Export limit exceeded: 79370 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79370 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24624 | 1 Hpe | 1 Utility Computing Service Meter | 2024-11-21 | 7.5 High |
| Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitrary file reads in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | ||||
| CVE-2020-24621 | 1 Openmrs | 1 Htmlformentry | 2024-11-21 | 8.8 High |
| A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed. | ||||
| CVE-2020-24620 | 1 Unisys | 1 Stealth | 2024-11-21 | 7.8 High |
| Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of Enterprise Manager can potentially reveal credentials. | ||||
| CVE-2020-24617 | 1 Mailtrain | 1 Mailtrain | 2024-11-21 | 8.8 High |
| Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campaigns.js via /campaigns/clicked/ajax because variable column names are not properly escaped. | ||||
| CVE-2020-24616 | 4 Debian, Fasterxml, Netapp and 1 more | 25 Debian Linux, Jackson-databind, Active Iq Unified Manager and 22 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP). | ||||
| CVE-2020-24614 | 3 Fedoraproject, Fossil-scm, Opensuse | 4 Fedora, Fossil, Backports Sle and 1 more | 2024-11-21 | 8.8 High |
| Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. | ||||
| CVE-2020-24606 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 8.6 High |
| Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. | ||||
| CVE-2020-24593 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 7.2 High |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. | ||||
| CVE-2020-24584 | 4 Canonical, Djangoproject, Fedoraproject and 1 more | 4 Ubuntu Linux, Django, Fedora and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077. | ||||
| CVE-2020-24583 | 4 Canonical, Djangoproject, Fedoraproject and 1 more | 4 Ubuntu Linux, Django, Fedora and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command. | ||||
| CVE-2020-24581 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 8.0 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands. | ||||
| CVE-2020-24580 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user. | ||||
| CVE-2020-24579 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality. | ||||
| CVE-2020-24577 | 1 Dlink | 2 Dsl-2888a, Dsl-2888a Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The One Touch application discloses sensitive information, such as the hashed admin login password and the Internet provider connection username and cleartext password, in the application's response body for a /tmp/var/passwd or /tmp/home/wan_stat URI. | ||||
| CVE-2020-24576 | 1 Netskope | 1 Netskope | 2024-11-21 | 8.8 High |
| Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. | ||||
| CVE-2020-24574 | 1 Gog | 1 Galaxy | 2024-11-21 | 7.8 High |
| The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism. | ||||
| CVE-2020-24573 | 1 Bab-technologie | 2 Eibport, Eibport Firmware | 2024-11-21 | 7.5 High |
| BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resource Consumption) via requests to the lighttpd component. | ||||
| CVE-2020-24572 | 1 Raspap | 1 Raspap | 2024-11-21 | 8.8 High |
| An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code). | ||||
| CVE-2020-24571 | 1 Nexusdb | 1 Nexusdb | 2024-11-21 | 7.5 High |
| NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal. | ||||
| CVE-2020-24567 | 1 Voidtools | 1 Everything | 2024-11-21 | 7.8 High |
| voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan horse urlmon.dll file in the installation directory. NOTE: this is only relevant if low-privileged users can write to the installation directory, which may be considered a site-specific configuration error | ||||