Total
83418 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7815 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be downloaded by setting the arguments to the vulnerable method. this can be leveraged for code execution. File download vulnerability in ____COMPONENT____ of TOBESOFT XPLATFORM allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: TOBESOFT XPLATFORM 9.2.250 versions prior to 9.2.260 on Windows. | |||||
| CVE-2020-7814 | 2 Microsoft, Raonwiz | 2 Windows, Raon K Upload | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to be downloaded and excuted by lack of validation to file extension, witch can used as remote-code-excution attacks by hackers File download & execution vulnerability in ____COMPONENT____ of RAONWIZ RAON KUpload allows ____ATTACKER/ATTACK____ to cause ____IMPACT____. This issue affects: RAONWIZ RAON KUpload 2018.0.2.50 versions prior to 2018.0.2.51 on Windows. | |||||
| CVE-2020-7813 | 1 Kaoni | 1 Ezhttptrans | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | |||||
| CVE-2020-7812 | 2 Kaoni, Microsoft | 2 Ezhttptrans, Windows | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC. | |||||
| CVE-2020-7810 | 2 Handysoft, Microsoft | 2 Hslogin2.dll, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| hslogin2.dll ActiveX Control in Groupware contains a vulnerability that could allow remote files to be downloaded and executed by setting the arguments to the activex method. This is due to a lack of integrity verification of the policy files referenced in the update process, and a remote attacker could induce a user to crafted web page, causing damage such as malicious code infection. | |||||
| CVE-2020-7808 | 2 Microsoft, Raonwiz | 4 Windows 10, Windows 7, Windows 8 and 1 more | 2024-11-21 | 7.5 HIGH | 8.7 HIGH |
| In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it. | |||||
| CVE-2020-7806 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 7.5 HIGH | 7.8 HIGH |
| Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution. | |||||
| CVE-2020-7803 | 2 Imgtech, Microsoft | 2 Zoneplayer, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| IMGTech Co,Ltd ZInsX.ocx ActiveX Control in Zoneplayer 2.0.1.3, version 2.0.1.4 and prior versions on Windows. File Donwload vulnerability in ZInsX.ocx of IMGTech Co,Ltd Zoneplayer allows attacker to cause arbitrary code execution. | |||||
| CVE-2020-7800 | 1 Mysyngeryss | 2 Husky Rtu 6049-e70, Husky Rtu 6049-e70 Firmware | 2024-11-21 | 8.5 HIGH | 8.2 HIGH |
| The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has an Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability. The affected product is vulnerable to specially crafted TCP packets, which can cause the device to shut down or reboot and lose configuration settings. This is a different issue than CVE-2019-16879, CVE-2019-20045, CVE-2019-20046, CVE-2020-7801, and CVE-2020-7802. | |||||
| CVE-2020-7799 | 1 Fusionauth | 1 Fusionauth | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail templates (Home -> Settings -> Email Templates) or themes (Home -> Settings -> Themes), can execute commands on the underlying operating system by abusing freemarker.template.utility.Execute in the Apache FreeMarker engine that processes custom templates. | |||||
| CVE-2020-7795 | 1 Get-npm-package-version Project | 1 Get-npm-package-version | 2024-11-21 | N/A | 7.3 HIGH |
| The package get-npm-package-version before 1.0.7 are vulnerable to Command Injection via main function in index.js. | |||||
| CVE-2020-7793 | 2 Siemens, Ua-parser-js Project | 2 Sinec Ins, Ua-parser-js | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The package ua-parser-js before 0.7.23 are vulnerable to Regular Expression Denial of Service (ReDoS) in multiple regexes (see linked commit for more info). | |||||
| CVE-2020-7792 | 1 Moutjs | 1 Mout | 2024-11-21 | 7.5 HIGH | 7.5 HIGH |
| This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution. | |||||
| CVE-2020-7791 | 1 I18n Project | 1 I18n | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| This affects the package i18n before 2.1.15. Vulnerability arises out of insufficient handling of erroneous language tags in src/i18n/Concrete/TextLocalizer.cs and src/i18n/LocalizedApplication.cs. | |||||
| CVE-2020-7788 | 2 Debian, Ini Project | 2 Debian Linux, Ini | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context. | |||||
| CVE-2020-7787 | 1 React-adal Project | 1 React-adal | 2024-11-21 | 5.0 MEDIUM | 8.2 HIGH |
| This affects all versions of package react-adal. It is possible for a specially crafted JWT token and request URL can cause the nonce, session and refresh values to be incorrectly validated, causing the application to treat an attacker-generated JWT token as authentic. The logical defect is caused by how the nonce, session and refresh values are stored in the browser local storage or session storage. Each key is automatically appended by ||. When the received nonce and session keys are generated, the list of values is stored in the browser storage, separated by ||, with || always appended to the end of the list. Since || will always be the last 2 characters of the stored values, an empty string ("") will always be in the list of the valid values. Therefore, if an empty session parameter is provided in the callback URL, and a specially-crafted JWT token contains an nonce value of "" (empty string), then adal.js will consider the JWT token as authentic. | |||||
| CVE-2020-7778 | 1 Systeminformation | 1 Systeminformation | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| This affects the package systeminformation before 4.30.2. The attacker can overwrite the properties and functions of an object, which can lead to executing OS commands. | |||||
| CVE-2020-7777 | 1 Jsen Project | 1 Jsen | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
| This affects all versions of package jsen. If an attacker can control the schema file, it could run arbitrary JavaScript code on the victim machine. In the module description and README file there is no mention about the risks of untrusted schema files, so I assume that this is applicable. In particular the required field of the schema is not properly sanitized. The resulting string that is build based on the schema definition is then passed to a Function.apply();, leading to an Arbitrary Code Execution. | |||||
| CVE-2020-7776 | 1 Phpoffice | 1 Phpspreadsheet | 2024-11-21 | 3.5 LOW | 7.1 HIGH |
| This affects the package phpoffice/phpspreadsheet from 0.0.0. The library is vulnerable to XSS when creating an html output from an excel file by adding a comment on any cell. The root cause of this issue is within the HTML writer where user comments are concatenated as part of link and this is returned as HTML. A fix for this issue is available on commit 0ed5b800be2136bcb8fa9c1bdf59abc957a98845/master branch. | |||||
| CVE-2020-7774 | 3 Oracle, Siemens, Y18n Project | 3 Graalvm, Sinec Infrastructure Network Services, Y18n | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution. | |||||