Export limit exceeded: 359527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8619 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15062 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2024-11-21 | 8.8 High |
| DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-15058 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-11-21 | 8.8 High |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 8.8 High |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-14990 | 1 Iobit | 1 Advanced Systemcare | 2024-11-21 | 7.1 High |
| IOBit Advanced SystemCare Free 13.5.0.263 allows local users to gain privileges for file deletion by manipulating the Clean & Optimize feature with an NTFS junction and an Object Manager symbolic link. | ||||
| CVE-2020-14942 | 1 Tendenci | 1 Tendenci | 2024-11-21 | 9.8 Critical |
| Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py. | ||||
| CVE-2020-14933 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 8.8 High |
| compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object injection are not satisfied: existence of a PHP magic method (such as __wakeup or __destruct), and any attack-relevant classes must be declared before unserialize is called (or must be autoloaded). | ||||
| CVE-2020-14932 | 1 Squirrelmail | 1 Squirrelmail | 2024-11-21 | 9.8 Critical |
| compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php. | ||||
| CVE-2020-14930 | 1 Bt Ctroms Terminal Project | 1 Bt Ctroms Terminal | 2024-11-21 | 8.1 High |
| An issue was discovered in BT CTROMS Terminal OS Port Portal CT-464. Account takeover can occur because the password-reset feature discloses the verification token. Upon a getverificationcode.jsp request, this token is transmitted not only to the registered phone number of the user account, but is also transmitted to the unauthenticated HTTP client. | ||||
| CVE-2020-14489 | 1 Openclinic Ga Project | 1 Openclinic Ga | 2024-11-21 | 6.2 Medium |
| OpenClinic GA 5.09.02 and 5.89.05b stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques. | ||||
| CVE-2020-14470 | 1 Octopus | 1 Octopus Deploy | 2024-11-21 | 6.5 Medium |
| In Octopus Deploy 2018.8.0 through 2019.x before 2019.12.2, an authenticated user with could trigger a deployment that leaks the Helm Chart repository password. | ||||
| CVE-2020-14391 | 2 Gnome, Redhat | 6 Control Center, Enterprise Linux, Enterprise Linux Aus and 3 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the GNOME Control Center in Red Hat Enterprise Linux 8 versions prior to 8.2, where it improperly uses Red Hat Customer Portal credentials when a user registers a system through the GNOME Settings User Interface. This flaw allows a local attacker to discover the Red Hat Customer Portal password. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-14367 | 3 Canonical, Fedoraproject, Tuxfamily | 3 Ubuntu Linux, Fedora, Chrony | 2024-11-21 | 6.0 Medium |
| A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony folder. The file is created during chronyd startup while still running as the root user, and when it's opened for writing, chronyd does not check for an existing symbolic link with the same file name. This flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing to any destination file in the system, resulting in data loss and a denial of service due to the path traversal. | ||||
| CVE-2020-14334 | 1 Redhat | 2 Satellite, Satellite Capsule | 2024-11-21 | 8.8 High |
| A flaw was found in Red Hat Satellite 6 which allows privileged attacker to read cache files. These cache credentials could help attacker to gain complete control of the Satellite instance. | ||||
| CVE-2020-14332 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Ansible Engine when using module_args. Tasks executed with check mode (--check-mode) do not properly neutralize sensitive data exposed in the event data. This flaw allows unauthorized users to read this data. The highest threat from this vulnerability is to confidentiality. | ||||
| CVE-2020-14330 | 2 Debian, Redhat | 2 Debian Linux, Ansible Engine | 2024-11-21 | 5 Medium |
| An Improper Output Neutralization for Logs flaw was found in Ansible when using the uri module, where sensitive data is exposed to content and json output. This flaw allows an attacker to access the logs or outputs of performed tasks to read keys used in playbooks from other users within the uri module. The highest threat from this vulnerability is to data confidentiality. | ||||
| CVE-2020-14195 | 5 Debian, Fasterxml, Netapp and 2 more | 17 Debian Linux, Jackson-databind, Active Iq Unified Manager and 14 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity). | ||||
| CVE-2020-14172 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2024-11-21 | 9.8 Critical |
| This issue exists to document that a security improvement in the way that Jira Server and Data Center use velocity templates has been implemented. The way in which velocity templates were used in Atlassian Jira Server and Data Center in affected versions allowed remote attackers to achieve remote code execution via insecure deserialization, if they were able to exploit a server side template injection vulnerability. The affected versions are before version 7.13.0, from version 8.0.0 before 8.5.0, and from version 8.6.0 before version 8.8.1. | ||||
| CVE-2020-14062 | 5 Debian, Fasterxml, Netapp and 2 more | 18 Debian Linux, Jackson-databind, Active Iq Unified Manager and 15 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2). | ||||
| CVE-2020-14060 | 4 Fasterxml, Netapp, Oracle and 1 more | 17 Jackson-databind, Active Iq Unified Manager, Steelstore Cloud Integrated Storage and 14 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill). | ||||
| CVE-2020-14030 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 7.2 High |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. It stores SMS messages in .NET serialized format on the filesystem. By generating (and writing to the disk) malicious .NET serialized files, an attacker can trick the product into deserializing them, resulting in arbitrary code execution. | ||||