Export limit exceeded: 347464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79414 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79414 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26122 | 1 Inspur | 30 Nf5180m5, Nf5180m5 Firmware, Nf5260m5 and 27 more | 2024-11-21 | 7.2 High |
| Inspur NF5266M5 through 3.21.2 and other server M5 devices allow remote code execution via administrator privileges. The Baseboard Management Controller (BMC) program of INSPUR server is weak in checking the firmware and lacks the signature verification mechanism, the attacker who obtains the administrator's rights can control the BMC by inserting malicious code into the firmware program and bypassing the current verification mechanism to upgrade the BMC. | ||||
| CVE-2020-26121 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 7.5 High |
| An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against "page creation" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title. | ||||
| CVE-2020-26118 | 1 Smartbear | 1 Collaborator | 2024-11-21 | 8.8 High |
| In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system. | ||||
| CVE-2020-26117 | 4 Debian, Opensuse, Redhat and 1 more | 4 Debian Linux, Leap, Enterprise Linux and 1 more | 2024-11-21 | 8.1 High |
| In rfb/CSecurityTLS.cxx and rfb/CSecurityTLS.java in TigerVNC before 1.11.0, viewers mishandle TLS certificate exceptions. They store the certificates as authorities, meaning that the owner of a certificate could impersonate any server after a client had added an exception. | ||||
| CVE-2020-26116 | 8 Canonical, Debian, Fedoraproject and 5 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-11-21 | 7.2 High |
| http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request. | ||||
| CVE-2020-26112 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| The email quota cache in cPanel before 90.0.10 allows overwriting of files. | ||||
| CVE-2020-26109 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 88.0.13 allows bypass of a protection mechanism that attempted to restrict package modification (SEC-557). | ||||
| CVE-2020-26107 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 88.0.3, upon an upgrade, establishes predictable PowerDNS API keys (SEC-561). | ||||
| CVE-2020-26106 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 88.0.3 has weak permissions (world readable) for the proxy subdomains log file (SEC-558). | ||||
| CVE-2020-26104 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| In cPanel before 88.0.3, an insecure SRS secret is used on a templated VM (SEC-552). | ||||
| CVE-2020-26103 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| In cPanel before 88.0.3, an insecure site password is used for Mailman on a templated VM (SEC-551). | ||||
| CVE-2020-26102 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| In cPanel before 88.0.3, an insecure auth policy API key is used by Dovecot on a templated VM (SEC-550). | ||||
| CVE-2020-26099 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.5 High |
| cPanel before 88.0.3 allows attackers to bypass the SMTP greylisting protection mechanism (SEC-491). | ||||
| CVE-2020-26076 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 7.5 High |
| A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the absence of authentication for sensitive information. An attacker could exploit this vulnerability by sending crafted curl commands to an affected device. A successful exploit could allow the attacker to view sensitive database information on the affected device. | ||||
| CVE-2020-26075 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 8.8 High |
| A vulnerability in the REST API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to gain access to the back-end database of an affected device. The vulnerability is due to insufficient input validation of REST API requests that are made to an affected device. An attacker could exploit this vulnerability by crafting malicious API requests to the affected device. A successful exploit could allow the attacker to gain access to the back-end database of the affected device. | ||||
| CVE-2020-26072 | 1 Cisco | 1 Iot Field Network Director | 2024-11-21 | 8.7 High |
| A vulnerability in the SOAP API of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to access and modify information on devices that belong to a different domain. The vulnerability is due to insufficient authorization in the SOAP API. An attacker could exploit this vulnerability by sending SOAP API requests to affected devices for devices that are outside their authorized domain. A successful exploit could allow the attacker to access and modify information on devices that belong to a different domain. | ||||
| CVE-2020-26070 | 1 Cisco | 12 Asr 9000v, Asr 9001, Asr 9006 and 9 more | 2024-11-21 | 8.6 High |
| A vulnerability in the ingress packet processing function of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper resource allocation when an affected device processes network traffic in software switching mode (punted). An attacker could exploit this vulnerability by sending specific streams of Layer 2 or Layer 3 protocol data units (PDUs) to an affected device. A successful exploit could cause the affected device to run out of buffer resources, which could make the device unable to process or forward traffic, resulting in a DoS condition. The device would need to be restarted to regain functionality. | ||||
| CVE-2020-26064 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2024-11-21 | 8.1 High |
| A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application. | ||||
| CVE-2020-26061 | 1 Clickstudios | 1 Passwordstate | 2024-11-21 | 7.5 High |
| ClickStudios Passwordstate Password Reset Portal prior to build 8501 is affected by an authentication bypass vulnerability. The ResetPassword function does not validate whether the user has successfully authenticated using security questions. An unauthenticated, remote attacker can send a crafted HTTP request to the /account/ResetPassword page to set a new password for any registered user. | ||||
| CVE-2020-26050 | 1 Safervpn | 1 Safervpn | 2024-11-21 | 7.8 High |
| SaferVPN for Windows Ver 5.0.3.3 through 5.0.4.15 could allow local privilege escalation from low privileged users to SYSTEM via a crafted openssl configuration file. This issue is similar to CVE-2019-12572. | ||||