Export limit exceeded: 364527 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364527 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27604 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 6.5 Medium |
| BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting. | ||||
| CVE-2020-27603 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 High |
| BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. | ||||
| CVE-2020-27602 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 9.8 Critical |
| BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken. | ||||
| CVE-2020-27601 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 3.5 Low |
| In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js. | ||||
| CVE-2020-27600 | 1 Dlink | 2 Dir-846, Dir-846 Firmware | 2024-11-21 | 9.8 Critical |
| HNAP1/control/SetMasterWLanSettings.php in D-Link D-Link Router DIR-846 DIR-846 A1_100.26 allows remote attackers to execute arbitrary commands via shell metacharacters in the ssid0 or ssid1 parameter. | ||||
| CVE-2020-27589 | 1 Synopsys | 1 Hub-rest-api-python | 2024-11-21 | 7.5 High |
| Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. | ||||
| CVE-2020-27587 | 1 Quickheal | 1 Total Security | 2024-11-21 | 6.7 Medium |
| Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access to files in the File Vault via a brute-force attack on the password. | ||||
| CVE-2020-27586 | 1 Quickheal | 1 Total Security | 2024-11-21 | 5.9 Medium |
| Quick Heal Total Security before version 19.0 transmits quarantine and sysinfo files via clear text. | ||||
| CVE-2020-27585 | 1 Quickheal | 1 Total Security | 2024-11-21 | 4.4 Medium |
| Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify sensitive anti virus settings via a brute-attack on the settings password. | ||||
| CVE-2020-27583 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 9.8 Critical |
| IBM InfoSphere Information Server 8.5.0.0 is affected by deserialization of untrusted data which could allow remote unauthenticated attackers to execute arbitrary code. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-27576 | 1 Maxum | 1 Rumpus | 2024-11-21 | 5.4 Medium |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability. | ||||
| CVE-2020-27575 | 1 Maxum | 1 Rumpus | 2024-11-21 | 8.8 High |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation. | ||||
| CVE-2020-27574 | 1 Maxum | 1 Rumpus | 2024-11-21 | 8.8 High |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user. | ||||
| CVE-2020-27569 | 1 Aviatrix | 1 Openvpn | 2024-11-21 | 7.5 High |
| Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system. | ||||
| CVE-2020-27568 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security. | ||||
| CVE-2020-27560 | 3 Debian, Imagemagick, Opensuse | 3 Debian Linux, Imagemagick, Leap | 2024-11-21 | 3.3 Low |
| ImageMagick 7.0.10-34 allows Division by Zero in OptimizeLayerFrames in MagickCore/layer.c, which may cause a denial of service. | ||||
| CVE-2020-27558 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 6.5 Medium |
| Use of an undocumented user in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to view the video stream. | ||||
| CVE-2020-27557 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 5.5 Medium |
| Unprotected Storage of Credentials vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 allows local users to gain access to the video streaming username and password via SQLite files containing plain text credentials. | ||||
| CVE-2020-27556 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 5.3 Medium |
| A predictable device ID in BASETech GE-131 BT-1837836 firmware 20180921 allows unauthenticated remote attackers to connect to the device. | ||||
| CVE-2020-27555 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 9.8 Critical |
| Use of default credentials for the telnet server in BASETech GE-131 BT-1837836 firmware 20180921 allows remote attackers to execute arbitrary system commands as the root user. | ||||