Total
1709 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23050 | 1 Taotesting | 1 Tao Assessment Platform | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code. | |||||
| CVE-2020-21523 | 1 Halo | 1 Halo | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A Server-Side Freemarker template injection vulnerability in halo CMS v1.1.3 In the Edit Theme File function. The ftl file can be edited. This is the Freemarker template file. This file can cause arbitrary code execution when it is rendered in the background. exp: <#assign test="freemarker.template.utility.Execute"?new()> ${test("touch /tmp/freemarkerPwned")} | |||||
| CVE-2020-1961 | 1 Apache | 1 Syncope | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Vulnerability to Server-Side Template Injection on Mail templates for Apache Syncope 2.0.X releases prior to 2.0.15, 2.1.X releases prior to 2.1.6, enabling attackers to inject arbitrary JEXL expressions, leading to Remote Code Execution (RCE) was discovered. | |||||
| CVE-2020-1958 | 1 Apache | 1 Druid | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| When LDAP authentication is enabled in Apache Druid 0.17.0, callers of Druid APIs with a valid set of LDAP credentials can bypass the credentialsValidator.userSearch filter barrier that determines if a valid LDAP user is allowed to authenticate with Druid. They are still subject to role-based authorization checks, if configured. Callers of Druid APIs can also retrieve any LDAP attribute values of users that exist on the LDAP server, so long as that information is visible to the Druid server. This information disclosure does not require the caller itself to be a valid LDAP user. | |||||
| CVE-2020-18875 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. | |||||
| CVE-2020-16875 | 1 Microsoft | 1 Exchange Server | 2024-11-21 | 9.0 HIGH | 8.4 HIGH |
| <p>A remote code execution vulnerability exists in Microsoft Exchange server due to improper validation of cmdlet arguments.</p> <p>An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the System user. Exploitation of the vulnerability requires an authenticated user in a certain Exchange role to be compromised.</p> <p>The security update addresses the vulnerability by correcting how Microsoft Exchange handles cmdlet arguments.</p> | |||||
| CVE-2020-16268 | 1 1e | 1 Client | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. | |||||
| CVE-2020-16254 | 1 Chartkick Project | 1 Chartkick | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Chartkick gem through 3.3.2 for Ruby allows Cascading Style Sheets (CSS) Injection (without attribute). | |||||
| CVE-2020-16087 | 2 Microsoft, Vng | 2 Windows, Zalo Desktop | 2024-11-21 | 9.3 HIGH | 8.6 HIGH |
| An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file. | |||||
| CVE-2020-15953 | 4 Debian, Fedoraproject, Libetpan Project and 1 more | 4 Debian Linux, Fedora, Libetpan and 1 more | 2024-11-21 | 5.8 MEDIUM | 7.4 HIGH |
| LibEtPan through 1.9.4, as used in MailCore 2 through 0.6.3 and other products, has a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g., from a meddler-in-the-middle attacker) and evaluates it in a TLS context, aka "response injection." | |||||
| CVE-2020-15693 | 1 Nim-lang | 1 Nim | 2024-11-21 | 6.4 MEDIUM | 6.5 MEDIUM |
| In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values. | |||||
| CVE-2020-15690 | 1 Nim-lang | 1 Nim | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character. | |||||
| CVE-2020-15252 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 9.0 HIGH | 8.5 HIGH |
| In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6. | |||||
| CVE-2020-15186 | 1 Helm | 1 Helm | 2024-11-21 | 4.0 MEDIUM | 3.4 LOW |
| In Helm before versions 2.16.11 and 3.3.2 plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to `helm --help`. This issue has been patched in Helm 3.3.2. A possible workaround is to not install untrusted Helm plugins. Examine the `name` field in the `plugin.yaml` file for a plugin, looking for characters outside of the [a-zA-Z0-9._-] range. | |||||
| CVE-2020-15184 | 1 Helm | 1 Helm | 2024-11-21 | 4.0 MEDIUM | 3.7 LOW |
| In Helm before versions 2.16.11 and 3.3.2 there is a bug in which the `alias` field on a `Chart.yaml` is not properly sanitized. This could lead to the injection of unwanted information into a chart. This issue has been patched in Helm 3.3.2 and 2.16.11. A possible workaround is to manually review the `dependencies` field of any untrusted chart, verifying that the `alias` field is either not used, or (if used) does not contain newlines or path characters. | |||||
| CVE-2020-15171 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 6.0 MEDIUM | 6.6 MEDIUM |
| In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users. | |||||
| CVE-2020-15164 | 1 Scratch-wiki | 1 Scratch Login | 2024-11-21 | 6.4 MEDIUM | 10.0 CRITICAL |
| in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code. | |||||
| CVE-2020-15147 | 1 Cogboard | 1 Red Discord Bot | 2024-11-21 | 6.0 MEDIUM | 8.5 HIGH |
| Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to inject code into the Streams module's going live message. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. As a workaround, unloading the Trivia module with `unload streams` can render this exploit not accessible. It is highly recommended updating to 3.3.12 or 3.4 to completely patch this issue. | |||||
| CVE-2020-15140 | 1 Cogboard | 1 Red Discord Bot | 2024-11-21 | 5.5 MEDIUM | 8.2 HIGH |
| In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive actions and/or access sensitive information. This critical exploit has been fixed on version 3.3.11. | |||||
| CVE-2020-15111 | 1 Gofiber | 1 Fiber | 2024-11-21 | 5.8 MEDIUM | 4.2 MEDIUM |
| In Fiber before version 1.12.6, the filename that is given in c.Attachment() (https://docs.gofiber.io/ctx#attachment) is not escaped, and therefore vulnerable for a CRLF injection attack. I.e. an attacker could upload a custom filename and then give the link to the victim. With this filename, the attacker can change the name of the downloaded file, redirect to another site, change the authorization header, etc. A possible workaround is to serialize the input before passing it to ctx.Attachment(). | |||||