Export limit exceeded: 80115 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80115 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5791 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| Improper neutralization of special elements used in an OS command in Nagios XI 5.7.3 allows a remote, authenticated admin user to execute operating system commands with the privileges of the apache user. | ||||
| CVE-2020-5786 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.3 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5779 | 1 Tradingtechnologies | 1 Trading Technologies Messaging | 2024-11-21 | 7.5 High |
| A flaw in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) relates to invalid parameter handling when calling strcpy_s() with an invalid parameter (i.e., a long src string parameter) as a part of processing a type 4 message sent to default TCP RequestPort 10200. It's been observed that ttmd.exe terminates as a result. | ||||
| CVE-2020-5778 | 1 Tradingtechnologies | 1 Trading Technologies Messaging | 2024-11-21 | 7.5 High |
| A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe. | ||||
| CVE-2020-5776 | 1 Magmi Project | 1 Magmi | 2024-11-21 | 8.8 High |
| Currently, all versions of MAGMI are vulnerable to CSRF due to the lack of CSRF tokens. RCE (via phpcli command) is possible in the event that a CSRF is leveraged against an existing admin session for MAGMI. | ||||
| CVE-2020-5774 | 1 Tenable | 1 Nessus | 2024-11-21 | 7.1 High |
| Nessus versions 8.11.0 and earlier were found to maintain sessions longer than the permitted period in certain scenarios. The lack of proper session expiration could allow attackers with local access to login into an existing browser session. | ||||
| CVE-2020-5773 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 8.8 High |
| Improper Access Control in Teltonika firmware TRB2_R_00.02.04.01 allows a low privileged user to perform unauthorized write operations. | ||||
| CVE-2020-5772 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 7.5 High |
| Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. | ||||
| CVE-2020-5771 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 7.5 High |
| Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. | ||||
| CVE-2020-5770 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 8.8 High |
| Cross-site request forgery in Teltonika firmware TRB2_R_00.02.04.01 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | ||||
| CVE-2020-5766 | 1 Srs Simple Hits Counter Project | 1 Srs Simple Hits Counter | 2024-11-21 | 7.5 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields. | ||||
| CVE-2020-5764 | 1 Mxplayer | 1 Mx Player | 2024-11-21 | 8.8 High |
| MX Player Android App versions prior to v1.24.5, are vulnerable to a directory traversal vulnerability when user is using the MX Transfer feature in "Receive" mode. An attacker can exploit this by connecting to the MX Transfer session as a "sender" and sending a MessageType of "FILE_LIST" with a "name" field containing directory traversal characters (../). This will result in the file being transferred to the victim's phone, but being saved outside of the intended "/sdcard/MXshare" directory. In some instances, an attacker can achieve remote code execution by writing ".odex" and ".vdex" files in the "oat" directory of the MX Player application. | ||||
| CVE-2020-5763 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 8.8 High |
| Grandstream HT800 series firmware version 1.0.17.5 and below contain a backdoor in the SSH service. An authenticated remote attacker can obtain a root shell by correctly answering a challenge prompt. | ||||
| CVE-2020-5762 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 7.5 High |
| Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field. | ||||
| CVE-2020-5761 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 7.5 High |
| Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service. | ||||
| CVE-2020-5760 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 7.8 High |
| Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. | ||||
| CVE-2020-5758 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 8.8 High |
| Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. | ||||
| CVE-2020-5756 | 1 Grandstream | 2 Gwn7000, Gwn7000 Firmware | 2024-11-21 | 8.8 High |
| Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. | ||||
| CVE-2020-5755 | 1 Webroot | 1 Endpoint Agents | 2024-11-21 | 7.8 High |
| Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation. | ||||
| CVE-2020-5752 | 1 Druva | 1 Insync Client | 2024-11-21 | 7.8 High |
| Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | ||||