| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-8000 | Intellian Aptus Web 1.24 has a hardcoded password of 12345678 for the intellian account.... | E | |
| CVE-2020-8001 | The Intellian Aptus application 1.0.2 for Android has a hardcoded password of intellian for the mast... | E | |
| CVE-2020-8002 | A NULL pointer dereference in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to ca... | S | |
| CVE-2020-8003 | A double-free vulnerability in vrend_renderer.c in virglrenderer through 0.8.1 allows attackers to c... | S | |
| CVE-2020-8004 | STMicroelectronics STM32F1 devices have Incorrect Access Control.... | E | |
| CVE-2020-8006 | The server in Circontrol Raption through 5.11.2 has a pre-authentication stack-based buffer overflow... | | |
| CVE-2020-8007 | The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is v... | | |
| CVE-2020-8009 | AVB MOTU devices through 2020-01-22 allow /.. Directory Traversal, as demonstrated by reading the /e... | E | |
| CVE-2020-8010 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an impr... | E | |
| CVE-2020-8011 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null ... | | |
| CVE-2020-8012 | CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffe... | E | |
| CVE-2020-8013 | permissions: chkstat sets unintended setuid/capabilities for mrsh and wodim | | |
| CVE-2020-8014 | kopano-python-services: Local privilege escalation from kopano to root in kopano-spamd subpackage | E | |
| CVE-2020-8015 | Local privilege escalation in exim package from user mail to root | E | |
| CVE-2020-8016 | race condition in the packaging of texlive-filesysten | E | |
| CVE-2020-8017 | race condition on texlive-filesystem cron job allows for the deletion of unintended files | | |
| CVE-2020-8018 | User owned /etc in SLES15-SP1-CHOST-BYOS | | |
| CVE-2020-8019 | syslog-ng: Local privilege escalation from new to root in %post | E | |
| CVE-2020-8020 | Persistent XSS in markdown parser used by obs-server | | |
| CVE-2020-8021 | unauthorized read access to files where sourceaccess is disabled via a crafted _service file in Open Build Service | E S | |
| CVE-2020-8022 | User-writeable configuration file /usr/lib/tmpfiles.d/tomcat.conf allows for escalation of priviliges | E | |
| CVE-2020-8023 | Local privilege escalation from ldap to root when using OPENLDAP_CONFIG_BACKEND=ldap in openldap2 | E | |
| CVE-2020-8024 | Problematic permissions in hylafax+ packaging allow escalation from uucp to other users | S | |
| CVE-2020-8025 | outdated entries in permissions profiles for /var/lib/pcp/tmp/* may cause security issues | E | |
| CVE-2020-8026 | inn: non-root owned files | | |
| CVE-2020-8027 | openldap uses fixed paths in /tmp | E | |
| CVE-2020-8028 | salt-api is accessible to every user on SUSE Manager Server | E | |
| CVE-2020-8029 | skuba: Insecure handling of private key | E | |
| CVE-2020-8030 | skuba: Insecure /tmp usage when joining node to cluster | E | |
| CVE-2020-8031 | obs: Stored XSS | E | |
| CVE-2020-8032 | Local privilege escalation to root due to insecure tmp file usage | E | |
| CVE-2020-8033 | Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.... | E | |
| CVE-2020-8034 | Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affec... | S | |
| CVE-2020-8035 | The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a store... | | |
| CVE-2020-8036 | str2tokbuf used incorrectly by print-someip.c | S | |
| CVE-2020-8037 | ppp decapsulator can be convinced to allocate a large amount of memory | S | |
| CVE-2020-8086 | The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely v... | | |
| CVE-2020-8087 | SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging acc... | E | |
| CVE-2020-8088 | panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of ... | E | |
| CVE-2020-8089 | Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.... | E | |
| CVE-2020-8090 | The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored... | E | |
| CVE-2020-8091 | svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote atta... | E | |
| CVE-2020-8092 | Privilege escalation in Bitdefender AV for Mac | S | |
| CVE-2020-8093 | Code Injection into Bitdefender AV for Mac | S | |
| CVE-2020-8094 | Untrusted Search Path Vulnerability in Bitdefender Antivirus Free 2020 (VA-8422) | S | |
| CVE-2020-8095 | Bitdefender Total Security Link Resolution Denial-of-Service Vulnerability | S | |
| CVE-2020-8096 | Untrusted Search Path Vulnerability in High-Level Antimalware SDK | S | |
| CVE-2020-8097 | Improper authentication vulnerability in Bitdefender Endpoint Security Tools and Endpoint Security SDK (VA-8646) | S | |
| CVE-2020-8099 | Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8387) | S | |
| CVE-2020-8100 | Incomplete validation in detection code in Bitdefender Engines (VA-8589) | S | |
| CVE-2020-8101 | Command execution due to unsanitized input in LifeShield DIY HD Video Doorbell | S | |
| CVE-2020-8102 | Insufficient URL sanitization and validation in Safepay Browser (VA-8631) | S | |
| CVE-2020-8103 | Link Resolution Privilege Escalation Vulnerability in Bitdefender Antivirus Free (VA-8604) | S | |
| CVE-2020-8105 | Command Execution due to unsanitized input | M | |
| CVE-2020-8106 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-8107 | Process Control vulnerability in Bitdefender Antivirus Plus | S | |
| CVE-2020-8108 | Insufficient client validation in Bitdefender Endpoint Security for Mac (VA-8759) | S | |
| CVE-2020-8109 | Bitdefender ace.xmd parser out-of-bounds write (VA-8772) | S | |
| CVE-2020-8110 | Bitdefender ceva_emu.cvd module denial-of-service (VA-8766) | S | |
| CVE-2020-8111 | Rejected reason: Unused CVE for 2020... | R | |
| CVE-2020-8112 | opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based b... | E | |
| CVE-2020-8113 | GitLab 10.7 and later through 12.7.2 has Incorrect Access Control.... | | |
| CVE-2020-8114 | GitLab EE 8.9 and later through 12.7.2 has Insecure Permission... | | |
| CVE-2020-8115 | A reflected XSS vulnerability has been discovered in the publicly accessible afr.php delivery script... | E S | |
| CVE-2020-8116 | Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x bef... | E S | |
| CVE-2020-8117 | Improper preservation of permissions in Nextcloud Server 14.0.3 causes the event details to be leake... | | |
| CVE-2020-8118 | An authenticated server-side request forgery in Nextcloud server 16.0.1 allowed to detect local and ... | E | |
| CVE-2020-8119 | Improper authorization in Nextcloud server 17.0.0 causes leaking of previews and files when a file-d... | | |
| CVE-2020-8120 | A reflected Cross-Site Scripting vulnerability in Nextcloud Server 16.0.1 was discovered in the svg ... | E | |
| CVE-2020-8121 | A bug in Nextcloud Server 14.0.4 could expose more data in reshared link shares than intended by the... | E | |
| CVE-2020-8122 | A missing check in Nextcloud Server 14.0.3 could give recipient the possibility to extend the expira... | E | |
| CVE-2020-8123 | A denial of service exists in strapi v3.0.0-beta.18.3 and earlier that can be abused in the admin co... | E | |
| CVE-2020-8124 | Insufficient validation and sanitization of user input exists in url-parse npm package version 1.4.4... | E | |
| CVE-2020-8125 | Flaw in input validation in npm package klona version 1.1.0 and earlier may allow prototype pollutio... | E S | |
| CVE-2020-8126 | A privilege escalation in the EdgeSwitch prior to version 1.7.1, an CGI script don't fully sanitize ... | | |
| CVE-2020-8127 | Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and e... | E | |
| CVE-2020-8128 | An unintended require and server-side request forgery vulnerabilities in jsreport version 2.5.0 and ... | E | |
| CVE-2020-8129 | An unintended require vulnerability in script-manager npm package version 0.8.6 and earlier may allo... | E | |
| CVE-2020-8130 | There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplyin... | E S | |
| CVE-2020-8131 | Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path... | E S | |
| CVE-2020-8132 | Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbi... | E S | |
| CVE-2020-8133 | A wrong generation of the passphrase for the encrypted block in Nextcloud Server 19.0.1 allowed an a... | E | |
| CVE-2020-8134 | Server-side request forgery (SSRF) vulnerability in Ghost CMS < 3.10.0 allows an attacker to scan lo... | E S | |
| CVE-2020-8135 | The uppy npm package < 1.9.3 is vulnerable to a Server-Side Request Forgery (SSRF) vulnerability, wh... | E S | |
| CVE-2020-8136 | Prototype pollution vulnerability in fastify-multipart < 1.0.5 allows an attacker to crash fastify a... | E S | |
| CVE-2020-8137 | Code injection vulnerability in blamer 1.0.0 and earlier may result in remote code execution when th... | E S | |
| CVE-2020-8138 | A missing check for IPv4 nested inside IPv6 in Nextcloud server < 17.0.1, < 16.0.7, and < 15.0.14 al... | E | |
| CVE-2020-8139 | A missing access control check in Nextcloud Server < 18.0.1, < 17.0.4, and < 16.0.9 causes hide-down... | | |
| CVE-2020-8140 | A code injection in Nextcloud Desktop Client 2.6.2 for macOS allowed to load arbitrary code when sta... | E | |
| CVE-2020-8141 | The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker i... | E M | |
| CVE-2020-8142 | A security restriction bypass vulnerability has been discovered in Revive Adserver version < 5.0.5 b... | E | |
| CVE-2020-8143 | An Open Redirect vulnerability was discovered in Revive Adserver version < 5.0.5 and reported by Hac... | E | |
| CVE-2020-8144 | The UniFi Video Server v3.9.3 and prior (for Windows 7/8/10 x64) web interface Firmware Update funct... | | |
| CVE-2020-8145 | The UniFi Video Server (Windows) web interface configuration restore functionality at the “backup” a... | | |
| CVE-2020-8146 | In UniFi Video v3.10.1 (for Windows 7/8/10 x64) there is a Local Privileges Escalation to SYSTEM fro... | | |
| CVE-2020-8147 | Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype p... | E | |
| CVE-2020-8148 | UniFi Cloud Key firmware < 1.1.6 contains a vulnerability that enables an attacker being able to cha... | S | |
| CVE-2020-8149 | Lack of output sanitization allowed an attack to execute arbitrary shell commands via the logkitty n... | E S | |
| CVE-2020-8150 | A cryptographic issue in Nextcloud Server 19.0.1 allowed an attacker to downgrade the encryption sch... | E | |
| CVE-2020-8151 | There is a possible information disclosure issue in Active Resource | | |
| CVE-2020-8152 | Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an att... | E | |
| CVE-2020-8153 | Improper access control in Groupfolders app 4.0.3 allowed to delete hidden directories when when ren... | E | |
| CVE-2020-8154 | An Insecure direct object reference vulnerability in Nextcloud Server 18.0.2 allowed an attacker to ... | E | |
| CVE-2020-8155 | An outdated 3rd party library in the Files PDF viewer for Nextcloud Server 18.0.2 caused a Cross-sit... | | |
| CVE-2020-8156 | A missing verification of the TLS host in Nextcloud Mail 1.1.3 allowed a man in the middle attack.... | | |
| CVE-2020-8157 | UniFi Cloud Key firmware <= v1.1.10 for Cloud Key gen2 and Cloud Key gen2 Plus contains a vulnerabil... | | |
| CVE-2020-8158 | Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modi... | E S | |
| CVE-2020-8159 | There is a vulnerability in actionpack_page-caching gem < v1.2.1 that allows an attacker to write ar... | | |
| CVE-2020-8160 | MendixSSO <= 2.1.1 contains endpoints that make use of the openid handler, which is suffering from a... | | |
| CVE-2020-8161 | A directory traversal vulnerability exists in rack < 2.2.0 that allows an attacker perform directory... | S | |
| CVE-2020-8162 | A client side enforcement of server side security vulnerability exists in rails < 5.2.4.2 and rails ... | E S | |
| CVE-2020-8163 | The is a code injection vulnerability in versions of Rails prior to 5.0.1 that wouldallow an attacke... | E S | |
| CVE-2020-8164 | A deserialization of untrusted data vulnerability exists in rails < 5.2.4.3, rails < 6.0.3.1 which c... | E S | |
| CVE-2020-8165 | A deserialization of untrusted data vulnernerability exists in rails < 5.2.4.3, rails < 6.0.3.1 that... | E S | |
| CVE-2020-8166 | A CSRF forgery vulnerability exists in rails < 5.2.5, rails < 6.0.4 that makes it possible for an at... | E S | |
| CVE-2020-8167 | A CSRF vulnerability exists in rails <= 6.0.3 rails-ujs module that could allow attackers to send CS... | E S | |
| CVE-2020-8168 | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that ... | | |
| CVE-2020-8169 | curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to... | E S | |
| CVE-2020-8170 | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that ... | | |
| CVE-2020-8171 | We have recently released new version of AirMax AirOS firmware v6.3.0 for TI, XW and XM boards that ... | | |
| CVE-2020-8172 | TLS session reuse can lead to host certificate verification bypass in node version < 12.18.0 and < 1... | E S | |
| CVE-2020-8173 | A too small set of random characters being used for encryption in Nextcloud Server 18.0.4 allowed de... | E | |
| CVE-2020-8174 | napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and ... | E S | |
| CVE-2020-8175 | Uncontrolled resource consumption in `jpeg-js` before 0.4.0 may allow attacker to launch denial of s... | E | |
| CVE-2020-8176 | A cross-site scripting vulnerability exists in koa-shopify-auth v3.1.61-v3.1.62 that allows an attac... | E S | |
| CVE-2020-8177 | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resour... | E S | |
| CVE-2020-8178 | Insufficient input validation in npm package `jison` <= 0.4.18 may lead to OS command injection atta... | E | |
| CVE-2020-8179 | Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users... | | |
| CVE-2020-8180 | A too lax check in Nextcloud Talk 6.0.4, 7.0.2 and 8.0.7 allowed a code injection when a not correct... | E S | |
| CVE-2020-8181 | A missing file type check in Nextcloud Contacts 3.2.0 allowed a malicious user to upload any file as... | | |
| CVE-2020-8182 | Improper access control in Nextcloud Deck 0.8.0 allowed an attacker to reshare boards shared with th... | E | |
| CVE-2020-8183 | A logic error in Nextcloud Server 19.0.0 caused a plaintext storage of the share password when it wa... | E | |
| CVE-2020-8184 | A reliance on cookies without validation/integrity check security vulnerability exists in rack < 2.2... | E S | |
| CVE-2020-8185 | A denial of service vulnerability exists in Rails <6.0.3.2 that allowed an untrusted user to run any... | S | |
| CVE-2020-8186 | A command injection vulnerability in the `devcert` module may lead to remote code execution when use... | E | |
| CVE-2020-8187 | Improper input validation in Citrix ADC and Citrix Gateway versions before 11.1-63.9 and 12.0-62.10 ... | | |
| CVE-2020-8188 | We have recently released new version of UniFi Protect firmware v1.13.3 and v1.14.10 for Unifi Cloud... | | |
| CVE-2020-8189 | A cross-site scripting error in Nextcloud Desktop client 2.6.4 allowed to present any html (includin... | E | |
| CVE-2020-8190 | Incorrect file permissions in Citrix ADC and Citrix Gateway before versions 13.0-58.30, 12.1-57.18, ... | | |
| CVE-2020-8191 | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1... | | |
| CVE-2020-8192 | A denial of service vulnerability exists in Fastify v2.14.1 and v3.0.0-rc.4 that allows a malicious ... | E | |
| CVE-2020-8193 | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.... | KEV E | |
| CVE-2020-8194 | Reflected code injection in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12... | | |
| CVE-2020-8195 | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1... | KEV E | |
| CVE-2020-8196 | Improper access control in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 12.... | KEV | |
| CVE-2020-8197 | Privilege escalation vulnerability on Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1... | | |
| CVE-2020-8198 | Improper input validation in Citrix ADC and Citrix Gateway versions before 13.0-58.30, 12.1-57.18, 1... | | |
| CVE-2020-8199 | Improper access control in Citrix ADC Gateway Linux client versions before 1.0.0.137 results in loca... | | |
| CVE-2020-8200 | Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenti... | | |
| CVE-2020-8201 | Node.js < 12.18.4 and < 14.11 can be exploited to perform HTTP desync attacks and deliver malicious ... | | |
| CVE-2020-8202 | Improper check of inputs in Nextcloud Preferred Providers app v1.6.0 allowed to perform a denial of ... | E | |
| CVE-2020-8203 | Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.... | E S | |
| CVE-2020-8204 | A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page.... | | |
| CVE-2020-8205 | The uppy npm package < 1.13.2 and < 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery (SS... | E | |
| CVE-2020-8206 | An improper authentication vulnerability exists in Pulse Connect Secure <9.1RB that allows an attack... | | |
| CVE-2020-8207 | Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege esc... | | |
| CVE-2020-8208 | Improper input validation in Citrix XenMobile Server 10.12 before RP1, Citrix XenMobile Server 10.11... | | |
| CVE-2020-8209 | Improper access control in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 b... | | |
| CVE-2020-8210 | Insufficient protection of secrets in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Ser... | | |
| CVE-2020-8211 | Improper input validation in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11... | | |
| CVE-2020-8212 | Improper access control in Citrix XenMobile Server 10.12 before RP3, Citrix XenMobile Server 10.11 b... | S | |
| CVE-2020-8213 | An information exposure vulnerability exists in UniFi Protect before v1.13.4-beta.5 that allowed una... | | |
| CVE-2020-8214 | A path traversal vulnerability in servey version < 3 allows an attacker to read content of any arbit... | E | |
| CVE-2020-8215 | A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or ... | | |
| CVE-2020-8216 | An information disclosure vulnerability in meeting of Pulse Connect Secure <9.1R8 allowed an authent... | | |
| CVE-2020-8217 | A cross site scripting (XSS) vulnerability in Pulse Connect Secure <9.1R8 allowed attackers to explo... | | |
| CVE-2020-8218 | A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to craf... | KEV E | |
| CVE-2020-8219 | An insufficient permission check vulnerability exists in Pulse Connect Secure <9.1R8 that allows an ... | | |
| CVE-2020-8220 | A denial of service vulnerability exists in Pulse Connect Secure <9.1R8 that allows an authenticated... | | |
| CVE-2020-8221 | A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 which allows an authenticated a... | | |
| CVE-2020-8222 | A path traversal vulnerability exists in Pulse Connect Secure <9.1R8 that allowed an authenticated a... | | |
| CVE-2020-8223 | A logic error in Nextcloud Server 19.0.0 caused a privilege escalation allowing malicious users to r... | E | |
| CVE-2020-8224 | A code injection in Nextcloud Desktop Client 2.6.4 allowed to load arbitrary code when placing a mal... | E | |
| CVE-2020-8225 | A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information... | | |
| CVE-2020-8226 | A vulnerability exists in phpBB | S | |
| CVE-2020-8227 | Missing sanitization of a server response in Nextcloud Desktop Client 2.6.4 for Linux allowed a mali... | E | |
| CVE-2020-8228 | A missing rate limit in the Preferred Providers app 1.7.0 allowed an attacker to set the password an... | E | |
| CVE-2020-8229 | A memory leak in the OCUtil.dll library used by Nextcloud Desktop Client 2.6.4 can lead to a DoS aga... | E | |
| CVE-2020-8230 | A memory corruption vulnerability exists in NextCloud Desktop Client v2.6.4 where missing ASLR and D... | S | |
| CVE-2020-8231 | Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when se... | E S | |
| CVE-2020-8232 | An information disclosure vulnerability exists in EdgeMax EdgeSwitch firmware v1.9.0 that allowed re... | S | |
| CVE-2020-8233 | A command injection vulnerability exists in EdgeSwitch firmware | S | |
| CVE-2020-8234 | A vulnerability exists in The EdgeMax EdgeSwitch firmware | | |
| CVE-2020-8235 | Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing a... | E | |
| CVE-2020-8236 | A wrong configuration in Nextcloud Server 19.0.1 incorrectly made the user feel the passwordless Web... | E | |
| CVE-2020-8237 | Prototype pollution in json-bigint npm package < 1.0.0 may lead to a denial-of-service (DoS) attack.... | E | |
| CVE-2020-8238 | A vulnerability in the authenticated user web interface of Pulse Connect Secure and Pulse Policy Sec... | E | |
| CVE-2020-8239 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 is vulnerable to the client registry priv... | | |
| CVE-2020-8240 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 allows a restricted user on an endpoint m... | | |
| CVE-2020-8241 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 could allow the attacker to perform a MIT... | | |
| CVE-2020-8242 | Unsanitized user input in ExpressionEngine <= 5.4.0 control panel member creation leads to an SQL in... | | |
| CVE-2020-8243 | A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticat... | KEV | |
| CVE-2020-8244 | A buffer over-read vulnerability exists in bl <4.0.3, <3.0.1, <2.2.1, and <1.2.3 which could allow a... | E S | |
| CVE-2020-8245 | Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and Ne... | | |
| CVE-2020-8246 | Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 1... | | |
| CVE-2020-8247 | Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 1... | | |
| CVE-2020-8248 | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to es... | | |
| CVE-2020-8249 | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to pe... | | |
| CVE-2020-8250 | A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to es... | | |
| CVE-2020-8251 | Node.js < 14.11.0 is vulnerable to HTTP denial of service (DoS) attacks based on delayed requests su... | | |
| CVE-2020-8252 | The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incor... | | |
| CVE-2020-8253 | Improper authentication in Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 b... | S | |
| CVE-2020-8254 | A vulnerability in the Pulse Secure Desktop Client < 9.1R9 has Remote Code Execution (RCE) if users ... | | |
| CVE-2020-8255 | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated... | | |
| CVE-2020-8256 | A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticat... | E | |
| CVE-2020-8257 | Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before... | | |
| CVE-2020-8258 | Improper privilege management on services run by Citrix Gateway Plug-in for Windows, versions before... | | |
| CVE-2020-8259 | Insufficient protection of the server-side encryption keys in Nextcloud Server 19.0.1 allowed an att... | E | |
| CVE-2020-8260 | A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated... | KEV E | |
| CVE-2020-8261 | A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary... | | |
| CVE-2020-8262 | A vulnerability in the Pulse Connect Secure / Pulse Policy Secure below 9.1R9 could allow attackers ... | | |
| CVE-2020-8263 | A vulnerability in the authenticated user web interface of Pulse Connect Secure < 9.1R9 could allow ... | | |
| CVE-2020-8264 | In actionpack gem >= 6.0.0, a possible XSS vulnerability exists when an application is running in de... | E S | |
| CVE-2020-8265 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in ... | E S | |
| CVE-2020-8267 | A security issue was found in UniFi Protect controller v1.14.10 and earlier.The authentication in th... | S | |
| CVE-2020-8268 | Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to in... | E | |
| CVE-2020-8269 | An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD ve... | S | |
| CVE-2020-8270 | An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SY... | S | |
| CVE-2020-8271 | Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 1... | | |
| CVE-2020-8272 | Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions... | | |
| CVE-2020-8273 | Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2... | | |
| CVE-2020-8274 | Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('... | | |
| CVE-2020-8275 | Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthen... | | |
| CVE-2020-8276 | The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18... | E | |
| CVE-2020-8277 | A Node.js application that allows an attacker to trigger a DNS request for a host of their choice co... | S | |
| CVE-2020-8278 | Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.... | E | |
| CVE-2020-8279 | Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allo... | E | |
| CVE-2020-8280 | A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as... | E | |
| CVE-2020-8281 | A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SV... | E | |
| CVE-2020-8282 | A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CS... | | |
| CVE-2020-8283 | An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary com... | | |
| CVE-2020-8284 | A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting ba... | S | |
| CVE-2020-8285 | curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow ... | E S | |
| CVE-2020-8286 | curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insu... | E S | |
| CVE-2020-8287 | Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an H... | E S | |
| CVE-2020-8288 | The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting... | E S | |
| CVE-2020-8289 | Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper... | E | |
| CVE-2020-8290 | Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege manage... | E | |
| CVE-2020-8291 | A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attack... | S | |
| CVE-2020-8292 | Rocket.Chat server before 3.9.0 is vulnerable to a self cross-site scripting (XSS) vulnerability via... | E | |
| CVE-2020-8293 | A missing input validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows users to store ... | | |
| CVE-2020-8294 | A missing link validation in Nextcloud Server before 20.0.2, 19.0.5, 18.0.11 allows execution of a s... | | |
| CVE-2020-8295 | A wrong check in Nextcloud Server 19 and prior allowed to perform a denial of service attack when re... | E | |
| CVE-2020-8296 | Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external storage... | E S | |
| CVE-2020-8297 | Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability th... | E S | |
| CVE-2020-8298 | fs-path node module before 0.0.25 is vulnerable to command injection by way of user-supplied inputs ... | E S | |
| CVE-2020-8299 | Citrix ADC and Citrix/NetScaler Gateway 13.0 before 13.0-76.29, 12.1-61.18, 11.1-65.20, Citrix ADC 1... | | |
| CVE-2020-8300 | Citrix ADC and Citrix/NetScaler Gateway before 13.0-82.41, 12.1-62.23, 11.1-65.20 and Citrix ADC 12.... | | |
| CVE-2020-8315 | In Python (CPython) 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through 3.8.1, an insecure depend... | S | |
| CVE-2020-8316 | A vulnerability was reported in Lenovo Vantage prior to version 10.2003.10.0 that could allow an aut... | S | |
| CVE-2020-8317 | A DLL search path vulnerability was reported in Lenovo Drivers Management prior to version 2.7.1128.... | S | |
| CVE-2020-8318 | A privilege escalation vulnerability was reported in the LenovoSystemUpdatePlugin for Lenovo System ... | S | |
| CVE-2020-8319 | A privilege escalation vulnerability was reported in Lenovo System Interface Foundation prior to ver... | S | |
| CVE-2020-8320 | An internal shell was included in BIOS image in some ThinkPad models that could allow escalation of ... | S | |
| CVE-2020-8321 | A potential vulnerability in the SMI callback function used in the System Lock Preinstallation drive... | S | |
| CVE-2020-8322 | A potential vulnerability in the SMI callback function used in the Legacy USB driver in some Lenovo ... | S | |
| CVE-2020-8323 | A potential vulnerability in the SMI callback function used in the Legacy SD driver in some Lenovo T... | S | |
| CVE-2020-8324 | A vulnerability was reported in LenovoAppScenarioPluginSystem for Lenovo System Interface Foundation... | S | |
| CVE-2020-8325 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8326 | An unquoted service path vulnerability was reported in Lenovo Drivers Management prior to version 2.... | S | |
| CVE-2020-8327 | A privilege escalation vulnerability was reported in LenovoBatteryGaugePackage for Lenovo System Int... | S | |
| CVE-2020-8328 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8329 | A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo ... | S | |
| CVE-2020-8330 | A denial of service vulnerability was reported in the firmware prior to version 1.01 used in Lenovo ... | S | |
| CVE-2020-8331 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8332 | A potential vulnerability in the SMI callback function used in the legacy BIOS mode USB drivers in s... | S | |
| CVE-2020-8333 | A potential vulnerability in the SMI callback function used in the EEPROM driver in some Lenovo Desk... | S | |
| CVE-2020-8334 | The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad T495s, X395, T495, A485, A2... | S | |
| CVE-2020-8335 | The BIOS tamper detection mechanism was not triggered in Lenovo ThinkPad A285, BIOS versions up to r... | S | |
| CVE-2020-8336 | Lenovo implemented Intel CSME Anti-rollback ARB protections on some ThinkPad models to prevent roll ... | S | |
| CVE-2020-8337 | An unquoted search path vulnerability was reported in versions prior to 1.0.83.0 of the Synaptics Sm... | S | |
| CVE-2020-8338 | A DLL search path vulnerability was reported in Lenovo Diagnostics prior to version 4.35.4 that coul... | S | |
| CVE-2020-8339 | A cross-site scripting inclusion (XSSI) vulnerability was reported in the legacy IBM BladeCenter Adv... | S | |
| CVE-2020-8340 | A cross-site scripting (XSS) vulnerability was discovered in the legacy IBM and Lenovo System x IMM2... | S | |
| CVE-2020-8341 | In Lenovo systems, SMM BIOS Write Protection is used to prevent writes to SPI Flash. While this prov... | S | |
| CVE-2020-8342 | A race condition vulnerability was reported in Lenovo System Update prior to version 5.07.0106 that ... | S | |
| CVE-2020-8343 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8344 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8345 | A DLL search path vulnerability was reported in the Lenovo HardwareScan Plugin for the Lenovo Vantag... | S | |
| CVE-2020-8346 | A denial of service vulnerability was reported in the Lenovo Vantage component called Lenovo System ... | S | |
| CVE-2020-8347 | A reflective cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk... | S | |
| CVE-2020-8348 | A DOM-based cross-site scripting (XSS) vulnerability was reported in Lenovo Enterprise Network Disk ... | S | |
| CVE-2020-8349 | An internal security review has identified an unauthenticated remote code execution vulnerability in... | S | |
| CVE-2020-8350 | An authentication bypass vulnerability was reported in Lenovo ThinkPad Stack Wireless Router firmwar... | S | |
| CVE-2020-8351 | A privilege escalation vulnerability was reported in Lenovo PCManager prior to version 3.0.50.9162 t... | S | |
| CVE-2020-8352 | In some Lenovo Desktop models, the Configuration Change Detection BIOS setting failed to detect SATA... | S | |
| CVE-2020-8353 | Prior to August 10, 2020, some Lenovo Desktop and Workstation systems were shipped with the Embedded... | E S | |
| CVE-2020-8354 | A potential vulnerability in the SMI callback function used in the VariableServiceSmm driver in some... | S | |
| CVE-2020-8355 | An internal product security audit of Lenovo XClarity Administrator (LXCA) prior to version 3.1.0 di... | S | |
| CVE-2020-8356 | An internal product security audit of LXCO, prior to version 1.2.2, discovered that optional passwor... | S | |
| CVE-2020-8357 | A denial of service vulnerability was reported in Lenovo PCManager, prior to version 3.0.200.2042, t... | S | |
| CVE-2020-8358 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8359 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8360 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8361 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8362 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8363 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8364 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8365 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8366 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8367 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8368 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8369 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8370 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8371 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8372 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8373 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8374 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8375 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8376 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8377 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8378 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8379 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8380 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8381 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8382 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8383 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8384 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8385 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8386 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8387 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8388 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8389 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8390 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8391 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8392 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8393 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8394 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8395 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8396 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8397 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8400 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8401 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8402 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8403 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8404 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8405 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8406 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8407 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8408 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8409 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8410 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8411 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8412 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8413 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8414 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8415 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8416 | IKTeam BearFTP before 0.2.0 allows remote attackers to achieve denial of service via a large volume ... | E S | |
| CVE-2020-8417 | The Code Snippets plugin before 2.14.0 for WordPress allows CSRF because of the lack of a Referer ch... | E | |
| CVE-2020-8419 | An issue was discovered in Joomla! before 3.9.15. Missing token checks in the batch actions of vario... | | |
| CVE-2020-8420 | An issue was discovered in Joomla! before 3.9.15. A missing CSRF token check in the LESS compiler of... | | |
| CVE-2020-8421 | An issue was discovered in Joomla! before 3.9.15. Inadequate escaping of usernames allows XSS attack... | | |
| CVE-2020-8422 | An authorization issue was discovered in the Credential Manager feature in Zoho ManageEngine Remote ... | | |
| CVE-2020-8423 | A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices all... | E | |
| CVE-2020-8424 | Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account takeover via ... | E | |
| CVE-2020-8425 | Cups Easy (Purchase & Inventory) 1.0 is vulnerable to CSRF that leads to admin account deletion via ... | E | |
| CVE-2020-8426 | The Elementor plugin before 2.8.5 for WordPress suffers from a reflected XSS vulnerability on the el... | E | |
| CVE-2020-8427 | In Unitrends Backup before 10.4.1, an HTTP request parameter was not properly sanitized, allowing fo... | | |
| CVE-2020-8428 | fs/namei.c in the Linux kernel before 5.5 has a may_create_in_sticky use-after-free, which allows lo... | S | |
| CVE-2020-8429 | The Admin web application in Kinetica 7.0.9.2.20191118151947 does not properly sanitise the input fo... | E | |
| CVE-2020-8430 | Stormshield Network Security 310 3.7.10 devices have an auth/lang.html?rurl= Open Redirect vulnerabi... | | |
| CVE-2020-8432 | In Das U-Boot through 2020.01, a double free has been found in the cmd/gpt.c do_rename_gpt_parts() f... | | |
| CVE-2020-8434 | Jenzabar JICS (aka Internet Campus Solution) before 9.0.1 Patch 3, 9.1 before 9.1.2 Patch 2, and 9.2... | | |
| CVE-2020-8435 | An issue was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress. There is SQL injectio... | E | |
| CVE-2020-8436 | XSS was discovered in the RegistrationMagic plugin 4.6.0.0 for WordPress via the rm_form_id, rm_tr, ... | E | |
| CVE-2020-8437 | The bencoding parser in BitTorrent uTorrent through 3.5.5 (build 45505) misparses nested bencoded di... | E | |
| CVE-2020-8438 | Ruckus ZoneFlex R500 104.0.0.0.1347 devices allow an authenticated attacker to execute arbitrary OS ... | E | |
| CVE-2020-8439 | Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts via... | E M | |
| CVE-2020-8440 | controllers/page_apply.php in Simplejobscript.com SJS through 1.66 is prone to unauthenticated Remot... | E | |
| CVE-2020-8441 | JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through... | E | |
| CVE-2020-8442 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd)... | E S | |
| CVE-2020-8443 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd)... | E | |
| CVE-2020-8444 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd)... | E | |
| CVE-2020-8445 | In OSSEC-HIDS 2.7 through 3.5.0, the OS_CleanMSG function in ossec-analysisd doesn't remove or encod... | | |
| CVE-2020-8446 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd)... | E | |
| CVE-2020-8447 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd)... | E | |
| CVE-2020-8448 | In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd)... | E | |
| CVE-2020-8449 | An issue was discovered in Squid before 4.10. Due to incorrect input validation, it can interpret cr... | S | |
| CVE-2020-8450 | An issue was discovered in Squid before 4.10. Due to incorrect buffer management, a remote client ca... | S | |
| CVE-2020-8461 | A CSRF protection bypass vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 S... | E | |
| CVE-2020-8462 | A cross-site scripting (XSS) vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6... | E | |
| CVE-2020-8463 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attac... | E | |
| CVE-2020-8464 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attac... | E | |
| CVE-2020-8465 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attac... | E | |
| CVE-2020-8466 | A command injection vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2, w... | E | |
| CVE-2020-8467 | A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability... | KEV S | |
| CVE-2020-8468 | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) agents ... | KEV S | |
| CVE-2020-8469 | Trend Micro Password Manager for Windows version 5.0 is affected by a DLL hijacking vulnerability wo... | | |
| CVE-2020-8470 | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server ... | S | |
| CVE-2020-8471 | ABB Central Licensing System - Weak File Permissions | | |
| CVE-2020-8472 | ABB System 800xA Weak File Permissions - different products | | |
| CVE-2020-8473 | ABB System 800xA Weak File Permissions - ABB System 800xA Base | | |
| CVE-2020-8474 | ABB System 800xA Weak Registry Permissions | | |
| CVE-2020-8475 | ABB Central Licensing System - Denial of Service Vulnerability | | |
| CVE-2020-8476 | ABB Central Licensing System - Elevation of Privilege Vulnerability | | |
| CVE-2020-8477 | ABB System 800xA Information Manager Remote Code Execution | | |
| CVE-2020-8478 | ABB System 800xA Inter process communication vulnerability | | |
| CVE-2020-8479 | ABB Central Licensing System - XML External Entity Injection | | |
| CVE-2020-8481 | ABB Central Licensing System - Information disclosure | | |
| CVE-2020-8482 | ABB Device Library Wizard Information Disclosure Vulnerability | | |
| CVE-2020-8484 | ABB System 800xA Inter process communication vulnerability - 800xA for DCI | | |
| CVE-2020-8485 | ABB System 800xA Inter process communication vulnerability - 800xA for Mod 300 | | |
| CVE-2020-8486 | ABB System 800xA Inter process communication vulnerability - 800xA RNRP | | |
| CVE-2020-8487 | ABB System 800xA Inter process communication vulnerability - System 800xA Base | | |
| CVE-2020-8488 | ABB System 800xA Inter process communication vulnerability - 800xA Batch Management | | |
| CVE-2020-8489 | ABB System 800xA Inter process communication vulnerability - 800xA Information Management | | |
| CVE-2020-8492 | Python 2.7 through 2.7.17, 3.5 through 3.5.9, 3.6 through 3.6.10, 3.7 through 3.7.6, and 3.8 through... | E S | |
| CVE-2020-8493 | A stored XSS vulnerability in Kronos Web Time and Attendance (webTA) affects 3.8.x and later 3.x ver... | E | |
| CVE-2020-8494 | In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.w... | E | |
| CVE-2020-8495 | In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com.threeis.w... | E | |
| CVE-2020-8496 | In Kronos Web Time and Attendance (webTA) 4.1.x and later 4.x versions before 5.0, there is a Stored... | E | |
| CVE-2020-8497 | In Artica Pandora FMS through 7.42, an unauthenticated attacker can read the chat history. The file ... | E | |
| CVE-2020-8498 | XSS exists in the shortcode functionality of the GistPress plugin before 3.0.2 for WordPress via the... | S | |
| CVE-2020-8500 | In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via ... | E | |
| CVE-2020-8503 | Biscom Secure File Transfer (SFT) 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Ins... | | |
| CVE-2020-8504 | School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=addadmin CSRF to... | E | |
| CVE-2020-8505 | School Management Software PHP/mySQL through 2019-03-14 allows office_admin/?action=deleteadmin CSRF... | E | |
| CVE-2020-8506 | The Global TV application 2.3.2 for Android and 4.7.5 for iOS sends Unencrypted Analytics.... | E | |
| CVE-2020-8507 | The Citytv Video application 4.08.0 for Android and 3.35 for iOS sends Unencrypted Analytics.... | | |
| CVE-2020-8508 | nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because... | E | |
| CVE-2020-8509 | Zoho ManageEngine Desktop Central before 10.0.483 allows unauthenticated users to access PDFGenerati... | | |
| CVE-2020-8510 | An issue was discovered in phpABook 0.9 Intermediate. On the login page, if one sets a userInfo cook... | | |
| CVE-2020-8511 | In Artica Pandora FMS through 7.42, Web Admin users can execute arbitrary code by uploading a .php f... | E | |
| CVE-2020-8512 | In IceWarp Webmail Server through 11.4.4.1, there is XSS in the /webmail/ color parameter.... | E | |
| CVE-2020-8514 | An issue was discovered in Rumpus 8.2.10 on macOS. By crafting a directory name, it is possible to a... | E | |
| CVE-2020-8515 | DrayTek Vigor2960 1.3.1_Beta, Vigor3900 1.4.4_Beta, and Vigor300B 1.3.3_Beta, 1.4.2.1_Beta, and 1.4.... | KEV E | |
| CVE-2020-8516 | The daemon in Tor through 0.4.1.8 and 0.4.2.x through 0.4.2.6 does not verify that a rendezvous node... | E M | |
| CVE-2020-8517 | An issue was discovered in Squid before 4.10. Due to incorrect input validation, the NTLM authentica... | S | |
| CVE-2020-8518 | Horde Groupware Webmail Edition 5.2.22 allows injection of arbitrary PHP code via CSV data, leading ... | E | |
| CVE-2020-8519 | SQL injection with the search parameter in Records.php for phpzag live add edit delete data tables r... | E | |
| CVE-2020-8520 | SQL injection in order and column parameters in Records.php for phpzag live add edit delete data tab... | E | |
| CVE-2020-8521 | SQL injection with start and length parameters in Records.php for phpzag live add edit delete data t... | E | |
| CVE-2020-8539 | Kia Motors Head Unit with Software version: SOP.003.30.18.0703, SOP.005.7.181019, and SOP.007.1.1912... | E | |
| CVE-2020-8540 | An XML external entity (XXE) vulnerability in Zoho ManageEngine Desktop Central before the 07-Mar-20... | | |
| CVE-2020-8541 | OX App Suite through 7.10.3 allows XXE attacks.... | | |
| CVE-2020-8542 | OX App Suite through 7.10.3 allows XSS.... | | |
| CVE-2020-8543 | OX App Suite through 7.10.3 has Improper Input Validation.... | | |
| CVE-2020-8544 | OX App Suite through 7.10.3 allows SSRF.... | | |
| CVE-2020-8545 | Global.py in AIL framework 2.8 allows path traversal.... | S | |
| CVE-2020-8547 | phpList 3.5.0 allows type juggling for admin login bypass because == is used instead of === for pass... | E | |
| CVE-2020-8548 | massCode 1.0.0-alpha.6 allows XSS via crafted Markdown text, with resultant remote code execution (b... | E | |
| CVE-2020-8549 | Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker p... | E | |
| CVE-2020-8551 | Kubernetes kubelet denial of service | S | |
| CVE-2020-8552 | Kubernetes API server denial of service | S | |
| CVE-2020-8553 | Kubernetes ingress-nginx Compromise of auth via subset/superset namespace names | | |
| CVE-2020-8554 | Kubernetes man in the middle using LoadBalancer or ExternalIPs | E S | |
| CVE-2020-8555 | Kubernetes kube-controller-manager SSRF | M | |
| CVE-2020-8557 | Kubernetes node disk Denial of Service by writing to container /etc/hosts | S | |
| CVE-2020-8558 | Kubernetes node setting allows for neighboring hosts to bypass localhost boundary | E S | |
| CVE-2020-8559 | Privilege escalation from compromised node to cluster | E S | |
| CVE-2020-8561 | Webhook redirect in kube-apiserver | M | |
| CVE-2020-8562 | Bypass of Kubernetes API Server proxy TOCTOU | M | |
| CVE-2020-8563 | Secret leaks in logs for vSphere Provider kube-controller-manager | S | |
| CVE-2020-8564 | Docker config secrets leaked when file is malformed and loglevel >= 4 | S | |
| CVE-2020-8565 | Incomplete fix for CVE-2019-11250 allows for token leak in logs when logLevel >= 9 | S | |
| CVE-2020-8566 | Ceph RBD adminSecrets exposed in logs when loglevel >= 4 | S | |
| CVE-2020-8567 | Kubernetes Secrets Store CSI Driver plugin directory traversals | S | |
| CVE-2020-8568 | Kubernetes Secrets Store CSI Driver sync/rotate directory traversal | S | |
| CVE-2020-8569 | Kubernetes CSI snapshot-controller DoS | E M | |
| CVE-2020-8570 | Kubernetes Java client libraries unvalidated path traversal in Copy implementation | S | |
| CVE-2020-8571 | StorageGRID (formerly StorageGRID Webscale) versions 10.0.0 through 11.3 prior to 11.2.0.8 and 11.3.... | | |
| CVE-2020-8572 | Element OS prior to version 12.0 and Element HealthTools prior to version 2020.04.01.04 are suscepti... | S | |
| CVE-2020-8573 | The NetApp HCI H610C, H615C and H610S Baseboard Management Controllers (BMC) are shipped with a docu... | | |
| CVE-2020-8574 | Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Re... | | |
| CVE-2020-8575 | Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a ... | | |
| CVE-2020-8576 | Clustered Data ONTAP versions prior to 9.3P19, 9.5P14, 9.6P9 and 9.7 are susceptible to a vulnerabil... | | |
| CVE-2020-8577 | SANtricity OS Controller Software versions 11.50.1 and higher are susceptible to a vulnerability whi... | | |
| CVE-2020-8578 | Clustered Data ONTAP versions prior to 9.3P20 are susceptible to a vulnerability which could allow a... | | |
| CVE-2020-8579 | Clustered Data ONTAP versions 9.7 through 9.7P7 are susceptible to a vulnerability which allows an a... | | |
| CVE-2020-8580 | SANtricity OS Controller Software versions 11.30 and higher are susceptible to a vulnerability which... | | |
| CVE-2020-8581 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which could... | | |
| CVE-2020-8582 | Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnera... | | |
| CVE-2020-8583 | Element Software versions prior to 12.2 and HCI versions prior to 1.8P1 are susceptible to a vulnera... | | |
| CVE-2020-8584 | Element OS versions prior to 1.8P1 and 12.2 are susceptible to a vulnerability that could allow an u... | | |
| CVE-2020-8585 | OnCommand Unified Manager Core Package versions prior to 5.2.5 may disclose sensitive account inform... | | |
| CVE-2020-8586 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8587 | OnCommand System Manager 9.x versions prior to 9.3P20 and 9.4 prior to 9.4P3 are susceptible to a vu... | | |
| CVE-2020-8588 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which co... | | |
| CVE-2020-8589 | Clustered Data ONTAP versions prior to 9.3P20 and 9.5P15 are susceptible to a vulnerability which co... | | |
| CVE-2020-8590 | Clustered Data ONTAP versions prior to 9.1P18 and 9.3P12 are susceptible to a vulnerability which co... | | |
| CVE-2020-8591 | eG Manager 7.1.2 allows authentication bypass via a com.egurkha.EgLoginServlet?uname=admin&upass=&ac... | E | |
| CVE-2020-8592 | eG Manager 7.1.2 allows SQL Injection via the user parameter to com.eg.LoginHelperServlet (aka the F... | E | |
| CVE-2020-8594 | The Ninja Forms plugin 3.4.22 for WordPress has Multiple Stored XSS vulnerabilities via ninja_forms[... | E | |
| CVE-2020-8595 | Istio versions 1.2.10 (End of Life) and prior, 1.3 through 1.3.7, and 1.4 through 1.4.3 allows authe... | S | |
| CVE-2020-8596 | participants-database.php in the Participants Database plugin 1.9.5.5 and previous versions for Word... | | |
| CVE-2020-8597 | eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap... | S | |
| CVE-2020-8598 | Trend Micro Apex One (2019), OfficeScan XG and Worry-Free Business Security (9.0, 9.5, 10.0) server ... | S | |
| CVE-2020-8599 | Trend Micro Apex One (2019) and OfficeScan XG server contain a vulnerable EXE file that could allow ... | KEV S | |
| CVE-2020-8600 | Trend Micro Worry-Free Business Security (9.0, 9.5, 10.0) is affected by a directory traversal vulne... | S | |
| CVE-2020-8601 | Trend Micro Vulnerability Protection 2.0 is affected by a vulnerability that could allow an attack t... | | |
| CVE-2020-8602 | A vulnerability in the management consoles of Trend Micro Deep Security 10.0-12.0 and Trend Micro Vu... | S | |
| CVE-2020-8603 | A cross-site scripting vulnerability (XSS) in Trend Micro InterScan Web Security Virtual Appliance 6... | S | |
| CVE-2020-8604 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attacke... | E S | |
| CVE-2020-8605 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attacke... | E S | |
| CVE-2020-8606 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attacke... | E S | |
| CVE-2020-8607 | An input validation vulnerability found in multiple Trend Micro products utilizing a particular vers... | S | |
| CVE-2020-8608 | In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a bu... | S | |
| CVE-2020-8611 | In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injectio... | | |
| CVE-2020-8612 | In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint f... | S | |
| CVE-2020-8614 | An issue was discovered on Askey AP4000W TDC_V1.01.003 devices. An attacker can perform Remote Code ... | E | |
| CVE-2020-8615 | A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in an attacker ap... | E | |
| CVE-2020-8616 | BIND does not sufficiently limit the number of fetches performed when processing referrals | E S | |
| CVE-2020-8617 | A logic error in code which checks TSIG validity can be used to trigger an assertion failure in tsig.c | S | |
| CVE-2020-8618 | A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer | S | |
| CVE-2020-8619 | A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer | S | |
| CVE-2020-8620 | In BIND 9.15.6 -> 9.16.5, 9.17.0 -> 9.17.3, An attacker who can establish a TCP connection with the ... | S | |
| CVE-2020-8621 | Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c | S | |
| CVE-2020-8622 | A truncated TSIG response can lead to an assertion failure | S | |
| CVE-2020-8623 | A flaw in native PKCS#11 code can lead to a remotely triggerable assertion failure in pk11.c | S | |
| CVE-2020-8624 | update-policy rules of type "subdomain" are enforced incorrectly | S | |
| CVE-2020-8625 | A vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack | S | |
| CVE-2020-8626 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2020-8627 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2020-8628 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2020-8629 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2020-8630 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: The CNA or individual who requested this ... | R | |
| CVE-2020-8631 | cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for ... | S | |
| CVE-2020-8632 | In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small d... | S | |
| CVE-2020-8633 | An issue was discovered in Zimbra Collaboration Suite (ZCS) before 8.8.15 Patch 7. When grantors rev... | | |
| CVE-2020-8634 | Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on files modified wit... | E | |
| CVE-2020-8635 | Wing FTP Server v6.2.3 for Linux, macOS, and Solaris sets insecure permissions on installation direc... | E | |
| CVE-2020-8636 | An issue was discovered in OpServices OpMon 9.3.2 that allows Remote Code Execution .... | | |
| CVE-2020-8637 | A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands ... | E S | |
| CVE-2020-8638 | A SQL injection vulnerability in TestLink 1.9.20 allows attackers to execute arbitrary SQL commands ... | E S | |
| CVE-2020-8639 | An unrestricted file upload vulnerability in keywordsImport.php in TestLink 1.9.20 allows remote att... | E S | |
| CVE-2020-8641 | Lotus Core CMS 1.0.1 allows authenticated Local File Inclusion of .php files via directory traversal... | E | |
| CVE-2020-8644 | PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.... | KEV E | |
| CVE-2020-8645 | An issue was discovered in Simplejobscript.com SJS through 1.66. There is an unauthenticated SQL inj... | E | |
| CVE-2020-8647 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vc_do_resize functi... | S | |
| CVE-2020-8648 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_receive_buf_c... | E | |
| CVE-2020-8649 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the vgacon_invert_regio... | E | |
| CVE-2020-8654 | An issue was discovered in EyesOfNetwork 5.3. An authenticated web user with sufficient privileges c... | E | |
| CVE-2020-8655 | An issue was discovered in EyesOfNetwork 5.3. The sudoers configuration is prone to a privilege esca... | KEV E | |
| CVE-2020-8656 | An issue was discovered in EyesOfNetwork 5.3. The EyesOfNetwork API 2.4.2 is prone to SQL injection,... | E | |
| CVE-2020-8657 | An issue was discovered in EyesOfNetwork 5.3. The installation uses the same API key (hardcoded as E... | KEV E | |
| CVE-2020-8658 | The BestWebSoft Htaccess plugin through 1.8.1 for WordPress allows wp-admin/admin.php?page=htaccess.... | E | |
| CVE-2020-8659 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when proxying HTTP/1.1 requests or... | | |
| CVE-2020-8660 | CNCF Envoy through 1.13.0 TLS inspector bypass. TLS inspector could have been bypassed (not recogniz... | | |
| CVE-2020-8661 | CNCF Envoy through 1.13.0 may consume excessive amounts of memory when responding internally to pipe... | | |
| CVE-2020-8663 | Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may exhaust file descriptors and/or memory when acce... | | |
| CVE-2020-8664 | CNCF Envoy through 1.13.0 has incorrect Access Control when using SDS with Combined Validation Conte... | | |
| CVE-2020-8668 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8669 | Improper input validation in the Intel(R) Data Center Manager Console before version 3.6.2 may allow... | | |
| CVE-2020-8670 | Race condition in the firmware for some Intel(R) Processors may allow a privileged user to potential... | | |
| CVE-2020-8671 | Insufficient control flow management in BIOS firmware 8th, 9th Generation Intel(R) Core(TM) Processo... | | |
| CVE-2020-8672 | Out of bound read in BIOS firmware for 8th, 9th Generation Intel(R) Core(TM), Intel(R) Celeron(R) Pr... | | |
| CVE-2020-8673 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8674 | Out-of-bounds read in DHCPv6 subsystem in Intel(R) AMT and Intel(R)ISM versions before 11.8.77, 11.1... | | |
| CVE-2020-8675 | Insufficient control flow management in firmware build and signing tool for Intel(R) Innovation Engi... | | |
| CVE-2020-8676 | Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a priv... | | |
| CVE-2020-8677 | Improper access control in the Intel(R) Visual Compute Accelerator 2, all versions, may allow a priv... | | |
| CVE-2020-8678 | Improper access control for Intel(R) Graphics Drivers before version 15.45.33.5164 and 27.20.100.828... | | |
| CVE-2020-8679 | Out-of-bounds write in Kernel Mode Driver for some Intel(R) Graphics Drivers before version 26.20.10... | S | |
| CVE-2020-8680 | Race condition in some Intel(R) Graphics Drivers before version 15.40.45.5126 may allow an authentic... | S | |
| CVE-2020-8681 | Out of bounds write in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129... | S | |
| CVE-2020-8682 | Out of bounds read in system driver for some Intel(R) Graphics Drivers before version 15.33.50.5129 ... | S | |
| CVE-2020-8683 | Improper buffer restrictions in system driver for some Intel(R) Graphics Drivers before version 15.3... | S | |
| CVE-2020-8684 | Improper access control in firmware for Intel(R) PAC with Arria(R) 10 GX FPGA before Intel Accelerat... | S | |
| CVE-2020-8685 | Improper authentication in subsystem for Intel (R) LED Manager for NUC before version 1.2.3 may allo... | S | |
| CVE-2020-8686 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8687 | Uncontrolled search path in the installer for Intel(R) RSTe Software RAID Driver for the Intel(R) Se... | S | |
| CVE-2020-8688 | Improper input validation in the Intel(R) RAID Web Console 3 for Windows* may allow an unauthenticat... | S | |
| CVE-2020-8689 | Improper buffer restrictions in the Intel(R) Wireless for Open Source before version 1.5 may allow a... | S | |
| CVE-2020-8690 | Protection mechanism failure in Intel(R) Ethernet 700 Series Controllers before version 7.3 may allo... | | |
| CVE-2020-8691 | A logic issue in the firmware of the Intel(R) Ethernet 700 Series Controllers may allow a privileged... | | |
| CVE-2020-8692 | Insufficient access control in the firmware of the Intel(R) Ethernet 700 Series Controllers before v... | | |
| CVE-2020-8693 | Improper buffer restrictions in the firmware of the Intel(R) Ethernet 700 Series Controllers may all... | | |
| CVE-2020-8694 | Insufficient access control in the Linux kernel driver for some Intel(R) Processors may allow an aut... | | |
| CVE-2020-8695 | Observable discrepancy in the RAPL interface for some Intel(R) Processors may allow a privileged use... | | |
| CVE-2020-8696 | Improper removal of sensitive information before storage or transfer in some Intel(R) Processors may... | | |
| CVE-2020-8697 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8698 | Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user t... | | |
| CVE-2020-8699 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8700 | Improper input validation in the firmware for some Intel(R) Processors may allow a privileged user t... | | |
| CVE-2020-8701 | Incorrect default permissions in installer for the Intel(R) SSD Toolbox versions before 2/9/2021 may... | | |
| CVE-2020-8702 | Uncontrolled search path element in the Intel(R) Processor Diagnostic Tool before version 4.1.5.37 m... | | |
| CVE-2020-8703 | Improper buffer restrictions in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, ... | | |
| CVE-2020-8704 | Race condition in a subsystem in the Intel(R) LMS versions before 2039.1.0.0 may allow a privileged ... | | |
| CVE-2020-8705 | Insecure default initialization of resource in Intel(R) Boot Guard in Intel(R) CSME versions before ... | | |
| CVE-2020-8706 | Buffer overflow in a daemon for some Intel(R) Server Boards, Server Systems and Compute Modules befo... | | |
| CVE-2020-8707 | Buffer overflow in daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before... | | |
| CVE-2020-8708 | Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before v... | | |
| CVE-2020-8709 | Improper authentication in socket services for some Intel(R) Server Boards, Server Systems and Compu... | | |
| CVE-2020-8710 | Buffer overflow in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Module... | | |
| CVE-2020-8711 | Improper access control in the bootloader for some Intel(R) Server Boards, Server Systems and Comput... | | |
| CVE-2020-8712 | Buffer overflow in a verification process for some Intel(R) Server Boards, Server Systems and Comput... | | |
| CVE-2020-8713 | Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before v... | | |
| CVE-2020-8714 | Improper authentication for some Intel(R) Server Boards, Server Systems and Compute Modules before v... | | |
| CVE-2020-8715 | Invalid pointer for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1... | | |
| CVE-2020-8716 | Improper access control for some Intel(R) Server Boards, Server Systems and Compute Modules before v... | | |
| CVE-2020-8717 | Improper input validation in a subsystem for some Intel Server Boards, Server Systems and Compute Mo... | | |
| CVE-2020-8718 | Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules b... | | |
| CVE-2020-8719 | Buffer overflow in subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules bef... | | |
| CVE-2020-8720 | Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules b... | | |
| CVE-2020-8721 | Improper input validation for some Intel(R) Server Boards, Server Systems and Compute Modules before... | | |
| CVE-2020-8722 | Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules b... | | |
| CVE-2020-8723 | Cross-site scripting for some Intel(R) Server Boards, Server Systems and Compute Modules before vers... | | |
| CVE-2020-8724 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8725 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8726 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8727 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8728 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8729 | Buffer copy without checking size of input for some Intel(R) Server Boards, Server Systems and Compu... | | |
| CVE-2020-8730 | Heap-based overflow for some Intel(R) Server Boards, Server Systems and Compute Modules before versi... | | |
| CVE-2020-8731 | Incorrect execution-assigned permissions in the file system for some Intel(R) Server Boards, Server ... | | |
| CVE-2020-8732 | Heap-based buffer overflow in the firmware for some Intel(R) Server Boards, Server Systems and Compu... | | |
| CVE-2020-8733 | Improper buffer restrictions in the firmware for Intel(R) Server Board M10JNP2SB before version 7.21... | S | |
| CVE-2020-8734 | Improper input validation in the firmware for Intel(R) Server Board M10JNP2SB before version 7.210 m... | S | |
| CVE-2020-8735 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8736 | Improper access control in subsystem for the Intel(R) Computing Improvement Program before version 2... | | |
| CVE-2020-8737 | Improper buffer restrictions in the Intel(R) Stratix(R) 10 FPGA firmware provided with the Intel(R) ... | S | |
| CVE-2020-8738 | Improper conditions check in Intel BIOS platform sample code for some Intel(R) Processors before may... | | |
| CVE-2020-8739 | Use of potentially dangerous function in Intel BIOS platform sample code for some Intel(R) Processor... | | |
| CVE-2020-8740 | Out of bounds write in Intel BIOS platform sample code for some Intel(R) Processors may allow a priv... | | |
| CVE-2020-8741 | Improper permissions in the installer for the Intel(R) Thunderbolt(TM) non-DCH driver, all versions,... | | |
| CVE-2020-8742 | Improper input validation in the firmware for Intel(R) NUCs may allow a privileged user to potential... | S | |
| CVE-2020-8743 | Improper permissions in the installer for the Intel(R) Mailbox Interface driver, all versions, may a... | | |
| CVE-2020-8744 | Improper initialization in subsystem for Intel(R) CSME versions before12.0.70, 13.0.40, 13.30.10, 14... | S | |
| CVE-2020-8745 | Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.8... | S | |
| CVE-2020-8746 | Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 ... | | |
| CVE-2020-8747 | Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.7... | | |
| CVE-2020-8748 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8749 | Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.7... | | |
| CVE-2020-8750 | Use after free in Kernel Mode Driver for Intel(R) TXE versions before 3.1.80 and 4.0.30 may allow an... | | |
| CVE-2020-8751 | Insufficient control flow management in subsystem for Intel(R) CSME versions before 11.8.80, Intel(R... | | |
| CVE-2020-8752 | Out-of-bounds write in IPv6 subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.... | | |
| CVE-2020-8753 | Out-of-bounds read in DHCP subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.8... | | |
| CVE-2020-8754 | Out-of-bounds read in subsystem for Intel(R) AMT, Intel(R) ISM versions before 11.8.80, 11.12.80, 11... | | |
| CVE-2020-8755 | Race condition in subsystem for Intel(R) CSME versions before 12.0.70 and 14.0.45, Intel(R) SPS vers... | | |
| CVE-2020-8756 | Improper input validation in subsystem for Intel(R) CSME versions before 11.8.80, 11.12.80, 11.22.80... | | |
| CVE-2020-8757 | Out-of-bounds read in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.7... | | |
| CVE-2020-8758 | Improper buffer restrictions in network subsystem in provisioned Intel(R) AMT and Intel(R) ISM versi... | | |
| CVE-2020-8759 | Improper access control in the installer for Intel(R) SSD DCT versions before 3.0.23 may allow a pri... | S | |
| CVE-2020-8760 | Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70,... | | |
| CVE-2020-8761 | Inadequate encryption strength in subsystem for Intel(R) CSME versions before 13.0.40 and 13.30.10 m... | | |
| CVE-2020-8762 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-8763 | Improper permissions in the installer for the Intel(R) RealSense(TM) D400 Series UWP driver for Wind... | S | |
| CVE-2020-8764 | Improper access control in BIOS firmware for some Intel(R) Processors may allow a privileged user to... | | |
| CVE-2020-8765 | Incorrect default permissions in the installer for the Intel(R) RealSense(TM) DCM may allow a privil... | S | |
| CVE-2020-8766 | Improper conditions check in the Intel(R) SGX DCAP software before version 1.6 may allow an unauthen... | | |
| CVE-2020-8767 | Uncaught exception in the Intel(R) 50GbE IP Core for Intel(R) Quartus Prime before version 20.2 may ... | | |
| CVE-2020-8768 | An issue was discovered on Phoenix Contact Emalytics Controller ILC 2050 BI before 1.2.3 and BI-L be... | | |
| CVE-2020-8771 | The Time Capsule plugin before 1.21.16 for WordPress has an authentication bypass. Any request conta... | E | |
| CVE-2020-8772 | The InfiniteWP Client plugin before 1.9.4.5 for WordPress has a missing authorization check in iwp_m... | E | |
| CVE-2020-8773 | The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS)... | | |
| CVE-2020-8774 | Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in ... | | |
| CVE-2020-8775 | Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability ... | | |
| CVE-2020-8776 | Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via th... | E | |
| CVE-2020-8777 | Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via a ... | E | |
| CVE-2020-8778 | Alfresco Enterprise before 5.2.7 and Alfresco Community before 6.2.0 (rb65251d6-b368) has XSS via an... | E | |
| CVE-2020-8781 | Lack of input sanitization in UpdateRebootMgr service of ALEOS 4.11 and later allow an escalation to... | | |
| CVE-2020-8782 | ALEOS LAN-Side RPC Service Remote Code Execution | | |
| CVE-2020-8783 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (... | | |
| CVE-2020-8784 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (... | | |
| CVE-2020-8785 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (... | | |
| CVE-2020-8786 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow SQL Injection (... | | |
| CVE-2020-8787 | SuiteCRM 7.10.x versions prior to 7.10.23 and 7.11.x versions prior to 7.11.11 allow for an invalid ... | | |
| CVE-2020-8788 | Synaptive Medical ClearCanvas ImageServer 3.0 Alpha allows XSS (and HTML injection) via the Default.... | E | |
| CVE-2020-8789 | Composr 10.0.30 allows Persistent XSS via a Usergroup name under the Security configuration.... | E | |
| CVE-2020-8790 | The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak passwor... | E | |
| CVE-2020-8791 | The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) allows remote at... | E | |
| CVE-2020-8792 | The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has an informati... | E | |
| CVE-2020-8793 | OpenSMTPD before 6.6.4 allows local users to read arbitrary files (e.g., on some Linux distributions... | E | |
| CVE-2020-8794 | OpenSMTPD before 6.6.4 allows remote code execution because of an out-of-bounds read in mta_io in mt... | E S | |
| CVE-2020-8795 | In GitLab Enterprise Edition (EE) 12.5.0 through 12.7.5, sharing a group with a group could grant pr... | | |
| CVE-2020-8796 | Biscom Secure File Transfer (SFT) before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Ex... | | |
| CVE-2020-8797 | Juplink RX4-1500 v1.0.3 allows remote attackers to gain root access to the Linux subsystem via an un... | E | |
| CVE-2020-8798 | httpd in Juplink RX4-1500 v1.0.3-v1.0.5 allows remote attackers to change or access router settings ... | E | |
| CVE-2020-8799 | A Stored XSS vulnerability has been found in the administration page of the WTI Like Post plugin thr... | | |
| CVE-2020-8800 | SuiteCRM through 7.11.11 allows EmailsControllerActionGetFromFields PHP Object Injection.... | | |
| CVE-2020-8801 | SuiteCRM through 7.11.11 allows PHAR Deserialization.... | | |
| CVE-2020-8802 | SuiteCRM through 7.11.11 has Incorrect Access Control via action_saveHTMLField Bean Manipulation.... | | |
| CVE-2020-8803 | SuiteCRM through 7.11.11 allows Directory Traversal to include arbitrary .php files within the webro... | | |
| CVE-2020-8804 | SuiteCRM through 7.11.10 allows SQL Injection via the SOAP API, the EmailUIAjax interface, or the Ma... | E | |
| CVE-2020-8806 | Electric Coin Company Zcashd before 2.1.1-1 allows attackers to trigger consensus failure and double... | | |
| CVE-2020-8807 | In Electric Coin Company Zcashd before 2.1.1-1, the time offset between messages could be leveraged ... | | |
| CVE-2020-8808 | The CorsairLLAccess64.sys and CorsairLLAccess32.sys drivers in CORSAIR iCUE before 3.25.60 allow loc... | S | |
| CVE-2020-8809 | Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unen... | E | |
| CVE-2020-8810 | An issue was discovered in Gurux GXDLMS Director through 8.5.1905.1301. When downloading OBIS codes,... | E | |
| CVE-2020-8811 | ajax/profile-picture-upload.php in Bludit 3.10.0 allows authenticated users to change other users' p... | E | |
| CVE-2020-8812 | Bludit 3.10.0 allows Editor or Author roles to insert malicious JavaScript on the WYSIWYG editor. NO... | E | |
| CVE-2020-8813 | graph_realtime.php in Cacti 1.2.8 allows remote attackers to execute arbitrary OS commands via shell... | E | |
| CVE-2020-8815 | Improper connection handling in the base connection handler in IKTeam BearFTP before v0.3.1 allows a... | E S | |
| CVE-2020-8816 | Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a c... | KEV E S | |
| CVE-2020-8817 | Dataiku DSS before 6.0.5 allows attackers write access to the project to modify the "Created by" met... | | |
| CVE-2020-8818 | An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin... | E | |
| CVE-2020-8819 | An issue was discovered in the CardGate Payments plugin through 3.1.15 for WooCommerce. Lack of orig... | E | |
| CVE-2020-8820 | An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoin... | | |
| CVE-2020-8821 | An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command S... | | |
| CVE-2020-8822 | Digi TransPort WR21 5.2.2.3, WR44 5.1.6.4, and WR44v2 5.1.6.9 devices allow stored XSS in the web ap... | E | |
| CVE-2020-8823 | htmlfile in lib/transport/htmlfile.js in SockJS before 0.3.0 is vulnerable to Reflected XSS via the ... | E S | |
| CVE-2020-8824 | Hitron CODA-4582U 7.1.1.30 devices allow XSS via a Managed Device name on the Wireless > Access Cont... | E | |
| CVE-2020-8825 | index.php?p=/dashboard/settings/branding in Vanilla 2.6.3 allows stored XSS.... | E | |
| CVE-2020-8826 | As of v1.5.0, the Argo web interface authentication system issued immutable tokens. Authentication t... | E | |
| CVE-2020-8827 | As of v1.5.0, the Argo API does not implement anti-automation measures such as rate limiting, accoun... | E | |
| CVE-2020-8828 | As of v1.5.0, the default admin password is set to the argocd-server pod name. For insiders with acc... | E | |
| CVE-2020-8829 | CSRF on Intelbras CIP 92200 devices allows an attacker to access the panel and perform scraping or o... | E | |
| CVE-2020-8830 | CSRF in login.asp on Ruckus devices allows an attacker to access the panel, and use SSRF to perform ... | E | |
| CVE-2020-8831 | World writable root owned lock file created in user controllable location | E | |
| CVE-2020-8832 | Ubuntu 18.04 Linux kernel i915 incomplete fix for CVE-2019-14615 | S | |
| CVE-2020-8833 | Apport race condition in crash report permissions | E | |
| CVE-2020-8834 | Linux kernel KVM Power8 conflicting use of HSTATE_HOST_R1 | E S | |
| CVE-2020-8835 | Linux kernel bpf verifier vulnerability | E S | |
| CVE-2020-8838 | An issue was discovered in Zoho ManageEngine AssetExplorer 6.5. During an upgrade of the Windows age... | E | |
| CVE-2020-8839 | Stored XSS was discovered on CHIYU BF-430 232/485 TCP/IP Converter devices before 1.16.00, as demons... | E | |
| CVE-2020-8840 | FasterXML jackson-databind 2.0.0 through 2.9.10.2 lacks certain xbean-reflect/JNDI blocking, as demo... | | |
| CVE-2020-8841 | An issue was discovered in TestLink 1.9.19. The relation_type parameter of the lib/requirements/reqS... | E | |
| CVE-2020-8842 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8843 | An issue was discovered in Istio 1.3 through 1.3.6. Under certain circumstances, it is possible to b... | S | |
| CVE-2020-8844 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8845 | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox... | | |
| CVE-2020-8846 | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox... | | |
| CVE-2020-8847 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8848 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8849 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8850 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8851 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8852 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-8853 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8854 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8855 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8856 | This vulnerability allows remote atackers to execute arbitrary code on affected installations of Fox... | | |
| CVE-2020-8857 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8858 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Mo... | | |
| CVE-2020-8859 | This vulnerability allows remote attackers to create a denial-of-service condition on affected insta... | | |
| CVE-2020-8860 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sa... | | |
| CVE-2020-8861 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2020-8862 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2020-8863 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2020-8864 | This vulnerability allows network-adjacent attackers to bypass authentication on affected installati... | | |
| CVE-2020-8865 | This vulnerability allows remote attackers to execute local PHP files on affected installations of H... | | |
| CVE-2020-8866 | This vulnerability allows remote attackers to create arbitrary files on affected installations of Ho... | | |
| CVE-2020-8867 | This vulnerability allows remote attackers to create a denial-of-service condition on affected insta... | | |
| CVE-2020-8868 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Qu... | | |
| CVE-2020-8869 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8870 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8871 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2020-8872 | This vulnerability allows local attackers to disclose sensitive information on affected installation... | | |
| CVE-2020-8873 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2020-8874 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2020-8875 | This vulnerability allows local attackers to escalate privileges on affected installations of Parall... | | |
| CVE-2020-8876 | This vulnerability allows local attackers to disclose information on affected installations of Paral... | | |
| CVE-2020-8877 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-8878 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8879 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-8880 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8881 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8882 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fo... | | |
| CVE-2020-8883 | This vulnerability allows remote attackers to disclose sensitive information on affected installatio... | | |
| CVE-2020-8884 | rcdsvc in the Proofpoint Insider Threat Management Windows Agent (formerly ObserveIT Windows Agent) ... | | |
| CVE-2020-8887 | Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerabilit... | E | |
| CVE-2020-8889 | The ShipStation.com plugin 1.0 for CS-Cart allows remote attackers to obtain sensitive information (... | E | |
| CVE-2020-8890 | An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting... | S | |
| CVE-2020-8891 | An issue was discovered in MISP before 2.4.121. It did not canonicalize usernames when trying to blo... | S | |
| CVE-2020-8892 | An issue was discovered in MISP before 2.4.121. It did not consider the HTTP PUT method when trying ... | S | |
| CVE-2020-8893 | An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized s... | S | |
| CVE-2020-8894 | An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/C... | S | |
| CVE-2020-8895 | DLL Hijacking in Google Earth Pro Windows installer | S | |
| CVE-2020-8896 | Buffer Overflow in Google Earth Pro | | |
| CVE-2020-8897 | Robustness weakness in AWS KMS and Encryption SDKs | E M | |
| CVE-2020-8899 | Memory corruption in Quram library when decoding qmg can lead to RCE | E | |
| CVE-2020-8902 | SSRF in Rendertron | | |
| CVE-2020-8903 | Priviged Escalation in Google Cloud Platform's Guest-OSLogin | E S | |
| CVE-2020-8904 | Arbitrary trusted memory overwrite vulnerability in Asylo | S | |
| CVE-2020-8905 | Confidential Information Disclosure vulnerability in Asylo | S | |
| CVE-2020-8907 | Priviged Escalation in Google Cloud Platform's Guest-OSLogin | E S | |
| CVE-2020-8908 | Temp directory permission issue in Guava | E S | |
| CVE-2020-8910 | Auth Bypass in Google's Closure-Library | S | |
| CVE-2020-8911 | CBC padding oracle in AWS S3 Crypto SDK for GoLang | E | |
| CVE-2020-8912 | In-band key negotiation issue in AWS S3 Crypto SDK for GoLang | E | |
| CVE-2020-8913 | Local arbitrary code execution in splitinstall in Android's Play Core | E | |
| CVE-2020-8916 | Memory leak in wpanctl can lead to DoS | S | |
| CVE-2020-8918 | TPM 1.2 key authorization values are vulnerable to a TPM transport eavesdropper | E | |
| CVE-2020-8919 | Information leakage in Gerrit | S | |
| CVE-2020-8920 | Overoptimization leads to private information leak in Gerrit | S | |
| CVE-2020-8923 | XSS in Dart | | |
| CVE-2020-8927 | Buffer overflow in Brotli library | | |
| CVE-2020-8929 | Ciphertext integrity weakness in Tink | S | |
| CVE-2020-8933 | Priviged Escalation in Google Cloud Platform's Guest-OSLogin | E S | |
| CVE-2020-8934 | Site Kit by Google plugin for WordPress | | |
| CVE-2020-8935 | An arbitrary memory overwrite vulnerability in Asylo versions up to 0.6.0 allow an attacker to make ... | S | |
| CVE-2020-8936 | Arbitrary enclave memory overwrite vulnerability in ECall ecall_restore | S | |
| CVE-2020-8937 | Arbitrary enclave memory location write from untrusted environment | S | |
| CVE-2020-8938 | Arbitrary enclave memory location write from untrusted environment | S | |
| CVE-2020-8939 | Out of Bounds read in Asylo | S | |
| CVE-2020-8940 | Unchecked buffer overrun in enc_untrusted_recvmsg | S | |
| CVE-2020-8941 | Unchecked buffer overrun in enc_untrusted_inet_pton | S | |
| CVE-2020-8942 | Unchecked buffer overrun in enc_untrusted_read | S | |
| CVE-2020-8943 | Unchecked buffer overrun in enc_untrusted_recvfrom | S | |
| CVE-2020-8944 | Unchecked buffer overrun in ecall_restore | E S | |
| CVE-2020-8945 | The proglottis Go wrapper before 0.1.1 for the GPGME library has a use-after-free, as demonstrated b... | E S | |
| CVE-2020-8946 | Netis WF2471 v1.2.30142 devices allow an authenticated attacker to execute arbitrary OS commands via... | E | |
| CVE-2020-8947 | functions_netflow.php in Artica Pandora FMS 7.0 allows remote attackers to execute arbitrary OS comm... | E | |
| CVE-2020-8948 | The Sierra Wireless Windows Mobile Broadband Driver Packages (MBDP) before build 5043 allows an unpr... | | |
| CVE-2020-8949 | Gocloud S2A_WL 4.2.7.16471, S2A 4.2.7.17278, S2A 4.3.0.15815, S2A 4.3.0.17193, S3A K2P MTK 4.2.7.165... | E | |
| CVE-2020-8950 | The AUEPLauncher service in Radeon AMD User Experience Program Launcher through 1.0.0.1 on Windows a... | E | |
| CVE-2020-8951 | Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the Source or Destin... | E | |
| CVE-2020-8952 | Fiserv Accurate Reconciliation 2.19.0, fixed in 3.0.0 or higher, allows XSS via the logout.jsp timeO... | E | |
| CVE-2020-8953 | OpenVPN Access Server 2.8.x before 2.8.1 allows LDAP authentication bypass (except when a user is en... | | |
| CVE-2020-8954 | OpenSearch Web browser 1.0.4.9 allows Intent Scheme Hijacking.[a link that opens another app in the ... | | |
| CVE-2020-8955 | irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to ... | S | |
| CVE-2020-8956 | Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users' pass... | | |
| CVE-2020-8958 | Guangzhou 1GE ONU V2801RW 1.9.1-181203 through 2.9.0-181024 and V2804RGW 1.9.1-181203 through 2.9.0-... | E | |
| CVE-2020-8959 | Western Digital WesternDigitalSSDDashboardSetup.exe before 3.0.2.0 allows DLL Hijacking.... | | |
| CVE-2020-8960 | Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS.... | | |
| CVE-2020-8961 | An issue was discovered in Avira Free-Antivirus before 15.0.2004.1825. The Self-Protection feature d... | | |
| CVE-2020-8962 | A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due... | E | |
| CVE-2020-8963 | TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0... | E | |
| CVE-2020-8964 | TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0... | E | |
| CVE-2020-8966 | Cross Site Scripting (XSS) flaws found in Tiki-Wiki CMS software | S | |
| CVE-2020-8967 | GESIO SQL injection vulnerability | S | |
| CVE-2020-8968 | Parallels Remote Application Server credentials management errors | S | |
| CVE-2020-8973 | ZGR TPS200 NG Improper access control | S | |
| CVE-2020-8974 | ZGR TPS200 NG Missing Reference to Active Allocated Resource | S | |
| CVE-2020-8975 | ZGR TPS200 NG Information Exposure | S | |
| CVE-2020-8976 | ZGR TPS200 Cross-Site Request Forgery (CSRF) | S | |
| CVE-2020-8981 | A cross-site scripting (XSS) vulnerability was discovered in the Source Integration plugin before 1.... | S | |
| CVE-2020-8982 | An unauthenticated arbitrary file read issue exists in all versions of Citrix ShareFile StorageZones... | | |
| CVE-2020-8983 | An arbitrary file write issue exists in all versions of Citrix ShareFile StorageZones (aka storage z... | | |
| CVE-2020-8984 | lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta allowed IP address spoofing via the X-Forwarded-Fo... | | |
| CVE-2020-8985 | ZendTo prior to 5.22-2 Beta allowed reflected XSS and CSRF via the unlock.tpl unlock user functional... | | |
| CVE-2020-8986 | lib/NSSDropbox.php in ZendTo prior to 5.22-2 Beta failed to properly check for equality when validat... | | |
| CVE-2020-8987 | Avast AntiTrack before 1.5.1.172 and AVG Antitrack before 2.0.0.178 proxies traffic to HTTPS sites b... | | |
| CVE-2020-8988 | The Voatz application 2020-01-01 for Android allows only 100 million different PINs, which makes it ... | | |
| CVE-2020-8989 | In the Voatz application 2020-01-01 for Android, the amount of data transmitted during a single vote... | | |
| CVE-2020-8990 | Western Digital My Cloud Home before 3.6.0 and ibi before 3.6.0 allow Session Fixation.... | S | |
| CVE-2020-8991 | vg_lookup in daemons/lvmetad/lvmetad-core.c in LVM2 2.02 mismanages memory, leading to an lvmetad me... | | |
| CVE-2020-8992 | ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows att... | S | |
| CVE-2020-8994 | An issue was discovered on XIAOMI AI speaker MDZ-25-DT 1.34.36, and 1.40.14. Attackers can get root ... | E | |
| CVE-2020-8995 | Programi Bilanc Build 007 Release 014 31.01.2020 supplies a .exe file containing several hardcoded c... | | |
| CVE-2020-8996 | AnyShare Cloud 6.0.9 allows authenticated directory traversal to read files, as demonstrated by the ... | E | |
| CVE-2020-8997 | Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to ena... | | |
| CVE-2020-8998 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-8999 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R |