Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363851 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27655 | 1 Synology | 1 Router Manager | 2024-11-21 | 6.5 Medium |
| Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic. | ||||
| CVE-2020-27654 | 1 Synology | 1 Router Manager | 2024-11-21 | 9.8 Critical |
| Improper access control vulnerability in lbd in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to execute arbitrary commands via port (1) 7786/tcp or (2) 7787/tcp. | ||||
| CVE-2020-27651 | 1 Synology | 1 Router Manager | 2024-11-21 | 5.8 Medium |
| Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | ||||
| CVE-2020-27649 | 1 Synology | 1 Router Manager | 2024-11-21 | 8.3 High |
| Improper certificate validation vulnerability in OpenVPN client in Synology Router Manager (SRM) before 1.2.4-8081 allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. | ||||
| CVE-2020-27646 | 1 Biscom | 1 Secure File Transfer | 2024-11-21 | 6.5 Medium |
| Biscom Secure File Transfer (SFT) before 5.1.1082 and 6.x before 6.0.1011 allows user credential theft. | ||||
| CVE-2020-27645 | 1 1e | 1 Client | 2024-11-21 | 8.8 High |
| The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges. | ||||
| CVE-2020-27644 | 1 1e | 1 Client | 2024-11-21 | 8.8 High |
| The Inventory module of the 1E Client 5.0.0.745 doesn't handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges by placing a malicious cryptbase.dll file in %WINDIR%\Temp\. | ||||
| CVE-2020-27643 | 1 1e | 1 Client | 2024-11-21 | 6.5 Medium |
| The %PROGRAMDATA%\1E\Client directory in 1E Client 5.0.0.745 and 4.1.0.267 allows remote authenticated users and local users to create and modify files in protected directories (where they would not normally have access to create or modify files) via the creation of a junction point to a system directory. This leads to partial privilege escalation. | ||||
| CVE-2020-27642 | 1 Bigbluebutton | 1 Greenlight | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability exists in the 'merge account' functionality in admins.js in BigBlueButton Greenlight 2.7.6. | ||||
| CVE-2020-27640 | 1 Mitel | 4 Mivoice 6930, Mivoice 6930 Firmware, Mivoice 6940 and 1 more | 2024-11-21 | 8.1 High |
| The Bluetooth handset of Mitel MiVoice 6940 and 6930 MiNet phones with firmware before 1.5.3 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. | ||||
| CVE-2020-27639 | 1 Mitel | 6 6873i Sip, 6873i Sip Firmware, 6930 Sip and 3 more | 2024-11-21 | 8.1 High |
| The Bluetooth handset of Mitel MiVoice 6873i, 6930, and 6940 SIP phones with firmware before 5.1.0.SP6 could allow an unauthenticated attacker within Bluetooth range to pair a rogue Bluetooth device when a phone handset loses connection, due to an improper pairing mechanism. A successful exploit could allow an attacker to eavesdrop on conversations. | ||||
| CVE-2020-27638 | 3 Debian, Fastd Project, Fedoraproject | 3 Debian Linux, Fastd, Fedora | 2024-11-21 | 7.5 High |
| receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | ||||
| CVE-2020-27637 | 1 R-project | 1 Cran | 2024-11-21 | 9.8 Critical |
| The R programming language’s default package manager CRAN is affected by a path traversal vulnerability that can lead to server compromise. This vulnerability affects packages installed via the R CMD install cli command or the install.packages() function from the interpreter. Update to version 4.0.3 | ||||
| CVE-2020-27636 | 1 Microchip | 1 Mplab Network Creator | 2024-11-21 | 9.1 Critical |
| In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | ||||
| CVE-2020-27635 | 1 Capgemini | 1 Picotcp | 2024-11-21 | 9.1 Critical |
| In PicoTCP 1.7.0, TCP ISNs are improperly random. | ||||
| CVE-2020-27634 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | 9.1 Critical |
| In Contiki 4.5, TCP ISNs are improperly random. | ||||
| CVE-2020-27633 | 1 Butok | 1 Fnet | 2024-11-21 | 9.1 Critical |
| In FNET 4.6.3, TCP ISNs are improperly random. | ||||
| CVE-2020-27632 | 1 Siemens | 4 Simatic Mv420, Simatic Mv420 Firmware, Simatic Mv440 and 1 more | 2024-11-21 | 7.5 High |
| In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. | ||||
| CVE-2020-27631 | 1 Oryx-embedded | 1 Cyclonetcp | 2024-11-21 | 9.8 Critical |
| In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. | ||||
| CVE-2020-27630 | 1 Silabs | 1 Uc\/tcp-ip | 2024-11-21 | 9.8 Critical |
| In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | ||||