Export limit exceeded: 76288 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76288 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15381 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 High |
| Brocade SANnav before version 2.1.1 contains an Improper Authentication vulnerability that allows cleartext transmission of authentication credentials of the jmx server. | ||||
| CVE-2020-15380 | 1 Broadcom | 1 Sannav | 2024-11-21 | 7.5 High |
| Brocade SANnav before version 2.1.1 logs account credentials at the ‘trace’ logging level. | ||||
| CVE-2020-15379 | 1 Broadcom | 1 Brocade Sannav | 2024-11-21 | 7.5 High |
| Brocade SANnav before v.2.1.0a could allow remote attackers cause a denial-of-service condition due to a lack of proper validation, of the length of user-supplied data as name for custom field name. | ||||
| CVE-2020-15369 | 1 Broadcom | 1 Fabric Operating System | 2024-11-21 | 8.8 High |
| Supportlink CLI in Brocade Fabric OS Versions v8.2.1 through v8.2.1d, and 8.2.2 versions before v8.2.2c does not obfuscate the password field, which could expose users’ credentials of the remote server. An authenticated user could obtain the exposed password credentials to gain access to the remote host. | ||||
| CVE-2020-15360 | 1 Docker | 1 Docker Desktop | 2024-11-21 | 7.8 High |
| com.docker.vmnetd in Docker Desktop 2.3.0.3 allows privilege escalation because of a lack of client verification. | ||||
| CVE-2020-15352 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 7.2 High |
| An XML external entity (XXE) vulnerability in Pulse Connect Secure (PCS) before 9.1R9 and Pulse Policy Secure (PPS) before 9.1R9 allows remote authenticated admins to conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request. | ||||
| CVE-2020-15351 | 2 Idrive, Microsoft | 2 Idrive, Windows | 2024-11-21 | 7.8 High |
| IDrive before 6.7.3.19 on Windows installs by default to %PROGRAMFILES(X86)%\IDriveWindows with weak folder permissions granting any user modify permission (i.e., NT AUTHORITY\Authenticated Users:(OI)(CI)(M)) to the contents of the directory and its sub-folders. In addition, the program installs a service called IDriveService that runs as LocalSystem. Thus, any standard user can escalate privileges to NT AUTHORITY\SYSTEM by substituting the service's binary with a malicious one. | ||||
| CVE-2020-15349 | 1 Binarynights | 1 Forklift | 2024-11-21 | 7.8 High |
| BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions. | ||||
| CVE-2020-15341 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 7.5 High |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API. | ||||
| CVE-2020-15340 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 7.5 High |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key. | ||||
| CVE-2020-15336 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 7.5 High |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. | ||||
| CVE-2020-15335 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 7.5 High |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. | ||||
| CVE-2020-15327 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 7.5 High |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 uses ZODB storage without authentication. | ||||
| CVE-2020-15309 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.0 High |
| An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). | ||||
| CVE-2020-15308 | 1 Turnkeylinux | 1 Support Incident Tracker | 2024-11-21 | 7.2 High |
| Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield parameter. | ||||
| CVE-2020-15302 | 1 Argent | 1 Recoverymanager | 2024-11-21 | 7.5 High |
| In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover. | ||||
| CVE-2020-15301 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.8 High |
| SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation. | ||||
| CVE-2020-15297 | 1 Bitdefender | 1 Update Server | 2024-11-21 | 7.1 High |
| Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. | ||||
| CVE-2020-15294 | 1 Bitdefender | 1 Hypervisor Introspection | 2024-11-21 | 7.8 High |
| Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2. | ||||
| CVE-2020-15278 | 1 Cogboard | 1 Red Discord Bot | 2024-11-21 | 7.7 High |
| Red Discord Bot before version 3.4.1 has an unauthorized privilege escalation exploit in the Mod module. This exploit allows Discord users with a high privilege level within the guild to bypass hierarchy checks when the application is in a specific condition that is beyond that user's control. By abusing this exploit, it is possible to perform destructive actions within the guild the user has high privileges in. This exploit has been fixed in version 3.4.1. As a workaround, unloading the Mod module with unload mod or, disabling the massban command with command disable global massban can render this exploit not accessible. We still highly recommend updating to 3.4.1 to completely patch this issue. | ||||