Export limit exceeded: 364234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364234 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8209 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 7.5 High |
| Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.10 before RP6 and Citrix XenMobile Server before 10.9 RP5 and leads to the ability to read arbitrary files. | ||||
| CVE-2020-8208 | 1 Citrix | 1 Xenmobile Server | 2024-11-21 | 6.1 Medium |
| Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile Server 10.11 before RP6 and Citrix XenMobile Server before 10.9 RP5 allows Cross-Site Scripting (XSS). | ||||
| CVE-2020-8207 | 1 Citrix | 1 Workspace | 2024-11-21 | 8.8 High |
| Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. | ||||
| CVE-2020-8206 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 8.1 High |
| An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attacker with a users primary credentials to bypass the Google TOTP. | ||||
| CVE-2020-8205 | 1 Transloadit | 1 Uppy | 2024-11-21 | 7.5 High |
| The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems. | ||||
| CVE-2020-8204 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. | ||||
| CVE-2020-8203 | 3 Lodash, Oracle, Redhat | 24 Lodash, Banking Corporate Lending Process Management, Banking Credit Facilities Process Management and 21 more | 2024-11-21 | 7.4 High |
| Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20. | ||||
| CVE-2020-8202 | 1 Nextcloud | 1 Preferred Providers | 2024-11-21 | 5.3 Medium |
| Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of service attack when using a very long password. | ||||
| CVE-2020-8200 | 1 Citrix | 1 Storefront Server | 2024-11-21 | 6.5 Medium |
| Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. | ||||
| CVE-2020-8199 | 1 Citrix | 1 Gateway Plug-in For Linux | 2024-11-21 | 7.8 High |
| Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in local privilege escalation to root. | ||||
| CVE-2020-8198 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2024-11-21 | 6.1 Medium |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 resulting in Stored Cross-Site Scripting (XSS). | ||||
| CVE-2020-8197 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2024-11-21 | 8.8 High |
| Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows a low privileged user with management access to execute arbitrary commands. | ||||
| CVE-2020-8194 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2024-11-21 | 6.5 Medium |
| Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows the modification of a file download. | ||||
| CVE-2020-8192 | 1 Fastify | 1 Fastify | 2024-11-21 | 6.5 Medium |
| A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious user to trigger resource exhaustion (when the allErrors option is used) with specially crafted schemas. | ||||
| CVE-2020-8191 | 1 Citrix | 11 4000-wo, 4100-wo, 5000-wo and 8 more | 2024-11-21 | 6.1 Medium |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 and Citrix SDWAN WAN-OP versions before 11.1.1a, 11.0.3d and 10.2.7 allows reflected Cross Site Scripting (XSS). | ||||
| CVE-2020-8190 | 1 Citrix | 6 Application Delivery Controller, Application Delivery Controller Firmware, Gateway and 3 more | 2024-11-21 | 7.5 High |
| Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, 12.0-63.21, 11.1-64.14 and 10.5-70.18 allows privilege escalation. | ||||
| CVE-2020-8189 | 1 Nextcloud | 1 Desktop | 2024-11-21 | 5.4 Medium |
| A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (including local links) when responding with invalid data on the login attempt. | ||||
| CVE-2020-8188 | 1 Ui | 4 Unifi Cloud Key Plus, Unifi Dream Machine Pro, Unifi Protect and 1 more | 2024-11-21 | 8.8 High |
| We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud Key Gen2 Plus and UniFi Dream Machine Pro/UNVR respectively that fixes vulnerabilities found on Protect firmware v1.13.2, v1.14.9 and prior according to the description below:View only users can run certain custom commands which allows them to assign themselves unauthorized roles and escalate their privileges. | ||||
| CVE-2020-8187 | 1 Citrix | 4 Application Delivery Controller, Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2024-11-21 | 7.5 High |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. | ||||
| CVE-2020-8186 | 1 Devcert Project | 1 Devcert | 2024-11-21 | 9.8 Critical |
| A command injection vulnerability in the `devcert` module may lead to remote code execution when users of the module pass untrusted input to the `certificateFor` function. | ||||