Export limit exceeded: 76375 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76375 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13173 | 1 Teradici | 2 Pcoip Graphics Agent, Pcoip Standard Agent | 2024-11-21 | 7.8 High |
| Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe. | ||||
| CVE-2020-13170 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. | ||||
| CVE-2020-13164 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. | ||||
| CVE-2020-13163 | 1 Em-imap Project | 1 Em-imap | 2024-11-21 | 7.4 High |
| em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. | ||||
| CVE-2020-13158 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 7.5 High |
| Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | ||||
| CVE-2020-13155 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 8.8 High |
| clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. | ||||
| CVE-2020-13150 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-11-21 | 7.8 High |
| D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | ||||
| CVE-2020-13149 | 1 Msi | 1 Dragon Center | 2024-11-21 | 7.8 High |
| Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory. | ||||
| CVE-2020-13146 | 1 Edx | 1 Open Edx Platform | 2024-11-21 | 8.8 High |
| Studio in Open edX Ironwood 2.5 allows CSV injection because an added cohort in Course>Instructor>Cohorts may contain a formula that is exported via the "Course>Data Downloads>Reports>Download profile info" feature. | ||||
| CVE-2020-13144 | 1 Edx | 1 Open Edx Platform | 2024-11-21 | 8.8 High |
| Studio in Open edX Ironwood 2.5, when CodeJail is not used, allows a user to go to the "Create New course>New section>New subsection>New unit>Add new component>Problem button>Advanced tab>Custom Python evaluated code" screen, edit the problem, and execute Python code. This leads to arbitrary code execution. | ||||
| CVE-2020-13136 | 1 Dlink | 2 Dsp-w215, Dsp-w215 Firmware | 2024-11-21 | 7.5 High |
| D-Link DSP-W215 1.26b03 devices send an obfuscated hash that can be retrieved and understood by a network sniffer. | ||||
| CVE-2020-13129 | 1 Heinekingmedia | 1 Stashcat | 2024-11-21 | 7.2 High |
| An issue was discovered in the stashcat app through 3.9.1 for macOS, Windows, Android, iOS, and possibly other platforms. The GET method is used with client_key and device_id data in the query string, which allows attackers to obtain sensitive information by reading web-server logs. | ||||
| CVE-2020-13128 | 1 Gwtupload Project | 1 Gwtupload | 2024-11-21 | 7.5 High |
| An issue was discovered in Manolo GWTUpload 1.0.3. server/UploadServlet.java (the servlet for handling file upload) accepts a delay parameter that causes a thread to sleep. It can be abused to cause all of a server's threads to sleep, leading to denial of service. | ||||
| CVE-2020-13127 | 1 Loway | 1 Queuemetrics | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability at a tpf URI in Loway QueueMetrics before 19.04.1 allows remote authenticated attackers to execute arbitrary SQL commands via the TASKS_LIST__pt.querystring parameter. | ||||
| CVE-2020-13124 | 1 Sabnzbd | 1 Sabnzbd | 2024-11-21 | 8.8 High |
| SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system. | ||||
| CVE-2020-13122 | 1 Noviflow | 1 Noviware | 2024-11-21 | 8.8 High |
| The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system. | ||||
| CVE-2020-13119 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2024-11-21 | 8.1 High |
| ismartgate PRO 1.5.9 is vulnerable to clickjacking. | ||||
| CVE-2020-13114 | 4 Canonical, Libexif Project, Opensuse and 1 more | 4 Ubuntu Linux, Libexif, Leap and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data. | ||||
| CVE-2020-13113 | 5 Canonical, Debian, Libexif Project and 2 more | 5 Ubuntu Linux, Debian Linux, Libexif and 2 more | 2024-11-21 | 8.2 High |
| An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions. | ||||
| CVE-2020-13111 | 1 Naviserver Project | 1 Naviserver | 2024-11-21 | 7.5 High |
| NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. | ||||