Export limit exceeded: 364234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364234 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-8209 1 Citrix 1 Xenmobile Server 2024-11-21 7.5 High
Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files.
CVE-2020-8208 1 Citrix 1 Xenmobile Server 2024-11-21 6.1 Medium
Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS).
CVE-2020-8207 1 Citrix 1 Workspace 2024-11-21 8.8 High
Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running.
CVE-2020-8206 2 Ivanti, Pulsesecure 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more 2024-11-21 8.1 High
An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP.
CVE-2020-8205 1 Transloadit 1 Uppy 2024-11-21 7.5 High
The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems.
CVE-2020-8204 2 Ivanti, Pulsesecure 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more 2024-11-21 6.1 Medium
A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.
CVE-2020-8203 3 Lodash, Oracle, Redhat 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more 2024-11-21 7.4 High
Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.
CVE-2020-8202 1 Nextcloud 1 Preferred Providers 2024-11-21 5.3 Medium
Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password.
CVE-2020-8200 1 Citrix 1 Storefront Server 2024-11-21 6.5 Medium
Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server.
CVE-2020-8199 1 Citrix 1 Gateway Plug-in For Linux 2024-11-21 7.8 High
Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root.
CVE-2020-8198 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2024-11-21 6.1 Medium
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS).
CVE-2020-8197 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2024-11-21 8.8 High
Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands.
CVE-2020-8194 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2024-11-21 6.5 Medium
Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download.
CVE-2020-8192 1 Fastify 1 Fastify 2024-11-21 6.5 Medium
A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas.
CVE-2020-8191 1 Citrix 11 4000-wo, 4100-wo, 5000-wo and 8 more 2024-11-21 6.1 Medium
Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS).
CVE-2020-8190 1 Citrix 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more 2024-11-21 7.5 High
Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation.
CVE-2020-8189 1 Nextcloud 1 Desktop 2024-11-21 5.4 Medium
A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt.
CVE-2020-8188 1 Ui 4 Unifi Cloud Key Plus, Unifi Dream Machine Pro, Unifi Protect and 1 more 2024-11-21 8.8 High
We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges.
CVE-2020-8187 1 Citrix 4 Application Delivery Controller, Application Delivery Controller Firmware, Netscaler Gateway and 1 more 2024-11-21 7.5 High
Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack.
CVE-2020-8186 1 Devcert Project 1 Devcert 2024-11-21 9.8 Critical
A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function.