Search Results (83593 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-13410 1 Aedes Project 1 Aedes 2024-11-21 7.5 High
An issue was discovered in MoscaJS Aedes 0.42.0. lib/write.js does not properly consider exceptions during the writing of an invalid packet to a stream.
CVE-2020-13409 1 Tufin 1 Securetrack 2024-11-21 5.9 Medium
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 3 of 3)
CVE-2020-13408 1 Tufin 1 Securetrack 2024-11-21 5.9 Medium
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 2 of 3)
CVE-2020-13407 1 Tufin 1 Securetrack 2024-11-21 5.9 Medium
Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users). Both stored, and reflected payloads are triggerable by admin, so malicious non-authenticated user could get admin level access. Even malicious low-privileged user can inject XSS, which can be executed by admin, potentially elevating privileges and obtaining admin access. (issue 1 of 3)
CVE-2020-13404 1 Quadra-informatique 1 Atos\/sips 2024-11-21 8.8 High
The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.
CVE-2020-13398 5 Canonical, Debian, Freerdp and 2 more 7 Ubuntu Linux, Debian Linux, Freerdp and 4 more 2024-11-21 8.3 High
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
CVE-2020-13388 1 Python 1 Jw.util 2024-11-21 9.8 Critical
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.
CVE-2020-13386 1 Smartdraw 1 Smartdraw 2020 2024-11-21 7.3 High
In SmartDraw 2020 27.0.0.0, the installer gives inherited write permissions to the Authenticated Users group on the SmartDraw 2020 installation folder. Additionally, when the product is installed, two scheduled tasks are created on the machine, SDMsgUpdate (Local) and SDMsgUpdate (TE). The scheduled tasks run in the context of the user who installed the product. Both scheduled tasks attempt to run the same binary, C:\SmartDraw 2020\Messages\SDNotify.exe. The folder Messages doesn't exist by default and (by extension) neither does SDNotify.exe. Due to the weak folder permissions, these can be created by any user. A malicious actor can therefore create a malicious SDNotify.exe binary, and have it automatically run, whenever the user who installed the product logs on to the machine. The malicious SDNotify.exe could, for example, create a new local administrator account on the machine.
CVE-2020-13361 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2024-11-21 3.9 Low
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
CVE-2020-13345 1 Gitlab 1 Gitlab 2024-11-21 5.5 Medium
An issue has been discovered in GitLab affecting all versions starting from 10.8. Reflected XSS on Multiple Routes
CVE-2020-13342 1 Gitlab 1 Gitlab 2024-11-21 2.7 Low
An issue has been discovered in GitLab affecting versions prior to 13.2.10, 13.3.7 and 13.4.2: Lack of Rate Limiting at Re-Sending Confirmation Email
CVE-2020-13340 1 Gitlab 1 Gitlab 2024-11-21 8.7 High
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2: Stored XSS in CI Job Log
CVE-2020-13339 1 Gitlab 1 Gitlab 2024-11-21 5.5 Medium
An issue has been discovered in GitLab affecting all versions before 13.2.10, 13.3.7 and 13.4.2: XSS in SVG File Preview. Overall impact is limited due to the current user only being impacted.
CVE-2020-13338 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue has been discovered in GitLab affecting versions prior to 12.10.13, 13.0.8, 13.1.2. A stored cross-site scripting vulnerability was discovered when editing references.
CVE-2020-13337 1 Gitlab 1 Gitlab 2024-11-21 7.2 High
An issue has been discovered in GitLab affecting versions from 12.10 to 12.10.12 that allowed for a stored XSS payload to be added as a group name.
CVE-2020-13336 1 Gitlab 1 Gitlab 2024-11-21 4 Medium
An issue has been discovered in GitLab affecting versions from 11.8 before 12.10.13. GitLab was vulnerable to a stored XSS by in the error tracking feature.
CVE-2020-13331 1 Gitlab 1 Gitlab 2024-11-21 5.4 Medium
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the Wiki pasges.
CVE-2020-13330 1 Gitlab 1 Gitlab 2024-11-21 4.4 Medium
An issue has been discovered in GitLab affecting versions prior to 12.10.13. GitLab was vulnerable to a stored XSS in import the Bitbucket project feature.
CVE-2020-13329 1 Gitlab 1 Gitlab 2024-11-21 6.5 Medium
An issue has been discovered in GitLab affecting versions from 12.6.2 prior to 12.10.13. GitLab was vulnerable to a stored XSS by in the blob view feature.
CVE-2020-13328 1 Gitlab 1 Gitlab 2024-11-21 4.8 Medium
An issue has been discovered in GitLab affecting versions prior to 13.1.2, 13.0.8 and 12.10.13. GitLab was vulnerable to a stored XSS by using the PyPi files API.