Export limit exceeded: 363527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363527 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5820 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 7.8 High |
| Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to a privilege escalation vulnerability, which is a type of issue whereby an attacker may attempt to compromise the software application to gain elevated access to resources that are normally protected from an application or user. | ||||
| CVE-2020-5812 | 1 Tenable | 1 Nessus Amazon Machine Image | 2024-11-21 | 5.9 Medium |
| Nessus AMI versions 8.12.0 and earlier were found to either not validate, or incorrectly validate, a certificate which could allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. | ||||
| CVE-2020-5811 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 6.5 Medium |
| An authenticated path traversal vulnerability exists during package installation in Umbraco CMS <= 8.9.1 or current, which could result in arbitrary files being written outside of the site home and expected paths when installing an Umbraco package. | ||||
| CVE-2020-5810 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user authorized to upload media can upload a malicious .svg file which act as a stored XSS payload. | ||||
| CVE-2020-5809 | 1 Umbraco | 1 Umbraco Cms | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability exists in Umbraco CMS <= 8.9.1 or current. An authenticated user can inject arbitrary JavaScript code into iframes when editing content using the TinyMCE rich-text editor, as TinyMCE is configured to allow iframes by default in Umbraco CMS. | ||||
| CVE-2020-5808 | 1 Tenable | 1 Tenable.sc | 2024-11-21 | 7.5 High |
| In certain scenarios in Tenable.sc prior to 5.17.0, a scanner could potentially be used outside the user's defined scan zone without a particular zone being specified within the Automatic Distribution configuration. | ||||
| CVE-2020-5807 | 1 Rockwellautomation | 1 Factorytalk Diagnostics | 2024-11-21 | 7.5 High |
| An unauthenticated remote attacker can send data to RsvcHost.exe listening on TCP port 5241 to add entries in the FactoryTalk Diagnostics event log. The attacker can specify long fields in the log entry, which can cause an unhandled exception in wcscpy_s() if a local user opens FactoryTalk Diagnostics Viewer (FTDiagViewer.exe) to view the log entry. Observed in FactoryTalk Diagnostics 6.11. All versions of FactoryTalk Diagnostics are affected. | ||||
| CVE-2020-5806 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | 5.5 Medium |
| An attacker-controlled memory allocation size can be passed to the C++ new operator in the CServerManager::HandleBrowseLoadIconStreamRequest in messaging.dll. This can be done by sending a specially crafted message to 127.0.0.1:7153. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | ||||
| CVE-2020-5805 | 1 Marvell | 1 Qconvergeconslole Gui | 2024-11-21 | 8.8 High |
| In Marvell QConvergeConsole GUI <= 5.5.0.74, credentials are stored in cleartext in tomcat-users.xml. OS-level users on the QCC host who are not authorized to use QCC may use the plaintext credentials to login to QCC. | ||||
| CVE-2020-5804 | 1 Marvell | 1 Qconvergeconslole Gui | 2024-11-21 | 8.1 High |
| Marvell QConvergeConsole GUI <= 5.5.0.74 is affected by a path traversal vulnerability. The deleteEventLogFile method of the GWTTestServiceImpl class lacks proper validation of a user-supplied path prior to using it in file deletion operations. An authenticated, remote attacker can leverage this vulnerability to delete arbitrary remote files as SYSTEM or root. | ||||
| CVE-2020-5803 | 1 Marvell | 1 Qconvergeconsole | 2024-11-21 | 8.1 High |
| Relative Path Traversal in Marvell QConvergeConsole GUI 5.5.0.74 allows a remote, authenticated attacker to delete arbitrary files on disk as SYSTEM or root. | ||||
| CVE-2020-5802 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | 7.5 High |
| An attacker-controlled memory allocation size can be passed to the C++ new operator in RnaDaSvr.dll by sending a specially crafted ConfigureItems message to TCP port 4241. This will cause an unhandled exception, resulting in termination of RSLinxNG.exe. Observed in FactoryTalk 6.11. All versions of FactoryTalk Linx are affected. | ||||
| CVE-2020-5801 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | 7.5 High |
| An attacker can craft and send an OpenNamespace message to port 4241 with valid session-id that triggers an unhandled exception in CFTLDManager::HandleRequest function in RnaDaSvr.dll, resulting in process termination. Observed in FactoryTalk Linx 6.11. All versions of FactoryTalk Linx are affected. | ||||
| CVE-2020-5800 | 1 Eat Spray Love Project | 1 Eat Spray Love | 2024-11-21 | 9.8 Critical |
| The Eat Spray Love mobile app for both iOS and Android contains logic that allows users to bypass authentication and retrieve or modify information that they would not normally have access to. | ||||
| CVE-2020-5799 | 1 Eat Spray Love Project | 1 Eat Spray Love | 2024-11-21 | 9.8 Critical |
| The Eat Spray Love mobile app for both iOS and Android contains a backdoor account that, when modified, allowed privileged access to restricted functionality and to other users' data. | ||||
| CVE-2020-5798 | 1 Druva | 1 Insync | 2024-11-21 | 7.8 High |
| inSync Client installer for macOS versions v6.8.0 and prior could allow an attacker to gain privileges of a root user from a lower privileged user due to improper integrity checks and directory permissions. | ||||
| CVE-2020-5797 | 1 Tp-link | 2 Archer C9, Archer C9 Firmware | 2024-11-21 | 6.1 Medium |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer C9(US)_V1_180125 firmware allows an unauthenticated actor, with physical access and network access, to read sensitive files and write to a limited set of files after plugging a crafted USB drive into the router. | ||||
| CVE-2020-5796 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.8 High |
| Improper preservation of permissions in Nagios XI 5.7.4 allows a local, low-privileged, authenticated user to weaken the permissions of files, resulting in low-privileged users being able to write to and execute arbitrary PHP code with root privileges. | ||||
| CVE-2020-5795 | 1 Tp-link | 2 Archer A7, Archer A7 Firmware | 2024-11-21 | 6.2 Medium |
| UNIX Symbolic Link (Symlink) Following in TP-Link Archer A7(US)_V5_200721 allows an authenticated admin user, with physical access and network access, to execute arbitrary code after plugging a crafted USB drive into the router. | ||||
| CVE-2020-5794 | 2 Microsoft, Tenable | 2 Windows, Nessus Network Monitor | 2024-11-21 | 7.8 High |
| A vulnerability in Nessus Network Monitor versions 5.11.0, 5.11.1, and 5.12.0 for Windows could allow an authenticated local attacker to execute arbitrary code by copying user-supplied files to a specially constructed path in a specifically named user directory. The attacker needs valid credentials on the Windows system to exploit this vulnerability. | ||||