Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12424 | 2 Mozilla, Opensuse | 2 Firefox, Leap | 2023-01-27 | 4.3 MEDIUM | 6.5 MEDIUM |
| When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission; bypassing the prompt. This vulnerability affects Firefox < 78. | |||||
| CVE-2020-4074 | 1 Prestashop | 1 Prestashop | 2023-01-27 | 10.0 HIGH | 9.8 CRITICAL |
| In PrestaShop from version 1.5.0.0 and before version 1.7.6.6, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 1.7.6.6. | |||||
| CVE-2020-11074 | 1 Prestashop | 1 Prestashop | 2023-01-27 | 3.5 LOW | 5.4 MEDIUM |
| In PrestaShop from version 1.5.3.0 and before version 1.7.6.6, there is a stored XSS when using the name of a quick access item. The problem is fixed in 1.7.6.6. | |||||
| CVE-2020-5906 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2023-01-27 | 5.5 MEDIUM | 8.1 HIGH |
| In versions 13.1.0-13.1.3.3, 12.1.0-12.1.5.2, and 11.6.1-11.6.5.2, the BIG-IP system does not properly enforce the access controls for the scp.blacklist files. This allows Admin and Resource Admin users with Secure Copy (SCP) protocol access to read and overwrite blacklisted files via SCP. | |||||
| CVE-2020-5903 | 1 F5 | 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more | 2023-01-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| In BIG-IP versions 15.0.0-15.1.0.3, 14.1.0-14.1.2.5, 13.1.0-13.1.3.3, 12.1.0-12.1.5.1, a Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. | |||||
| CVE-2020-3963 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2023-01-27 | 2.1 LOW | 5.5 MEDIUM |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. | |||||
| CVE-2020-14943 | 1 Globalradar | 1 Bsa Radar | 2023-01-27 | 3.5 LOW | 5.4 MEDIUM |
| The Firstname and Lastname parameters in Global RADAR BSA Radar 1.6.7234.24750 and earlier are vulnerable to stored cross-site scripting (XSS) via Update User Profile. | |||||
| CVE-2023-23690 | 1 Dell | 1 Cloud Mobility For Dell Emc Storage | 2023-01-27 | N/A | 7.0 HIGH |
| Cloud Mobility for Dell EMC Storage, versions 1.3.0.X and below contains an Improper Check for Certificate Revocation vulnerability. A threat actor does not need any specific privileges to potentially exploit this vulnerability. An attacker could perform a man-in-the-middle attack and eavesdrop on encrypted communications from Cloud Mobility to Cloud Storage devices. Exploitation could lead to the compromise of secret and sensitive information, cloud storage connection downtime, and the integrity of the connection to the Cloud devices. | |||||
| CVE-2020-14983 | 2 Chocolate-doom, Opensuse | 4 Chocolate Doom, Crispy Doom, Backports and 1 more | 2023-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| The server in Chocolate Doom 3.0.0 and Crispy Doom 5.8.0 doesn't validate the user-controlled num_players value, leading to a buffer overflow. A malicious user can overwrite the server's stack. | |||||
| CVE-2020-14981 | 1 Vipre | 1 Password Vault | 2023-01-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| The ThreatTrack VIPRE Password Vault app through 1.100.1090 for iOS has Missing SSL Certificate Validation. | |||||
| CVE-2020-14461 | 1 Zyxel | 2 Wap6806, Wap6806 Firmware | 2023-01-27 | 5.0 MEDIUM | 8.6 HIGH |
| Zyxel Armor X1 WAP6806 1.00(ABAL.6)C0 devices allow Directory Traversal via the images/eaZy/ URI. | |||||
| CVE-2023-22602 | 2 Apache, Vmware | 2 Shiro, Spring Boot | 2023-01-27 | N/A | 7.5 HIGH |
| When using Apache Shiro before 1.11.0 together with Spring Boot 2.6+, a specially crafted HTTP request may cause an authentication bypass. The authentication bypass occurs when Shiro and Spring Boot are using different pattern-matching techniques. Both Shiro and Spring Boot < 2.6 default to Ant style pattern matching. Mitigation: Update to Apache Shiro 1.11.0, or set the following Spring Boot configuration value: `spring.mvc.pathmatch.matching-strategy = ant_path_matcher` | |||||
| CVE-2020-14980 | 1 Sophos | 1 Sophos Secure Email | 2023-01-27 | 4.3 MEDIUM | 5.9 MEDIUM |
| The Sophos Secure Email application through 3.9.4 for Android has Missing SSL Certificate Validation. | |||||
| CVE-2021-37774 | 1 Tp-link | 2 Tl-wdr7660, Tl-wdr7660 Firmware | 2023-01-27 | N/A | 8.0 HIGH |
| An issue was discovered in function httpProcDataSrv in TL-WDR7660 2.0.30 that allows attackers to execute arbitrary code. | |||||
| CVE-2023-20044 | 1 Cisco | 1 Cx Cloud Agent | 2023-01-27 | N/A | 7.3 HIGH |
| A vulnerability in Cisco CX Cloud Agent of could allow an authenticated, local attacker to elevate their privileges. This vulnerability is due to insecure file permissions. An attacker could exploit this vulnerability by persuading support to update settings which call the insecure script. A successful exploit could allow the attacker to take complete control of the affected device. | |||||
| CVE-2019-18180 | 1 Otrs | 1 Otrs | 2023-01-27 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Check for filenames with overly long extensions in PostMaster (sending in email) or uploading files (e.g. attaching files to mails) of ((OTRS)) Community Edition and OTRS allows an remote attacker to cause an endless loop. This issue affects: OTRS AG: ((OTRS)) Community Edition 5.0.x version 5.0.38 and prior versions; 6.0.x version 6.0.23 and prior versions. OTRS AG: OTRS 7.0.x version 7.0.12 and prior versions. | |||||
| CVE-2023-0385 | 1 Custom 404 Pro Project | 1 Custom 404 Pro | 2023-01-27 | N/A | 4.3 MEDIUM |
| The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom_404_pro_admin_init function. This makes it possible for unauthenticated attackers to delete logs, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2019-16375 | 1 Otrs | 1 Otrs | 2023-01-27 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.11, and Community Edition 5.0.x through 5.0.37 and 6.0.x through 6.0.22. An attacker who is logged in as an agent or customer user with appropriate permissions can create a carefully crafted string containing malicious JavaScript code as an article body. This malicious code is executed when an agent composes an answer to the original article. | |||||
| CVE-2019-13457 | 1 Otrs | 1 Otrs | 2023-01-27 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in Open Ticket Request System (OTRS) 7.0.x through 7.0.8. A customer user can use the search results to disclose information from their "company" tickets (with the same CustomerID), even when the CustomerDisableCompanyTicketAccess setting is turned on. | |||||
| CVE-2020-7040 | 4 Canonical, Debian, Opensuse and 1 more | 5 Ubuntu Linux, Debian Linux, Backports Sle and 2 more | 2023-01-27 | 9.3 HIGH | 8.1 HIGH |
| storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.) | |||||