Export limit exceeded: 10300 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10300 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13576 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-11-21 | 9.8 Critical |
| A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-13565 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2020-13559 | 1 Freyrscada | 1 Iec-60879-5-104 Server Simulator | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2020-13545 | 1 Softmaker | 1 Softmaker Office | 2024-11-21 | 7.8 High |
| An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||
| CVE-2020-13544 | 1 Softmaker | 1 Softmaker Office | 2024-11-21 | 7.8 High |
| An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||
| CVE-2020-13530 | 1 Opener Project | 1 Opener | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2020-13486 | 1 Verbb | 1 Knock Knock | 2024-11-21 | 6.1 Medium |
| The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. | ||||
| CVE-2020-13485 | 1 Verbb | 1 Knock Knock | 2024-11-21 | 9.1 Critical |
| The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. | ||||
| CVE-2020-13472 | 1 Gigadevice | 2 Gd32f103, Gd32f103 Firmware | 2024-11-21 | 4.6 Medium |
| The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. | ||||
| CVE-2020-13470 | 1 Gigadevice | 4 Gd32f103, Gd32f103 Firmware, Gd32f130 and 1 more | 2024-11-21 | 4.6 Medium |
| Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. | ||||
| CVE-2020-13469 | 1 Gigadevice | 2 Gd32vf103, Gd32vf103 Firmware | 2024-11-21 | 4.6 Medium |
| The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. | ||||
| CVE-2020-13462 | 1 Tufin | 1 Securetrack | 2024-11-21 | 5.7 Medium |
| Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA. | ||||
| CVE-2020-13357 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the user list corresponding to a feature flag in a project. | ||||
| CVE-2020-13353 | 1 Gitlab | 1 Gitaly | 2024-11-21 | 2.5 Low |
| When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above. | ||||
| CVE-2020-13343 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template | ||||
| CVE-2020-13307 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.8 Low |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not revoking current user sessions when 2 factor authentication was activated allowing a malicious user to maintain their access. | ||||
| CVE-2020-13305 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 Low |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was not invalidating project invitation link upon removing a user from a project. | ||||
| CVE-2020-13302 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.8 Low |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. Under certain conditions GitLab was not properly revoking user sessions and allowed a malicious user to access a user account with an old password. | ||||
| CVE-2020-13299 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.1 High |
| A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The revocation feature was not revoking all session tokens and one could re-use it to obtain a valid session. | ||||
| CVE-2020-13246 | 1 Gitea | 1 Gitea | 2024-11-21 | 7.5 High |
| An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. | ||||