Total
316156 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10519 | 1 Github | 1 Github | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program. | |||||
| CVE-2020-10518 | 1 Github | 1 Github | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program. | |||||
| CVE-2020-10517 | 1 Github | 1 Github | 2024-11-21 | 4.0 MEDIUM | 4.3 MEDIUM |
| An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository content besides the name. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in versions 2.21.6, 2.20.15, and 2.19.21. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2020-10516 | 1 Github | 1 Github | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An improper access control vulnerability was identified in the GitHub Enterprise Server API that allowed an organization member to escalate permissions and gain access to unauthorized repositories within an organization. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.21 and was fixed in 2.20.9, 2.19.15, and 2.18.20. This vulnerability was reported via the GitHub Bug Bounty program. | |||||
| CVE-2020-10515 | 2 Microsoft, Starface | 2 Windows, Unified Communication \& Collaboration Client | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| STARFACE UCC Client before 6.7.1.204 on WIndows allows binary planting to execute code with System rights, aka usd-2020-0006. | |||||
| CVE-2020-10514 | 1 Icatchinc | 1 Dvr Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command. | |||||
| CVE-2020-10513 | 1 Icatchinc | 1 Dvr Interface | 2024-11-21 | 4.0 MEDIUM | 8.8 HIGH |
| The file management interface of iCatch DVR firmware before 20200103 contains broken access control which allows the attacker to remotely manipulate arbitrary file. | |||||
| CVE-2020-10512 | 1 Hgiga | 1 Oaklouds Ccm\@il | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| HGiga C&Cmail CCMAILQ before olln-calendar-6.0-100.i386.rpm and CCMAILN before olln-calendar-5.0-100.i386.rpm contains a SQL Injection vulnerability which allows attackers to injecting SQL commands in the URL parameter to execute unauthorized commands. | |||||
| CVE-2020-10511 | 1 Hgiga | 1 Oaklouds Ccm\@il | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| HGiga C&Cmail CCMAILQ before olln-base-6.0-418.i386.rpm and CCMAILN before olln-base-5.0-418.i386.rpm contains insecure configurations. Attackers can exploit these flaws to access unauthorized functionality via a crafted URL. | |||||
| CVE-2020-10510 | 1 Sun | 1 Ehrd | 2024-11-21 | 4.0 MEDIUM | 8.1 HIGH |
| Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data. | |||||
| CVE-2020-10509 | 1 Sun | 1 Ehrd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting (XSS), attackers can inject arbitrary command into the system and launch XSS attack. | |||||
| CVE-2020-10508 | 1 Sun | 1 Ehrd | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information. | |||||
| CVE-2020-10507 | 1 The School Manage System Project | 1 The School Manage System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Unrestricted file upload (RCE) , that would allow attackers to gain access in the hosting machine. | |||||
| CVE-2020-10506 | 1 The School Manage System Project | 1 The School Manage System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of Path Traversal, allowing attackers to access arbitrary files. | |||||
| CVE-2020-10505 | 1 The School Manage System Project | 1 The School Manage System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The School Manage System before 2020, developed by ALLE INFORMATION CO., LTD., contains a vulnerability of SQL Injection, an attacker can use a union based injection query string to get databases schema and username/password. | |||||
| CVE-2020-10504 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/edit-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a comment, given the id, via a crafted request. | |||||
| CVE-2020-10503 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to disapprove any comment, given the id, via a crafted request. | |||||
| CVE-2020-10502 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/manage-comments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to approve any comment, given the id, via a crafted request. | |||||
| CVE-2020-10501 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request. | |||||
| CVE-2020-10500 | 1 Chadhaajay | 1 Phpkb | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request. | |||||