Export limit exceeded: 10088 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10088 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7036 | 1 Avaya | 1 Callback Assist | 2024-11-21 | 8.1 High |
| An XML External Entities (XXE)vulnerability in Callback Assist could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Callback Assist includes all 4.0.x versions before 4.7.1.1 Patch 7. | ||||
| CVE-2020-7035 | 1 Avaya | 1 Aura Orchestration Designer | 2024-11-21 | 8.1 High |
| An XML External Entities (XXE)vulnerability in the web-based user interface of Avaya Aura Orchestration Designer could allow an authenticated, remote attacker to gain read access to information that is stored on an affected system. The affected versions of Orchestration Designer includes all 7.x versions before 7.2.3. | ||||
| CVE-2020-7032 | 1 Avaya | 2 Aura System Manager, Weblm | 2024-11-21 | 6.5 Medium |
| An XML external entity (XXE) vulnerability in Avaya WebLM admin interface allows authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. Affected versions of Avaya WebLM include: 7.0 through 7.1.3.6 and 8.0 through 8.1.2. | ||||
| CVE-2020-6988 | 1 Rockwellautomation | 6 Micrologix 1100, Micrologix 1100 Firmware, Micrologix 1400 and 3 more | 2024-11-21 | 7.5 High |
| Rockwell Automation MicroLogix 1400 Controllers Series B v21.001 and prior, Series A, all versions, MicroLogix 1100 Controller, all versions, RSLogix 500 Software v12.001 and prior, A remote, unauthenticated attacker can send a request from the RSLogix 500 software to the victim’s MicroLogix controller. The controller will then respond to the client with used password values to authenticate the user on the client-side. This method of authentication may allow an attacker to bypass authentication altogether, disclose sensitive information, or leak credentials. | ||||
| CVE-2020-6982 | 1 Honeywell | 1 Win-pak | 2024-11-21 | 8.8 High |
| In Honeywell WIN-PAK 4.7.2, Web and prior versions, the header injection vulnerability has been identified, which may allow remote code execution. | ||||
| CVE-2020-6977 | 1 Ge | 32 Invenia Abus Scan Station, Invenia Abus Scan Station Firmware, Logiq E10 and 29 more | 2024-11-21 | 6.8 Medium |
| A restricted desktop environment escape vulnerability exists in the Kiosk Mode functionality of affected devices. Specially crafted inputs can allow the user to escape the restricted environment, resulting in access to the underlying operating system. Affected devices include the following GE Ultrasound Products: Vivid products - all versions; LOGIQ - all versions not including LOGIQ 100 Pro; Voluson - all versions; Versana Essential - all versions; Invenia ABUS Scan station - all versions; Venue - all versions not including Venue 40 R1-3 and Venue 50 R4-5 | ||||
| CVE-2020-6958 | 1 Yet Another Java Service Wrapper Project | 1 Yet Another Java Service Wrapper | 2024-11-21 | 9.1 Critical |
| An XXE vulnerability in JnlpSupport in Yet Another Java Service Wrapper (YAJSW) 12.14, as used in NSA Ghidra and other products, allows attackers to exfiltrate data from remote hosts and potentially cause denial-of-service. | ||||
| CVE-2020-6862 | 1 Zte | 2 F6x2w, F6x2w Firmware | 2024-11-21 | 5.3 Medium |
| V6.0.10P2T2 and V6.0.10P2T5 of F6x2W product are impacted by Information leak vulnerability. Unauthorized users could log in directly to obtain page information without entering a verification code. | ||||
| CVE-2020-6859 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 5.3 Medium |
| Multiple Insecure Direct Object Reference vulnerabilities in includes/core/class-files.php in the Ultimate Member plugin through 2.1.2 for WordPress allow remote attackers to change other users' profiles and cover photos via a modified user_id parameter. This is related to ajax_image_upload and ajax_resize_image. | ||||
| CVE-2020-6828 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2024-11-21 | 7.5 High |
| A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. | ||||
| CVE-2020-6803 | 1 Mozilla | 1 Webthings Gateway | 2024-11-21 | 5.4 Medium |
| An open redirect is present on the gateway's login page, which could cause a user to be redirected to a malicious site after logging in. | ||||
| CVE-2020-6774 | 1 Bosch | 2 Recording Station, Recording Station Firmware | 2024-11-21 | 9.3 Critical |
| Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system. | ||||
| CVE-2020-6649 | 1 Fortinet | 1 Fortiisolator | 2024-11-21 | 9.8 Critical |
| An insufficient session expiration vulnerability in FortiNet's FortiIsolator version 2.0.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID (via other, hypothetical attacks) | ||||
| CVE-2020-6644 | 1 Fortinet | 1 Fortideceptor | 2024-11-21 | 8.1 High |
| An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks. | ||||
| CVE-2020-6641 | 1 Fortinet | 1 Fortipresence | 2024-11-21 | 4.3 Medium |
| Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. | ||||
| CVE-2020-6623 | 1 Nothings | 1 Stb Truetype.h | 2024-11-21 | 8.8 High |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index. | ||||
| CVE-2020-6619 | 1 Nothings | 1 Stb Truetype.h | 2024-11-21 | 8.8 High |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek. | ||||
| CVE-2020-6617 | 1 Nothings | 1 Stb Truetype.h | 2024-11-21 | 8.8 High |
| stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int. | ||||
| CVE-2020-6590 | 1 Forcepoint | 3 Data Loss Prevention, Email Security, Web Security Content Gateway | 2024-11-21 | 7.5 High |
| Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure. | ||||
| CVE-2020-6582 | 2 Fedoraproject, Nagios | 2 Fedora, Remote Plug In Executor | 2024-11-21 | 7.5 High |
| Nagios NRPE 3.2.1 has a Heap-Based Buffer Overflow, as demonstrated by interpretation of a small negative number as a large positive number during a bzero call. | ||||