Total
2771 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-24826 | 1 Libelfin Project | 1 Libelfin | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
CVE-2020-24825 | 1 Libelfin Project | 1 Libelfin | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
CVE-2020-24823 | 1 Libelfin Project | 1 Libelfin | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
CVE-2020-24822 | 1 Libelfin Project | 1 Libelfin | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
CVE-2020-24821 | 1 Libelfin Project | 1 Libelfin | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | |||||
CVE-2020-24364 | 1 Ethz | 1 Minetime | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. | |||||
CVE-2020-24275 | 1 Swoole | 1 Swoole | 2024-11-21 | N/A | 6.5 MEDIUM |
A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | |||||
CVE-2020-23148 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | |||||
CVE-2020-23050 | 1 Taotesting | 1 Tao Assessment Platform | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code. | |||||
CVE-2020-22277 | 1 Codection | 1 Import And Export Users And Customers | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
Import and export users and customers WordPress Plugin through 1.15.5.11 allows CSV injection via a customer's profile. | |||||
CVE-2020-22275 | 1 Easyregistrationforms | 1 Easy Registration Forms | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
Easy Registration Forms (ER Forms) Wordpress Plugin 2.0.6 allows an attacker to submit an entry with malicious CSV commands. After that, when the system administrator generates CSV output from the forms information, there is no check on this inputs and the codes are executable. | |||||
CVE-2020-21523 | 1 Halo | 1 Halo | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")} | |||||
CVE-2020-1961 | 1 Apache | 1 Syncope | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered. | |||||
CVE-2020-1960 | 1 Apache | 1 Flink | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
A vulnerability in Apache Flink (1.1.0 to 1.1.5, 1.2.0 to 1.2.1, 1.3.0 to 1.3.3, 1.4.0 to 1.4.2, 1.5.0 to 1.5.6, 1.6.0 to 1.6.4, 1.7.0 to 1.7.2, 1.8.0 to 1.8.3, 1.9.0 to 1.9.2, 1.10.0) where, when running a process with an enabled JMXReporter, with a port configured via metrics.reporter.reporter_name>.port, an attacker with local access to the machine and JMX port can execute a man-in-the-middle attack using a specially crafted request to rebind the JMXRMI registry to one under the attacker's control. This compromises any connection established to the process via JMX, allowing extraction of credentials and any other transferred data. | |||||
CVE-2020-1958 | 1 Apache | 1 Druid | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user. | |||||
CVE-2020-1811 | 1 Huawei | 1 Gaussdb 200 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands. | |||||
CVE-2020-1790 | 1 Huawei | 1 Gaussdb 200 | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
GaussDB 200 with version of 6.5.1 have a command injection vulnerability. The software constructs part of a command using external input from users, but the software does not sufficiently validate the user input. Successful exploit could allow the attacker to inject certain commands. | |||||
CVE-2020-1481 | 1 Microsoft | 1 Visual Studio Code Eslint Extension | 2024-11-21 | 9.3 HIGH | 8.8 HIGH |
A remote code execution vulnerability exists in the ESLint extension for Visual Studio Code when it validates source code after opening a project, aka 'Visual Studio Code ESLint Extention Remote Code Execution Vulnerability'. | |||||
CVE-2020-1443 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | |||||
CVE-2020-1327 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A spoofing vulnerability exists in Microsoft Azure DevOps Server when it fails to properly handle web requests, aka 'Azure DevOps Server HTML Injection Vulnerability'. |