5 | 1 Dext5 | 2024-11-21 | 7.5 High |
| handler/upload_handler.jsp in DEXT5 Editor through 3.5.1402961 allows an attacker to download arbitrary files via the savefilepath field. | ||||
| CVE-2020-13891 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 7.5 High |
| An issue was discovered in Mattermost Mobile Apps before 1.31.2 on iOS. Unintended third-party servers could sometimes obtain authorization tokens, aka MMSA-2020-0022. | ||||
| CVE-2020-13887 | 1 Kordil Edms Project | 1 Kordil Edms | 2024-11-21 | 8.8 High |
| documents_add.php in Kordil EDMS through 2.2.60rc3 allows Remote Command Execution because .php files can be uploaded to the documents folder. | ||||
| CVE-2020-13885 | 1 Citrix | 1 Workspace App | 2024-11-21 | 7.8 High |
| Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. | ||||
| CVE-2020-13884 | 1 Citrix | 1 Workspace App | 2024-11-21 | 7.8 High |
| Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. | ||||
| CVE-2020-13881 | 4 Arista, Canonical, Debian and 1 more | 4 Cloudvision Portal, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 7.5 High |
| In support.c in pam_tacplus 1.3.8 through 1.5.1, the TACACS+ shared secret gets logged via syslog if the DEBUG loglevel and journald are used. | ||||
| CVE-2020-13872 | 2 Microsoft, Royalapps | 2 Windows, Royal Ts | 2024-11-21 | 8.8 High |
| Royal TS before 5 has a 0.0.0.0 listener, which makes it easier for attackers to bypass tunnel authentication via a brute-force approach. | ||||
| CVE-2020-13871 | 6 Debian, Fedoraproject, Netapp and 3 more | 12 Debian Linux, Fedora, Cloud Backup and 9 more | 2024-11-21 | 7.5 High |
| SQLite 3.32.2 has a use-after-free in resetAccumulator in select.c because the parse tree rewrite for window functions is too late. | ||||
| CVE-2020-13866 | 1 Qbik | 1 Wingate | 2024-11-21 | 7.8 High |
| WinGate v9.4.1.5998 has insecure permissions for the installation directory, which allows local users to gain privileges by replacing an executable file with a Trojan horse. | ||||
| CVE-2020-13863 | 1 Mitel | 1 Micollab | 2024-11-21 | 8.1 High |
| The SAS portal of Mitel MiCollab before 9.1.3 could allow an attacker to access user data by performing a header injection in HTTP responses, due to the improper handling of input parameters. A successful exploit could allow an attacker to access user information. | ||||
| CVE-2020-13860 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. The one-time password algorithm for the undocumented system account mofidev generates a predictable six-digit password. | ||||
| CVE-2020-13857 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 3.6.1-std and 4.0.8-std devices. They can be rebooted by sending an unauthenticated poof.cgi HTTP GET request. | ||||
| CVE-2020-13856 | 1 Mofinetwork | 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. Authentication is not required to download the support file that contains sensitive information such as cleartext credentials and password hashes. | ||||
| CVE-2020-13855 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.2 High |
| Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Repository Manager feature. | ||||
| CVE-2020-13852 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.2 High |
| Artica Pandora FMS 7.44 allows arbitrary file upload (leading to remote command execution) via the File Manager feature. | ||||
| CVE-2020-13851 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 8.8 High |
| Artica Pandora FMS 7.44 allows remote command execution via the events feature. | ||||
| CVE-2020-13850 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 7.5 High |
| Artica Pandora FMS 7.44 has inadequate access controls on a web folder. | ||||
| CVE-2020-13849 | 1 Mqtt | 1 Mqtt | 2024-11-21 | 7.5 High |
| The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe. | ||||
| CVE-2020-13848 | 2 Debian, Libupnp Project | 2 Debian Linux, Libupnp | 2024-11-21 | 7.5 High |
| Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c. | ||||