Vulnerabilities (CVE)

Total 81955 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5762 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field.
CVE-2020-5761 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2024-11-21 7.8 HIGH 7.5 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service.
CVE-2020-5760 1 Grandstream 12 Ht801, Ht801 Firmware, Ht802 and 9 more 2024-11-21 9.3 HIGH 7.8 HIGH
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message.
CVE-2020-5758 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2024-11-21 9.0 HIGH 8.8 HIGH
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API.
CVE-2020-5756 1 Grandstream 2 Gwn7000, Gwn7000 Firmware 2024-11-21 9.0 HIGH 8.8 HIGH
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router.
CVE-2020-5755 1 Webroot 1 Endpoint Agents 2024-11-21 6.9 MEDIUM 7.8 HIGH
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation.
CVE-2020-5752 1 Druva 1 Insync Client 2024-11-21 7.2 HIGH 7.8 HIGH
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
CVE-2020-5745 1 Tecnick 1 Tcexam 2024-11-21 4.3 MEDIUM 7.4 HIGH
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link.
CVE-2020-5742 1 Plex 1 Media Server 2024-11-21 6.8 MEDIUM 8.8 HIGH
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests.
CVE-2020-5740 2 Microsoft, Plex 2 Windows, Media Server 2024-11-21 7.2 HIGH 7.8 HIGH
Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges.
CVE-2020-5739 1 Grandstream 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more 2024-11-21 9.0 HIGH 8.8 HIGH
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges.
CVE-2020-5738 1 Grandstream 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more 2024-11-21 9.0 HIGH 8.8 HIGH
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface.
CVE-2020-5734 1 Solarwinds 1 Dameware 2024-11-21 4.3 MEDIUM 7.5 HIGH
Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange.
CVE-2020-5726 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
CVE-2020-5724 1 Grandstream 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords.
CVE-2020-5686 1 Nec 4 Univerge Sv8500, Univerge Sv8500 Firmware, Univerge Sv9500 and 1 more 2024-11-21 5.0 MEDIUM 7.5 HIGH
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL.
CVE-2020-5683 1 Weseek 1 Growi 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file.
CVE-2020-5682 1 Weseek 1 Growi 2024-11-21 5.0 MEDIUM 7.5 HIGH
Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors.
CVE-2020-5681 1 Epson 2 Epsonnet Setupmanager, Offirio Synergyware Printdirector 2024-11-21 9.3 HIGH 7.8 HIGH
Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory.
CVE-2020-5680 1 Ec-cube 1 Ec-cube 2024-11-21 5.0 MEDIUM 7.5 HIGH
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector.