Total
73 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-25266 | 1 Appimage | 1 Appimaged | 2020-12-07 | 4.3 MEDIUM | 5.5 MEDIUM |
| AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it. | |||||
| CVE-2020-28332 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images. | |||||
| CVE-2020-1200 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-09-12 | 7.5 HIGH | 8.6 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595. | |||||
| CVE-2020-1576 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1595. | |||||
| CVE-2020-1595 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576. | |||||
| CVE-2020-1210 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-09-12 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1452, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595. | |||||
| CVE-2020-1452 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-09-12 | 7.5 HIGH | 8.6 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1453, CVE-2020-1576, CVE-2020-1595. | |||||
| CVE-2020-1453 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2020-09-12 | 7.5 HIGH | 8.6 HIGH |
| A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package, aka 'Microsoft SharePoint Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1200, CVE-2020-1210, CVE-2020-1452, CVE-2020-1576, CVE-2020-1595. | |||||
| CVE-2020-7831 | 2 Inogard, Microsoft | 2 Ebiz4u, Windows | 2020-09-02 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability in the web-based contract management service interface Ebiz4u of INOGARD could allow an victim user to download any file. The attacker is able to use startup menu directory via directory traversal for automatic execution. The victim user need to reboot, however. | |||||
| CVE-2019-12162 | 1 Upwork | 1 Time Tracker | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| Upwork Time Tracker 5.2.2.716 doesn't verify the SHA256 hash of the downloaded program update before running it, which could lead to code execution or local privilege escalation by replacing the original update.exe. | |||||
| CVE-2018-19234 | 1 Comparex | 1 Miss Marple | 2020-08-24 | 9.0 HIGH | 8.8 HIGH |
| The Miss Marple Updater Service in COMPAREX Miss Marple Enterprise Edition before 2.0 allows remote attackers to execute arbitrary code with SYSTEM privileges via vectors related to missing update validation. | |||||
| CVE-2019-5982 | 1 Sony | 1 Vaio Update | 2020-08-24 | 5.4 MEDIUM | 7.5 HIGH |
| Improper download file verification vulnerability in VAIO Update 7.3.0.03150 and earlier allows remote attackers to conduct a man-in-the-middle attack via a malicous wireless LAN access point. A successful exploitation may result in a malicious file being downloaded/executed. | |||||
| CVE-2020-7817 | 2 Microsoft, Raonwiz | 2 Windows, K Upload | 2020-08-11 | 4.6 MEDIUM | 7.8 HIGH |
| MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files. | |||||
| CVE-2020-10926 | 1 Netgear | 2 R6700, R6700 Firmware | 2020-07-29 | 8.3 HIGH | 8.8 HIGH |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the lack of proper validation of the firmware image prior to performing an upgrade. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-9648. | |||||
| CVE-2020-4125 | 1 Ibm | 1 Marketing Operations | 2020-07-24 | 5.5 MEDIUM | 8.1 HIGH |
| Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information. | |||||
| CVE-2020-7826 | 1 Eyesurfer | 1 Bflyinstallerx.ocx | 2020-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it. | |||||
| CVE-2020-7505 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2020-06-17 | 9.0 HIGH | 7.2 HIGH |
| A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system. | |||||
| CVE-2020-7812 | 2 Kaoni, Microsoft | 2 Ezhttptrans, Windows | 2020-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC. | |||||
| CVE-2020-7813 | 1 Kaoni | 1 Ezhttptrans | 2020-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | |||||
| CVE-2020-9474 | 1 Siedle | 2 Sg 150-0, Sg 150-0 Firmware | 2020-05-14 | 9.0 HIGH | 8.8 HIGH |
| The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway. | |||||