Export limit exceeded: 79452 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79452 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27613 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 8.4 High |
| The installation procedure in BigBlueButton before 2.2.28 (or earlier) uses ClueCon as the FreeSWITCH password, which allows local users to achieve unintended FreeSWITCH access. | ||||
| CVE-2020-27611 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.3 High |
| BigBlueButton through 2.2.28 uses STUN/TURN resources from a third party, which may represent an unintended endpoint. | ||||
| CVE-2020-27610 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 High |
| The installation procedure in BigBlueButton before 2.2.28 (or earlier) exposes certain network services to external interfaces, and does not automatically set up a firewall configuration to block external access. | ||||
| CVE-2020-27603 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 High |
| BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files. | ||||
| CVE-2020-27589 | 1 Synopsys | 1 Hub-rest-api-python | 2024-11-21 | 7.5 High |
| Synopsys hub-rest-api-python (aka blackduck on PyPI) version 0.0.25 - 0.0.52 does not validate SSL certificates in certain cases. | ||||
| CVE-2020-27575 | 1 Maxum | 1 Rumpus | 2024-11-21 | 8.8 High |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by a command injection vulnerability. The web administration contains functionality in which administrators are able to manage users. The edit users form contains a parameter vulnerable to command injection due to insufficient validation. | ||||
| CVE-2020-27574 | 1 Maxum | 1 Rumpus | 2024-11-21 | 8.8 High |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site request forgery (CSRF). If an authenticated user visits a malicious page, unintended actions could be performed in the web application as the authenticated user. | ||||
| CVE-2020-27569 | 1 Aviatrix | 1 Openvpn | 2024-11-21 | 7.5 High |
| Arbitrary File Write exists in Aviatrix VPN Client 2.8.2 and earlier. The VPN service writes logs to a location that is world writable and can be leveraged to gain write access to any file on the system. | ||||
| CVE-2020-27568 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| Insecure File Permissions exist in Aviatrix Controller 5.3.1516. Several world writable files and directories were found in the controller resource. Note: All Aviatrix appliances are fully encrypted. This is an extra layer of security. | ||||
| CVE-2020-27554 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 7.5 High |
| Cleartext Transmission of Sensitive Information vulnerability in BASETech GE-131 BT-1837836 firmware 20180921 exists which could leak sensitive information transmitted between the mobile app and the camera device. | ||||
| CVE-2020-27553 | 1 Basetech | 2 Ge-131 Bt-1837836, Ge-131 Bt-1837836 Firmware | 2024-11-21 | 7.5 High |
| In BASETech GE-131 BT-1837836 firmware 20180921, the web-server on the system is configured with the option “DocumentRoot /etc“. This allows an attacker with network access to the web-server to download any files from the “/etc” folder without authentication. No path traversal sequences are needed to exploit this vulnerability. | ||||
| CVE-2020-27543 | 1 Restify-paginate Project | 1 Restify-paginate | 2024-11-21 | 7.5 High |
| The restify-paginate package 0.0.5 for Node.js allows remote attackers to cause a Denial-of-Service by omitting the HTTP Host header. A Restify-based web service would crash with an uncaught exception. | ||||
| CVE-2020-27541 | 1 Company | 2 Cs-c2shw, Cs-c2shw Firmware | 2024-11-21 | 7.5 High |
| Denial of Service vulnerability in Rostelecom CS-C2SHW 5.0.082.1. AgentGreen service has a bug in parsing broadcast discovery UDP packet. Sending a packet of too small size will lead to an attempt of allocating buffer of negative size. As the result service AgentGreen will be terminated and started again later. | ||||
| CVE-2020-27524 | 1 Audi | 2 A7, Mmi Multiplayer | 2024-11-21 | 7.1 High |
| On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. | ||||
| CVE-2020-27523 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2024-11-21 | 7.5 High |
| Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service. | ||||
| CVE-2020-27519 | 1 Pritunl | 1 Pritunl-client-electron | 2024-11-21 | 7.8 High |
| Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM. | ||||
| CVE-2020-27518 | 1 Windscribe | 1 Windscribe | 2024-11-21 | 7.8 High |
| All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM. | ||||
| CVE-2020-27511 | 1 Prototypejs | 1 Prototype | 2024-11-21 | 7.5 High |
| An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags. | ||||
| CVE-2020-27508 | 1 Frappe | 1 Frappe | 2024-11-21 | 7.5 High |
| In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security. | ||||
| CVE-2020-27467 | 1 Processwire | 1 Processwire | 2024-11-21 | 7.5 High |
| A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. | ||||