Total
132 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-9751 | 1 Naver | 1 Cloud Explorer | 2024-08-04 | 9.1 Critical |
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade. | ||||
CVE-2020-9474 | 1 Siedle | 2 Sg 150-0, Sg 150-0 Firmware | 2024-08-04 | 8.8 High |
The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway. | ||||
CVE-2020-8809 | 1 Gurux | 1 Device Language Message Specification Director | 2024-08-04 | 8.1 High |
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker can modify the contents of downloaded files. In the case of add-ins (if the user is using those), this will lead to code execution. In case of OBIS codes (which the user is always using as they are needed to communicate with the energy meters), this can lead to code execution when combined with CVE-2020-8810. | ||||
CVE-2020-7874 | 2 Microsoft, Tobesoft | 2 Windows, Nexacro | 2024-08-04 | 8.8 High |
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of tobesoft Co., Ltd allows the attacker to cause an arbitrary file download and execution. This vulnerability is due to incomplete validation of file download URL or file extension. | ||||
CVE-2020-7813 | 1 Kaoni | 1 Ezhttptrans | 2024-08-04 | 7.8 High |
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | ||||
CVE-2020-7812 | 2 Kaoni, Microsoft | 2 Ezhttptrans, Windows | 2024-08-04 | 7.8 High |
Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC. | ||||
CVE-2020-7873 | 1 Ksystem | 1 K-system Wellcomm | 2024-08-04 | 8.8 High |
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. | ||||
CVE-2020-7806 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2024-08-04 | 7.8 High |
Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution. | ||||
CVE-2020-7875 | 2 Dext5, Microsoft | 2 Dext5upload, Windows | 2024-08-04 | 7.5 High |
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | ||||
CVE-2020-7817 | 2 Microsoft, Raonwiz | 2 Windows, K Upload | 2024-08-04 | 5.5 Medium |
MyBrowserPlus downloads the files needed to run the program through the setup file (Setup.inf). At this time, there is a vulnerability in downloading arbitrary files due to insufficient integrity verification of the files. | ||||
CVE-2020-7505 | 1 Schneider-electric | 2 Easergy T300, Easergy T300 Firmware | 2024-08-04 | 7.2 High |
A CWE-494 Download of Code Without Integrity Check vulnerability exists in Easergy T300 (Firmware version 1.5.2 and older) which could allow an attacker to inject data with dangerous content into the firmware and execute arbitrary code on the system. | ||||
CVE-2020-5867 | 2 F5, Netapp | 2 Nginx Controller, Cloud Backup | 2024-08-04 | 8.1 High |
In versions prior to 3.3.0, the NGINX Controller Agent installer script 'install.sh' uses HTTP instead of HTTPS to check and install packages | ||||
CVE-2020-5772 | 1 Teltonika-networks | 2 Trb245, Trb245 Firmware | 2024-08-04 | 7.5 High |
Improper Input Validation in Teltonika firmware TRB2_R_00.02.04.01 allows a remote, authenticated attacker to gain root privileges by uploading a malicious package file. | ||||
CVE-2020-4125 | 1 Ibm | 1 Marketing Operations | 2024-08-04 | 8.1 High |
Using HCL Marketing Operations 9.1.2.4, 10.1.x, 11.1.0.x, a malicious attacker could download files from the RHEL environment by doing some modification in the link, giving the attacker access to confidential information. | ||||
CVE-2020-2320 | 1 Jenkins | 1 Installation Manager Tool | 2024-08-04 | 9.8 Critical |
Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. | ||||
CVE-2020-1576 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | 8.5 High |
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | ||||
CVE-2020-1595 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | 9.9 Critical |
<p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p> <p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p> | ||||
CVE-2020-1453 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | 8.6 High |
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | ||||
CVE-2020-1452 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2024-08-04 | 8.6 High |
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | ||||
CVE-2020-1210 | 1 Microsoft | 4 Business Productivity Servers, Sharepoint Enterprise Server, Sharepoint Foundation and 1 more | 2024-08-04 | 9.9 Critical |
<p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> |