Export limit exceeded: 34889 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34889 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26869 | 1 Pcvuesolutions | 1 Pcvue | 2024-11-21 | 7.5 High |
| ARC Informatique PcVue prior to version 12.0.17 is vulnerable to information exposure, allowing unauthorized users to access session data of legitimate users. This issue also affects third-party systems based on the Web Services Toolkit. | ||||
| CVE-2020-26819 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 8.8 High |
| SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. | ||||
| CVE-2020-26814 | 1 Sap | 1 Process Integration \(pgp Module - Business-to-business Add On\) | 2024-11-21 | 4.9 Medium |
| SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure. | ||||
| CVE-2020-26810 | 1 Sap | 1 Commerce Cloud \(accelerator Payment Mock\) | 2024-11-21 | 7.5 High |
| SAP Commerce Cloud (Accelerator Payment Mock), versions - 1808, 1811, 1905, 2005, allows an unauthenticated attacker to submit a crafted request over a network to a particular SAP Commerce module URL which will be processed without further interaction, the crafted request can render the SAP Commerce service itself unavailable leading to Denial of Service with no impact on confidentiality or integrity. | ||||
| CVE-2020-26808 | 1 Sap | 2 Sap As Abap\(dmis\), Sap S4 Hana\(dmis\) | 2024-11-21 | 7.2 High |
| SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application. | ||||
| CVE-2020-26763 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 7.5 High |
| The Rocket.Chat desktop application 2.17.11 opens external links without user interaction. | ||||
| CVE-2020-26728 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2024-11-21 | 9.8 Critical |
| A vulnerability was discovered in Tenda AC9 v3.0 V15.03.06.42_multi and Tenda AC9 V1.0 V15.03.05.19(6318)_CN which allows for remote code execution via shell metacharacters in the guestuser field to the __fastcall function with a POST request. | ||||
| CVE-2020-26652 | 2 Aircrack-ng, Realtek | 3 Aircrack-ng, Rtl8812au, Rtl8812au Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in function nl80211_send_chandef in rtl8812au v5.6.4.2 allows attackers to cause a denial of service. | ||||
| CVE-2020-26607 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October 2020). | ||||
| CVE-2020-26606 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020). | ||||
| CVE-2020-26604 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020). | ||||
| CVE-2020-26601 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034 (October 2020). | ||||
| CVE-2020-26600 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020). | ||||
| CVE-2020-26569 | 1 Arista | 47 7010t-48, 7050cx3-32s, 7050cx3m-32s and 44 more | 2024-11-21 | 5.9 Medium |
| In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train. | ||||
| CVE-2020-26552 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. | ||||
| CVE-2020-26548 | 1 Aviatrix | 1 Controller | 2024-11-21 | 8.8 High |
| An issue was discovered in Aviatrix Controller before R5.4.1290. There is an insecure sudo rule: a user exists that can execute all commands as any user on the system. | ||||
| CVE-2020-26526 | 1 Damstratechnology | 1 Smart Asset | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Damstra Smart Asset 2020.7. It is possible to enumerate valid usernames on the login page. The application sends a different server response when the username is invalid than when the username is valid ("Unable to find an APIDomain" versus "Wrong email or password"). | ||||
| CVE-2020-26524 | 1 Filecloud | 1 Filecloud | 2024-11-21 | 5.3 Medium |
| CodeLathe FileCloud before 20.2.0.11915 allows username enumeration. | ||||
| CVE-2020-26414 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string. | ||||
| CVE-2020-26412 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.1 Low |
| Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2. | ||||