Export limit exceeded: 25911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5203 | 1 Fatfreeframework | 1 Fat-free Framework | 2024-11-21 | 9.8 Critical |
| In Fat-Free Framework 3.7.1, attackers can achieve arbitrary code execution if developers choose to pass user controlled input (e.g., $_REQUEST, $_GET, or $_POST) to the framework's Clear method. | ||||
| CVE-2020-5197 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 Medium |
| An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through 12.6.1. It has Incorrect Access Control. | ||||
| CVE-2020-5143 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.3 Medium |
| SonicOS SSLVPN login page allows a remote unauthenticated attacker to perform firewall management administrator username enumeration based on the server responses. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | ||||
| CVE-2020-5132 | 1 Sonicwall | 3 Sma100, Sma100 Firmware, Sonicos | 2024-11-21 | 5.3 Medium |
| SonicWall SSL-VPN products and SonicWall firewall SSL-VPN feature misconfiguration leads to possible DNS flaw known as domain name collision vulnerability. When the users publicly display their organization’s internal domain names in the SSL-VPN authentication page, an attacker with knowledge of internal domain names can potentially take advantage of this vulnerability. | ||||
| CVE-2020-5131 | 1 Sonicwall | 1 Netextender | 2024-11-21 | 7.8 High |
| SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier. | ||||
| CVE-2020-5130 | 1 Sonicwall | 1 Sonicos | 2024-11-21 | 5.3 Medium |
| SonicOS SSLVPN LDAP login request allows remote attackers to cause external service interaction (DNS) due to improper validation of the request. This vulnerability impact SonicOS version 6.5.4.4-44n and earlier. | ||||
| CVE-2020-4981 | 1 Ibm | 1 Spectrum Scale | 2024-11-21 | 6.0 Medium |
| IBM Spectrum Scale 5.0.4.1 through 5.1.0.3 could allow a local privileged user to overwrite files due to improper input validation. IBM X-Force ID: 192541. | ||||
| CVE-2020-4967 | 1 Ibm | 1 Cloud Pak For Security | 2024-11-21 | 4.3 Medium |
| IBM Cloud Pak for Security (CP4S) 1.3.0.1 could disclose sensitive information through HTTP headers which could be used in further attacks against the system. IBM X-Force ID: 192425. | ||||
| CVE-2020-4957 | 1 Ibm | 1 Security Identity Governance And Intelligence | 2024-11-21 | 5.3 Medium |
| IBM Security Identity Governance and Intelligence 5.2.6 could disclose sensitive information in URL parameters that could aid in future attacks against the system. IBM X-Force ID: 192208. | ||||
| CVE-2020-4953 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 4.3 Medium |
| IBM Planning Analytics 2.0 could allow a remote authenticated attacker to obtain information about an organization's internal structure by exposing sensitive information in HTTP repsonses. IBM X-Force ID: 192029. | ||||
| CVE-2020-4951 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.3 Low |
| IBM Cognos Analytics 11.1.7 and 11.2.0 contains locally cached browser data, that could allow a local attacker to obtain sensitive information. | ||||
| CVE-2020-4941 | 1 Ibm | 1 Edge Application Manager | 2024-11-21 | 4.3 Medium |
| IBM Edge 4.2 could reveal sensitive version information about the server from error pages that could aid an attacker in further attacks against the system. IBM X-Force ID: 191941. | ||||
| CVE-2020-4913 | 1 Ibm | 1 Cloud Pak System | 2024-11-21 | 4.4 Medium |
| IBM Cloud Pak System 2.3 could reveal credential information in the HTTP response to a local privileged user. IBM X-Force ID: 191288. | ||||
| CVE-2020-4908 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 5.3 Medium |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 returns the product version and release information on the login dialog. This information could be used in further attacks against the system. | ||||
| CVE-2020-4907 | 1 Ibm | 1 Financial Transaction Manager For Multiplatform | 2024-11-21 | 5.3 Medium |
| IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2020-4897 | 1 Ibm | 2 Emptoris Contract Management, Emptoris Spend Analysis | 2024-11-21 | 5.3 Medium |
| IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190988. | ||||
| CVE-2020-4896 | 1 Ibm | 1 Emptoris Sourcing | 2024-11-21 | 6.5 Medium |
| IBM Emptoris Sourcing 10.1.0, 10.1.1, and 10.1.3 is vulnerable to web cache poisoning, caused by improper input validation by modifying HTTP request headers. IBM X-Force ID: 190987. | ||||
| CVE-2020-4868 | 1 Ibm | 1 Tririga Application Platform | 2024-11-21 | 4.3 Medium |
| IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744. | ||||
| CVE-2020-4846 | 1 Ibm | 1 Security Key Lifecycle Manager | 2024-11-21 | 2.7 Low |
| IBM Security Key Lifecycle Manager 3.0.1 and 4.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190290. | ||||
| CVE-2020-4842 | 2 Ibm, Microsoft | 2 Security Secret Server, Windows | 2024-11-21 | 4.9 Medium |
| IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046. | ||||