Total
81955 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5762 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to a denial of service attack against the TR-069 service. An unauthenticated remote attacker can stop the service due to a NULL pointer dereference in the TR-069 service. This condition is triggered due to mishandling of the HTTP Authentication field. | |||||
CVE-2020-5761 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to CPU exhaustion due to an infinite loop in the TR-069 service. Unauthenticated remote attackers can trigger this case by sending a one character TCP message to the TR-069 service. | |||||
CVE-2020-5760 | 1 Grandstream | 12 Ht801, Ht801 Firmware, Ht802 and 9 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
Grandstream HT800 series firmware version 1.0.17.5 and below is vulnerable to an OS command injection vulnerability. Unauthenticated remote attackers can execute arbitrary commands as root by crafting a special configuration file and sending a crafted SIP message. | |||||
CVE-2020-5758 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Grandstream UCM6200 series firmware version 1.0.20.23 and below is vulnerable to OS command injection via HTTP. An authenticated remote attacker can execute commands as the root user by sending a crafted HTTP GET to the UCM's "Old" HTTPS API. | |||||
CVE-2020-5756 | 1 Grandstream | 2 Gwn7000, Gwn7000 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Grandstream GWN7000 firmware version 1.0.9.4 and below allows authenticated remote users to modify the system's crontab via undocumented API. An attacker can use this functionality to execute arbitrary OS commands on the router. | |||||
CVE-2020-5755 | 1 Webroot | 1 Endpoint Agents | 2024-11-21 | 6.9 MEDIUM | 7.8 HIGH |
Webroot endpoint agents prior to version v9.0.28.48 did not protect the "%PROGRAMDATA%\WrData\PKG" directory against renaming. This could allow attackers to trigger a crash or wait upon Webroot service restart to rewrite and hijack dlls in this directory for privilege escalation. | |||||
CVE-2020-5752 | 1 Druva | 1 Insync Client | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Relative path traversal in Druva inSync Windows Client 6.6.3 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. | |||||
CVE-2020-5745 | 1 Tecnick | 1 Tcexam | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
Cross-site request forgery in TCExam 14.2.2 allows a remote attacker to perform sensitive application actions by tricking legitimate users into clicking a crafted link. | |||||
CVE-2020-5742 | 1 Plex | 1 Media Server | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Improper Access Control in Plex Media Server prior to June 15, 2020 allows any origin to execute cross-origin application requests. | |||||
CVE-2020-5740 | 2 Microsoft, Plex | 2 Windows, Media Server | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
Improper Input Validation in Plex Media Server on Windows allows a local, unauthenticated attacker to execute arbitrary Python code with SYSTEM privileges. | |||||
CVE-2020-5739 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker adds an OpenVPN up script to the phone's VPN settings via the "Additional Settings" field in the web interface. When the VPN's connection is established, the user defined script is executed with root privileges. | |||||
CVE-2020-5738 | 1 Grandstream | 12 Gxp1610, Gxp1610 Firmware, Gxp1615 and 9 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
Grandstream GXP1600 series firmware 1.0.4.152 and below is vulnerable to authenticated remote command execution when an attacker uploads a specially crafted tar file to the HTTP /cgi-bin/upload_vpntar interface. | |||||
CVE-2020-5734 | 1 Solarwinds | 1 Dameware | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. | |||||
CVE-2020-5726 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the CTI server on port 8888. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | |||||
CVE-2020-5724 | 1 Grandstream | 6 Ucm6202, Ucm6202 Firmware, Ucm6204 and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The Grandstream UCM6200 series before 1.0.20.22 is vulnerable to an SQL injection via the HTTP server's websockify endpoint. A remote unauthenticated attacker can invoke the challenge action with a crafted username and discover user passwords. | |||||
CVE-2020-5686 | 1 Nec | 4 Univerge Sv8500, Univerge Sv8500 Firmware, Univerge Sv9500 and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Incorrect implementation of authentication algorithm issue in UNIVERGE SV9500 series from V1 to V7and SV8500 series from S6 to S8 allows an attacker to access the remote system maintenance feature and obtain the information by sending a specially crafted request to a specific URL. | |||||
CVE-2020-5683 | 1 Weseek | 1 Growi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Directory traversal vulnerability in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to alter the data by uploading a specially crafted file. | |||||
CVE-2020-5682 | 1 Weseek | 1 Growi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors. | |||||
CVE-2020-5681 | 1 Epson | 2 Epsonnet Setupmanager, Offirio Synergyware Printdirector | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
Untrusted search path vulnerability in self-extracting files created by EpsonNet SetupManager versions 2.2.14 and earlier, and Offirio SynergyWare PrintDirector versions 1.6x/1.6y and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. | |||||
CVE-2020-5680 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. |