| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-7000 | VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow an unauthenticated attacke... | M | |
| CVE-2020-7001 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the affected products use a weak cryptograp... | | |
| CVE-2020-7002 | Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer ov... | | |
| CVE-2020-7003 | In Moxa ioLogik 2500 series firmware, Version 3.0 or lower, and IOxpress configuration utility, Vers... | | |
| CVE-2020-7004 | VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow weak or insecure permissio... | M | |
| CVE-2020-7005 | In Honeywell WIN-PAK 4.7.2, Web and prior versions, the affected product is vulnerable to a cross-si... | | |
| CVE-2020-7006 | Systech Corporation NDS-5000 Terminal Server, NDS/5008 (8 Port, RJ45), firmware Version 02D.30. Succ... | S | |
| CVE-2020-7007 | In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or... | | |
| CVE-2020-7008 | VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow input passed in the URL th... | M | |
| CVE-2020-7009 | Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation... | M | |
| CVE-2020-7010 | Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random num... | | |
| CVE-2020-7011 | Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying d... | | |
| CVE-2020-7012 | Kibana versions 6.7.0 to 6.8.8 and 7.0.0 to 7.6.2 contain a prototype pollution flaw in the Upgrade ... | | |
| CVE-2020-7013 | Kibana versions before 6.8.9 and 7.7.0 contain a prototype pollution flaw in TSVB. An authenticated ... | | |
| CVE-2020-7014 | The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and... | | |
| CVE-2020-7015 | Kibana versions before 6.8.9 and 7.7.0 contains a stored XSS flaw in the TSVB visualization. An atta... | | |
| CVE-2020-7016 | Kibana versions before 6.8.11 and 7.8.1 contain a denial of service (DoS) flaw in Timelion. An attac... | S | |
| CVE-2020-7017 | In Kibana versions before 6.8.11 and 7.8.1 the region map visualization in contains a stored XSS fla... | | |
| CVE-2020-7018 | Elastic Enterprise Search before 7.9.0 contain a credential exposure flaw in the App Search interfac... | | |
| CVE-2020-7019 | In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling ... | | |
| CVE-2020-7020 | Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or F... | | |
| CVE-2020-7021 | Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logg... | | |
| CVE-2020-7029 | Avaya Product System Management Interface Cross-Site Request Forgery Vulnerability | | |
| CVE-2020-7030 | IPO Information Disclosure | | |
| CVE-2020-7031 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-7032 | Avaya WebLM Improper Restriction of XML External Entity Reference | E | |
| CVE-2020-7033 | Avaya Equinox Conferencing XSS | | |
| CVE-2020-7034 | Command injection in Avaya Session Border Controller for Enterprise | | |
| CVE-2020-7035 | XXE in Avaya Aura Orchestration Designer | | |
| CVE-2020-7036 | XXE in Avaya Callback Assist Administration | | |
| CVE-2020-7037 | Avaya Equinox Conferencing XXE vulnerability | | |
| CVE-2020-7038 | Avaya Meetings Server Information Disclosure vulnerability | | |
| CVE-2020-7039 | tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated b... | S | |
| CVE-2020-7040 | storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows... | S | |
| CVE-2020-7041 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c misha... | S | |
| CVE-2020-7042 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c misha... | S | |
| CVE-2020-7043 | An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishand... | S | |
| CVE-2020-7044 | In Wireshark 3.2.x before 3.2.1, the WASSP dissector could crash. This was addressed in epan/dissect... | E S | |
| CVE-2020-7045 | In Wireshark 3.0.x before 3.0.8, the BT ATT dissector could crash. This was addressed in epan/dissec... | E S | |
| CVE-2020-7046 | lib-smtp in submission-login and lmtp in Dovecot 2.3.9 before 2.3.9.3 mishandles truncated UTF-8 dat... | | |
| CVE-2020-7047 | The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated use... | E S | |
| CVE-2020-7048 | The WordPress plugin, WP Database Reset through 3.1, contains a flaw that allowed any unauthenticate... | E S | |
| CVE-2020-7049 | Nozomi Networks OS before 19.0.4 allows /#/network?tab=network_node_list.html CSV Injection.... | E | |
| CVE-2020-7050 | Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal use... | | |
| CVE-2020-7051 | Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjuncti... | | |
| CVE-2020-7052 | CODESYS Control V3, Gateway V3, and HMI V3 before 3.5.15.30 allow uncontrolled memory allocation whi... | E | |
| CVE-2020-7053 | In the Linux kernel 4.14 longterm through 4.14.165 and 4.19 longterm through 4.19.96 (and 5.x before... | S | |
| CVE-2020-7054 | MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a ... | E | |
| CVE-2020-7055 | An issue was discovered in Elementor 2.7.4. Arbitrary file upload is possible in the Elementor Impor... | E | |
| CVE-2020-7057 | Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed I... | E | |
| CVE-2020-7058 | data_input.php in Cacti 1.2.8 allows remote code execution via a crafted Input String to Data Collec... | E | |
| CVE-2020-7059 | OOB read in php_strip_tags_ex | E S | |
| CVE-2020-7060 | global buffer-overflow in mbfl_filt_conv_big5_wchar | E S | |
| CVE-2020-7061 | heap-buffer-overflow in phar_extract_file | E S | |
| CVE-2020-7062 | Null Pointer Dereference in PHP Session Upload Progress | E M | |
| CVE-2020-7063 | Files added to tar with Phar::buildFromIterator have all-access permissions | E S | |
| CVE-2020-7064 | Use-of-uninitialized-value in exif | E S | |
| CVE-2020-7065 | mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full | E S | |
| CVE-2020-7066 | get_headers() silently truncates after a null byte | E S | |
| CVE-2020-7067 | OOB Read in urldecode() | E S | |
| CVE-2020-7068 | Use of freed hash key in the phar_parse_zipfile function | E S | |
| CVE-2020-7069 | Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV | S | |
| CVE-2020-7070 | PHP parses encoded cookie names so malicious `__Host-` cookies can be sent | E | |
| CVE-2020-7071 | FILTER_VALIDATE_URL accepts URLs with invalid userinfo | E S | |
| CVE-2020-7079 | An improper signature validation vulnerability in Autodesk Dynamo BIM versions 2.5.1 and 2.5.0 may l... | | |
| CVE-2020-7080 | A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbi... | | |
| CVE-2020-7081 | A type confusion vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbit... | | |
| CVE-2020-7082 | A use-after-free vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to code ... | | |
| CVE-2020-7083 | An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to de... | | |
| CVE-2020-7084 | A NULL pointer dereference vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lea... | | |
| CVE-2020-7085 | A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitr... | | |
| CVE-2020-7104 | The chained-quiz plugin 1.1.8.1 for WordPress has reflected XSS via the wp-admin/admin-ajax.php tota... | E | |
| CVE-2020-7105 | async.c and dict.c in libhiredis.a in hiredis through 0.14.0 allow a NULL pointer dereference becaus... | E S | |
| CVE-2020-7106 | Cacti 1.2.8 has stored XSS in data_sources.php, color_templates_item.php, graphs.php, graph_items.ph... | E | |
| CVE-2020-7107 | The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/Display... | S | |
| CVE-2020-7108 | The LearnDash LMS plugin before 3.1.2 for WordPress allows XSS via the ld-profile search field.... | E | |
| CVE-2020-7109 | The Elementor Page Builder plugin before 2.8.4 for WordPress does not sanitize data during creation ... | | |
| CVE-2020-7110 | ClearPass is vulnerable to Stored Cross Site Scripting by allowing a malicious administrator, or a c... | | |
| CVE-2020-7111 | A server side injection vulnerability exists which could allow an authenticated administrative user ... | | |
| CVE-2020-7112 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2020-7113 | A vulnerability was found when an attacker, while communicating with the ClearPass management interf... | | |
| CVE-2020-7114 | A vulnerability exists allowing attackers, when present in the same network segment as ClearPass' ma... | | |
| CVE-2020-7115 | The ClearPass Policy Manager web interface is affected by a vulnerability that leads to authenticati... | E | |
| CVE-2020-7116 | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote exec... | | |
| CVE-2020-7117 | The ClearPass Policy Manager WebUI administrative interface has an authenticated command remote exec... | | |
| CVE-2020-7118 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2020-7119 | A vulnerability exists in the Aruba Analytics and Location Engine (ALE) web management interface 2.1... | | |
| CVE-2020-7120 | A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager... | | |
| CVE-2020-7121 | Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325,... | | |
| CVE-2020-7122 | Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325,... | | |
| CVE-2020-7123 | A local escalation of privilege vulnerability was discovered in Aruba ClearPass Policy Manager versi... | | |
| CVE-2020-7124 | A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s): Prio... | | |
| CVE-2020-7125 | A remote escalation of privilege vulnerability was discovered in Aruba Airwave Software version(s): ... | | |
| CVE-2020-7126 | A remote server-side request forgery (ssrf) vulnerability was discovered in Aruba Airwave Software v... | | |
| CVE-2020-7127 | A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Soft... | | |
| CVE-2020-7128 | A remote unauthenticated arbitrary code execution vulnerability was discovered in Aruba Airwave Soft... | | |
| CVE-2020-7129 | A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software vers... | | |
| CVE-2020-7130 | HPE OneView Global Dashboard (OVGD) 1.9 has a remote information disclosure vulnerability. HPE OneVi... | | |
| CVE-2020-7131 | This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance... | M | |
| CVE-2020-7132 | A potential security vulnerability has been identified in HPE Onboard Administrator. The vulnerabili... | | |
| CVE-2020-7133 | A unauthorized remote access vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1.4.1,... | | |
| CVE-2020-7134 | A remote access to sensitive data vulnerability was discovered in HPE IOT + GCP version(s): 1.4.0, 1... | | |
| CVE-2020-7135 | A potential security vulnerability has been identified in the disk drive firmware installers named S... | | |
| CVE-2020-7136 | A security vulnerability in HPE Smart Update Manager (SUM) prior to version 8.5.6 could allow remote... | | |
| CVE-2020-7137 | A validation issue in HPE Superdome Flex's RMC component may allow local elevation of privilege. App... | | |
| CVE-2020-7138 | Potential remote code execution security vulnerabilities have been identified with HPE Nimble Storag... | | |
| CVE-2020-7139 | Potential remote access security vulnerabilities have been identified with HPE Nimble Storage system... | | |
| CVE-2020-7140 | A security vulnerability in HPE IceWall SSO Dfw and Dgfw (Domain Gateway Option) could be exploited ... | S | |
| CVE-2020-7141 | A adddevicetoview expression language injection remote code execution vulnerability was discovered i... | | |
| CVE-2020-7142 | A eventinfo_content expression language injection remote code execution vulnerability was discovered... | | |
| CVE-2020-7143 | A faultdevparasset expression language injection remote code execution vulnerability was discovered ... | | |
| CVE-2020-7144 | A comparefilesresult expression language injection remote code execution vulnerability was discovere... | | |
| CVE-2020-7145 | A chooseperfview expression language injection remote code execution vulnerability was discovered in... | | |
| CVE-2020-7146 | A devgroupselect expression language injection remote code execution vulnerability was discovered in... | | |
| CVE-2020-7147 | A deployselectbootrom expression language injection remote code execution vulnerability was discover... | | |
| CVE-2020-7148 | A deployselectsoftware expression language injection remote code execution vulnerability was discove... | | |
| CVE-2020-7149 | A ictexpertcsvdownload expression language injection remote code execution vulnerability was discove... | | |
| CVE-2020-7150 | A faultstatchoosefaulttype expression language injection remote code execution vulnerability was dis... | | |
| CVE-2020-7151 | A faulttrapgroupselect expression language injection remote code execution vulnerability was discove... | | |
| CVE-2020-7152 | A faultparasset expression language injection remote code execution vulnerability was discovered in ... | | |
| CVE-2020-7153 | A iccselectdevtype expression language injection remote code execution vulnerability was discovered ... | | |
| CVE-2020-7154 | A ifviewselectpage expression language injection remote code execution vulnerability was discovered ... | | |
| CVE-2020-7155 | A select expression language injection remote code execution vulnerability was discovered in HPE Int... | | |
| CVE-2020-7156 | A faultinfo_content expression language injection remote code execution vulnerability was discovered... | | |
| CVE-2020-7157 | A selviewnavcontent expression language injection remote code execution vulnerability was discovered... | | |
| CVE-2020-7158 | A perfselecttask expression language injection remote code execution vulnerability was discovered in... | | |
| CVE-2020-7159 | A customtemplateselect expression language injection remote code execution vulnerability was discove... | | |
| CVE-2020-7160 | A iccselectdeviceseries expression language injection remote code execution vulnerability was discov... | | |
| CVE-2020-7161 | A reporttaskselect expression language injection remote code execution vulnerability was discovered ... | | |
| CVE-2020-7162 | A operatorgroupselectcontent expression language injection remote code execution vulnerability was d... | | |
| CVE-2020-7163 | A navigationto expression language injection remote code execution vulnerability was discovered in H... | | |
| CVE-2020-7164 | A operationselect expression language injection remote code execution vulnerability was discovered i... | | |
| CVE-2020-7165 | A iccselectcommand expression language injection remote code execution vulnerability was discovered ... | | |
| CVE-2020-7166 | A operatorgrouptreeselectcontent expression language injection remote code execution vulnerability w... | | |
| CVE-2020-7167 | A quicktemplateselect expression language injection remote code execution vulnerability was discover... | | |
| CVE-2020-7168 | A selectusergroup expression language injection remote code execution vulnerability was discovered i... | | |
| CVE-2020-7169 | A ictexpertcsvdownload expression language injection remote code execution vulnerability was discove... | | |
| CVE-2020-7170 | A select expression language injection remote code execution vulnerability was discovered in HPE Int... | | |
| CVE-2020-7171 | A guidatadetail expression language injection remote code execution vulnerability was discovered in ... | | |
| CVE-2020-7172 | A templateselect expression language injection remote code execution vulnerability was discovered in... | | |
| CVE-2020-7173 | A actionselectcontent expression language injection remote code execution vulnerability was discover... | | |
| CVE-2020-7174 | A soapconfigcontent expression language injection remote code execution vulnerability was discovered... | | |
| CVE-2020-7175 | A iccselectdymicparam expression language injection remote code execution vulnerability was discover... | | |
| CVE-2020-7176 | A viewtaskresultdetailfact expression language injection remote code execution vulnerability was dis... | | |
| CVE-2020-7177 | A wmiconfigcontent expression language injection remote code execution vulnerability was discovered ... | | |
| CVE-2020-7178 | A mediaforaction expression language injection remote code execution vulnerability was discovered in... | | |
| CVE-2020-7179 | A thirdpartyperfselecttask expression language injection remote code execution vulnerability was dis... | | |
| CVE-2020-7180 | A ictexpertdownload expression language injection remote code execution vulnerability was discovered... | | |
| CVE-2020-7181 | A smsrulesdownload expression language injection remote code execution vulnerability was discovered ... | | |
| CVE-2020-7182 | A sshconfig expression language injection remote code execution vulnerability was discovered in HPE ... | | |
| CVE-2020-7183 | A forwardredirect expression language injection remote code execution vulnerability was discovered i... | | |
| CVE-2020-7184 | A viewbatchtaskresultdetailfact expression language injection remote code execution vulnerability wa... | | |
| CVE-2020-7185 | A tvxlanlegend expression language injection remote code execution vulnerability was discovered in H... | | |
| CVE-2020-7186 | A powershellconfigcontent expression language injection remote code execution vulnerability was disc... | | |
| CVE-2020-7187 | A reportpage index expression language injection remote code execution vulnerability was discovered ... | | |
| CVE-2020-7188 | A userselectpagingcontent expression language injection remote code execution vulnerability was disc... | | |
| CVE-2020-7189 | A faultflasheventselectfact expression language injectionremote code execution vulnerability was dis... | | |
| CVE-2020-7190 | A deviceselect expression language injection remote code execution vulnerability was discovered in H... | | |
| CVE-2020-7191 | A devsoftsel expression language injection remote code execution vulnerability was discovered in HPE... | | |
| CVE-2020-7192 | A devicethresholdconfig expression language injection remote code execution vulnerability was discov... | | |
| CVE-2020-7193 | A ictexpertcsvdownload expression language injection remote code execution vulnerability was discove... | | |
| CVE-2020-7194 | A perfaddormoddevicemonitor expression language injection remote code execution vulnerability was di... | | |
| CVE-2020-7195 | A iccselectrules expression language injection remote code execution vulnerability was discovered in... | | |
| CVE-2020-7196 | The HPE BlueData EPIC Software Platform version 4.0 and HPE Ezmeral Container Platform 5.0 use an in... | | |
| CVE-2020-7197 | SSMC3.7.0.0 is vulnerable to remote authentication bypass. HPE StoreServ Management Console (SSMC) 3... | S | |
| CVE-2020-7198 | There is a remote escalation of privilege possible for a malicious user that has a OneView account i... | | |
| CVE-2020-7199 | A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known ... | | |
| CVE-2020-7200 | A potential security vulnerability has been identified in HPE Systems Insight Manager (SIM) version ... | E | |
| CVE-2020-7201 | A potential security vulnerability has been identified in the HPE StoreEver MSL2024 Tape Library and... | | |
| CVE-2020-7202 | A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 (iLO 5) and In... | | |
| CVE-2020-7203 | A potential security vulnerability has been identified in HPE iLO Amplifier Pack server version 1.70... | | |
| CVE-2020-7205 | A potential security vulnerability has been identified in HPE Intelligent Provisioning, Service Pack... | | |
| CVE-2020-7206 | HP nagios plugin for iLO (nagios-plugins-hpilo v1.50 and earlier) has a php code injection vulnerabi... | S | |
| CVE-2020-7207 | A local elevation of privilege using physical access security vulnerability was found in HPE Prolian... | | |
| CVE-2020-7208 | LinuxKI v6.0-1 and earlier is vulnerable to an XSS which is resolved in release 6.0-2.... | | |
| CVE-2020-7209 | LinuxKI v6.0-1 and earlier is vulnerable to an remote code execution which is resolved in release 6.... | E | |
| CVE-2020-7210 | Umbraco CMS 8.2.2 allows CSRF to enable/disable or delete user accounts.... | E | |
| CVE-2020-7211 | tftp.c in libslirp 4.1.0, as used in QEMU 4.2.0, does not prevent ..\ directory traversal on Windows... | S | |
| CVE-2020-7212 | The _encode_invalid_chars function in util/url.py in the urllib3 library 1.25.2 through 1.25.7 for P... | S | |
| CVE-2020-7213 | Parallels 13 uses cleartext HTTP as part of the update process, allowing man-in-the-middle attacks. ... | E | |
| CVE-2020-7215 | An issue was discovered in Gallagher Command Centre 7.x before 7.90.991(MR5), 8.00 before 8.00.1161(... | | |
| CVE-2020-7216 | An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attacker... | | |
| CVE-2020-7217 | An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows networ... | | |
| CVE-2020-7218 | HashiCorp Nomad and Nonad Enterprise up to 0.10.2 HTTP/RPC services allowed unbounded resource usage... | M | |
| CVE-2020-7219 | HashiCorp Consul and Consul Enterprise up to 1.6.2 HTTP/RPC services allowed unbounded resource usag... | | |
| CVE-2020-7220 | HashiCorp Vault Enterprise 0.11.0 through 1.3.1 fails, in certain circumstances, to revoke dynamic s... | | |
| CVE-2020-7221 | mysql_install_db in MariaDB 10.4.7 through 10.4.11 allows privilege escalation from the mysql user a... | E | |
| CVE-2020-7222 | An issue was discovered in Amcrest Web Server 2.520.AC00.18.R 2017-06-29 WEB 3.2.1.453504. The login... | E | |
| CVE-2020-7224 | The Aviatrix OpenVPN client through 2.5.7 on Linux, macOS, and Windows is vulnerable when OpenSSL pa... | | |
| CVE-2020-7226 | CiphertextHeader.java in Cryptacular 1.2.3, as used in Apereo CAS and other products, allows attacke... | E S | |
| CVE-2020-7227 | Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an... | E | |
| CVE-2020-7228 | The Calculated Fields Form plugin through 1.0.353 for WordPress suffers from multiple Stored XSS vul... | | |
| CVE-2020-7229 | An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injecti... | | |
| CVE-2020-7231 | Evoko Home 1.31 devices provide different error messages for failed login requests depending on whet... | E | |
| CVE-2020-7232 | Evoko Home devices 1.31 through 1.37 allow remote attackers to obtain sensitive information (such as... | E | |
| CVE-2020-7233 | KMS Controls BAC-A1616BC BACnet devices have a cleartext password of snowman in the BACKDOOR_NAME va... | E | |
| CVE-2020-7234 | Ruckus ZoneFlex R310 104.0.0.0.1347 devices allow Stored XSS via the SSID field on the Configuration... | E | |
| CVE-2020-7235 | UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cB3?ta= (profile title).... | E | |
| CVE-2020-7236 | UHP UHP-100 3.4.1.15, 3.4.2.4, and 3.4.3 devices allow XSS via cw2?td= (Site Name field of the Site ... | E | |
| CVE-2020-7237 | Cacti 1.2.8 allows Remote Code Execution (by privileged users) via shell metacharacters in the Perfo... | E | |
| CVE-2020-7238 | Netty 4.1.43.Final allows HTTP Request Smuggling because it mishandles Transfer-Encoding whitespace ... | E | |
| CVE-2020-7239 | The conversation-watson plugin before 0.8.21 for WordPress has a DOM-based XSS vulnerability that is... | E | |
| CVE-2020-7240 | Meinberg Lantime M300 and M1000 devices allow attackers (with privileges to configure a device) to e... | E | |
| CVE-2020-7241 | The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in the d... | E | |
| CVE-2020-7242 | Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote c... | E | |
| CVE-2020-7243 | Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote c... | E | |
| CVE-2020-7244 | Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to achieve remote c... | E | |
| CVE-2020-7245 | Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker... | | |
| CVE-2020-7246 | A remote code execution (RCE) vulnerability exists in qdPM 9.1 and earlier. An attacker can upload a... | E | |
| CVE-2020-7247 | smtp_mailaddr in smtp_session.c in OpenSMTPD 6.6, as used in OpenBSD 6.6 and other products, allows ... | KEV E S | |
| CVE-2020-7248 | libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serializatio... | S | |
| CVE-2020-7249 | SMC D3G0804W 3.5.2.5-LAT_GA devices allow XSS via the SSID field on the WiFi Network Configuration p... | E | |
| CVE-2020-7250 | ENS symbolic link log file manipulation vulnerability | | |
| CVE-2020-7251 | ESConfig Tool able to edit configuration for newer version | | |
| CVE-2020-7252 | Unquoted service executable path | | |
| CVE-2020-7253 | Improper access control vulnerability in McAfee Agent | | |
| CVE-2020-7254 | Privilege escalation in Advanced Threat Defense | | |
| CVE-2020-7255 | Privilege Escalation vulnerability in ENS | | |
| CVE-2020-7256 | Network Security Management (NSM) - Cross site scripting vulnerability | | |
| CVE-2020-7257 | Privilege Escalation vulnerability through Symbolic links in ENS | | |
| CVE-2020-7258 | Network Security Management (NSM) - Cross site scripting vulnerability | | |
| CVE-2020-7259 | Unsigned executable vulnerability in ENS can be used to bypass intended self-protection rules | | |
| CVE-2020-7260 | MACC installer DLL side loading | | |
| CVE-2020-7261 | Buffer overwrite in ENS allowed to bypass AMSI protection | | |
| CVE-2020-7262 | Improper Access Control vulnerability in ATD | | |
| CVE-2020-7263 | ENS configuration can be edited by attacker with local administrator permissions | | |
| CVE-2020-7264 | Privilege Escalation vulnerability through symbolic links in ENS for Windows | | |
| CVE-2020-7265 | Privilege Escalation vulnerability through symbolic links in ENSM | | |
| CVE-2020-7266 | Privilege Escalation vulnerability through symbolic links in VSE for Windows | | |
| CVE-2020-7267 | Privilege Escalation vulnerability through symbolic links in VSEL | | |
| CVE-2020-7268 | McAfee Email Gateway (MEG) - Path Traversal vulnerability | | |
| CVE-2020-7269 | Sensitive Information Exposure in McAfee ATD | | |
| CVE-2020-7270 | Sensitive Information Exposure in McAfee ATD | | |
| CVE-2020-7273 | Autorun registry bypass | | |
| CVE-2020-7274 | ENS elevated permissions vulnerability | | |
| CVE-2020-7275 | Unquoted service paths for some McAfee ENS files | | |
| CVE-2020-7276 | Unrestricted Policy Management using MfeUpgradeTool.exe | | |
| CVE-2020-7277 | McAfee processes not protected | | |
| CVE-2020-7278 | McAfee firewall rules not enforced correctly | | |
| CVE-2020-7279 | DLL search order hijacking in Host IPS | | |
| CVE-2020-7280 | Symbolic Link vulnerability during DAT update | | |
| CVE-2020-7281 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) | | |
| CVE-2020-7282 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) | | |
| CVE-2020-7283 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) | | |
| CVE-2020-7284 | Network Security Management (NSM) - Exposure of Sensitive Information | | |
| CVE-2020-7285 | Privilege Escalation vulnerability in MVISION Endpoint | | |
| CVE-2020-7286 | Privilege Escalation vulnerability in EDR for Windows | | |
| CVE-2020-7287 | Privilege Escalation vulnerability in EDR for Linux | | |
| CVE-2020-7288 | Privilege Escalation vulnerability in EDR for Mac | | |
| CVE-2020-7289 | Privilege Escalation vulnerability in MAR for Windows | | |
| CVE-2020-7290 | Privilege Escalation vulnerability in MAR for Linux | | |
| CVE-2020-7291 | Privilege Escalation vulnerability MAR for Mac | | |
| CVE-2020-7292 | Web Gateway (MWG) - Inappropriate Encoding for output context | | |
| CVE-2020-7293 | Web Gateway (MWG) - Privilege Escalation vulnerability | | |
| CVE-2020-7294 | Web Gateway (MWG) - Privilege Escalation vulnerability | | |
| CVE-2020-7295 | Web Gateway (MWG) - Privilege Escalation vulnerability | | |
| CVE-2020-7296 | Web Gateway (MWG) - Privilege Escalation vulnerability | | |
| CVE-2020-7297 | Web Gateway (MWG) - Privilege Escalation vulnerability | | |
| CVE-2020-7298 | Total Protection (MTP) - Unexpected behavior violation | | |
| CVE-2020-7299 | Sensitive Data Exposure vulnerability in McAfee True Key Windows Client | | |
| CVE-2020-7300 | DLP ePO extension - Improper Authorization | | |
| CVE-2020-7301 | DLP ePO extension - Cross site scripting | | |
| CVE-2020-7302 | DLP ePO extension - Unrestricted Upload of File with Dangerous Type | | |
| CVE-2020-7303 | DLP ePO extension - Cross-site scripting | | |
| CVE-2020-7304 | DLP ePO extension - Cross-site request forgery | | |
| CVE-2020-7305 | DLP ePO extension - Privilege escalation | | |
| CVE-2020-7306 | DLP for Mac - Unprotected Storage of Credentials | | |
| CVE-2020-7307 | DLP for Mac - Unprotected Storage of Credentials | | |
| CVE-2020-7308 | Transmission of data in clear text by McAfee ENS | | |
| CVE-2020-7309 | Cross Site Scripting vulnerability in ePO extension of MACC | | |
| CVE-2020-7310 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial installer | | |
| CVE-2020-7311 | Privilege Escalation vulnerability in MA for Windows | | |
| CVE-2020-7312 | DLL Search Order Hijacking in MA for Windows | | |
| CVE-2020-7314 | Privilege Escalation vulnerability in McAfee DXL for Mac | | |
| CVE-2020-7315 | DLL Injection vulnerability in MA for Windows | | |
| CVE-2020-7316 | File and Removable Media Protection update fixes one vulnerability | | |
| CVE-2020-7317 | ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability | | |
| CVE-2020-7318 | ePolicy Orchistrator (ePO) - Cross-Site Scripting vulnerability | | |
| CVE-2020-7319 | Improper Access Control Vulnerability in ENS for Windows | | |
| CVE-2020-7320 | Protection Mechanism Failure in ENS for Windows | | |
| CVE-2020-7322 | Exposure of Sensitive Information in ENS for Windows | | |
| CVE-2020-7323 | Authentication Protection Bypass vulnerability in ENS for Windows | | |
| CVE-2020-7324 | Improper Access Control vulnerability in MVISION Endpoint | | |
| CVE-2020-7325 | Privilege Escalation vulnerability in MVISION Endpoint | | |
| CVE-2020-7326 | McAfee MAR - Improperly implemented security check | | |
| CVE-2020-7327 | McAfee MVEDR - Improperly implemented security check | | |
| CVE-2020-7328 | Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension | | |
| CVE-2020-7329 | Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension | | |
| CVE-2020-7330 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) trial | | |
| CVE-2020-7331 | Unquoted service executable path in McAfee Endpoint Security (ENS) | | |
| CVE-2020-7332 | Cross-Site Request Forgery (CSRF) in firewall ePO extension of McAfee Endpoint Security (ENS) | | |
| CVE-2020-7333 | Cross-site Scripting (XSS) in firewall ePO extension of McAfee Endpoint Security (ENS) | | |
| CVE-2020-7334 | Improper privilege assignment vulnerability in the installer component of MACC | | |
| CVE-2020-7335 | Privilege Escalation vulnerability in McAfee Total Protection (MTP) | | |
| CVE-2020-7336 | Network Security Management (NSM) - Cross Site Request Forgery vulnerability | | |
| CVE-2020-7337 | Incorrect Permission Assignment for Critical Resource | | |
| CVE-2020-7339 | Database Security(DBS)-Use of a Broken or Risky Cryptographic Algorithm | | |
| CVE-2020-7343 | Improper Authorization vulnerability in MA | | |
| CVE-2020-7346 | Privilege escalation in McAfee DLP Endpoint for Windows | | |
| CVE-2020-7350 | Metasploit Framework Plugin Libnotify Command Injection | E S | |
| CVE-2020-7351 | Fonality Trixbox CE Post-Authentication Command Injection | E S | |
| CVE-2020-7352 | GOG Galaxy GalaxyClientService Privilege Escalation | E S | |
| CVE-2020-7354 | Rapid7 Metasploit Pro Stored XSS in 'host' field | E S | |
| CVE-2020-7355 | Rapid7 Metasploit Pro Stored XSS in 'notes' field | E S | |
| CVE-2020-7356 | Cayin xPost SQL Injection | E S | |
| CVE-2020-7357 | Cayin CMS Command Injection | E S | |
| CVE-2020-7358 | Code Injection in Rapid7 AppSpider Pro Installer | | |
| CVE-2020-7360 | Philips SmartControl DLL Hijacking | E | |
| CVE-2020-7361 | ZenTao Pro Command Injection | E | |
| CVE-2020-7363 | UCWeb UC Browser Address Bar Spooofing | E M | |
| CVE-2020-7364 | UCWeb UC Browser Address Bar Spooofing | E M | |
| CVE-2020-7369 | Yandex Browser Address Bar Spooofing | E M | |
| CVE-2020-7370 | Danyil Vasilenko Bolt Browser Address Bar Spooofing | E M | |
| CVE-2020-7371 | Raise IT Solutions RITS Browser Address Bar Spooofing | E M | |
| CVE-2020-7373 | vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax... | E S | |
| CVE-2020-7374 | Documalis Free PDF Editor / Free PDF Scanner Stack Based Buffer Overflow | E S | |
| CVE-2020-7376 | Rapid7 Metasploit Framework Relative Path Traversal in enum_osx module | E S | |
| CVE-2020-7377 | Rapid7 Metasploit Framework Relative Path Traversal in telpho10_credential_dump module | E S | |
| CVE-2020-7378 | CRIXP OpenCRX Unverified Password Change | E S | |
| CVE-2020-7381 | Code Injection in Rapid7 Nexpose Installer | | |
| CVE-2020-7382 | Unquoted Path in Rapid7 Nexpose Installer | | |
| CVE-2020-7383 | SQL Injection in Rapid7 Nexpose | | |
| CVE-2020-7384 | Client-Side Command Injection in Rapid7 Metasploit | E S | |
| CVE-2020-7385 | Metasploit Framework 'drb_remote_codeexec' code execution | E S | |
| CVE-2020-7387 | Sage X3 AdxAdmin Exposure of Sensitive Information to an Unauthorized Actor | E S | |
| CVE-2020-7388 | Sage X3 AdxAdmin Unauthenticated Command Execution Bypass by Spoofing | E S | |
| CVE-2020-7389 | Sage X3 Syracuse Missing Authentication for Critical Function in Developer Environment | E | |
| CVE-2020-7390 | Sage X3 Syracuse Persistent XSS in Edit User page | E S | |
| CVE-2020-7450 | In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0... | S | |
| CVE-2020-7451 | In FreeBSD 12.1-STABLE before r358739, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r3587... | S | |
| CVE-2020-7452 | In FreeBSD 12.1-STABLE before r357490, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r3574... | S | |
| CVE-2020-7453 | In FreeBSD 12.1-STABLE before r359021, 12.1-RELEASE before 12.1-RELEASE-p3, 11.3-STABLE before r3590... | S | |
| CVE-2020-7454 | In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA... | | |
| CVE-2020-7455 | In FreeBSD 12.1-STABLE before r360973, 12.1-RELEASE before p5, 11.4-STABLE before r360973, 11.4-BETA... | | |
| CVE-2020-7456 | In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELE... | S | |
| CVE-2020-7457 | In FreeBSD 12.1-STABLE before r359565, 12.1-RELEASE before p7, 11.4-STABLE before r362975, 11.4-RELE... | E S | |
| CVE-2020-7458 | In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long ... | S | |
| CVE-2020-7459 | In FreeBSD 12.1-STABLE before r362166, 12.1-RELEASE before p8, 11.4-STABLE before r362167, 11.4-RELE... | | |
| CVE-2020-7460 | In FreeBSD 12.1-STABLE before r363918, 12.1-RELEASE before p8, 11.4-STABLE before r363919, 11.4-RELE... | | |
| CVE-2020-7461 | In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELE... | | |
| CVE-2020-7462 | In 11.4-PRERELEASE before r360733 and 11.3-RELEASE before p13, improper mbuf handling in the kernel ... | | |
| CVE-2020-7463 | In FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELE... | | |
| CVE-2020-7464 | In FreeBSD 12.2-STABLE before r365730, 11.4-STABLE before r365738, 12.1-RELEASE before p10, 11.4-REL... | | |
| CVE-2020-7465 | The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted... | E S | |
| CVE-2020-7466 | The PPP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted ... | E S | |
| CVE-2020-7467 | In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-REL... | | |
| CVE-2020-7468 | In FreeBSD 12.2-STABLE before r365772, 11.4-STABLE before r365773, 12.1-RELEASE before p10, 11.4-REL... | | |
| CVE-2020-7469 | In FreeBSD 12.2-STABLE before r367402, 11.4-STABLE before r368202, 12.2-RELEASE before p1, 12.1-RELE... | | |
| CVE-2020-7470 | Sonoff TH 10 and 16 devices with firmware 6.6.0.21 allows XSS via the Friendly Name 1 field (after a... | E | |
| CVE-2020-7471 | Django 1.11 before 1.11.28, 2.2 before 2.2.10, and 3.0 before 3.0.3 allows SQL Injection if untruste... | S | |
| CVE-2020-7472 | An authorization bypass and PHP local-file-include vulnerability in the installation component of Su... | | |
| CVE-2020-7473 | In certain situations, all versions of Citrix ShareFile StorageZones (aka storage zones) Controller,... | | |
| CVE-2020-7474 | A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and... | | |
| CVE-2020-7475 | A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Inj... | | |
| CVE-2020-7476 | A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to ... | | |
| CVE-2020-7477 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethe... | | |
| CVE-2020-7478 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 an... | | |
| CVE-2020-7479 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 an... | | |
| CVE-2020-7480 | A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover ... | | |
| CVE-2020-7481 | A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulner... | | |
| CVE-2020-7482 | A CWE-79:Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulner... | | |
| CVE-2020-7483 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause certain data to be visible on th... | | |
| CVE-2020-7484 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability with the former 'password' feature could all... | | |
| CVE-2020-7485 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy support account in the TriStation software version ... | | |
| CVE-2020-7486 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A vulnerability could cause TCM modules to reset when under ... | | |
| CVE-2020-7487 | A CWE-345: Insufficient Verification of Data Authenticity vulnerability exists which could allow the... | | |
| CVE-2020-7488 | A CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists which could leak sen... | | |
| CVE-2020-7489 | A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Inj... | S | |
| CVE-2020-7490 | A CWE-426: Untrusted Search Path vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 15 and pr... | | |
| CVE-2020-7491 | **VERSION NOT SUPPORTED WHEN ASSIGNED** A legacy debug port account in TCMs installed in Tricon syst... | | |
| CVE-2020-7492 | A CWE-521: Weak Password Requirements vulnerability exists in the GP-Pro EX V1.00 to V4.09.100 which... | | |
| CVE-2020-7493 | A CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulne... | | |
| CVE-2020-7494 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | | |
| CVE-2020-7495 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | | |
| CVE-2020-7496 | A CWE-88: Argument Injection or Modification vulnerability exists in EcoStruxure Operator Terminal E... | | |
| CVE-2020-7497 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerabili... | | |
| CVE-2020-7498 | A CWE-798: Use of Hard-coded Credentials vulnerability exists in the Unity Loader and OS Loader Soft... | | |
| CVE-2020-7499 | A CWE-863: Incorrect Authorization vulnerability exists in U.motion Servers and Touch Panels (affect... | | |
| CVE-2020-7500 | A CWE-89:Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulner... | | |
| CVE-2020-7501 | A CWE-798: Use of Hard-coded Credentials vulnerability exists in Vijeo Designer Basic (V1.1 HotFix 1... | | |
| CVE-2020-7502 | A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware versi... | | |
| CVE-2020-7503 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists in Easergy T300 (Firmware version ... | | |
| CVE-2020-7504 | A CWE-20: Improper Input Validation vulnerability exists in Easergy T300 (Firmware version 1.5.2 and... | | |
| CVE-2020-7505 | A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware ve... | | |
| CVE-2020-7506 | A CWE-200: Information Exposure vulnerability exists in Easergy T300, Firmware V1.5.2 and prior, whi... | | |
| CVE-2020-7507 | A CWE-400: Uncontrolled Resource Consumption vulnerability exists in Easergy T300 (Firmware version ... | | |
| CVE-2020-7508 | A CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists in Easergy ... | | |
| CVE-2020-7509 | A CWE-269: Improper privilege management (write) vulnerability exists in Easergy T300 (Firmware vers... | | |
| CVE-2020-7510 | A CWE-200: Information Exposure vulnerability exists in Easergy T300 (Firmware version 1.5.2 and old... | | |
| CVE-2020-7511 | A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy T300 (Fi... | | |
| CVE-2020-7512 | A CWE-1103: Use of Platform-Dependent Third Party Components with vulnerabilities vulnerability exis... | | |
| CVE-2020-7513 | A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy T300 (Firmware... | | |
| CVE-2020-7514 | A CWE-327: Use of a Broken or Risky Cryptographic Algorithm vulnerability exists in Easergy Builder ... | | |
| CVE-2020-7515 | A CWE-321: Use of hard-coded cryptographic key stored in cleartext vulnerability exists in Easergy B... | S | |
| CVE-2020-7516 | A CWE-316: Cleartext Storage of Sensitive Information in Memory vulnerability exists in Easergy Buil... | S | |
| CVE-2020-7517 | A CWE-312: Cleartext Storage of Sensitive Information vulnerability exists in Easergy Builder (Versi... | | |
| CVE-2020-7518 | A CWE-20: Improper input validation vulnerability exists in Easergy Builder (Version 1.4.7.2 and old... | | |
| CVE-2020-7519 | A CWE-521: Weak Password Requirements vulnerability exists in Easergy Builder (Version 1.4.7.2 and o... | | |
| CVE-2020-7520 | A CWE-601: URL Redirection to Untrusted Site ('Open Redirect') vulnerability exists in Schneider Ele... | S | |
| CVE-2020-7521 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists ... | | |
| CVE-2020-7522 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists ... | | |
| CVE-2020-7523 | Improper Privilege Management vulnerability exists in Schneider Electric Modbus Serial Driver (see s... | | |
| CVE-2020-7524 | Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which... | | |
| CVE-2020-7525 | Improper Restriction of Excessive Authentication Attempts vulnerability exists in all hardware versi... | | |
| CVE-2020-7526 | Improper Input Validation vulnerability exists in PowerChute Business Edition (software V9.0.x and e... | | |
| CVE-2020-7527 | Incorrect Default Permission vulnerability exists in SoMove (V2.8.1) and prior which could cause ele... | | |
| CVE-2020-7528 | A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack 7x Remote Connect (V3.... | | |
| CVE-2020-7529 | A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Transversal') vulnerabil... | | |
| CVE-2020-7530 | A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 and... | | |
| CVE-2020-7531 | A CWE-284 Improper Access Control vulnerability exists in SCADAPack 7x Remote Connect (V3.6.3.574 an... | | |
| CVE-2020-7532 | A CWE-502 Deserialization of Untrusted Data vulnerability exists in SCADAPack x70 Security Administr... | | |
| CVE-2020-7533 | A CWE-255: Credentials Management vulnerability exists in Web Server on Modicon M340, Modicon Quantu... | | |
| CVE-2020-7534 | A CWE-352: Cross-Site Request Forgery (CSRF) vulnerability exists on the web server used, that could... | S | |
| CVE-2020-7535 | A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal' Vulnerabilit... | | |
| CVE-2020-7536 | A CWE-754:Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M340 ... | | |
| CVE-2020-7537 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580... | | |
| CVE-2020-7538 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in PLC Simulato... | S | |
| CVE-2020-7539 | A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Serve... | | |
| CVE-2020-7540 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Web Server on Mo... | | |
| CVE-2020-7541 | A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon M340... | | |
| CVE-2020-7542 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580... | | |
| CVE-2020-7543 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580... | | |
| CVE-2020-7544 | A CWE-269 Improper Privilege Management vulnerability exists in EcoStruxureª Operator Terminal Exper... | S | |
| CVE-2020-7545 | A CWE-284:Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Moni... | | |
| CVE-2020-7546 | A CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability exists in EcoStr... | | |
| CVE-2020-7547 | A CWE-284: Improper Access Control vulnerability exists in EcoStruxureª and SmartStruxureª Power Mon... | | |
| CVE-2020-7548 | A CWE-330 - Use of Insufficiently Random Values vulnerability exists in Smartlink, PowerTag, and Wis... | S | |
| CVE-2020-7549 | A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Serv... | | |
| CVE-2020-7550 | A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exis... | | |
| CVE-2020-7551 | A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.2024... | | |
| CVE-2020-7552 | A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.2024... | | |
| CVE-2020-7553 | A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247... | | |
| CVE-2020-7554 | A CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exis... | | |
| CVE-2020-7555 | A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247... | | |
| CVE-2020-7556 | A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247... | | |
| CVE-2020-7557 | A CWE-125 Out-of-bounds Read vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 ... | | |
| CVE-2020-7558 | A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247... | | |
| CVE-2020-7559 | A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exis... | E S | |
| CVE-2020-7560 | A CWE-123: Write-what-where Condition vulnerability exists in EcoStruxure™ Control Expert (all versi... | | |
| CVE-2020-7561 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in Easergy T300 (with f... | S | |
| CVE-2020-7562 | A CWE-125: Out-of-Bounds Read vulnerability exists in the Web Server on Modicon M340, Modicon Quantu... | | |
| CVE-2020-7563 | A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quant... | | |
| CVE-2020-7564 | A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exis... | | |
| CVE-2020-7565 | A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all ... | | |
| CVE-2020-7566 | A CWE-334: Small Space of Random Values vulnerability exists in Modicon M221 (all references, all ve... | | |
| CVE-2020-7567 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Modicon M221 (all references... | | |
| CVE-2020-7568 | A CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Modico... | | |
| CVE-2020-7569 | A CWE-434 Unrestricted Upload of File with Dangerous Type vulnerability exists in EcoStruxure Buildi... | S | |
| CVE-2020-7570 | A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting Stored) v... | S | |
| CVE-2020-7571 | A CWE-79 Multiple Improper Neutralization of Input During Web Page Generation (Cross-site Scripting ... | S | |
| CVE-2020-7572 | A CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists in EcoStruxure ... | S | |
| CVE-2020-7573 | A CWE-284 Improper Access Control vulnerability exists in EcoStruxure Building Operation WebReports ... | S | |
| CVE-2020-7574 | A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix P... | | |
| CVE-2020-7575 | A vulnerability has been identified in Climatix POL908 (BACnet/IP module) (All versions), Climatix P... | | |
| CVE-2020-7576 | A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Executio... | | |
| CVE-2020-7577 | A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Executio... | | |
| CVE-2020-7578 | A vulnerability has been identified in Camstar Enterprise Platform (All versions), Opcenter Executio... | | |
| CVE-2020-7579 | A vulnerability has been identified in Spectrum Power™ 5 (All versions < v5.50 HF02). The web server... | | |
| CVE-2020-7580 | A vulnerability has been identified in SIMATIC Automation Tool (All versions < V4 SP2), SIMATIC NET ... | | |
| CVE-2020-7581 | A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter E... | | |
| CVE-2020-7583 | A vulnerability has been identified in Automation License Manager 5 (All versions), Automation Licen... | S | |
| CVE-2020-7584 | A vulnerability has been identified in SIMATIC S7-200 SMART CPU family (All versions >= V2.2 < V2.5.... | | |
| CVE-2020-7585 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 ... | | |
| CVE-2020-7586 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 ... | | |
| CVE-2020-7587 | A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter E... | | |
| CVE-2020-7588 | A vulnerability has been identified in Opcenter Execution Discrete (All versions < V3.2), Opcenter E... | | |
| CVE-2020-7589 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions). The vulner... | | |
| CVE-2020-7590 | A vulnerability has been identified in DCA Vantage Analyzer (All versions < V4.5 are affected by CVE... | | |
| CVE-2020-7591 | A vulnerability has been identified in SIPORT MP (All versions < 3.2.1). Vulnerable versions of the ... | | |
| CVE-2020-7592 | A vulnerability has been identified in SIMATIC HMI Basic Panels 1st Generation (incl. SIPLUS variant... | | |
| CVE-2020-7593 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOG... | E | |
| CVE-2020-7594 | MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrator... | E | |
| CVE-2020-7595 | xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-fi... | S | |
| CVE-2020-7596 | Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-... | E S | |
| CVE-2020-7597 | codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value... | E S | |
| CVE-2020-7598 | minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using... | E S | |
| CVE-2020-7599 | All versions of com.gradle.plugin-publish before 0.11.0 are vulnerable to Insertion of Sensitive Inf... | | |
| CVE-2020-7600 | querymen prior to 2.1.4 allows modification of object properties. The parameters of exported functio... | E S | |
| CVE-2020-7601 | gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitr... | E | |
| CVE-2020-7602 | node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called ... | E | |
| CVE-2020-7603 | closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options... | E | |
| CVE-2020-7604 | pulverizr through 0.7.0 allows execution of arbitrary commands. Within "lib/job.js", the variable "f... | E | |
| CVE-2020-7605 | gulp-tape through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary c... | E | |
| CVE-2020-7606 | docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of... | E | |
| CVE-2020-7607 | gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the ... | E | |
| CVE-2020-7608 | yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__pro... | E S | |
| CVE-2020-7609 | node-rules including 3.0.0 and prior to 5.0.0 allows injection of arbitrary commands. The argument r... | E S | |
| CVE-2020-7610 | All versions of bson before 1.1.4 are vulnerable to Deserialization of Untrusted Data. The package w... | S | |
| CVE-2020-7611 | All versions of io.micronaut:micronaut-http-client before 1.2.11 and all versions from 1.3.0 before ... | E S | |
| CVE-2020-7612 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-7613 | clamscan through 1.2.0 is vulnerable to Command Injection. It is possible to inject arbitrary comman... | E | |
| CVE-2020-7614 | npm-programmatic through 0.0.12 is vulnerable to Command Injection.The packages and option propertie... | E S | |
| CVE-2020-7615 | fsa through 0.5.1 is vulnerable to Command Injection. The first argument of 'execGitCommand()', loca... | E S | |
| CVE-2020-7616 | express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by th... | E | |
| CVE-2020-7617 | Prototype Pollution | S | |
| CVE-2020-7618 | sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or m... | E | |
| CVE-2020-7619 | get-git-data through 1.3.1 is vulnerable to Command Injection. It is possible to inject arbitrary co... | | |
| CVE-2020-7620 | pomelo-monitor through 0.3.7 is vulnerable to Command Injection.It allows injection of arbitrary com... | | |
| CVE-2020-7621 | strong-nginx-controller through 1.0.2 is vulnerable to Command Injection. It allows execution of arb... | | |
| CVE-2020-7622 | HTTP Response Splitting | E S | |
| CVE-2020-7623 | jscover through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary command v... | | |
| CVE-2020-7624 | effect through 1.0.4 is vulnerable to Command Injection. It allows execution of arbitrary command vi... | E | |
| CVE-2020-7625 | op-browser through 1.0.6 is vulnerable to Command Injection. It allows execution of arbitrary comman... | E | |
| CVE-2020-7626 | karma-mojo through 1.0.1 is vulnerable to Command Injection. It allows execution of arbitrary comman... | E | |
| CVE-2020-7627 | node-key-sender through 1.0.11 is vulnerable to Command Injection. It allows execution of arbitrary ... | E | |
| CVE-2020-7628 | umount through 1.1.6 is vulnerable to Command Injection. The argument device can be controlled by us... | | |
| CVE-2020-7629 | install-package through 0.4.0 is vulnerable to Command Injection. It allows execution of arbitrary c... | E | |
| CVE-2020-7630 | git-add-remote through 1.0.0 is vulnerable to Command Injection. It allows execution of arbitrary co... | E | |
| CVE-2020-7631 | diskusage-ng through 0.2.4 is vulnerable to Command Injection.It allows execution of arbitrary comma... | E | |
| CVE-2020-7632 | node-mpv through 1.4.3 is vulnerable to Command Injection. It allows execution of arbitrary commands... | E | |
| CVE-2020-7633 | apiconnect-cli-plugins through 6.0.1 is vulnerable to Command Injection.It allows execution of arbit... | E | |
| CVE-2020-7634 | heroku-addonpool through 0.1.15 is vulnerable to Command Injection.... | E | |
| CVE-2020-7635 | compass-compile through 0.0.1 is vulnerable to Command Injection.It allows execution of arbitrary co... | E | |
| CVE-2020-7636 | adb-driver through 0.1.8 is vulnerable to Command Injection.It allows execution of arbitrary command... | E | |
| CVE-2020-7637 | class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromE... | E S | |
| CVE-2020-7638 | confinit through 0.3.0 is vulnerable to Prototype Pollution.The 'setDeepProperty' function could be ... | E S | |
| CVE-2020-7639 | eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tri... | E S | |
| CVE-2020-7640 | pixl-class prior to 1.0.3 allows execution of arbitrary commands. The members argument of the create... | S | |
| CVE-2020-7641 | Prototype Pollution | E | |
| CVE-2020-7642 | lazysizes through 5.2.0 allows execution of malicious JavaScript. The following attributes are not s... | E S | |
| CVE-2020-7643 | paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. T... | E | |
| CVE-2020-7644 | fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked i... | E M | |
| CVE-2020-7645 | All versions of chrome-launcher allow execution of arbitrary commands, by controlling the $HOME envi... | E | |
| CVE-2020-7646 | curlrequest through 1.0.1 allows reading any file by populating the file parameter with user input.... | E | |
| CVE-2020-7647 | All versions before 1.6.7 and all versions after 2.0.0 inclusive and before 2.8.2 of io.jooby:jooby ... | S | |
| CVE-2020-7648 | All versions of snyk-broker before 4.72.2 are vulnerable to Arbitrary File Read. It allows arbitrary... | S | |
| CVE-2020-7649 | Directory Traversal | E S | |
| CVE-2020-7650 | All versions of snyk-broker after 4.72.0 including and before 4.73.1 are vulnerable to Arbitrary Fil... | S | |
| CVE-2020-7651 | All versions of snyk-broker before 4.79.0 are vulnerable to Arbitrary File Read. It allows partial f... | S | |
| CVE-2020-7652 | All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary... | S | |
| CVE-2020-7653 | All versions of snyk-broker before 4.80.0 are vulnerable to Arbitrary File Read. It allows arbitrary... | S | |
| CVE-2020-7654 | All versions of snyk-broker before 4.73.1 are vulnerable to Information Exposure. It logs private ke... | S | |
| CVE-2020-7655 | netius prior to 1.17.58 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request ... | S | |
| CVE-2020-7656 | jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails... | E | |
| CVE-2020-7658 | meinheld prior to 1.0.2 is vulnerable to HTTP Request Smuggling. HTTP pipelining issues and request ... | S | |
| CVE-2020-7659 | reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer enc... | | |
| CVE-2020-7660 | serialize-javascript prior to 3.1.0 allows remote attackers to inject arbitrary code via the functio... | S | |
| CVE-2020-7661 | all versions of url-regex are vulnerable to Regular Expression Denial of Service. An attacker provid... | E | |
| CVE-2020-7662 | websocket-extensions npm module prior to 0.1.4 allows Denial of Service (DoS) via Regex Backtracking... | E S | |
| CVE-2020-7663 | websocket-extensions ruby module prior to 0.1.5 allows Denial of Service (DoS) via Regex Backtrackin... | E S | |
| CVE-2020-7664 | Arbitrary File Write via Archive Extraction (Zip Slip) | E | |
| CVE-2020-7665 | Arbitrary File Write via Archive Extraction (Zip Slip) | E S | |
| CVE-2020-7666 | Arbitrary File Write via Archive Extraction (Zip Slip) | E S | |
| CVE-2020-7667 | Arbitrary File Write via Archive Extraction (Zip Slip) | E S | |
| CVE-2020-7668 | Arbitrary File Write via Archive Extraction (Zip Slip) | E | |
| CVE-2020-7669 | Arbitrary File Write via Archive Extraction (Zip Slip) | E S | |
| CVE-2020-7670 | agoo prior to 2.14.0 allows request smuggling attacks where agoo is used as a backend and a frontend... | | |
| CVE-2020-7671 | goliath through 1.0.6 allows request smuggling attacks where goliath is used as a backend and a fron... | | |
| CVE-2020-7672 | mosc through 1.0.0 is vulnerable to Arbitrary Code Execution. User input provided to `properties` ar... | E | |
| CVE-2020-7673 | node-extend through 0.2.0 is vulnerable to Arbitrary Code Execution. User input provided to the argu... | E | |
| CVE-2020-7674 | access-policy through 3.1.0 is vulnerable to Arbitrary Code Execution. User input provided to the `t... | E | |
| CVE-2020-7675 | cd-messenger through 2.7.26 is vulnerable to Arbitrary Code Execution. User input provided to the `c... | E | |
| CVE-2020-7676 | angular.js prior to 1.8.0 allows cross site scripting. The regex-based input HTML replacement may tu... | | |
| CVE-2020-7677 | Arbitrary Code Execution | E S | |
| CVE-2020-7678 | Arbitrary Code Execution | E | |
| CVE-2020-7679 | Prototype Pollution | E M | |
| CVE-2020-7680 | docsify prior to 4.11.4 is susceptible to Cross-site Scripting (XSS). Docsify.js uses fragment ident... | E S | |
| CVE-2020-7681 | Directory Traversal | E | |
| CVE-2020-7682 | Directory Traversal | E | |
| CVE-2020-7683 | Directory Traversal | E | |
| CVE-2020-7684 | Directory Traversal | | |
| CVE-2020-7685 | Insecure Defaults | | |
| CVE-2020-7686 | Directory Traversal | E | |
| CVE-2020-7687 | Directory Traversal | E | |
| CVE-2020-7688 | Command Injection | E S | |
| CVE-2020-7689 | Insecure Encryption | S | |
| CVE-2020-7690 | All affected versions <2.0.0 of package jspdf are vulnerable to Cross-site Scripting (XSS). It is po... | E | |
| CVE-2020-7691 | Cross-site Scripting (XSS) | E | |
| CVE-2020-7692 | Improper Authorization | E S | |
| CVE-2020-7693 | Denial of Service (DoS) | E S | |
| CVE-2020-7694 | Log Injection | E | |
| CVE-2020-7695 | HTTP Response Splitting | E | |
| CVE-2020-7696 | Information Exposure | E S | |
| CVE-2020-7697 | Command Injection | E | |
| CVE-2020-7698 | Command Injection | S | |
| CVE-2020-7699 | Prototype Pollution | E | |
| CVE-2020-7700 | Prototype Pollution | E | |
| CVE-2020-7701 | Prototype Pollution | E | |
| CVE-2020-7702 | Prototype Pollution | E | |
| CVE-2020-7703 | Prototype Pollution | E | |
| CVE-2020-7704 | Prototype Pollution | E S | |
| CVE-2020-7705 | Malicious Package | | |
| CVE-2020-7706 | Prototype Pollution | E S | |
| CVE-2020-7707 | Prototype Pollution | E S | |
| CVE-2020-7708 | Prototype Pollution | E S | |
| CVE-2020-7709 | Prototype Pollution | E S | |
| CVE-2020-7710 | Sandbox Escape | E | |
| CVE-2020-7711 | Denial of Service (DoS) | E | |
| CVE-2020-7712 | Command Injection | E S | |
| CVE-2020-7713 | Prototype Pollution | E | |
| CVE-2020-7714 | Prototype Pollution | E | |
| CVE-2020-7715 | Prototype Pollution | E | |
| CVE-2020-7716 | Prototype Pollution | E | |
| CVE-2020-7717 | Prototype Pollution | E | |
| CVE-2020-7718 | Prototype Pollution | E | |
| CVE-2020-7719 | Prototype Pollution | E | |
| CVE-2020-7720 | Prototype Pollution | E | |
| CVE-2020-7721 | Prototype Pollution | E | |
| CVE-2020-7722 | Prototype Pollution | E | |
| CVE-2020-7723 | Prototype Pollution | E | |
| CVE-2020-7724 | Prototype Pollution | E | |
| CVE-2020-7725 | Prototype Pollution | E | |
| CVE-2020-7726 | Prototype Pollution | E | |
| CVE-2020-7727 | Prototype Pollution | E | |
| CVE-2020-7729 | Arbitrary Code Execution | E S | |
| CVE-2020-7730 | Command Injection | S | |
| CVE-2020-7731 | Denial of Service (DoS) | S | |
| CVE-2020-7733 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2020-7734 | Cross-site Scripting (XSS) | E S | |
| CVE-2020-7735 | Command Injection | S | |
| CVE-2020-7736 | Prototype Pollution | E S | |
| CVE-2020-7737 | Prototype Pollution | E | |
| CVE-2020-7738 | Arbitrary Code Execution | | |
| CVE-2020-7739 | Server-side Request Forgery (SSRF) | E S | |
| CVE-2020-7740 | Server-side Request Forgery (SSRF) | | |
| CVE-2020-7741 | Cross-site Scripting (XSS) | S | |
| CVE-2020-7742 | Prototype Pollution | E | |
| CVE-2020-7743 | Prototype Pollution | E S | |
| CVE-2020-7744 | Information Exposure | | |
| CVE-2020-7745 | Malicious Package | E | |
| CVE-2020-7746 | Prototype Pollution | E S | |
| CVE-2020-7747 | Cross-site Scripting (XSS) | E | |
| CVE-2020-7748 | Prototype Pollution | E S | |
| CVE-2020-7749 | Server-side Request Forgery (SSRF) | E S | |
| CVE-2020-7750 | Cross-site Scripting (XSS) | S | |
| CVE-2020-7751 | Prototype Pollution | E S | |
| CVE-2020-7752 | Command Injection | E S | |
| CVE-2020-7753 | Regular Expression Denial of Service (ReDoS) | E | |
| CVE-2020-7754 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2020-7755 | Regular Expression Denial of Service (ReDoS) | E | |
| CVE-2020-7757 | Path Traversal | E | |
| CVE-2020-7758 | Path Traversal | E S | |
| CVE-2020-7759 | SQL Injection | S | |
| CVE-2020-7760 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2020-7761 | Regular Expression Denial of Service (ReDoS) | | |
| CVE-2020-7762 | Arbitrary File Read | E | |
| CVE-2020-7763 | Arbitrary File Read | E | |
| CVE-2020-7764 | Web Cache Poisoning | S | |
| CVE-2020-7765 | Prototype Pollution | E S | |
| CVE-2020-7766 | Prototype Pollution | E | |
| CVE-2020-7767 | Regular Expression Denial of Service (ReDoS) | E | |
| CVE-2020-7768 | Prototype Pollution | S | |
| CVE-2020-7769 | Command Injection | E S | |
| CVE-2020-7770 | Prototype Pollution | E S | |
| CVE-2020-7771 | Prototype Pollution | E S | |
| CVE-2020-7772 | Prototype Pollution | E S | |
| CVE-2020-7773 | Cross-site Scripting (XSS) | E M | |
| CVE-2020-7774 | Prototype Pollution | E S | |
| CVE-2020-7775 | Command Injection | | |
| CVE-2020-7776 | Cross-site Scripting (XSS) | E S | |
| CVE-2020-7777 | Arbitrary Code Execution | E | |
| CVE-2020-7778 | Prototype Pollution | E S | |
| CVE-2020-7779 | Regular Expression Denial of Service (ReDoS) | E | |
| CVE-2020-7780 | Cross-site Request Forgery (CSRF) | S | |
| CVE-2020-7781 | Command Injection | E S | |
| CVE-2020-7782 | Command Injection | E | |
| CVE-2020-7784 | command_injection | E | |
| CVE-2020-7785 | Command Injection | E | |
| CVE-2020-7786 | Command Injection | E | |
| CVE-2020-7787 | Improper Authentication | E | |
| CVE-2020-7788 | Prototype Pollution | E S | |
| CVE-2020-7789 | Command Injection | | |
| CVE-2020-7790 | Arbitrary File Read | | |
| CVE-2020-7791 | Denial of Service (DoS) | S | |
| CVE-2020-7792 | Prototype Pollution | E | |
| CVE-2020-7793 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2020-7794 | Command Injection | | |
| CVE-2020-7795 | Command Injection | E S | |
| CVE-2020-7796 | Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7 allows SSRF when WebEx zimlet is installed an... | | |
| CVE-2020-7799 | An issue was discovered in FusionAuth before 1.11.0. An authenticated user, allowed to edit e-mail t... | E | |
| CVE-2020-7800 | The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has ... | | |
| CVE-2020-7801 | The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has ... | | |
| CVE-2020-7802 | The Synergy Systems & Solutions (SSS) HUSKY RTU 6049-E70, with firmware Versions 5.0 and prior, has ... | | |
| CVE-2020-7803 | Zoneplayer ActiveX File Download Vulnerability | | |
| CVE-2020-7804 | ActiveX Control(HShell.dll) in Handy Groupware 1.7.3.1 for Windows 7, 8, and 10 allows an attacker t... | | |
| CVE-2020-7805 | An issue was discovered on KT Slim egg IML500 (R7283, R8112, R8424) and IML520 (R8112, R8368, R8411)... | | |
| CVE-2020-7806 | Tobesoft Xplatform ActiveX File Download Vulnerability | | |
| CVE-2020-7807 | DLL Hijacking Vulnerabilities During Installation of LG Electronics Software | | |
| CVE-2020-7808 | RAONWIZ Inc K Upload, arguments modiffication via missing support for integrity check vulnerability | | |
| CVE-2020-7809 | Estsoft ALSong DOM-Based XSS Vulnerability | | |
| CVE-2020-7810 | HandySoft ActiveX File Download and Execution Vulnerability | S | |
| CVE-2020-7811 | Samsung Update Local Privilege Escalation Vulnerability | | |
| CVE-2020-7812 | Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability | | |
| CVE-2020-7813 | Kaoni ezHTTPTrans Active-X File Download and Execution Vulnerability | | |
| CVE-2020-7814 | RAONWIZ v2018.0.2.50 and eariler versions contains a vulnerability that could allow remote files to ... | | |
| CVE-2020-7815 | XPLATFORM v9.2.260 and eariler versions contain a vulnerability that could allow remote files to be ... | | |
| CVE-2020-7816 | A vulnerability in the JPEG image parsing module in DaView Indy, DaVa+, DaOffice softwares could all... | | |
| CVE-2020-7817 | MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At t... | | |
| CVE-2020-7818 | DaviewIndy Heap Overflow Vulnerability | S | |
| CVE-2020-7819 | nTracker USB Enterprise SQL-Injection vulnerability | | |
| CVE-2020-7820 | Tobesoft NEXACRO14/17 ExCommonApiV13 Arbitrary Code Execution Vulnerability | | |
| CVE-2020-7821 | Tobesoft NEXACRO14/17 ExCommonApiV13 Arbitrary Code Execution Vulnerability | | |
| CVE-2020-7822 | DaviewIndy Multiple Vulnerabilities | S | |
| CVE-2020-7823 | DaviewIndy Multiple Vulnerabilities | S | |
| CVE-2020-7824 | Ericssonlg iPECS Privilege Escalation Vulnerability | S | |
| CVE-2020-7825 | A vulnerability exists that could allow the execution of operating system commands on systems runnin... | | |
| CVE-2020-7826 | EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow... | | |
| CVE-2020-7827 | DaviewIndy Use-After-Free Vulnerability | | |
| CVE-2020-7828 | DaviewIndy Heap-based Buffer Overflow Vulnerability | | |
| CVE-2020-7829 | DaviewIndy Heap-based Buffer Overflow Vulnerability | | |
| CVE-2020-7830 | RAONWIZ v2018.0.2.50 and earlier versions contains a vulnerability that could allow remote files to ... | | |
| CVE-2020-7831 | A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow... | | |
| CVE-2020-7832 | RAONWIZ DEXT5 Upload remote code execution vulnerability | | |
| CVE-2020-7836 | VOICEYE WSActiveBridgeES versions prior to 2.1.0.3 contains a stack-based buffer overflow vulnerabil... | | |
| CVE-2020-7837 | An issue was discovered in ML Report Program. There is a stack-based buffer overflow in function sub... | | |
| CVE-2020-7838 | A arbitrary code execution vulnerability exists in the way that the Stove client improperly validate... | | |
| CVE-2020-7839 | MarkAny MaEPSBroker Command Injection Vulnerability | | |
| CVE-2020-7841 | TOBESOFT XPLATFORM arbitrary hta file execution vulnerability | | |
| CVE-2020-7842 | D'live AP command injection vulnerability | | |
| CVE-2020-7845 | Jiransecurity Spamsniper Stack-based Buffer Overflow Vulnerability | | |
| CVE-2020-7846 | Helpcom before v10.0 contains a file download and execution vulnerability caused by storing hardcode... | | |
| CVE-2020-7847 | The ipTIME NAS product allows an arbitrary file upload vulnerability in the Manage Bulletins/Upload ... | | |
| CVE-2020-7848 | The EFM ipTIME C200 IP Camera is affected by a Command Injection vulnerability in /login.cgi?logout=... | | |
| CVE-2020-7849 | UPRISM CURIX arbitrary code execution vulnerability | | |
| CVE-2020-7850 | Douzone ActiveX File Download and Execution Vulnerability | S | |
| CVE-2020-7851 | Innorix File Transfer Solution File Download and Execution Vulnerability | S | |
| CVE-2020-7852 | DaviewIndy Heap Overflow Vulnerabilities | | |
| CVE-2020-7853 | TOBESOFT XPLATFORM Out-of-Bounds Read/Write Vulnerabilities | | |
| CVE-2020-7856 | A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. Thi... | | |
| CVE-2020-7857 | A vulnerability of XPlatform could allow an unauthenticated attacker to execute arbitrary command. T... | | |
| CVE-2020-7858 | AquaNPlayer directory traversing vulnerability | | |
| CVE-2020-7859 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-7860 | UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens... | | |
| CVE-2020-7861 | AnySupport directory traversing vulnerability | | |
| CVE-2020-7862 | HelpU Overflow Vulnerability | | |
| CVE-2020-7863 | Raonwiz RAON K Upload Arbitrary Command Execution Vulnerability | S | |
| CVE-2020-7864 | Raonwiz DEXT5 Editor File upload and Execution vulnerability | | |
| CVE-2020-7865 | Inoguard ExECM CoreB2B solution remote code execution vulnerability | | |
| CVE-2020-7866 | Tobesoft XPLATFORM Arbitrary Command Execution Vulnerability | | |
| CVE-2020-7867 | Helpu arbitrary file creation vulnerability | | |
| CVE-2020-7868 | Helpu remote code execution vulnerability | | |
| CVE-2020-7869 | An improper input validation vulnerability of ZOOK software (remote administration tool) could allow... | | |
| CVE-2020-7870 | A memory corruption vulnerability exists when ezPDF improperly handles the parameter. This vulnerabi... | | |
| CVE-2020-7871 | A vulnerability of Helpcom could allow an unauthenticated attacker to execute arbitrary command. Thi... | | |
| CVE-2020-7872 | DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the ... | | |
| CVE-2020-7873 | Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd al... | | |
| CVE-2020-7874 | NEXACRO14 Runtime arbitrary file download and execution vulnerability | | |
| CVE-2020-7875 | RAONWIZ DEXT5 Upload ActiveX remote file execution vulnerability | | |
| CVE-2020-7877 | ZOOK solution(remote administration tool) buffer overflow vulnerability | | |
| CVE-2020-7878 | An arbitrary file download and execution vulnerability was found in the VideoOffice X2.9 and earlier... | | |
| CVE-2020-7879 | ipTIME C200 IP Camera command injection vulnerability | | |
| CVE-2020-7880 | douzone NeoRS remote support program ActiveX vulnerability | | |
| CVE-2020-7881 | AfreecaTV streamer service stack-based buffer overflow | | |
| CVE-2020-7882 | anySign directory traversal vulnerability | | |
| CVE-2020-7883 | Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote att... | | |
| CVE-2020-7904 | In JetBrains IntelliJ IDEA before 2019.3, some Maven repositories were accessed via HTTP instead of ... | | |
| CVE-2020-7905 | Ports listened to by JetBrains IntelliJ IDEA before 2019.3 were exposed to the network.... | | |
| CVE-2020-7906 | In JetBrains Rider versions 2019.3 EAP2 through 2019.3 EAP7, there were unsigned binaries provided b... | | |
| CVE-2020-7907 | In the JetBrains Scala plugin before 2019.2.1, some artefact dependencies were resolved over unencry... | | |
| CVE-2020-7908 | In JetBrains TeamCity before 2019.1.5, reverse tabnabbing was possible on several pages.... | | |
| CVE-2020-7909 | In JetBrains TeamCity before 2019.1.5, some server-stored passwords could be shown via the web UI.... | | |
| CVE-2020-7910 | JetBrains TeamCity before 2019.2 was vulnerable to a stored XSS attack by a user with the developer ... | | |
| CVE-2020-7911 | In JetBrains TeamCity before 2019.2, several user-level pages were vulnerable to XSS.... | | |
| CVE-2020-7912 | In JetBrains YouTrack before 2019.2.59309, SMTP/Jabber settings could be accessed using backups.... | | |
| CVE-2020-7913 | JetBrains YouTrack 2019.2 before 2019.2.59309 was vulnerable to XSS via an issue description.... | | |
| CVE-2020-7914 | In JetBrains IntelliJ IDEA 2019.2, an XSLT debugger plugin misconfiguration allows arbitrary file re... | | |
| CVE-2020-7915 | An issue was discovered on Eaton 5P 850 devices. The Ubicacion SAI field allows XSS attacks by an ad... | E | |
| CVE-2020-7916 | be_teacher in class-lp-admin-ajax.php in the LearnPress plugin 3.2.6.5 and earlier for WordPress all... | | |
| CVE-2020-7918 | An insecure direct object reference in webmail in totemo totemomail 7.0.0 allows an authenticated re... | | |
| CVE-2020-7919 | Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-202001242... | | |
| CVE-2020-7920 | pmm-server in Percona Monitoring and Management (PMM) 2.2.x before 2.2.1 allows unauthenticated deni... | S | |
| CVE-2020-7921 | Administrative action may disable enforcement of per-user IP whitelisting | S | |
| CVE-2020-7922 | Kubernetes Operator generates potentially insecure certificates | | |
| CVE-2020-7923 | Specific GeoQuery can cause DoS against MongoDB Server | S | |
| CVE-2020-7924 | Specific command line parameter might result in accepting invalid certificate | S | |
| CVE-2020-7925 | Denial of Service when processing malformed Role names | | |
| CVE-2020-7926 | Specific query can cause a DoS against MongoDB Server | | |
| CVE-2020-7927 | Potential privilege escalation in Ops Manager API | | |
| CVE-2020-7928 | Improper neutralization of null byte leads to read overrun | S | |
| CVE-2020-7929 | Specially crafted regex query can cause DoS | S | |
| CVE-2020-7931 | In JFrog Artifactory 5.x and 6.x, insecure FreeMarker template processing leads to remote code execu... | E | |
| CVE-2020-7932 | OMERO.web before 5.6.3 optionally allows sensitive data elements (e.g., a session key) to be passed ... | | |
| CVE-2020-7934 | In LifeRay Portal CE 7.1.0 through 7.2.1 GA2, the First Name, Middle Name, and Last Name fields for ... | | |
| CVE-2020-7935 | Artica Pandora FMS through 7.42 is vulnerable to remote PHP code execution because of an Unrestricte... | E | |
| CVE-2020-7936 | An open redirect on the login form (and possibly other places) in Plone 4.0 through 5.2.1 allows an ... | | |
| CVE-2020-7937 | An XSS issue in the title field in Plone 5.0 through 5.2.1 allows users with a certain privilege lev... | | |
| CVE-2020-7938 | plone.restapi in Plone 5.2.0 through 5.2.1 allows users with a certain privilege level to escalate t... | | |
| CVE-2020-7939 | SQL Injection in DTML or in connection objects in Plone 4.0 through 5.2.1 allows users to perform un... | | |
| CVE-2020-7940 | Missing password strength checks on some forms in Plone 4.3 through 5.2.0 allow users to set weak pa... | | |
| CVE-2020-7941 | A privilege escalation issue in plone.app.contenttypes in Plone 4.3 through 5.2.1 allows users to PU... | | |
| CVE-2020-7942 | Previously, Puppet operated on a model that a node with a valid certificate was entitled to all info... | | |
| CVE-2020-7943 | Puppet Server and PuppetDB provide useful performance and debugging information via their metrics AP... | | |
| CVE-2020-7944 | In Continuous Delivery for Puppet Enterprise (CD4PE) before 3.4.0, changes to resources or classes c... | | |
| CVE-2020-7945 | Local registry credentials were included directly in the CD4PE deployment definition, which could ex... | | |
| CVE-2020-7947 | An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. It has numerous fie... | | |
| CVE-2020-7948 | An issue was discovered in the Login by Auth0 plugin before 4.0.0 for WordPress. A user can perform ... | | |
| CVE-2020-7949 | schemasystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or d... | | |
| CVE-2020-7950 | meshsystem.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution or den... | E | |
| CVE-2020-7951 | meshsystem.dll in Valve Dota 2 before 7.23e allows remote attackers to achieve code execution or den... | E | |
| CVE-2020-7952 | rendersystemdx9.dll in Valve Dota 2 before 7.23f allows remote attackers to achieve code execution o... | E | |
| CVE-2020-7953 | An issue was discovered in OpServices OpMon 9.3.2. Without authentication, it is possible to read se... | | |
| CVE-2020-7954 | An issue was discovered in OpServices OpMon 9.3.2. Starting from the apache user account, it is poss... | | |
| CVE-2020-7955 | HashiCorp Consul and Consul Enterprise 1.4.1 through 1.6.2 did not uniformly enforce ACLs across all... | | |
| CVE-2020-7956 | HashiCorp Nomad and Nomad Enterprise up to 0.10.2 incorrectly validated role/region associated with ... | | |
| CVE-2020-7957 | The IMAP and LMTP components in Dovecot 2.3.9 before 2.3.9.3 mishandle snippet generation when many ... | E | |
| CVE-2020-7958 | An issue was discovered on OnePlus 7 Pro devices before 10.0.3.GM21BA. The firmware was found to con... | E | |
| CVE-2020-7959 | LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, t... | E | |
| CVE-2020-7961 | Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to... | KEV E | |
| CVE-2020-7962 | An issue was discovered in One Identity Password Manager 5.8. An attacker could enumerate valid answ... | | |
| CVE-2020-7964 | An issue was discovered in Mirumee Saleor 2.x before 2.9.1. Incorrect access control in the checkout... | S | |
| CVE-2020-7965 | flaskparser.py in Webargs 5.x through 5.5.2 doesn't check that the Content-Type header is applicatio... | | |
| CVE-2020-7966 | GitLab EE 11.11 and later through 12.7.2 allows Directory Traversal.... | | |
| CVE-2020-7967 | GitLab EE 8.0 through 12.7.2 has Insecure Permissions (issue 1 of 2).... | | |
| CVE-2020-7968 | GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.... | | |
| CVE-2020-7969 | GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.... | | |
| CVE-2020-7971 | GitLab EE 11.0 and later through 12.7.2 allows XSS.... | | |
| CVE-2020-7972 | GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).... | | |
| CVE-2020-7973 | GitLab through 12.7.2 allows XSS.... | | |
| CVE-2020-7974 | GitLab EE 10.1 through 12.7.2 allows Information Disclosure.... | | |
| CVE-2020-7975 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-7976 | GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.... | | |
| CVE-2020-7977 | GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.... | | |
| CVE-2020-7978 | GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.... | | |
| CVE-2020-7979 | GitLab EE 8.9 and later through 12.7.2 has Insecure Permission... | | |
| CVE-2020-7980 | Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field wi... | E | |
| CVE-2020-7981 | sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used ... | S | |
| CVE-2020-7982 | An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bu... | E S | |
| CVE-2020-7983 | A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the p... | E | |
| CVE-2020-7984 | SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve... | E S | |
| CVE-2020-7988 | An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change t... | E | |
| CVE-2020-7989 | Adive Framework 2.0.8 has admin/user/add userUsername XSS.... | E | |
| CVE-2020-7990 | Adive Framework 2.0.8 has admin/user/add userName XSS.... | E | |
| CVE-2020-7991 | Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.... | E | |
| CVE-2020-7993 | Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other use... | | |
| CVE-2020-7994 | Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 10.0.6 allow remote attackers to inj... | E | |
| CVE-2020-7995 | The htdocs/index.php?mainmenu=home login page in Dolibarr 10.0.6 allows an unlimited rate of failed ... | E | |
| CVE-2020-7996 | htdocs/user/passwordforgotten.php in Dolibarr 10.0.6 allows XSS via the Referer HTTP header.... | E | |
| CVE-2020-7997 | ASUS WRT-AC66U 3 RT 3.0.0.4.372_67 devices allow XSS via the Client Name field to the Parental Contr... | E | |
| CVE-2020-7998 | An arbitrary file upload vulnerability has been discovered in the Super File Explorer app 1.0.1 for ... | | |
| CVE-2020-7999 | The Intellian Aptus application 1.0.2 for Android has hardcoded values for DOWNLOAD_API_KEY and FILE... | E |