Export limit exceeded: 76357 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76357 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12877 | 1 Veritas | 1 Aptare | 2024-11-21 | 7.5 High |
| Veritas APTARE versions prior to 10.4 allowed sensitive information to be accessible without authentication. | ||||
| CVE-2020-12876 | 2 Microsoft, Veritas | 2 Windows, Aptare | 2024-11-21 | 7.5 High |
| Veritas APTARE versions prior to 10.4 allowed remote users to access several unintended files on the server. This vulnerability only impacts Windows server deployments. | ||||
| CVE-2020-12873 | 1 Atlassian | 1 Alfresco Enterprise Content Management | 2024-11-21 | 8.8 High |
| An issue was discovered in Alfresco Enterprise Content Management (ECM) before 6.2.1. A user with privileges to edit a FreeMarker template (e.g., a webscript) may execute arbitrary Java code or run arbitrary system commands with the same privileges as the account running Alfresco. | ||||
| CVE-2020-12865 | 5 Canonical, Debian, Opensuse and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2024-11-21 | 8.0 High |
| A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | ||||
| CVE-2020-12861 | 4 Canonical, Opensuse, Redhat and 1 more | 6 Ubuntu Linux, Leap, Enterprise Linux and 3 more | 2024-11-21 | 8.8 High |
| A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | ||||
| CVE-2020-12858 | 1 Health | 1 Covidsafe | 2024-11-21 | 7.5 High |
| Non-reinitialisation of random data in the advertising payload in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to re-identify Android devices running COVIDSafe by scanning for their advertising beacons. | ||||
| CVE-2020-12857 | 1 Health | 1 Covidsafe | 2024-11-21 | 7.5 High |
| Caching of GATT characteristic values (TempID) in COVIDSafe v1.0.15 and v1.0.16 allows a remote attacker to long-term re-identify an Android device running COVIDSafe. | ||||
| CVE-2020-12855 | 1 Seczetta | 1 Neprofile | 2024-11-21 | 8.8 High |
| A Host header injection vulnerability has been discovered in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can poison this header resulting in an adversary controlling the execution flow for the 302 HTTP status. | ||||
| CVE-2020-12854 | 1 Seczetta | 1 Neprofile | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability was identified in SecZetta NEProfile 3.3.11. Authenticated remote adversaries can invoke code execution upon uploading a carefully crafted JPEG file as part of the profile avatar. | ||||
| CVE-2020-12851 | 1 Pydio | 1 Cells | 2024-11-21 | 8.1 High |
| Pydio Cells 2.0.4 allows an authenticated user to write or overwrite existing files in another user’s personal and cells folders (repositories) by uploading a custom generated ZIP file and leveraging the file extraction feature present in the web application. The extracted files will be placed in the targeted user folders. | ||||
| CVE-2020-12850 | 1 Pydio | 1 Cells | 2024-11-21 | 7.0 High |
| The following vulnerability applies only to the Pydio Cells Enterprise OVF version 2.0.4. Prior versions of the Pydio Cells Enterprise OVF (such as version 2.0.3) have a looser policy restriction allowing the “pydio” user to execute any privileged command using sudo. In version 2.0.4 of the appliance, the user pydio is responsible for running all the services and binaries that are contained in the Pydio Cells web application package, such as mysqld, cells, among others. This user has privileges restricted to run those services and nothing more. | ||||
| CVE-2020-12847 | 1 Pydio | 1 Cells | 2024-11-21 | 7.2 High |
| Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console” that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the application’s mailer configuration. It is possible to configure a few engines to be used by the mailer application to send emails. If the user selects the “sendmail” option as the default one, the web application offers to edit the full path where the sendmail binary is hosted. Since there is no restriction in place while editing this value, an attacker authenticated as an administrator user could force the web application into executing any arbitrary binary. | ||||
| CVE-2020-12846 | 1 Synacor | 1 Zimbra Collaboration Suite | 2024-11-21 | 8.0 High |
| Zimbra before 8.8.15 Patch 10 and 9.x before 9.0.0 Patch 3 allows remote code execution via an avatar file. There is potential abuse of /service/upload servlet in the webmail subsystem. A user can upload executable files (exe,sh,bat,jar) in the Contact section of the mailbox as an avatar image for a contact. A user will receive a "Corrupt File" error, but the file is still uploaded and stored locally in /opt/zimbra/data/tmp/upload/, leaving it open to possible remote execution. | ||||
| CVE-2020-12845 | 1 Cherokee-project | 1 Cherokee | 2024-11-21 | 7.5 High |
| Cherokee 0.4.27 to 1.2.104 is affected by a denial of service due to a NULL pointer dereferences. A remote unauthenticated attacker can crash the server by sending an HTTP request to protected resources using a malformed Authorization header that is mishandled during a cherokee_buffer_add call within cherokee_validator_parse_basic or cherokee_validator_parse_digest. | ||||
| CVE-2020-12837 | 1 Gogogate | 2 Ismartgate Pro, Ismartgate Pro Firmware | 2024-11-21 | 7.5 High |
| ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading images to garage doors. The magic bytes of PNG must be used. | ||||
| CVE-2020-12827 | 1 Mjml | 1 Mjml | 2024-11-21 | 7.2 High |
| MJML prior to 4.6.3 contains a path traversal vulnerability when processing the mj-include directive within an MJML document. | ||||
| CVE-2020-12825 | 2 Gnome, Redhat | 2 Libcroco, Enterprise Linux | 2024-11-21 | 7.1 High |
| libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | ||||
| CVE-2020-12824 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.5 High |
| Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. | ||||
| CVE-2020-12817 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-11-21 | 8.8 High |
| An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. | ||||
| CVE-2020-12798 | 1 Sun-denshi | 4 Universal Forensic Extraction Device Firmware, Universal Forensic Extraction Device Ruggedized Panasonic Laptop, Universal Forensic Extraction Device Touch 2 and 1 more | 2024-11-21 | 7.8 High |
| Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. | ||||