Export limit exceeded: 25073 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25073 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7957 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-11-21 | 5.3 Medium |
| The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. | ||||
| CVE-2020-7945 | 1 Puppet | 1 Continuous Delivery | 2024-11-21 | 5.5 Medium |
| Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1. | ||||
| CVE-2020-7944 | 1 Puppet | 1 Continuous Delivery | 2024-11-21 | 7.7 High |
| In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes containing Sensitive parameters can result in the Sensitive parameters ending up in the impact analysis report. | ||||
| CVE-2020-7943 | 2 Puppet, Redhat | 5 Puppet Enterprise, Puppet Server, Puppetdb and 2 more | 2024-11-21 | 7.5 High |
| Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types (which may contain sensitive information) as well as function names and class names. Previously, these endpoints were open to the local network. PE 2018.1.13 & 2019.5.0, Puppet Server 6.9.2 & 5.3.12, and PuppetDB 6.9.1 & 5.2.13 disable trapperkeeper-metrics /v1 metrics API and only allows /v2 access on localhost by default. This affects software versions: Puppet Enterprise 2018.1.x stream prior to 2018.1.13 Puppet Enterprise prior to 2019.5.0 Puppet Server prior to 6.9.2 Puppet Server prior to 5.3.12 PuppetDB prior to 6.9.1 PuppetDB prior to 5.2.13 Resolved in: Puppet Enterprise 2018.1.13 Puppet Enterprise 2019.5.0 Puppet Server 6.9.2 Puppet Server 5.3.12 PuppetDB 6.9.1 PuppetDB 5.2.13 | ||||
| CVE-2020-7932 | 1 Openmicroscopy | 1 Omero.web | 2024-11-21 | 5.7 Medium |
| OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed as URL query parameters. If an attacker tricks a user into clicking a malicious link in OMERO.web, the information in the query parameters may be exposed in the Referer header seen by the target. Information in the URL path such as object IDs may also be exposed. | ||||
| CVE-2020-7929 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 6.5 Medium |
| A user authorized to perform database queries may trigger denial of service by issuing specially crafted query contain a type of regex. This issue affects MongoDB Server v3.6 versions prior to 3.6.21 and MongoDB Server v4.0 versions prior to 4.0.20. | ||||
| CVE-2020-7925 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 7.5 High |
| Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9. | ||||
| CVE-2020-7923 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 6.5 Medium |
| A user authorized to perform database queries may cause denial of service by issuing specially crafted queries, which violate an invariant in the query subsystem's support for geoNear. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc7; MongoDB Server v4.2 versions prior to 4.2.8 and MongoDB Server v4.0 versions prior to 4.0.19. | ||||
| CVE-2020-7880 | 2 Douzone, Microsoft | 2 Neors, Windows | 2024-11-21 | 7.5 High |
| The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. | ||||
| CVE-2020-7871 | 1 Cnesty | 1 Helpcom | 2024-11-21 | 7.5 High |
| A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to. | ||||
| CVE-2020-7870 | 1 Unidocs | 2 Ezpdf Editor, Ezpdf Reader | 2024-11-21 | 6.4 Medium |
| A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter. | ||||
| CVE-2020-7869 | 2 Mastersoft, Microsoft | 2 Zook, Windows | 2024-11-21 | 9 Critical |
| An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. | ||||
| CVE-2020-7867 | 1 Helpu | 1 Helpuviewer | 2024-11-21 | 8 High |
| An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator. | ||||
| CVE-2020-7866 | 1 Tobesoft | 1 Xplatform | 2024-11-21 | 8.8 High |
| When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation | ||||
| CVE-2020-7865 | 1 Inoguard | 1 Execm Coreb2b | 2024-11-21 | 8.8 High |
| A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system. | ||||
| CVE-2020-7863 | 1 Raonwiz | 1 Raon K Upload | 2024-11-21 | 8.8 High |
| A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to execute arbitrary commands on a target system as the user. However, the victim must run the Internet Explorer browser with administrator privileges because of the cross-domain policy. | ||||
| CVE-2020-7862 | 1 Helpu | 4 Helpuftclient, Helpuftserver, Helpuserver and 1 more | 2024-11-21 | 7 High |
| A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process. | ||||
| CVE-2020-7857 | 1 Tobesoft | 1 Xplatform | 2024-11-21 | 7.5 High |
| A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of improper classes. This issue affects: Tobesoft XPlatform versions prior to 9.2.2.280. | ||||
| CVE-2020-7849 | 2 Microsoft, Uprism | 2 Windows, Curix | 2024-11-21 | 8 High |
| A vulnerability of uPrism.io CURIX(Video conferecing solution) could allow an unauthenticated attacker to execute arbitrary code. This vulnerability is due to insufficient input(server domain) validation. An attacker could exploit this vulnerability through crafted URL. | ||||
| CVE-2020-7848 | 1 Iptime | 2 C200, C200 Firmware | 2024-11-21 | 8 High |
| The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=1 script. To exploit this vulnerability, an attacker can send a GET request that executes arbitrary OS commands via cookie value. | ||||