Export limit exceeded: 363555 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363555 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25737 | 2 Hackolade, Microsoft | 2 Hackolade, Windows | 2024-11-21 | 7.8 High |
| An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application. | ||||
| CVE-2020-25736 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | ||||
| CVE-2020-25735 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 6.1 Medium |
| webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administration/add_announcement.php, administration/departments.php, administration/locations.php, expenses/claim_type.php, projects/editproject.php, and general/newnotifications.php. | ||||
| CVE-2020-25734 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 5.3 Medium |
| webTareas through 2.1 allows files/Default/ Directory Listing. | ||||
| CVE-2020-25733 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 7.5 High |
| webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | ||||
| CVE-2020-25729 | 1 Zoneminder | 1 Zoneminder | 2024-11-21 | 6.1 Medium |
| ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php. | ||||
| CVE-2020-25728 | 1 Alfresco | 1 Reset Password | 2024-11-21 | 8.8 High |
| The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) that allows a malicious user to change any user's account password include the admin account. | ||||
| CVE-2020-25727 | 1 Flexsolution | 1 Reset Password | 2024-11-21 | 7.5 High |
| The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a malicious user to inject a query within the email input field. | ||||
| CVE-2020-25725 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2024-11-21 | 5 Medium |
| In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. | ||||
| CVE-2020-25724 | 2 Quarkus, Redhat | 3 Quarkus, Openshift Application Runtimes, Resteasy | 2024-11-21 | 4.3 Medium |
| A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw allows an attacker to gain access to privileged information. The highest threat from this vulnerability is to confidentiality and integrity. Versions before resteasy 2.0.0.Alpha3 are affected. | ||||
| CVE-2020-25723 | 3 Debian, Qemu, Redhat | 5 Debian Linux, Qemu, Advanced Virtualization and 2 more | 2024-11-21 | 3.2 Low |
| A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while processing USB requests due to missing handling of DMA memory map failure. A malicious privileged user within the guest may abuse this flaw to send bogus USB requests and crash the QEMU process on the host, resulting in a denial of service. | ||||
| CVE-2020-25722 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 8.8 High |
| Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise. | ||||
| CVE-2020-25721 | 1 Samba | 1 Samba | 2024-11-21 | 8.8 High |
| Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets. | ||||
| CVE-2020-25719 | 5 Canonical, Debian, Fedoraproject and 2 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-11-21 | 7.2 High |
| A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise. | ||||
| CVE-2020-25718 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2024-11-21 | 8.8 High |
| A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets. | ||||
| CVE-2020-25717 | 5 Canonical, Debian, Fedoraproject and 2 more | 28 Ubuntu Linux, Debian Linux, Fedora and 25 more | 2024-11-21 | 8.1 High |
| A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation. | ||||
| CVE-2020-25716 | 1 Redhat | 2 Cloudforms, Cloudforms Managementengine | 2024-11-21 | 8.1 High |
| A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attacker with a specific group can perform actions restricted only to system administrator. This is the affect of an incomplete fix for CVE-2020-10783. The highest threat from this vulnerability is to data confidentiality and integrity. Versions before cfme 5.11.10.1 are affected | ||||
| CVE-2020-25715 | 2 Dogtagpki, Redhat | 3 Dogtagpki, Enterprise Linux, Rhel Eus | 2024-11-21 | 6.1 Medium |
| A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-based cross-site scripting (XSS) attack to inject code into the search query form which can get automatically executed. The highest threat from this vulnerability is to data integrity. | ||||
| CVE-2020-25713 | 4 Debian, Fedoraproject, Librdf and 1 more | 4 Debian Linux, Fedora, Raptor Rdf Syntax Library and 1 more | 2024-11-21 | 6.5 Medium |
| A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_writer_start_element_common. | ||||
| CVE-2020-25712 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2024-11-21 | 7.8 High |
| A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||