Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3939 | 1 Sysjust | 1 Syuan-gu-da-shin | 2021-12-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| SysJust Syuan-Gu-Da-Shih, versions before 20191223, contain vulnerability of Cross-Site Scripting(XSS), personal information may be leaked to attackers via the vulnerability. | |||||
| CVE-2020-14472 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2021-12-20 | 7.5 HIGH | 9.8 CRITICAL |
| On Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1, there are some command-injection vulnerabilities in the mainfunction.cgi file. | |||||
| CVE-2020-7667 | 1 Sas | 1 Go Rpm Utils | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| In package github.com/sassoftware/go-rpmutils/cpio before version 0.1.0, the CPIO extraction functionality doesn't sanitize the paths of the archived files for leading and non-leading ".." which leads in file extraction outside of the current directory. Note: the fixing commit was applied to all affected versions which were re-released. | |||||
| CVE-2020-7664 | 1 Compression And Archive Extensions Project | 1 Compression And Archive Extensions Zip Project | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| In all versions of the package github.com/unknwon/cae/zip, the ExtractTo function doesn't securely escape file paths in zip archives which include leading or non-leading "..". This allows an attacker to add or replace files system-wide. | |||||
| CVE-2019-5508 | 1 Netapp | 1 Clustered Data Ontap | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| Clustered Data ONTAP versions 9.2 through 9.4 are susceptible to a vulnerability which allows an attacker to use l2ping to cause a Denial of Service (DoS). | |||||
| CVE-2019-19611 | 1 Halvotec | 1 Raquest | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1 | |||||
| CVE-2020-15771 | 1 Gradle | 2 Enterprise, Enterprise Cache Node | 2021-12-20 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Gradle Enterprise 2018.2 and Gradle Enterprise Build Cache Node 4.1. Cross-site transmission of cookie containing CSRF token allows remote attacker to bypass CSRF mitigation. | |||||
| CVE-2020-15767 | 1 Gradle | 1 Enterprise | 2021-12-20 | 2.6 LOW | 5.3 MEDIUM |
| An issue was discovered in Gradle Enterprise before 2020.2.5. The cookie used to convey the CSRF prevention token is not annotated with the “secure” attribute, which allows an attacker with the ability to MITM plain HTTP requests to obtain it, if the user mistakenly uses a HTTP instead of HTTPS address to access the server. This cookie value could then be used to perform CSRF. | |||||
| CVE-2021-29847 | 1 Ibm | 10 Power Hardware Management Console \(7063-cr1\), Power Hardware Management Console \(7063-cr1\) Firmware, Power System Cs821lc \(8005-12n\) and 7 more | 2021-12-20 | 4.3 MEDIUM | 5.9 MEDIUM |
| BMC firmware (IBM Power System S821LC Server (8001-12C) OP825.50) configuration changed to allow an authenticated user to open an insecure communication channel which could allow an attacker to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 205267. | |||||
| CVE-2020-3709 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-3708 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-3707 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-3706 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-3705 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-3697 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-3695 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-3682 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-3631 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-3627 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||
| CVE-2020-16836 | 2021-12-20 | N/A | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none. | |||||