Export limit exceeded: 364251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364251 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8297 | 1 Nextcloud | 1 Deck | 2024-11-21 | 4.3 Medium |
| Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | ||||
| CVE-2020-8296 | 2 Fedoraproject, Nextcloud | 2 Fedora, Nextcloud Server | 2024-11-21 | 6.7 Medium |
| Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage is not configured. | ||||
| CVE-2020-8295 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 7.5 High |
| A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when resetting the password for a user. | ||||
| CVE-2020-8294 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 5.4 Medium |
| A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a stored XSS attack using Internet Explorer when saving a 'javascript:' URL in markdown format. | ||||
| CVE-2020-8293 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 6.5 Medium |
| A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store unlimited data in workflow rules causing load and potential DDoS on later interactions and usage with those rules. | ||||
| CVE-2020-8292 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 5.4 Medium |
| Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via the drag & drop functionality in message boxes. | ||||
| CVE-2020-8291 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 6.1 Medium |
| A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks. | ||||
| CVE-2020-8290 | 1 Backblaze | 1 Backblaze | 2024-11-21 | 7.8 High |
| Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary. | ||||
| CVE-2020-8289 | 1 Backblaze | 1 Backblaze | 2024-11-21 | 7.8 High |
| Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality. | ||||
| CVE-2020-8288 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 5.4 Medium |
| The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter. | ||||
| CVE-2020-8286 | 9 Apple, Debian, Fedoraproject and 6 more | 22 Mac Os X, Macos, Debian Linux and 19 more | 2024-11-21 | 7.5 High |
| curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | ||||
| CVE-2020-8283 | 1 Citrix | 3 Virtual Apps And Desktops, Xenapp, Xendesktop | 2024-11-21 | 8.8 High |
| An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9. | ||||
| CVE-2020-8282 | 1 Ui | 4 Edgemax Edgepower 24v, Edgemax Edgepower 24v Firmware, Edgemax Edgepower 54v and 1 more | 2024-11-21 | 8.8 High |
| A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution. | ||||
| CVE-2020-8281 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 5.4 Medium |
| A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks. | ||||
| CVE-2020-8280 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 5.4 Medium |
| A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks. | ||||
| CVE-2020-8279 | 1 Nextcloud | 1 Social | 2024-11-21 | 7.4 High |
| Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack. | ||||
| CVE-2020-8278 | 1 Nextcloud | 1 Social | 2024-11-21 | 5.3 Medium |
| Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user. | ||||
| CVE-2020-8276 | 1 Brave | 1 Brave | 2024-11-21 | 5.5 Medium |
| The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window. | ||||
| CVE-2020-8275 | 1 Citrix | 1 Secure Mail | 2024-11-21 | 4.3 Medium |
| Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. | ||||
| CVE-2020-8274 | 1 Citrix | 1 Secure Mail | 2024-11-21 | 6.5 Medium |
| Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device. | ||||