Total
23708 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-15492 | 1 Inneo | 1 Startup Tools | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in INNEO Startup TOOLS 2017 M021 12.0.66.3784 through 2018 M040 13.0.70.3804. The sut_srv.exe web application (served on TCP port 85) includes user input into a filesystem access without any further validation. This might allow an unauthenticated attacker to read files on the server via Directory Traversal, or possibly have unspecified other impact. | |||||
| CVE-2020-4193 | 1 Ibm | 1 Security Guardium | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| IBM Security Guardium 11.1 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 174857. | |||||
| CVE-2020-12043 | 1 Baxter | 3 Sigma Spectrum Infusion System, Sigma Spectrum Infusion System Firmware, Wireless Battery Module | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The Baxter Spectrum WBM (v17, v20D29, v20D30, v20D31, and v22D24) when configured for wireless networking the FTP service operating on the WBM remains operational until the WBM is rebooted. | |||||
| CVE-2020-15489 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple shell metacharacter injection vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. | |||||
| CVE-2020-9732 | 1 Adobe | 2 Experience Manager, Experience Manager Forms | 2023-12-10 | 6.0 MEDIUM | 9.0 CRITICAL |
| The AEM Forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Sites component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field. | |||||
| CVE-2020-7508 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to gain full access by brute force. | |||||
| CVE-2020-6009 | 1 Learndash | 1 Learndash | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| LearnDash Wordpress plugin version below 3.1.6 is vulnerable to Unauthenticated SQL Injection. | |||||
| CVE-2018-21132 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by authentication bypass. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2020-12874 | 1 Veritas | 1 Aptare | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Veritas APTARE versions prior to 10.4 included code that bypassed the normal login process when specific authentication credentials were provided to the server. | |||||
| CVE-2020-6140 | 1 Os4ed | 1 Opensis | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| SQL injection vulnerability exists in the password reset functionality of OS4Ed openSIS 7.3. The password_stf_email parameter in the password reset page /opensis/ResetUserInfo.php is vulnerable to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. | |||||
| CVE-2020-10634 | 1 Sae-it | 2 Net-line Fw-50, Net-line Fw-50 Firmware | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| SAE IT-systems FW-50 Remote Telemetry Unit (RTU). A specially crafted request could allow an attacker to view the file structure of the affected device and access files that should be inaccessible. | |||||
| CVE-2020-6871 | 1 Zte | 6 R5300g4, R5300g4 Firmware, R5500g4 and 3 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| The server management software module of ZTE has an authentication issue vulnerability, which allows users to skip the authentication of the server and execute some commands for high-level users. This affects: <R5300G4V03.08.0100/V03.07.0300/V03.07.0200/V03.07.0108/V03.07.0100/V03.05.0047/V03.05.0046/V03.05.0045/V03.05.0044/V03.05.0043/V03.05.0040/V03.04.0020;R8500G4V03.07.0103/V03.07.0101/V03.06.0100/V03.05.0400/V03.05.0020;R5500G4V03.08.0100/V03.07.0200/V03.07.0100/V03.06.0100> | |||||
| CVE-2020-10062 | 1 Zephyrproject | 1 Zephyr | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | |||||
| CVE-2020-17463 | 1 Thedaylightstudio | 1 Fuel Cms | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | |||||
| CVE-2020-9583 | 1 Magento | 1 Magento | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Magento versions 2.3.4 and earlier, 2.2.11 and earlier (see note), 1.14.4.4 and earlier, and 1.9.4.4 and earlier have a command injection vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-3787 | 3 Adobe, Apple, Microsoft | 4 Photoshop 2020, Photoshop Cc, Macos and 1 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Photoshop CC 2019 versions 20.0.8 and earlier, and Photoshop 2020 versions 21.1 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-14131 | 1 Qualcomm | 42 Apq8053, Apq8053 Firmware, Apq8096au and 39 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2018-21131 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2023-12-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| Certain NETGEAR devices are affected by unauthenticated firmware downgrade. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2020-10377 | 1 Mitel | 2 Mivoice Connect, Mivoice Connect Client | 2023-12-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| A weak encryption vulnerability in Mitel MiVoice Connect Client before 214.100.1214.0 could allow an unauthenticated attacker to gain access to user credentials. A successful exploit could allow an attacker to access the system with compromised user credentials. | |||||
| CVE-2020-24916 | 3 Canonical, Debian, Yaws | 3 Ubuntu Linux, Debian Linux, Yaws | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. | |||||