Total
153 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7826 | 1 Eyesurfer | 1 Bflyinstallerx.ocx | 2024-11-21 | 8.8 High |
| EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it. | ||||
| CVE-2020-7817 | 2 Microsoft, Raonwiz | 2 Windows, K Upload | 2024-11-21 | 5.5 Medium |
| MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files. | ||||
| CVE-2020-7813 | 1 Kaoni | 1 Ezhttptrans | 2024-11-21 | 7.8 High |
| Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | ||||
| CVE-2020-7812 | 2 Kaoni, Microsoft | 2 Ezhttptrans, Windows | 2024-11-21 | 7.8 High |
| Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC. | ||||
| CVE-2020-7806 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-11-21 | 7.8 High |
| Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution. | ||||
| CVE-2020-7505 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-11-21 | 7.2 High |
| A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system. | ||||
| CVE-2020-5867 | 2 F5, Netapp | 2 Nginx Controller, Cloud Backup | 2024-11-21 | 8.1 High |
| In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages | ||||
| CVE-2020-5772 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 7.5 High |
| Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. | ||||
| CVE-2020-5398 | 4 Netapp, Oracle, Redhat and 1 more | 34 Data Availability Services, Snapcenter, Application Testing Suite and 31 more | 2024-11-21 | 7.5 High |
| In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input. | ||||
| CVE-2020-4125 | 1 Ibm | 1 Marketing Operations | 2024-11-21 | 8.1 High |
| Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information. | ||||
| CVE-2020-36327 | 4 Bundler, Fedoraproject, Microsoft and 1 more | 7 Bundler, Fedora, Package Manager Configurations and 4 more | 2024-11-21 | 8.8 High |
| Bundler 1.16.0 through 2.2.9 and 2.2.11 through 2.2.16 sometimes chooses a dependency source based on the highest gem version number, which means that a rogue gem found at a public source may be chosen, even if the intended choice was a private gem that is a dependency of another private gem that is explicitly depended on by the application. NOTE: it is not correct to use CVE-2021-24105 for every "Dependency Confusion" issue in every product. | ||||
| CVE-2020-2320 | 1 Jenkins | 1 Installation Manager Tool | 2024-11-21 | 9.8 Critical |
| Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. | ||||
| CVE-2020-29032 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-11-21 | 8.4 High |
| Upload of Code Without Integrity Check vulnerability in firmware archive of Secomea GateManager allows authenticated attacker to execute malicious code on server. This issue affects: Secomea GateManager all versions prior to 9.4.621054022 | ||||
| CVE-2020-28332 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2024-11-21 | 9.8 Critical |
| Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images. | ||||
| CVE-2020-28213 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-11-21 | 8.8 High |
| A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause unauthorized command execution when sending specially crafted requests over Modbus. | ||||
| CVE-2020-25266 | 1 Appimage | 1 Appimaged | 2024-11-21 | 5.5 Medium |
| AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it. | ||||
| CVE-2020-1595 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 9.9 Critical |
| <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p> <p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p> | ||||
| CVE-2020-1576 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.5 High |
| <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | ||||
| CVE-2020-1453 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.6 High |
| <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | ||||
| CVE-2020-1452 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-11-21 | 8.6 High |
| <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | ||||