Total
9398 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1306 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2020-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists when Azure DevOps Server (ADO) and Team Foundation Server (TFS) fail to validate input properly, aka 'Azure DevOps and Team Foundation Server Remote Code Execution Vulnerability'. | |||||
| CVE-2020-15543 | 1 Solarwinds | 1 Serv-u Ftp Server | 2020-07-15 | 7.5 HIGH | 9.8 CRITICAL |
| SolarWinds Serv-U FTP server before 15.2.1 does not validate an argument path. | |||||
| CVE-2016-1182 | 1 Apache | 1 Struts | 2020-07-15 | 6.4 MEDIUM | 8.2 HIGH |
| ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not properly restrict the Validator configuration, which allows remote attackers to conduct cross-site scripting (XSS) attacks or cause a denial of service via crafted input, a related issue to CVE-2015-0899. | |||||
| CVE-2015-8607 | 3 Canonical, Debian, Perl | 3 Ubuntu Linux, Debian Linux, Pathtools | 2020-07-15 | 7.5 HIGH | 7.3 HIGH |
| The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. | |||||
| CVE-2020-7820 | 2 Microsoft, Nexaweb | 3 Windows, Nexacro 14, Nexacro 17 | 2020-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by setting the arguments to the vulnerable API. This can be leveraged for code execution by rebooting the victim’s PC | |||||
| CVE-2020-7821 | 2 Microsoft, Nexaweb | 3 Windows, Nexacro 14, Nexacro 17 | 2020-07-14 | 7.5 HIGH | 9.8 CRITICAL |
| Nexacro14/17 ExtCommonApiV13 Library under 2019.9.6 version contain a vulnerability that could allow remote attacker to execute arbitrary code by modifying the value of registry path. This can be leveraged for code execution by rebooting the victim’s PC | |||||
| CVE-2018-20127 | 1 Zzzcms | 1 Zzzphp | 2020-07-14 | 6.4 MEDIUM | 7.5 HIGH |
| An issue was discovered in zzzphp cms 1.5.8. del_file in /admin/save.php allows remote attackers to delete arbitrary files via a mixed-case extension and an extra '.' character, because (for example) "php" is blocked but path=F:/1.phP. succeeds. | |||||
| CVE-2020-8187 | 1 Citrix | 4 Application Delivery Controller, Application Delivery Controller Firmware, Netscaler Gateway and 1 more | 2020-07-13 | 5.0 MEDIUM | 7.5 HIGH |
| Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 allows unauthenticated users to perform a denial of service attack. | |||||
| CVE-2020-5970 | 1 Nvidia | 1 Virtual Gpu Manager | 2020-07-10 | 3.6 LOW | 7.1 HIGH |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). | |||||
| CVE-2020-14957 | 1 Arswp | 1 Windows Cleanup Assistant | 2020-07-07 | 6.1 MEDIUM | 7.8 HIGH |
| In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCD. | |||||
| CVE-2020-14956 | 1 Arswp | 1 Windows Cleanup Assistant | 2020-07-07 | 6.1 MEDIUM | 7.8 HIGH |
| In Windows cleaning assistant 3.2, the driver file (AtpKrnl.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x223CCA. | |||||
| CVE-2020-12033 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2020-07-06 | 5.8 MEDIUM | 8.8 HIGH |
| In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges. | |||||
| CVE-2020-14939 | 1 Freedroid | 1 Freedroidrpg | 2020-07-01 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in savestruct_internal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading. | |||||
| CVE-2018-21264 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in Mattermost Server before 4.7.0, 4.6.2, and 4.5.2. It did not enforce the expiration date of a SAML response. | |||||
| CVE-2018-21259 | 1 Mattermost | 1 Mattermost Server | 2020-06-30 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.10.1, 4.9.4, and 4.8.2. It allows attackers to cause a denial of service (application hang) via a malformed link in a channel. | |||||
| CVE-2017-18873 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to cause a denial of service (channel invisibility) via a misformatted post. | |||||
| CVE-2019-20848 | 1 Mattermost | 1 Mattermost Mobile | 2020-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Mattermost Mobile Apps before 1.26.0. The Quick Reply feature mishandles crafted replies. | |||||
| CVE-2017-18890 | 1 Mattermost | 1 Mattermost Server | 2020-06-29 | 4.3 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows an attacker to create a button that, when pressed by a user, launches an API request. | |||||
| CVE-2017-18889 | 1 Mattermost | 1 Mattermost Server | 2020-06-26 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. An attacker could create fictive system-message posts via webhooks and slash commands, in the v3 or v4 REST API. | |||||
| CVE-2020-8102 | 1 Bitdefender | 1 Total Security 2020 | 2020-06-26 | 6.8 MEDIUM | 8.8 HIGH |
| Improper Input Validation vulnerability in the Safepay browser component of Bitdefender Total Security 2020 allows an external, specially crafted web page to run remote commands inside the Safepay Utility process. This issue affects Bitdefender Total Security 2020 versions prior to 24.0.20.116. | |||||