ReportizFlow
Filtered by vendor
Subscriptions
Total
12656 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6202 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 7.2 High |
| SAP NetWeaver Application Server Java (User Management Engine), versions- 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50; does not sufficiently validate the LDAP data source configuration XML document accepted from an untrusted source, leading to Missing XML Validation. | ||||
| CVE-2020-6192 | 1 Sap | 1 Landscape Management | 2024-11-21 | 7.2 High |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | ||||
| CVE-2020-6191 | 1 Sap | 1 Landscape Management | 2024-11-21 | 7.2 High |
| SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | ||||
| CVE-2020-6177 | 1 Sap | 1 Mobile Platform | 2024-11-21 | 4.3 Medium |
| SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server. | ||||
| CVE-2020-6020 | 1 Checkpoint | 1 Ica Management Portal | 2024-11-21 | 6.4 Medium |
| Check Point Security Management's Internal CA web management before Jumbo HFAs R80.10 Take 278, R80.20 Take 160, R80.30 Take 210, and R80.40 Take 38, can be manipulated to run commands as a high privileged user or crash, due to weak input validation on inputs by a trusted management administrator. | ||||
| CVE-2020-5986 | 1 Nvidia | 1 Virtual Gpu Manager | 2024-11-21 | 5.5 Medium |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | ||||
| CVE-2020-5985 | 1 Nvidia | 1 Virtual Gpu Manager | 2024-11-21 | 7.1 High |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data length is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.5), version 10.x (prior to 10.4) and version 11.0. | ||||
| CVE-2020-5970 | 1 Nvidia | 1 Virtual Gpu Manager | 2024-11-21 | 7.1 High |
| NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which an input data size is not validated, which may lead to tampering or denial of service. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3). | ||||
| CVE-2020-5956 | 1 Insyde | 1 Insydeh2o | 2024-11-21 | 7.5 High |
| An issue was discovered in SdLegacySmm in Insyde InsydeH2O with kernel 5.1 before 05.15.11, 5.2 before 05.25.11, 5.3 before 05.34.11, and 5.4 before 05.42.11. The software SMI handler allows untrusted external input because it does not verify CommBuffer. | ||||
| CVE-2020-5778 | 1 Tradingtechnologies | 1 Trading Technologies Messaging | 2024-11-21 | 7.5 High |
| A flaw exists in Trading Technologies Messaging 7.1.28.3 (ttmd.exe) due to improper validation of user-supplied data when processing a type 8 message sent to default TCP RequestPort 10200. An unauthenticated, remote attacker can exploit this issue, via a specially crafted message, to terminate ttmd.exe. | ||||
| CVE-2020-5771 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-11-21 | 7.5 High |
| Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious backup archive. | ||||
| CVE-2020-5728 | 1 Openmrs | 1 Openmrs | 2024-11-21 | 6.1 Medium |
| OpenMRS 2.9 and prior copies "Referrer" header values into an html element named "redirectUrl" within many webpages (such as login.htm). There is insufficient validation for this parameter, which allows for the possibility of cross-site scripting. | ||||
| CVE-2020-5682 | 1 Weseek | 1 Growi | 2024-11-21 | 7.5 High |
| Improper input validation in GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier GROWI versions prior to v4.2.3 (v4.2 Series), GROWI versions prior to v4.1.12 (v4.1 Series), and GROWI v3 series and earlier allows remote attackers to cause a denial of service via unspecified vectors. | ||||
| CVE-2020-5680 | 1 Ec-cube | 1 Ec-cube | 2024-11-21 | 7.5 High |
| Improper input validation vulnerability in EC-CUBE versions from 3.0.5 to 3.0.18 allows a remote attacker to cause a denial-of-service (DoS) condition via unspecified vector. | ||||
| CVE-2020-5643 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.5 Medium |
| Improper input validation vulnerability in Cybozu Garoon 5.0.0 to 5.0.2 allows a remote authenticated attacker to delete some data of the bulletin board via unspecified vector. | ||||
| CVE-2020-5565 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'. | ||||
| CVE-2020-5555 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2024-11-21 | 9.1 Critical |
| Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue. | ||||
| CVE-2020-5537 | 1 Cybozu | 1 Desktop | 2024-11-21 | 9.8 Critical |
| Cybozu Desktop for Windows 2.0.23 to 2.2.40 allows remote code execution via unspecified vectors. | ||||
| CVE-2020-5519 | 1 Litespeedtech | 1 Openlitespeed | 2024-11-21 | 9.8 Critical |
| The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen. | ||||
| CVE-2020-5403 | 1 Pivotal | 1 Reactor Netty | 2024-11-21 | 7.5 High |
| Reactor Netty HttpServer, versions 0.9.3 and 0.9.4, is exposed to a URISyntaxException that causes the connection to be closed prematurely instead of producing a 400 response. | ||||