Search

Search Results (363508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-5821 1 Symantec 1 Endpoint Protection 2024-11-21 7.8 High
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a DLL injection vulnerability, which is a type of issue whereby an individual attempts to execute their own code in place of legitimate code as a means to perform an exploit.
CVE-2020-5820 1 Symantec 1 Endpoint Protection 2024-11-21 7.8 High
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user.
CVE-2020-5812 1 Tenable 1 Nessus Amazon Machine Image 2024-11-21 5.9 Medium
Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack.
CVE-2020-5811 1 Umbraco 1 Umbraco Cms 2024-11-21 6.5 Medium
An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package.
CVE-2020-5810 1 Umbraco 1 Umbraco Cms 2024-11-21 5.4 Medium
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload.
CVE-2020-5809 1 Umbraco 1 Umbraco Cms 2024-11-21 5.4 Medium
A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS.
CVE-2020-5808 1 Tenable 1 Tenable.sc 2024-11-21 7.5 High
In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration.
CVE-2020-5807 1 Rockwellautomation 1 Factorytalk Diagnostics 2024-11-21 7.5 High
An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected.
CVE-2020-5806 1 Rockwellautomation 1 Factorytalk Linx 2024-11-21 5.5 Medium
An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.
CVE-2020-5805 1 Marvell 1 Qconvergeconslole Gui 2024-11-21 8.8 High
In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC.
CVE-2020-5804 1 Marvell 1 Qconvergeconslole Gui 2024-11-21 8.1 High
Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root.
CVE-2020-5803 1 Marvell 1 Qconvergeconsole 2024-11-21 8.1 High
Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root.
CVE-2020-5802 1 Rockwellautomation 1 Factorytalk Linx 2024-11-21 7.5 High
An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected.
CVE-2020-5801 1 Rockwellautomation 1 Factorytalk Linx 2024-11-21 7.5 High
An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected.
CVE-2020-5800 1 Eat Spray Love Project 1 Eat Spray Love 2024-11-21 9.8 Critical
The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to.
CVE-2020-5799 1 Eat Spray Love Project 1 Eat Spray Love 2024-11-21 9.8 Critical
The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data.
CVE-2020-5798 1 Druva 1 Insync 2024-11-21 7.8 High
inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions.
CVE-2020-5797 1 Tp-link 2 Archer C9, Archer C9 Firmware 2024-11-21 6.1 Medium
UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router.
CVE-2020-5796 1 Nagios 1 Nagios Xi 2024-11-21 7.8 High
Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges.
CVE-2020-5795 1 Tp-link 2 Archer A7, Archer A7 Firmware 2024-11-21 6.2 Medium
UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router.