Export limit exceeded: 19321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10087 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10087 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5337 | 1 Rsa | 1 Archer | 2024-11-21 | 4.6 Medium |
| RSA Archer, versions prior to 6.7 P1 (6.7.0.1), contain a URL redirection vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. The vulnerability could be used to conduct phishing attacks that cause users to unknowingly visit malicious sites. | ||||
| CVE-2020-5329 | 1 Dell | 1 Emc Avamar Server | 2024-11-21 | 6.1 Medium |
| Dell EMC Avamar Server contains an open redirect vulnerability. A remote unauthenticated attacker may exploit this vulnerability to redirect application users to arbitrary web URLs by tricking the victim users to click on maliciously crafted links. | ||||
| CVE-2020-5323 | 1 Dell | 2 Emc Openmanage Enterprise, Emc Openmanage Enterprise-modular | 2024-11-21 | 5.4 Medium |
| Dell EMC OpenManage Enterprise (OME) versions prior to 3.2 and OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain an injection vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to gain access to sensitive information or cause denial-of-service. | ||||
| CVE-2020-5297 | 1 Octobercms | 1 October | 2024-11-21 | 3.4 Low |
| In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to upload jpg, jpeg, bmp, png, webp, gif, ico, css, js, woff, woff2, svg, ttf, eot, json, md, less, sass, scss, xml files to any directory of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | ||||
| CVE-2020-5296 | 1 Octobercms | 1 October | 2024-11-21 | 6.2 Medium |
| In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to delete arbitrary local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466). | ||||
| CVE-2020-5291 | 4 Archlinux, Centos, Debian and 1 more | 4 Arch Linux, Centos, Debian Linux and 1 more | 2024-11-21 | 7.2 High |
| Bubblewrap (bwrap) before version 0.4.1, if installed in setuid mode and the kernel supports unprivileged user namespaces, then the `bwrap --userns2` option can be used to make the setuid process keep running as root while being traceable. This can in turn be used to gain root permissions. Note that this only affects the combination of bubblewrap in setuid mode (which is typically used when unprivileged user namespaces are not supported) and the support of unprivileged user namespaces. Known to be affected are: * Debian testing/unstable, if unprivileged user namespaces enabled (not default) * Debian buster-backports, if unprivileged user namespaces enabled (not default) * Arch if using `linux-hardened`, if unprivileged user namespaces enabled (not default) * Centos 7 flatpak COPR, if unprivileged user namespaces enabled (not default) This has been fixed in the 0.4.1 release, and all affected users should update. | ||||
| CVE-2020-5270 | 1 Prestashop | 1 Prestashop | 2024-11-21 | 4.1 Medium |
| In PrestaShop between versions 1.7.6.0 and 1.7.6.5, there is an open redirection when using back parameter. The impacts can be many, and vary from the theft of information and credentials to the redirection to malicious websites containing attacker-controlled content, which in some cases even cause XSS attacks. So even though an open redirection might sound harmless at first, the impacts of it can be severe should it be exploitable. The problem is fixed in 1.7.6.5 | ||||
| CVE-2020-5233 | 1 Oauth2 Proxy Project | 1 Oauth2 Proxy | 2024-11-21 | 5.9 Medium |
| OAuth2 Proxy before 5.0 has an open redirect vulnerability. Authentication tokens could be silently harvested by an attacker. This has been patched in version 5.0. | ||||
| CVE-2020-5194 | 1 Cerberusftp | 1 Ftp Server | 2024-11-21 | 5.4 Medium |
| The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip permission to use the zip functionality via an unrestricted API endpoint. Improper permission verification occurs when calling the file/ajax_download_zip/zip_name endpoint. The result is that a user without permissions can zip and download files even if they do not have permission to view whether the file exists. | ||||
| CVE-2020-5188 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 6.5 Medium |
| DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions. | ||||
| CVE-2020-5013 | 1 Ibm | 1 Qradar Security Information And Event Manager | 2024-11-21 | 8.1 High |
| IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 193245. | ||||
| CVE-2020-5003 | 1 Ibm | 1 Financial Transaction Manager | 2024-11-21 | 9.1 Critical |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192956. | ||||
| CVE-2020-4995 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.3 Medium |
| IBM Security Identity Governance and Intelligence 5.2.6 does not invalidate session after logout which could allow a user to obtain sensitive information from another users' session. IBM X-Force ID: 192912. | ||||
| CVE-2020-4989 | 1 Ibm | 1 Rational Team Concert | 2024-11-21 | 4.3 Medium |
| IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and 6.0.0.1 could allow an authenticated user to obtain sensitive information about build definitions. IBM X-Force ID: 192707. | ||||
| CVE-2020-4949 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2024-11-21 | 8.2 High |
| IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 192025. | ||||
| CVE-2020-4918 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 4.4 Medium |
| IBM Cloud Pak System 2.3 could allow l local privileged user to disclose sensitive information due to an insecure direct object reference in sell service console for the Platform System Manager. IBM X-Force ID: 191392. | ||||
| CVE-2020-4876 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-11-21 | 8.2 High |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190839. | ||||
| CVE-2020-4875 | 2 Ibm, Microsoft | 2 Cognos Controller, Windows | 2024-11-21 | 8.2 High |
| IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 190838. | ||||
| CVE-2020-4849 | 1 Ibm | 1 Tivoli Netcool\/impact | 2024-11-21 | 6.1 Medium |
| IBM Tivoli Netcool Impact 7.1.0.0 through 7.1.0.19 Interim Fix 7 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 190294. | ||||
| CVE-2020-4840 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 6.1 Medium |
| IBM Security Secret Server 10.6 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 190044. | ||||