Total
258 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-0971 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2024-08-04 | N/A |
| An information disclosure vulnerability exists when Azure DevOps Server and Microsoft Team Foundation Server do not properly sanitize a specially crafted authentication request to an affected server, aka 'Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability'. | ||||
| CVE-2019-0857 | 1 Microsoft | 1 Azure Devops Server | 2024-08-04 | N/A |
| A spoofing vulnerability that could allow a security feature bypass exists in when Azure DevOps Server does not properly sanitize user provided input, aka 'Azure DevOps Server Spoofing Vulnerability'. | ||||
| CVE-2019-0956 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Foundation | 2024-08-04 | N/A |
| An information disclosure vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Server Information Disclosure Vulnerability'. | ||||
| CVE-2020-36599 | 1 Omniauth | 1 Omniauth | 2024-08-04 | 9.8 Critical |
| lib/omniauth/failure_endpoint.rb in OmniAuth before 1.9.2 (and before 2.0) does not escape the message_key value. | ||||
| CVE-2020-36567 | 2 Gin-gonic, Redhat | 3 Gin, Migration Toolkit Applications, Rhmt | 2024-08-04 | 7.5 High |
| Unsanitized input in the default logger in github.com/gin-gonic/gin before v1.6.0 allows remote attackers to inject arbitrary log lines. | ||||
| CVE-2020-36173 | 1 Ninjaforms | 1 Ninja Forms | 2024-08-04 | 5.3 Medium |
| The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. | ||||
| CVE-2020-28954 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-08-04 | 5.3 Medium |
| web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. | ||||
| CVE-2020-27958 | 1 Osu | 1 Ohio Supercomputer Center Open Ondemand | 2024-08-04 | 4.3 Medium |
| The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | ||||
| CVE-2020-27604 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-08-04 | 6.5 Medium |
| BigBlueButton before 2.3 does not implement LibreOffice sandboxing. This might make it easier for remote authenticated users to read the API shared secret in the bigbluebutton.properties file. With the API shared secret, an attacker can (for example) use api/join to join an arbitrary meeting regardless of its guestPolicy setting. | ||||
| CVE-2020-26283 | 1 Protocol | 1 Go-ipfs | 2024-08-04 | 6.8 Medium |
| go-ipfs is an open-source golang implementation of IPFS which is a global, versioned, peer-to-peer filesystem. In go-ipfs before version 0.8.0, control characters are not escaped from console output. This can result in hiding input from the user which could result in the user taking an unknown, malicious action. This is fixed in version 0.8.0. | ||||
| CVE-2020-26226 | 1 Semantic-release Project | 1 Semantic-release | 2024-08-04 | 8.1 High |
| In the npm package semantic-release before version 17.2.3, secrets that would normally be masked by `semantic-release` can be accidentally disclosed if they contain characters that become encoded when included in a URL. Secrets that do not contain characters that become encoded when included in a URL are already masked properly. The issue is fixed in version 17.2.3. | ||||
| CVE-2020-25646 | 1 Ansible Collections Project | 1 Community.crypto | 2024-08-04 | 7.5 High |
| A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key in logs. This directly impacts confidentiality | ||||
| CVE-2020-24972 | 3 Fedoraproject, Kleopatra Project, Opensuse | 4 Fedora, Kleopatra, Backports Sle and 1 more | 2024-08-04 | 8.8 High |
| The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. | ||||
| CVE-2020-24592 | 1 Mitel | 1 Micloud Management Portal | 2024-08-04 | 5.3 Medium |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. | ||||
| CVE-2020-16281 | 1 Rangee | 1 Rangeeos | 2024-08-04 | 7.8 High |
| The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. | ||||
| CVE-2020-13625 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-08-04 | 7.5 High |
| PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message. | ||||
| CVE-2020-13654 | 1 Xwiki | 1 Xwiki | 2024-08-04 | 7.5 High |
| XWiki Platform before 12.8 mishandles escaping in the property displayer. | ||||
| CVE-2020-10235 | 1 Froxlor | 1 Froxlor | 2024-08-04 | 8.8 High |
| An issue was discovered in Froxlor before 0.10.14. Remote attackers with access to the installation routine could have executed arbitrary code via the database configuration options that were passed unescaped to exec, because of _backupExistingDatabase in install/lib/class.FroxlorInstall.php. | ||||
| CVE-2020-9862 | 2 Apple, Redhat | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-08-04 | 7.8 High |
| A command injection issue existed in Web Inspector. This issue was addressed with improved escaping. This issue is fixed in iOS 13.6 and iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Copying a URL from Web Inspector may lead to command injection. | ||||
| CVE-2020-6313 | 1 Sap | 1 Netweaver Application Server Java | 2024-08-04 | 6.5 Medium |
| SAP NetWeaver Application Server JAVA(XML Forms) versions 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user controlled inputs, which allows an authenticated User with special roles to store malicious content, that when accessed by a victim, can perform malicious actions by executing JavaScript, leading to Stored Cross-Site Scripting. | ||||