Export limit exceeded: 80320 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80320 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7938 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate their privileges up to the highest level. | ||||
| CVE-2020-7935 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 7.2 High |
| Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricted Upload Of A File With A Dangerous Type issue in the File Manager. An attacker can create a (or use an existing) directory that is externally accessible to store PHP files. The filename and the exact path is known by the attacker, so it is possible to execute PHP code in the context of the application. The vulnerability is exploitable only with Administrator access. | ||||
| CVE-2020-7931 | 1 Jfrog | 1 Artifactory | 2024-11-21 | 8.8 High |
| In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execution, e.g., by modifying a .ssh/authorized_keys file. Patches are available for various versions between 5.11.8 and 6.16.0. The issue exists because use of the DefaultObjectWrapper class makes certain Java functions accessible to a template. | ||||
| CVE-2020-7927 | 1 Mongodb | 1 Ops Manager | 2024-11-21 | 8.1 High |
| Specially crafted API calls may allow an authenticated user who holds Organization Owner privilege to obtain an API key with Global Role privilege. This issue affects MongoDB Ops Manager v4.2 versions prior to and including 4.2.17, MongoDB Ops Manager v4.3 versions prior to and including 4.3.9 and MongoDB Ops Manager v4.4 versions prior to and including 4.4.2. | ||||
| CVE-2020-7925 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 7.5 High |
| Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9. | ||||
| CVE-2020-7920 | 1 Percona | 1 Monitoring And Management | 2024-11-21 | 7.5 High |
| pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated denial of service. | ||||
| CVE-2020-7919 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2024-11-21 | 7.5 High |
| Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | ||||
| CVE-2020-7914 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file read operations over the network. This issue was fixed in 2019.3. | ||||
| CVE-2020-7909 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI. | ||||
| CVE-2020-7907 | 1 Jetbrains | 1 Scala | 2024-11-21 | 7.5 High |
| In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencrypted connections. | ||||
| CVE-2020-7906 | 1 Jetbrains | 1 Rider | 2024-11-21 | 7.5 High |
| In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided by the Windows installer. This issue was fixed in release version 2019.3. | ||||
| CVE-2020-7905 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.5 High |
| Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network. | ||||
| CVE-2020-7904 | 1 Jetbrains | 1 Intellij Idea | 2024-11-21 | 7.4 High |
| In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of HTTPS. | ||||
| CVE-2020-7882 | 2 Hancom, Microsoft | 2 Anysign4pc, Windows | 2024-11-21 | 7.5 High |
| Using the parameter of getPFXFolderList function, attackers can see the information of authorization certification and delete the files. It occurs because the parameter contains path traversal characters(ie. '../../../') | ||||
| CVE-2020-7881 | 2 Afreecatv, Microsoft | 2 Afreecatv, Windows | 2024-11-21 | 7.5 High |
| The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length. | ||||
| CVE-2020-7880 | 2 Douzone, Microsoft | 2 Neors, Windows | 2024-11-21 | 7.5 High |
| The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. | ||||
| CVE-2020-7879 | 1 Iptime | 2 C200, C200 Firmware | 2024-11-21 | 8.8 High |
| This issue was discovered when the ipTIME C200 IP Camera was synchronized with the ipTIME NAS. It is necessary to extract value for ipTIME IP camera because the ipTIME NAS send ans setCookie('[COOKIE]') . The value is transferred to the --header option in wget binary, and there is no validation check. This vulnerability allows remote attackers to execute remote command. | ||||
| CVE-2020-7877 | 2 Mastersoft, Microsoft | 3 Zook Agent, Zook Viewer, Windows | 2024-11-21 | 8 High |
| A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command. | ||||
| CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2024-11-21 | 7.5 High |
| DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | ||||
| CVE-2020-7874 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-11-21 | 8.8 High |
| Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. | ||||