Total
11158 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8184 | 3 Canonical, Debian, Rack Project | 3 Ubuntu Linux, Debian Linux, Rack | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2.3, rack < 2.1.4 that makes it is possible for an attacker to forge a secure or host-only cookie prefix. | |||||
| CVE-2020-8147 | 1 Utils-extend Project | 1 Utils-extend | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend. | |||||
| CVE-2020-8132 | 1 Pdf-image Project | 1 Pdf-image | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. | |||||
| CVE-2020-8125 | 1 Klona Project | 1 Klona | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using klona. | |||||
| CVE-2020-8124 | 1 Url-parse Project | 1 Url-parse | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks. | |||||
| CVE-2020-8122 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received. | |||||
| CVE-2020-8102 | 1 Bitdefender | 1 Total Security 2020 | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. | |||||
| CVE-2020-8100 | 1 Bitdefender | 1 Engines | 2024-11-21 | 5.0 MEDIUM | 9.0 CRITICAL |
| Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. | |||||
| CVE-2020-8095 | 1 Bitdefender | 1 Total Security 2020 | 2024-11-21 | 4.9 MEDIUM | 4.9 MEDIUM |
| A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. | |||||
| CVE-2020-8087 | 1 Smc | 2 D3g0804w, D3g0804w Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument. | |||||
| CVE-2020-7957 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many characters must be read to compute the snippet and a trailing > character exists. This causes a denial of service in which the recipient cannot read all of their messages. | |||||
| CVE-2020-7925 | 1 Mongodb | 1 Mongodb | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect validation of user input in the role name parser may lead to use of uninitialized memory allowing an unauthenticated attacker to use a specially crafted request to cause a denial of service. This issue affects MongoDB Server v4.4 versions prior to 4.4.0-rc12; MongoDB Server v4.2 versions prior to 4.2.9. | |||||
| CVE-2020-7880 | 2 Douzone, Microsoft | 2 Neors, Windows | 2024-11-21 | 9.3 HIGH | 7.5 HIGH |
| The vulnerabilty was discovered in ActiveX module related to NeoRS remote support program. This issue allows an remote attacker to download and execute remote file. It is because of improper parameter validation of StartNeoRS function in ActiveX. | |||||
| CVE-2020-7871 | 1 Cnesty | 1 Helpcom | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. This vulnerability exists due to insufficient validation of the parameter. This issue affects: Cnesty Helpcom 10.0 versions prior to. | |||||
| CVE-2020-7870 | 1 Unidocs | 2 Ezpdf Editor, Ezpdf Reader | 2024-11-21 | 6.5 MEDIUM | 6.4 MEDIUM |
| A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerability exists due to insufficient validation of the parameter. | |||||
| CVE-2020-7869 | 2 Mastersoft, Microsoft | 2 Zook, Windows | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
| An improper input validation vulnerability of ZOOK software (remote administration tool) could allow a remote attacker to create arbitrary file. The ZOOK viewer has the "Tight file CMD" function to create file. An attacker could create and execute arbitrary file in the ZOOK agent program using "Tight file CMD" without authority. | |||||
| CVE-2020-7867 | 1 Helpu | 1 Helpuviewer | 2024-11-21 | 4.6 MEDIUM | 8.0 HIGH |
| An improper input validation vulnerability in Helpu solution could allow a local attacker to arbitrary file creation and execution without click file transfer menu. It is possible to file in arbitrary directory for user because the viewer program receive the file from agent with privilege of administrator. | |||||
| CVE-2020-7866 | 1 Tobesoft | 1 Xplatform | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| When using XPLATFORM 9.2.2.270 or earlier versions ActiveX component, arbitrary commands can be executed due to improper input validation | |||||
| CVE-2020-7865 | 1 Inoguard | 1 Execm Coreb2b | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| A vulnerability(improper input validation) in the ExECM CoreB2B solution allows an unauthenticated attacker to download and execute an arbitrary file via httpDownload function. A successful exploit could allow the attacker to hijack vulnerable system. | |||||
| CVE-2020-7863 | 1 Raonwiz | 1 Raon K Upload | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
| A vulnerability in File Transfer Solution of Raonwiz could allow arbitrary command execution as the result of viewing a specially-crafted web page. This vulnerability is due to insufficient validation of the parameter of the specific method. An attacker could exploit this vulnerability by setting the parameter to the command they want to execute. A successful exploit could allow the attacker to execute arbitrary commands on a target system as the user. However, the victim must run the Internet Explorer browser with administrator privileges because of the cross-domain policy. | |||||