Export limit exceeded: 364251 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364251 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-8273 1 Citrix 1 Sd-wan 2024-11-21 8.8 High
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
CVE-2020-8272 1 Citrix 1 Sd-wan 2024-11-21 7.5 High
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
CVE-2020-8271 1 Citrix 1 Sd-wan 2024-11-21 9.8 Critical
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
CVE-2020-8270 1 Citrix 1 Virtual Apps And Desktops 2024-11-21 8.8 High
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342
CVE-2020-8269 1 Citrix 3 Virtual Apps And Desktops, Xenapp, Xendesktop 2024-11-21 8.8 High
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
CVE-2020-8268 1 Json8-merge-patch Project 1 Json8-merge-patch 2024-11-21 7.5 High
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
CVE-2020-8267 1 Ui 1 Unifi Protect Firmware 2024-11-21 5.3 Medium
A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in the UniFi Protect controller API was using “x-token” improperly, allowing attackers to use the API to send authenticated messages without a valid token.This vulnerability was fixed in UniFi Protect v1.14.11 and newer.This issue does not impact UniFi Cloud Key Gen 2 plus.This issue does not impact UDM-Pro customers with UniFi Protect stopped.Affected Products:UDM-Pro firmware 1.7.2 and earlier.UNVR firmware 1.3.12 and earlier.Mitigation:Update UniFi Protect to v1.14.11 or newer version; the UniFi Protect controller can be updated through your UniFi OS settings.Alternatively, you can update UNVR and UDM-Pro to:- UNVR firmware to 1.3.15 or newer.- UDM-Pro firmware to 1.8.0 or newer.
CVE-2020-8264 1 Rubyonrails 1 Rails 2024-11-21 6.1 Medium
In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in development mode allowing an attacker to send or embed (in another page) a specially crafted URL which can allow the attacker to execute JavaScript in the context of the local application. This vulnerability is in the Actionable Exceptions middleware.
CVE-2020-8263 1 Pulsesecure 1 Pulse Secure Desktop Client 2024-11-21 5.4 Medium
A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) through the CGI file.
CVE-2020-8262 2 Ivanti, Pulsesecure 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more 2024-11-21 6.1 Medium
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers to conduct Cross-Site Scripting (XSS) and Open Redirection for authenticated user web interface.
CVE-2020-8261 2 Ivanti, Pulsesecure 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more 2024-11-21 4.3 Medium
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVE-2020-8259 1 Nextcloud 1 Nextcloud Server 2024-11-21 8.1 High
Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an attacker to replace the encryption keys.
CVE-2020-8258 1 Citrix 1 Gateway Plug-in 2024-11-21 7.5 High
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, allows an attacker to modify arbitrary files.
CVE-2020-8257 1 Citrix 1 Gateway Plug-in 2024-11-21 9.8 Critical
Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before and including 13.0-61.48 and 12.1-58.15, lead to privilege escalation attacks
CVE-2020-8256 2 Ivanti, Pulsesecure 2 Connect Secure, Pulse Connect Secure 2024-11-21 4.9 Medium
A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity (XXE) vulnerability.
CVE-2020-8255 1 Pulsesecure 1 Pulse Secure Desktop Client 2024-11-21 4.9 Medium
A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages.
CVE-2020-8254 1 Pulsesecure 1 Pulse Secure Desktop Client 2024-11-21 8.8 High
A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users can be convinced to connect to a malicious server. This vulnerability only affects Windows PDC.To improve the security of connections between Pulse clients and Pulse Connect Secure, see below recommendation(s):Disable Dynamic certificate trust for PDC.
CVE-2020-8253 1 Citrix 1 Xenmobile Server 2024-11-21 7.5 High
Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 leads to the ability to access sensitive files.
CVE-2020-8250 1 Pulsesecure 1 Pulse Secure Desktop Client 2024-11-21 7.8 High
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to escalate privilege.
CVE-2020-8249 1 Pulsesecure 1 Pulse Secure Desktop Client 2024-11-21 7.8 High
A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow.