Search Results (364285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-8291 1 Rocket.chat 1 Rocket.chat 2024-11-21 6.1 Medium
A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks.
CVE-2020-8290 1 Backblaze 1 Backblaze 2024-11-21 7.8 High
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.
CVE-2020-8289 1 Backblaze 1 Backblaze 2024-11-21 7.8 High
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.
CVE-2020-8288 1 Rocket.chat 1 Rocket.chat 2024-11-21 5.4 Medium
The `specializedRendering` function in Rocket.Chat server before 3.9.2 allows a cross-site scripting (XSS) vulnerability by way of the `value` parameter.
CVE-2020-8286 9 Apple, Debian, Fedoraproject and 6 more 22 Mac Os X, Macos, Debian Linux and 19 more 2024-11-21 7.5 High
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.
CVE-2020-8283 1 Citrix 3 Virtual Apps And Desktops, Xenapp, Xendesktop 2024-11-21 8.8 High
An authorised user on a Windows host running Citrix Universal Print Server can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9.
CVE-2020-8282 1 Ui 4 Edgemax Edgepower 24v, Edgemax Edgepower 24v Firmware, Edgemax Edgepower 54v and 1 more 2024-11-21 8.8 High
A security issue was found in EdgePower 24V/54V firmware v1.7.0 and earlier where, due to missing CSRF protections, an attacker would have been able to perform unauthorized remote code execution.
CVE-2020-8281 1 Nextcloud 1 Contacts 2024-11-21 5.4 Medium
A missing file type check in Nextcloud Contacts 3.3.0 allows a malicious user to upload malicious SVG files to perform cross-site scripting (XSS) attacks.
CVE-2020-8280 1 Nextcloud 1 Contacts 2024-11-21 5.4 Medium
A missing file type check in Nextcloud Contacts 3.4.0 allows a malicious user to upload SVG files as PNG files to perform cross-site scripting (XSS) attacks.
CVE-2020-8279 1 Nextcloud 1 Social 2024-11-21 7.4 High
Missing validation of server certificates for out-going connections in Nextcloud Social < 0.4.0 allowed a man-in-the-middle attack.
CVE-2020-8278 1 Nextcloud 1 Social 2024-11-21 5.3 Medium
Improper access control in Nextcloud Social app version 0.3.1 allowed to read posts of any user.
CVE-2020-8276 1 Brave 1 Brave 2024-11-21 5.5 Medium
The implementation of Brave Desktop's privacy-preserving analytics system (P3A) between 1.1 and 1.18.35 logged the timestamp of when the user last opened an incognito window, including Tor windows. The intended behavior was to log the timestamp for incognito windows excluding Tor windows. Note that if a user has P3A enabled, the timestamp is not sent to Brave's server, but rather a value from:Used in last 24hUsed in last week but not 24hUsed in last 28 days but not weekEver used but not in last 28 daysNever usedThe privacy risk is low because a local attacker with disk access cannot tell if the timestamp corresponds to a Tor window or a non-Tor incognito window.
CVE-2020-8275 1 Citrix 1 Secure Mail 2024-11-21 4.3 Medium
Citrix Secure Mail for Android before 20.11.0 suffers from improper access control allowing unauthenticated access to read limited calendar related data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
CVE-2020-8274 1 Citrix 1 Secure Mail 2024-11-21 6.5 Medium
Citrix Secure Mail for Android before 20.11.0 suffers from Improper Control of Generation of Code ('Code Injection') by allowing unauthenticated access to read data stored within Secure Mail. Note that a malicious app would need to be installed on the Android device or a threat actor would need to execute arbitrary code on the Android device.
CVE-2020-8273 1 Citrix 1 Sd-wan 2024-11-21 8.8 High
Privilege escalation of an authenticated user to root in Citrix SD-WAN center versions before 11.2.2, 11.1.2b and 10.2.8.
CVE-2020-8272 1 Citrix 1 Sd-wan 2024-11-21 7.5 High
Authentication Bypass resulting in exposure of SD-WAN functionality in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
CVE-2020-8271 1 Citrix 1 Sd-wan 2024-11-21 9.8 Critical
Unauthenticated remote code execution with root privileges in Citrix SD-WAN Center versions before 11.2.2, 11.1.2b and 10.2.8
CVE-2020-8270 1 Citrix 1 Virtual Apps And Desktops 2024-11-21 8.8 High
An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342
CVE-2020-8269 1 Citrix 3 Virtual Apps And Desktops, Xenapp, Xendesktop 2024-11-21 8.8 High
An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9
CVE-2020-8268 1 Json8-merge-patch Project 1 Json8-merge-patch 2024-11-21 7.5 High
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.