Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 76324 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76324 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10120 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.2 High |
| cPanel before 84.0.20 allows resellers to achieve remote code execution as root via a cpsrvd rsync shell (SEC-545). | ||||
| CVE-2020-10115 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 7.2 High |
| cPanel before 84.0.20, when PowerDNS is used, allows arbitrary code execution as root via dnsadmin. (SEC-537). | ||||
| CVE-2020-10111 | 1 Citrix | 1 Gateway Firmware | 2024-11-21 | 7.5 High |
| Citrix Gateway 11.1, 12.0, and 12.1 has an Inconsistent Interpretation of HTTP Requests. NOTE: Citrix disputes the reported behavior as not a security issue. Citrix ADC only caches HTTP/1.1 traffic for performance optimization | ||||
| CVE-2020-10101 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| An issue was discovered in Zammad 3.0 through 3.2. The WebSocket server crashes when messages in non-JSON format are sent by an attacker. The message format is not properly checked and parsing errors not handled. This leads to a crash of the service process. | ||||
| CVE-2020-10096 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| An issue was discovered in Zammad 3.0 through 3.2. It does not prevent caching of confidential data within browser memory. An attacker who either remotely compromises or obtains physical access to a user's workstation can browse the browser cache contents and obtain sensitive information. The attacker does not need to be authenticated with the application to view this information, as it would be available via the browser cache. | ||||
| CVE-2020-10089 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | ||||
| CVE-2020-10088 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.1 High |
| GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. | ||||
| CVE-2020-10087 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. | ||||
| CVE-2020-10073 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. | ||||
| CVE-2020-10067 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.5 High |
| A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. | ||||
| CVE-2020-10064 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.3 High |
| Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 | ||||
| CVE-2020-10061 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.1 High |
| Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | ||||
| CVE-2020-10060 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8 High |
| In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. | ||||
| CVE-2020-10058 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.8 High |
| Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. | ||||
| CVE-2020-10057 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 8.8 High |
| GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user. | ||||
| CVE-2020-10056 | 1 Siemens | 1 License Management Utility | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges. | ||||
| CVE-2020-10051 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service. | ||||
| CVE-2020-10050 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts. | ||||
| CVE-2020-10049 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 7.3 High |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators. | ||||
| CVE-2020-10045 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application. | ||||