Search

Search Results (364156 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-8124 2 Redhat, Url-parse Project 2 Service Mesh, Url-parse 2024-11-21 5.3 Medium
Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4 and earlier may allow attacker to bypass security checks.
CVE-2020-8123 1 Strapi 1 Strapi 2024-11-21 4.9 Medium
A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin console using admin rights can lead to arbitrary restart of the application.
CVE-2020-8122 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.3 Medium
A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expiration date of a share they received.
CVE-2020-8121 1 Nextcloud 1 Nextcloud Server 2024-11-21 8.1 High
A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the sharer.
CVE-2020-8120 1 Nextcloud 1 Nextcloud Server 2024-11-21 6.1 Medium
A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg generation.
CVE-2020-8119 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.3 Medium
Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-drop share link is opened via the gallery app.
CVE-2020-8118 3 Nextcloud, Novell, Opensuse 3 Nextcloud Server, Suse Linux Enterprise Server, Backports Sle 2024-11-21 5.0 Medium
An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and remote services when adding a new subscription in the calendar application.
CVE-2020-8117 1 Nextcloud 1 Nextcloud Server 2024-11-21 4.3 Medium
Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leaked when sharing a non-public event.
CVE-2020-8116 2 Dot-prop Project, Redhat 4 Dot-prop, Enterprise Linux, Rhel Eus and 1 more 2024-11-21 7.3 High
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
CVE-2020-8115 1 Revive-adserver 1 Revive Adserver 2024-11-21 6.1 Medium
A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script of Revive Adserver <= 5.0.3 by Jacopo Tediosi. There are currently no known exploits: the session identifier cannot be accessed as it is stored in an http-only cookie as of v3.2.2. On older versions, however, under specific circumstances, it could be possible to steal the session identifier and gain access to the admin interface. The query string sent to the www/delivery/afr.php script was printed back without proper escaping in a JavaScript context, allowing an attacker to execute arbitrary JS code on the browser of the victim.
CVE-2020-8114 1 Gitlab 1 Gitlab 2024-11-21 9.8 Critical
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVE-2020-8113 1 Gitlab 1 Gitlab 2024-11-21 9.8 Critical
GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.
CVE-2020-8112 3 Debian, Redhat, Uclouvain 4 Debian Linux, Enterprise Linux, Rhel E4s and 1 more 2024-11-21 8.8 High
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
CVE-2020-8110 1 Bitdefender 1 Engines 2024-11-21 5.9 Medium
A vulnerability has been discovered in the ceva_emu.cvd module that results from a lack of proper validation of user-supplied data, which can result in a pointer that is fetched from uninitialized memory. This can lead to denial-of-service. This issue affects: Bitdefender Engines version 7.84897 and prior versions.
CVE-2020-8109 1 Bitdefender 1 Engines 2024-11-21 5.9 Medium
A vulnerability has been discovered in the ace.xmd parser that results from a lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. This can result in denial-of-service. This issue affects: Bitdefender Engines version 7.84892 and prior versions.
CVE-2020-8108 1 Bitdefender 1 Endpoint Security 2024-11-21 8.2 High
Improper Authentication vulnerability in Bitdefender Endpoint Security for Mac allows an unprivileged process to restart the main service and potentially inject third-party code into a trusted process. This issue affects: Bitdefender Endpoint Security for Mac versions prior to 4.12.80.
CVE-2020-8107 1 Bitdefender 3 Antivirus Plus, Internet Security, Total Security 2024-11-21 8.2 High
A Process Control vulnerability in ProductAgentUI.exe as used in Bitdefender Antivirus Plus allows an attacker to tamper with product settings via a specially crafted DLL file. This issue affects: Bitdefender Antivirus Plus versions prior to 24.0.26.136. Bitdefender Internet Security versions prior to 24.0.26.136. Bitdefender Total Security versions prior to 24.0.26.136.
CVE-2020-8105 1 Goabode 2 Iota All-in-one Security Kit, Iota All-in-one Security Kit Firmware 2024-11-21 9.6 Critical
OS Command Injection vulnerability in the wirelessConnect handler of Abode iota All-In-One Security Kit allows an attacker to inject commands and gain root access. This issue affects: Abode iota All-In-One Security Kit versions prior to 1.0.2.23_6.9V_dev_t2_homekit_RF_2.0.19_s2_kvsABODE oz.
CVE-2020-8103 1 Bitdefender 1 Antivirus 2020 2024-11-21 7.2 High
A vulnerability in the improper handling of symbolic links in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects Bitdefender Antivirus Free versions prior to 1.0.17.178.
CVE-2020-8102 1 Bitdefender 1 Total Security 2020 2024-11-21 8.8 High
Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116.