Total
317206 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13173 | 1 Teradici | 2 Pcoip Graphics Agent, Pcoip Standard Agent | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Initialization of the pcoip_credential_provider in Teradici PCoIP Standard Agent for Windows and PCoIP Graphics Agent for Windows versions 19.11.1 and earlier creates an insecure named pipe, which allows an attacker to intercept sensitive information or possibly elevate privileges via pre-installing an application which acquires that named pipe. | |||||
| CVE-2020-13170 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul and Consul Enterprise did not appropriately enforce scope for local tokens issued by a primary data center, where replication to a secondary data center was not enabled. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. | |||||
| CVE-2020-13169 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| Stored XSS (Cross-Site Scripting) exists in the SolarWinds Orion Platform before before 2020.2.1 on multiple forms and pages. This vulnerability may lead to the Information Disclosure and Escalation of Privileges (takeover of administrator account). | |||||
| CVE-2020-13168 | 1 Sysaid | 2 Sysaid On-premises, Sysaidsy On-premises | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SysAid 20.1.11b26 allows reflected XSS via the ForgotPassword.jsp accountid parameter. | |||||
| CVE-2020-13167 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. | |||||
| CVE-2020-13166 | 1 Mylittletools | 1 Mylittleadmin | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The management tool in MyLittleAdmin 3.8 allows remote attackers to execute arbitrary code because machineKey is hardcoded (the same for all customers' installations) in web.config, and can be used to send serialized ASP code. | |||||
| CVE-2020-13164 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 3.2.0 to 3.2.3, 3.0.0 to 3.0.10, and 2.6.0 to 2.6.16, the NFS dissector could crash. This was addressed in epan/dissectors/packet-nfs.c by preventing excessive recursion, such as for a cycle in the directory graph on a filesystem. | |||||
| CVE-2020-13163 | 1 Em-imap Project | 1 Em-imap | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| em-imap 0.5 uses the library eventmachine in an insecure way that allows an attacker to perform a man-in-the-middle attack against users of the library. The hostname in a TLS server certificate is not verified. | |||||
| CVE-2020-13160 | 3 Anydesk, Freebsd, Linux | 3 Anydesk, Freebsd, Linux Kernel | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| AnyDesk before 5.5.3 on Linux and FreeBSD has a format string vulnerability that can be exploited for remote code execution. | |||||
| CVE-2020-13159 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818. | |||||
| CVE-2020-13158 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Artica Proxy before 4.30.000000 Community Edition allows Directory Traversal via the fw.progrss.details.php popup parameter. | |||||
| CVE-2020-13157 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| modules\users\admin\edit.php in NukeViet 4.4 allows CSRF to change a user's password via an admin/index.php?nv=users&op=edit&userid= URI. The old password is not needed. | |||||
| CVE-2020-13156 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| modules\users\admin\add_user.php in NukeViet 4.4 allows CSRF to add a user account via the admin/index.php?nv=users&op=user_add URI. | |||||
| CVE-2020-13155 | 1 Nukeviet | 1 Nukeviet | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| clearsystem.php in NukeViet 4.4 allows CSRF with resultant HTML injection via the deltype parameter to the admin/index.php?nv=webtools&op=clearsystem URI. | |||||
| CVE-2020-13154 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Zoho ManageEngine Service Plus before 11.1 build 11112 allows low-privilege authenticated users to discover the File Protection password via a getFileProtectionSettings call to AjaxServlet. | |||||
| CVE-2020-13153 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| app/View/Events/resolved_attributes.ctp in MISP before 2.4.126 has XSS in the resolved attributes view. | |||||
| CVE-2020-13152 | 1 Kde | 1 Amarok | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A remote user can create a specially crafted M3U file, media playlist file that when loaded by the target user, will trigger a memory leak, whereby Amarok 2.8.0 continue to waste resources over time, eventually allows attackers to cause a denial of service. | |||||
| CVE-2020-13151 | 1 Aerospike | 1 Aerospike Server | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service. | |||||
| CVE-2020-13150 | 1 Dlink | 2 Dsl-2750u, Dsl-2750u Firmware | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| D-link DSL-2750U ISL2750UEME3.V1E devices allow approximately 90 seconds of access to the control panel, after a restart, before MAC address filtering rules become active. | |||||
| CVE-2020-13149 | 1 Msi | 1 Dragon Center | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Weak permissions on the "%PROGRAMDATA%\MSI\Dragon Center" folder in Dragon Center before 2.6.2003.2401, shipped with Micro-Star MSI Gaming laptops, allows local authenticated users to overwrite system files and gain escalated privileges. One attack method is to change the Recommended App binary within App.json. Another attack method is to use this part of %PROGRAMDATA% for mounting an RPC Control directory. | |||||