Total
11506 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7842 | 1 Netu | 2 Wf2429tb, Wf2429tb Firmware | 2024-11-21 | 6.0 MEDIUM | 6.4 MEDIUM |
| Improper Input validation vulnerability exists in Netis Korea D'live AP which could cause arbitrary command injection and execution when the time setting (using ntpServerlp1 parameter) for the users. This affects D'live set-top box AP(WF2429TB) v1.1.10. | |||||
| CVE-2020-7841 | 1 Tobesoft | 1 Xplatform | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Improper input validation vulnerability exists in TOBESOFT XPLATFORM which could cause arbitrary .hta file execution when the command string is begun with http://, https://, mailto:// | |||||
| CVE-2020-7839 | 1 Markany | 1 Maepsbroker | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| In MaEPSBroker 2.5.0.31 and prior, a command injection vulnerability caused by improper input validation checks when parsing brokerCommand parameter. | |||||
| CVE-2020-7838 | 2 Microsoft, Onstove | 2 Windows, Stove | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A arbitrary code execution vulnerability exists in the way that the Stove client improperly validates input value. An attacker could execute arbitrary code when the user access to crafted web page. This issue affects: Smilegate STOVE Client 0.0.4.72. | |||||
| CVE-2020-7832 | 2 Dext5, Microsoft | 2 Dext5, Windows | 2024-11-21 | 7.5 HIGH | 8.8 HIGH |
| A vulnerability (improper input validation) in the DEXT5 Upload solution allows an unauthenticated attacker to download and execute an arbitrary file via AddUploadFile, SetSelectItem, DoOpenFile function.(CVE-2020-7832) | |||||
| CVE-2020-7830 | 1 Raonwiz | 1 Raon Kupload | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to be downloaded by lack of validation. Vulnerabilities in downloading with Kupload agent allow files to be downloaded to arbitrary paths due to insufficient verification of extensions and download paths. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions and earlier. | |||||
| CVE-2020-7823 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Memory corruption vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7822 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7821 | 2 Microsoft, Nexaweb | 3 Windows, Nexacro 14, Nexacro 17 | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC | |||||
| CVE-2020-7820 | 2 Microsoft, Nexaweb | 3 Windows, Nexacro 14, Nexacro 17 | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC | |||||
| CVE-2020-7818 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7814 | 2 Microsoft, Raonwiz | 2 Windows, Raon K Upload | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows. | |||||
| CVE-2020-7803 | 2 Imgtech, Microsoft | 2 Zoneplayer, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution. | |||||
| CVE-2020-7740 | 1 Node-pdf-generator Project | 1 Node-pdf-generator | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| This affects all versions of package node-pdf-generator. Due to lack of user input validation and sanitization done to the content given to node-pdf-generator, it is possible for an attacker to craft a url that will be passed to an external server allowing an SSRF attack. | |||||
| CVE-2020-7614 | 1 Npm-programmatic Project | 1 Npm-programmatic | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option properties are concatenated together without any validation and are used by the 'exec' function directly. | |||||
| CVE-2020-7588 | 1 Siemens | 13 Opcenter Execution Discrete, Opcenter Execution Foundation, Opcenter Execution Process and 10 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter Execution Foundation (All versions < V3.2), Opcenter Execution Process (All versions < V3.2), Opcenter Intelligence (All versions < V3.3), Opcenter Quality (All versions < V11.3), Opcenter RD&L (V8.0), SIMATIC IT LMS (All versions < V2.6), SIMATIC IT Production Suite (All versions < V8.0), SIMATIC Notifier Server for Windows (All versions), SIMATIC PCS neo (All versions < V3.0 SP1), SIMATIC STEP 7 (TIA Portal) V15 (All versions < V15.1 Update 5), SIMATIC STEP 7 (TIA Portal) V16 (All versions < V16 Update 2), SIMOCODE ES V15.1 (All versions < V15.1 Update 4), SIMOCODE ES V16 (All versions < V16 Update 1), Soft Starter ES V15.1 (All versions < V15.1 Update 3), Soft Starter ES V16 (All versions < V16 Update 1). Sending a specially crafted packet to the affected service could cause a partial remote denial-of-service, that would cause the service to restart itself. | |||||
| CVE-2020-7526 | 1 Apc | 1 Powerchute | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and earlier) which could cause remote code execution when a script is executed during a shutdown event. | |||||
| CVE-2020-7518 | 1 Schneider-electric | 1 Easergy Builder | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and older) which could allow an attacker to modify project configuration files. | |||||
| CVE-2020-7504 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to disable the webserver service on the device when specially crafted network packets are sent. | |||||
| CVE-2020-7472 | 1 Sugarcrm | 1 Sugarcrm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An authorization bypass and PHP local-file-include vulnerability in the installation component of SugarCRM before 8.0, 8.0 before 8.0.7, 9.0 before 9.0.4, and 10.0 before 10.0.0 allows for unauthenticated remote code execution against a configured SugarCRM instance via crafted HTTP requests. (This is exploitable even after installation is completed.). | |||||