Export limit exceeded: 352355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352355 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3061 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12642 | 1 Reportportal | 1 Service-api | 2024-11-21 | 7.5 High |
| An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import. | ||||
| CVE-2020-12417 | 4 Canonical, Mozilla, Opensuse and 1 more | 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 8.8 High |
| Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | ||||
| CVE-2020-12025 | 1 Rockwellautomation | 1 Studio 5000 Logix Designer | 2024-11-21 | 3.3 Low |
| Rockwell Automation Logix Designer Studio 5000 Versions 32.00, 32.01, and 32.02 vulnerable to an xml external entity (XXE) vulnerability, which may allow an attacker to view hostnames or other resources from the program. | ||||
| CVE-2020-11991 | 1 Apache | 1 Cocoon | 2024-11-21 | 7.5 High |
| When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. | ||||
| CVE-2020-11885 | 1 Wso2 | 1 Enterprise Integrator | 2024-11-21 | 7.2 High |
| WSO2 Enterprise Integrator through 6.6.0 has an XXE vulnerability where a user (with admin console access) can use the XML validator to make unintended network invocations such as SSRF via an uploaded file. | ||||
| CVE-2020-11795 | 1 Jetbrains | 1 Space | 2024-11-21 | 7.5 High |
| In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. | ||||
| CVE-2020-11688 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 7.5 High |
| In JetBrains TeamCity before 2019.2.1, the application state is kept alive after a user ends his session. | ||||
| CVE-2020-11653 | 5 Debian, Opensuse, Redhat and 2 more | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | ||||
| CVE-2020-11586 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 9.8 Critical |
| An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. | ||||
| CVE-2020-11541 | 1 Techsmith | 1 Snagit | 2024-11-21 | 5.5 Medium |
| In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. | ||||
| CVE-2020-11296 | 1 Qualcomm | 1064 Apq8009, Apq8009 Firmware, Apq8017 and 1061 more | 2024-11-21 | 7.5 High |
| Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2020-11280 | 1 Qualcomm | 824 Aqt1000, Aqt1000 Firmware, Ar7420 and 821 more | 2024-11-21 | 7.5 High |
| Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2020-11278 | 1 Qualcomm | 754 Aqt1000, Aqt1000 Firmware, Ar8031 and 751 more | 2024-11-21 | 7.5 High |
| Possible denial of service while handling host WMI command due to improper validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2020-11274 | 1 Qualcomm | 492 Aqt1000, Aqt1000 Firmware, Csrb31024 and 489 more | 2024-11-21 | 7.5 High |
| Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | ||||
| CVE-2020-11218 | 1 Qualcomm | 548 Apq8017, Apq8017 Firmware, Apq8053 and 545 more | 2024-11-21 | 7.5 High |
| Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile | ||||
| CVE-2020-11135 | 1 Qualcomm | 54 Apq8098, Apq8098 Firmware, Kamorta and 51 more | 2024-11-21 | 7.5 High |
| u'Reachable assertion when wrong data size is returned by parser for ape clips' in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, Kamorta, MSM8917, MSM8953, Nicobar, QCM2150, QCS605, QM215, Rennell, SA6155P, SA8155P, Saipan, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | ||||
| CVE-2020-10993 | 1 Osmand | 1 Osmand | 2024-11-21 | 9.1 Critical |
| Osmand through 2.0.0 allow XXE because of binary/BinaryMapIndexReader.java. | ||||
| CVE-2020-10992 | 1 Azkaban Project | 1 Azkaban | 2024-11-21 | 9.8 Critical |
| Azkaban through 3.84.0 allows XXE, related to validator/XmlValidatorManager.java and user/XmlUserManager.java. | ||||
| CVE-2020-10991 | 1 Mulesoft | 1 Aplkit | 2024-11-21 | 9.8 Critical |
| Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java | ||||
| CVE-2020-10990 | 1 Accenture | 1 Mercury | 2024-11-21 | 9.8 Critical |
| An XXE issue exists in Accenture Mercury before 1.12.28 because of the platformlambda/core/serializers/SimpleXmlParser.java component. | ||||