Export limit exceeded: 85838 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85838 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-5187 1 Dnnsoftware 1 Dotnetnuke 2024-11-21 8.8 High
DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).
CVE-2020-5183 1 Ftpgetter 1 Ftpgetter 2024-11-21 7.5 High
FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference.
CVE-2020-5180 3 Apple, Microsoft, Sparklabs 3 Macos, Windows, Viscosity 2024-11-21 7.8 High
Viscosity 1.8.2 on Windows and macOS allows an unprivileged user to set a subset of OpenVPN parameters, which can be used to load a malicious library into the memory of the OpenVPN process, leading to limited local privilege escalation. (When a VPN connection is initiated using a TLS/SSL client profile, the privileges are dropped, and the library will be loaded, resulting in arbitrary code execution as a user with limited privileges. This greatly reduces the impact of the vulnerability.)
CVE-2020-5148 1 Sonicwall 1 Directory Services Connector 2024-11-21 8.2 High
SonicWall SSO-agent default configuration uses NetAPI to probe the associated IP's in the network, this client probing method allows a potential attacker to capture the password hash of the privileged user and potentially forces the SSO Agent to authenticate allowing an attacker to bypass firewall access controls.
CVE-2020-5146 1 Sonicwall 2 Sma 100, Sma 100 Firmware 2024-11-21 7.2 High
A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier.
CVE-2020-5145 1 Sonicwall 1 Global Vpn Client 2024-11-21 8.6 High
SonicWall Global VPN client version 4.10.4.0314 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to remote code execution in the target system.
CVE-2020-5144 1 Sonicwall 1 Global Vpn Client 2024-11-21 7.8 High
SonicWall Global VPN client version 4.10.4.0314 and earlier allows unprivileged windows user to elevate privileges to SYSTEM through loaded process hijacking vulnerability.
CVE-2020-5140 1 Sonicwall 2 Sonicos, Sonicosv 2024-11-21 7.5 High
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
CVE-2020-5139 1 Sonicwall 2 Sonicos, Sonicosv 2024-11-21 7.5 High
A vulnerability in SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS) due to the release of Invalid pointer and leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
CVE-2020-5138 1 Sonicwall 2 Sonicos, Sonicosv 2024-11-21 7.5 High
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
CVE-2020-5137 1 Sonicwall 2 Sonicos, Sonicosv 2024-11-21 7.5 High
A buffer overflow vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
CVE-2020-5133 1 Sonicwall 2 Sonicos, Sonicosv 2024-11-21 7.5 High
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
CVE-2020-5131 1 Sonicwall 1 Netextender 2024-11-21 7.8 High
SonicWall NetExtender Windows client vulnerable to arbitrary file write vulnerability, this allows attacker to overwrite a DLL and execute code with the same privilege in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 9.0.815 and earlier.
CVE-2020-5129 1 Sonicwall 2 Sma1000, Sma1000 Firmware 2024-11-21 7.5 High
A vulnerability in the SonicWall SMA1000 HTTP Extraweb server allows an unauthenticated remote attacker to cause HTTP server crash which leads to Denial of Service. This vulnerability affected SMA1000 Version 12.1.0-06411 and earlier.
CVE-2020-5025 4 Ibm, Linux, Microsoft and 1 more 4 Db2, Linux Kernel, Windows and 1 more 2024-11-21 7.8 High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 db2fm is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. IBM X-Force ID: 193661.
CVE-2020-5024 4 Ibm, Linux, Microsoft and 1 more 4 Db2, Linux Kernel, Windows and 1 more 2024-11-21 7.5 High
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow an unauthenticated attacker to cause a denial of service due a hang in the SSL handshake response. IBM X-Force ID: 193660.
CVE-2020-5023 1 Ibm 1 Spectrum Protect Plus 2024-11-21 7.5 High
IBM Spectrum Protect Plus 10.1.0 through 10.1.7 could allow a remote user to inject arbitrary data iwhich could cause the serivce to crash due to excess resource consumption. IBM X-Force ID: 193659.
CVE-2020-5018 2 Ibm, Linux 2 Spectrum Protect Plus, Linux Kernel 2024-11-21 7.5 High
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may include sensitive information in its URLs increasing the risk of such information being caputured by an attacker. IBM X-Force ID: 193654.
CVE-2020-5015 2 Ibm, Linux 3 Elastic Storage Server, Elastic Storage System, Linux Kernel 2024-11-21 7.5 High
IBM Elastic Storage System 6.0.0 through 6.0.1.2 and IBM Elastic Storage Server 5.3.0 through 5.3.6.2 could allow a remote attacker to cause a denial of service by sending malformed UDP requests. IBM X-Force ID: 193486.
CVE-2020-5013 1 Ibm 1 Qradar Security Information And Event Manager 2024-11-21 8.1 High
IBM QRadar SIEM 7.3 and 7.4 may vulnerable to a XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 193245.