Latest CVE Feed
-
8.1
HIGHCVE-2020-9048
A vulnerability in specified versions of American Dynamics victor Web Client and Software House CCURE Web Client could allow a remote unauthenticated attacker on the network to delete arbitrary files on the system or render the system unusable by conducti... Read more
- Published: Oct. 08, 2020
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2020-9047
A vulnerability exists that could allow the execution of unauthorized code or operating system commands on systems running exacqVision Web Service versions 20.06.3.0 and prior and exacqVision Enterprise Manager versions 20.06.4.0 and prior. An attacker wi... Read more
- Published: Jun. 26, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2020-9046
A vulnerability in all versions of Kantech EntraPass Editions could potentially allow an authorized low-privileged user to gain full system-level privileges by replacing critical files with specifically crafted files.... Read more
Affected Products : kantech_entrapass- Published: May. 26, 2020
- Modified: Nov. 21, 2024
-
9.9
CRITICALCVE-2020-9045
During installation or upgrade to Software House C•CURE 9000 v2.70 and American Dynamics victor Video Management System v5.2, the credentials of the user used to perform the installation or upgrade are logged in a file. The install log file persists after... Read more
- Published: May. 21, 2020
- Modified: Nov. 21, 2024
-
9.1
CRITICALCVE-2020-9044
XXE vulnerability exists in the Metasys family of product Web Services which has the potential to facilitate DoS attacks or harvesting of ASCII server files. This affects Johnson Controls' Metasys Application and Data Server (ADS, ADS-Lite) versions 10.1 ... Read more
Affected Products : metasys_application_and_data_server metasys_extended_application_and_data_server metasys_open_application_server metasys_lonworks_control_server metasys_open_data_server metasys_system_configuration_tool nae55_firmware nie55_firmware nie59_firmware nae85_firmware +10 more products- Published: Mar. 10, 2020
- Modified: Nov. 21, 2024
-
9.0
HIGHCVE-2020-9043
The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key.... Read more
Affected Products : wpcentral- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
8.8
HIGHCVE-2020-9042
In Couchbase Server 6.0, credentials cached by a browser can be used to perform a CSRF attack if an administrator has used their browser to check the results of a REST API request.... Read more
Affected Products : couchbase_server- Published: Jun. 08, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2020-9041
In Couchbase Server 6.0.3 and Couchbase Sync Gateway through 2.7.0, the Cluster management, views, query, and full-text search endpoints are vulnerable to the Slowloris denial-of-service attack because they don't more aggressively terminate slow connectio... Read more
- Published: Jun. 08, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2020-9040
Couchbase Server Java SDK before 2.7.1.1 allows a potential attacker to forge an SSL certificate and pose as the intended peer. An attacker can leverage this flaw by crafting a cryptographically valid certificate that will be accepted by Java SDK's Netty ... Read more
Affected Products : couchbase_server_java_sdk- Published: Jun. 08, 2020
- Modified: Nov. 21, 2024
-
9.8
CRITICALCVE-2020-9039
Couchbase Server 4.0.0, 4.1.0, 4.1.1, 4.5.0, 4.5.1, 4.6.0 through 4.6.5, 5.0.0, 5.1.1, 5.5.0 and 5.5.1 have Insecure Permissions for the projector and indexer REST endpoints (they allow unauthenticated access).The /settings REST endpoint exposed by the pr... Read more
Affected Products : couchbase_server- Published: Feb. 22, 2020
- Modified: Nov. 21, 2024
-
5.4
MEDIUMCVE-2020-9038
Joplin through 1.0.184 allows Arbitrary File Read via XSS.... Read more
Affected Products : joplin- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUM- Published: Aug. 05, 2020
- Modified: Nov. 21, 2024
-
7.5
HIGHCVE-2020-9034
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.... Read more
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-9033
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.... Read more
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-9032
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.... Read more
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-9031
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.... Read more
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-9030
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.... Read more
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
6.5
MEDIUMCVE-2020-9029
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.... Read more
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
6.1
MEDIUMCVE-2020-9028
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).... Read more
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024
-
10.0
HIGHCVE-2020-9027
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.... Read more
- Published: Feb. 17, 2020
- Modified: Nov. 21, 2024