Vulnerabilities (CVE)

Filtered by CWE-74
Total 980 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-27687 1 Thingsboard 1 Thingsboard 2024-11-21 6.8 MEDIUM 8.8 HIGH
ThingsBoard before v3.2 is vulnerable to Host header injection in password-reset emails. This allows an attacker to send malicious links in password-reset emails to victims, pointing to an attacker-controlled server. Lack of validation of the Host header allows this to happen.
CVE-2020-27627 1 Jetbrains 1 Teamcity 2024-11-21 5.8 MEDIUM 6.1 MEDIUM
JetBrains TeamCity before 2020.1.2 was vulnerable to URL injection.
CVE-2020-27602 1 Bigbluebutton 1 Bigbluebutton 2024-11-21 N/A 9.8 CRITICAL
BigBlueButton before 2.2.7 does not have a protection mechanism for separator injection in meetingId, userId, and authToken.
CVE-2020-27260 1 Innokasmedical 2 Vital Signs Monitor Vc150, Vital Signs Monitor Vc150 Firmware 2024-11-21 2.1 LOW 5.3 MEDIUM
Innokas Yhtymä Oy Vital Signs Monitor VC150 prior to Version 1.7.15 HL7 v2.x injection vulnerabilities exist in the affected products that allow physically proximate attackers with a connected barcode reader to inject HL7 v2.x segments into specific HL7 v2.x messages via multiple expected parameters.
CVE-2020-27212 1 St 95 Stm32cubel4 Firmware, Stm32l412c8, Stm32l412cb and 92 more 2024-11-21 4.4 MEDIUM 7.0 HIGH
STMicroelectronics STM32L4 devices through 2020-10-19 have incorrect access control. The flash read-out protection (RDP) can be degraded from RDP level 2 (no access via debug interface) to level 1 (limited access via debug interface) by injecting a fault during the boot phase.
CVE-2020-26884 1 Rsa 1 Archer 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.
CVE-2020-26298 2 Debian, Redcarpet Project 2 Debian Linux, Redcarpet 2024-11-21 3.5 LOW 6.8 MEDIUM
Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit.
CVE-2020-26282 1 Browserup 1 Browserup Proxy 2024-11-21 7.5 HIGH 10.0 CRITICAL
BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it is especially useful when embedded in Selenium tests. A Server-Side Template Injection was identified in BrowserUp Proxy enabling attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. This has been patched in version 2.1.2.
CVE-2020-26260 1 Bookstackapp 1 Bookstack 2024-11-21 5.5 MEDIUM 6.4 MEDIUM
BookStack is a platform for storing and organising information and documentation. In BookStack before version 0.30.5, a user with permissions to edit a page could set certain image URL's to manipulate functionality in the exporting system, which would allow them to make server side requests and/or have access to a wider scope of files within the BookStack file storage locations. The issue was addressed in BookStack v0.30.5. As a workaround, page edit permissions could be limited to only those that are trusted until you can upgrade.
CVE-2020-26238 1 Cron-utils Project 1 Cron-utils 2024-11-21 6.8 MEDIUM 7.9 HIGH
Cron-utils is a Java library to parse, validate, migrate crons as well as get human readable descriptions for them. In cron-utils before version 9.1.3, a template Injection vulnerability is present. This enables attackers to inject arbitrary Java EL expressions, leading to unauthenticated Remote Code Execution (RCE) vulnerability. Only projects using the @Cron annotation to validate untrusted Cron expressions are affected. This issue was patched in version 9.1.3.
CVE-2020-26222 1 Dependabot Project 1 Dependabot 2024-11-21 6.5 MEDIUM 8.7 HIGH
Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and dependabot-go_modules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$({curl,127.0.0.1})", Dependabot will make a HTTP request to the following URL: 127.0.0.1 when cloning the source repository. The fix was applied to version 0.125.1. As a workaround, one can escape the branch name prior to passing it to the Dependabot::Source class.
CVE-2020-26142 1 Openbsd 1 Openbsd 2024-11-21 2.6 LOW 5.3 MEDIUM
An issue was discovered in the kernel in OpenBSD 6.6. The WEP, WPA, WPA2, and WPA3 implementations treat fragmented frames as full frames. An adversary can abuse this to inject arbitrary network packets, independent of the network configuration.
CVE-2020-26137 4 Canonical, Debian, Oracle and 1 more 5 Ubuntu Linux, Debian Linux, Communications Cloud Native Core Network Function Cloud Native Environment and 2 more 2024-11-21 6.4 MEDIUM 6.5 MEDIUM
urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.
CVE-2020-26116 7 Canonical, Debian, Fedoraproject and 4 more 9 Ubuntu Linux, Debian Linux, Fedora and 6 more 2024-11-21 6.4 MEDIUM 7.2 HIGH
http.client in Python 3.x before 3.5.10, 3.6.x before 3.6.12, 3.7.x before 3.7.9, and 3.8.x before 3.8.5 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of HTTPConnection.request.
CVE-2020-26081 1 Cisco 1 Iot Field Network Director 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Multiple vulnerabilities in the web UI of Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users on an affected system. The vulnerabilities are due to insufficient validation of user-supplied input that is processed by the web UI. An attacker could exploit these vulnerabilities by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information on an affected system.
CVE-2020-25967 2 Fastadmin, Microsoft 2 Fastadmin, Windows 2024-11-21 6.5 MEDIUM 8.8 HIGH
The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template Injection (SSTI) vulnerability.
CVE-2020-25768 1 Contao 1 Contao 2024-11-21 5.0 MEDIUM 5.3 MEDIUM
Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. It is possible to inject insert tags in front end forms which will be replaced when the page is rendered.
CVE-2020-25596 4 Debian, Fedoraproject, Opensuse and 1 more 4 Debian Linux, Fedora, Leap and 1 more 2024-11-21 2.1 LOW 5.5 MEDIUM
An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service via SYSENTER. The SYSENTER instruction leaves various state sanitization activities to software. One of Xen's sanitization paths injects a #GP fault, and incorrectly delivers it twice to the guest. This causes the guest kernel to observe a kernel-privilege #GP fault (typically fatal) rather than a user-privilege #GP fault (usually converted into SIGSEGV/etc.). Malicious or buggy userspace can crash the guest kernel, resulting in a VM Denial of Service. All versions of Xen from 3.2 onwards are vulnerable. Only x86 systems are vulnerable. ARM platforms are not vulnerable. Only x86 systems that support the SYSENTER instruction in 64bit mode are vulnerable. This is believed to be Intel, Centaur, and Shanghai CPUs. AMD and Hygon CPUs are not believed to be vulnerable. Only x86 PV guests can exploit the vulnerability. x86 PVH / HVM guests cannot exploit the vulnerability.
CVE-2020-24826 1 Libelfin Project 1 Libelfin 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
CVE-2020-24825 1 Libelfin Project 1 Libelfin 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.