Export limit exceeded: 10104 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10104 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27663 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 4.3 Medium |
| In GLPI before 9.5.3, ajax/getDropdownValue.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any itemType (e.g., Ticket, Users, etc.). | ||||
| CVE-2020-27662 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 4.3 Medium |
| In GLPI before 9.5.3, ajax/comments.php has an Insecure Direct Object Reference (IDOR) vulnerability that allows an attacker to read data from any database table (e.g., glpi_tickets, glpi_users, etc.). | ||||
| CVE-2020-27651 | 1 Synology | 1 Router Manager | 2024-11-21 | 5.8 Medium |
| Synology Router Manager (SRM) before 1.2.4-8081 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | ||||
| CVE-2020-27638 | 3 Debian, Fastd Project, Fedoraproject | 3 Debian Linux, Fastd, Fedora | 2024-11-21 | 7.5 High |
| receive.c in fastd before v21 allows denial of service (assertion failure) when receiving packets with an invalid type code. | ||||
| CVE-2020-27617 | 3 Debian, Qemu, Redhat | 4 Debian Linux, Qemu, Advanced Virtualization and 1 more | 2024-11-21 | 6.5 Medium |
| eth_get_gso_type in net/eth.c in QEMU 4.2.1 allows guest OS users to trigger an assertion failure. A guest can crash the QEMU process via packet data that lacks a valid Layer 3 protocol. | ||||
| CVE-2020-27616 | 1 Qemu | 1 Qemu | 2024-11-21 | 6.5 Medium |
| ati_2d_blt in hw/display/ati_2d.c in QEMU 4.2.1 can encounter an outside-limits situation in a calculation. A guest can crash the QEMU process. | ||||
| CVE-2020-27601 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 3.5 Low |
| In BigBlueButton before 2.2.7, lockSettingsProps.disablePrivateChat does not apply to already opened chats. This occurs in bigbluebutton-html5/imports/ui/components/chat/service.js. | ||||
| CVE-2020-27422 | 1 Anuko | 1 Time Tracker | 2024-11-21 | 9.8 Critical |
| In Anuko Time Tracker v1.19.23.5311, the password reset link emailed to the user doesn't expire once used, allowing an attacker to use the same link to takeover the account. | ||||
| CVE-2020-27416 | 1 Mahadiscom | 1 Mahavitaran | 2024-11-21 | 9.8 Critical |
| Mahavitaran android application 7.50 and prior are affected by account takeover due to improper OTP validation, allows remote attackers to control a users account. | ||||
| CVE-2020-27408 | 1 Os4ed | 1 Opensis | 2024-11-21 | 7.5 High |
| OpenSIS Community Edition through 7.6 is affected by incorrect access controls for the file ResetUserInfo.php that allow an unauthenticated attacker to change the password of arbitrary users. | ||||
| CVE-2020-27361 | 1 Akkadianlabs | 1 Akkadian Provisioning Manager | 2024-11-21 | 7.5 High |
| An issue exists within Akkadian Provisioning Manager 4.50.02 which allows attackers to view sensitive information within the /pme subdirectories. | ||||
| CVE-2020-27268 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2024-11-21 | 6.5 Medium |
| In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass checks for default PINs via Bluetooth Low Energy. | ||||
| CVE-2020-27266 | 1 Sooil | 6 Anydana-a, Anydana-a Firmware, Anydana-i and 3 more | 2024-11-21 | 6.5 Medium |
| In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a client-side control vulnerability in the insulin pump and its AnyDana-i and AnyDana-A mobile applications allows physically proximate attackers to bypass user authentication checks via Bluetooth Low Energy. | ||||
| CVE-2020-27194 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 5.5 Medium |
| An issue was discovered in the Linux kernel before 5.8.15. scalar32_min_max_or in kernel/bpf/verifier.c mishandles bounds tracking during use of 64-bit values, aka CID-5b9fbeb75b6a. | ||||
| CVE-2020-27179 | 1 Konzept-ix | 1 Publixone | 2024-11-21 | 9.8 Critical |
| konzept-ix publiXone before 2020.015 allows attackers to take over arbitrary user accounts by crafting password-reset tokens. | ||||
| CVE-2020-27148 | 1 Tibco | 1 Ebx Add-ons | 2024-11-21 | 7.1 High |
| The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below. | ||||
| CVE-2020-27066 | 1 Google | 1 Android | 2024-11-21 | 6.7 Medium |
| In xfrm6_tunnel_free_spi of net/ipv6/xfrm6_tunnel.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168043318 | ||||
| CVE-2020-27035 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In priorLinearAllocation of C2AllocatorIon.cpp, there is a possible use-after-free due to improper locking. This could lead to local information disclosure in the media codec with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152239213 | ||||
| CVE-2020-27017 | 2 Microsoft, Trendmicro | 2 Windows, Interscan Messaging Security Virtual Appliance | 2024-11-21 | 4.9 Medium |
| Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 is vulnerable to an XML External Entity Processing (XXE) vulnerability which could allow an authenticated administrator to read arbitrary local files. An attacker must already have obtained product administrator/root privileges to exploit this vulnerability. | ||||
| CVE-2020-26981 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). When opening a specially crafted xml file, the application could disclose arbitrary files to remote attackers. This is because of the passing of specially crafted content to the underlying XML parser without taking proper restrictions such as prohibiting an external dtd. (ZDI-CAN-11890) | ||||