Export limit exceeded: 335699 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7714 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12760 | 1 Opennms | 2 Opennms Horizon, Opennms Meridian | 2024-11-21 | 8.8 High |
| An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions. | ||||
| CVE-2020-12743 | 1 Gazie Project | 1 Gazie | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Gazie 7.32. A successful installation does not remove or block (or in any other way prevent use of) its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hidden_req POST parameter. | ||||
| CVE-2020-12525 | 4 Emerson, Pepperl-fuchs, Wago and 1 more | 19 Rosemount Transmitter Interface Software, Io-link Master 4-eip, Io-link Master 4-pnio and 16 more | 2024-11-21 | 7.3 High |
| M&M Software fdtCONTAINER Component in versions below 3.5.20304.x and between 3.6 and 3.6.20304.x is vulnerable to deserialization of untrusted data in its project storage. | ||||
| CVE-2020-12471 | 1 Mono | 1 Monox | 2024-11-21 | 9.8 Critical |
| MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. | ||||
| CVE-2020-12470 | 1 Mono | 1 Monox | 2024-11-21 | 7.2 High |
| MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. | ||||
| CVE-2020-12469 | 1 Intelliants | 1 Subrion | 2024-11-21 | 6.5 Medium |
| admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. | ||||
| CVE-2020-12393 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 7.8 High |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | ||||
| CVE-2020-12392 | 3 Canonical, Mozilla, Redhat | 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 5.5 Medium |
| The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP POST data of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in the disclosure of local files. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | ||||
| CVE-2020-12390 | 1 Mozilla | 1 Firefox | 2024-11-21 | 9.8 Critical |
| Incorrect origin serialization of URLs with IPv6 addresses could lead to incorrect security checks. This vulnerability affects Firefox < 76. | ||||
| CVE-2020-12333 | 1 Intel | 1 Quickassist Technology | 2024-11-21 | 7.8 High |
| Insufficiently protected credentials in the Intel(R) QAT for Linux before version 1.7.l.4.10.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-12316 | 1 Intel | 1 Endpoint Management Assistant | 2024-11-21 | 5.5 Medium |
| Insufficiently protected credentials in the Intel(R) EMA before version 1.3.3 may allow an authorized user to potentially enable information disclosure via local access. | ||||
| CVE-2020-12309 | 1 Intel | 30 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 27 more | 2024-11-21 | 4.6 Medium |
| Insufficiently protected credentialsin subsystem in some Intel(R) Client SSDs and some Intel(R) Data Center SSDs may allow an unauthenticated user to potentially enable information disclosure via physical access. | ||||
| CVE-2020-12273 | 1 Testlink | 1 Testlink | 2024-11-21 | 7.5 High |
| In TestLink 1.9.20, a crafted login.php viewer parameter exposes cleartext credentials. | ||||
| CVE-2020-12265 | 1 Decompress Project | 1 Decompress | 2024-11-21 | 9.8 Critical |
| The decompress package before 4.2.1 for Node.js is vulnerable to Arbitrary File Write via ../ in an archive member, when a symlink is used, because of Directory Traversal. | ||||
| CVE-2020-12254 | 1 Avira | 1 Antivirus | 2024-11-21 | 7.8 High |
| Avira Antivirus before 5.0.2003.1821 on Windows allows privilege escalation or a denial of service via abuse of a symlink. | ||||
| CVE-2020-12133 | 1 Farukawa | 1 Electric Consciousmap | 2024-11-21 | 9.8 Critical |
| The Apros Evolution, ConsciusMap, and Furukawa provisioning systems through 2.8.1 allow remote code execution because of javax.faces.ViewState Java deserialization. | ||||
| CVE-2020-12061 | 1 Nitrokey | 2 Fido U2f, Fido U2f Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the microcontroller and the secure element transmits credentials in plain. This allows an adversary to eavesdrop the communication and derive the secrets stored in the microcontroller. As a result, the attacker is able to arbitrarily manipulate the firmware of the microcontroller. | ||||
| CVE-2020-12015 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2024-11-21 | 7.5 High |
| A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition due to improper deserialization. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. | ||||
| CVE-2020-12009 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2024-11-21 | 7.5 High |
| A specially crafted communication packet sent to the affected device could cause a denial-of-service condition due to a deserialization vulnerability. This affects: Mitsubishi Electric MC Works64 Version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 Version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server v10.96 and prior; ICONICS GenBroker32 v9.5 and prior. | ||||
| CVE-2020-12007 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2024-11-21 | 9.8 Critical |
| A specially crafted communication packet sent to the affected devices could allow remote code execution and a denial-of-service condition due to a deserialization vulnerability. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; Mitsubishi Electric MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; ICONICS GenBroker32 version 9.5 and prior. | ||||