Export limit exceeded: 343293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10532 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10532 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-2908 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 8.2 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2020-2324 | 1 Jenkins | 1 Cvs | 2024-11-21 | 7.5 High |
| Jenkins CVS Plugin 2.16 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2305 | 2 Jenkins, Redhat | 2 Mercurial, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Mercurial Plugin 2.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2304 | 2 Jenkins, Redhat | 2 Subversion, Openshift | 2024-11-21 | 6.5 Medium |
| Jenkins Subversion Plugin 2.13.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2284 | 1 Jenkins | 1 Liquibase Runner | 2024-11-21 | 7.1 High |
| Jenkins Liquibase Runner Plugin 1.4.5 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2247 | 1 Jenkins | 1 Klocwork Analysis | 2024-11-21 | 6.5 Medium |
| Jenkins Klocwork Analysis Plugin 2020.2.1 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2245 | 1 Jenkins | 1 Valgrind | 2024-11-21 | 7.1 High |
| Jenkins Valgrind Plugin 0.28 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2178 | 1 Jenkins | 1 Parasoft Findings | 2024-11-21 | 7.1 High |
| Jenkins Parasoft Findings Plugin 10.4.3 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2171 | 1 Jenkins | 1 Rapiddeploy | 2024-11-21 | 8.8 High |
| Jenkins RapidDeploy Plugin 4.2 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2144 | 1 Jenkins | 1 Rundeck | 2024-11-21 | 7.1 High |
| Jenkins Rundeck Plugin 3.6.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2138 | 1 Jenkins | 1 Cobertura | 2024-11-21 | 7.1 High |
| Jenkins Cobertura Plugin 1.15 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2120 | 1 Jenkins | 1 Fitnesse | 2024-11-21 | 8.8 High |
| Jenkins FitNesse Plugin 1.30 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2115 | 1 Jenkins | 1 Nunit | 2024-11-21 | 8.8 High |
| Jenkins NUnit Plugin 0.25 and earlier does not configure the XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2020-2108 | 1 Jenkins | 1 Websphere Deployer | 2024-11-21 | 7.6 High |
| Jenkins WebSphere Deployer Plugin 1.6.1 and earlier does not configure the XML parser to prevent XXE attacks which can be exploited by a user with Job/Configure permissions. | ||||
| CVE-2020-2092 | 1 Jenkins | 1 Robot Framework | 2024-11-21 | 8.8 High |
| Jenkins Robot Framework Plugin 2.0.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks, allowing users with Job/Configure to have Jenkins parse crafted XML documents. | ||||
| CVE-2020-2012 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.5 High |
| Improper restriction of XML external entity reference ('XXE') vulnerability in Palo Alto Networks Panorama management service allows remote unauthenticated attackers with network access to the Panorama management interface to read arbitrary files on the system. This issue affects: All versions of PAN-OS for Panorama 7.1 and 8.0; PAN-OS for Panorama 8.1 versions earlier than 8.1.13; PAN-OS for Panorama 9.0 versions earlier than 9.0.7. | ||||
| CVE-2020-2009 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7.2 High |
| An external control of filename vulnerability in the SD WAN component of Palo Alto Networks PAN-OS Panorama allows an authenticated administrator to send a request that results in the creation and write of an arbitrary file on all firewalls managed by the Panorama. In some cases this results in arbitrary code execution with root permissions. This issue affects: All versions of PAN-OS 7.1; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7. | ||||
| CVE-2020-29667 | 1 Lanatmservice | 1 M3 Atm Monitoring System | 2024-11-21 | 9.8 Critical |
| In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie value, such as PHPSESSID=LANIT-IMANAGER, can achieve control over the system because of Insufficient Session Expiration. | ||||
| CVE-2020-29661 | 7 Broadcom, Debian, Fedoraproject and 4 more | 25 Fabric Operating System, Debian Linux, Fedora and 22 more | 2024-11-21 | 7.8 High |
| A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_jobctrl.c allows a use-after-free attack against TIOCSPGRP, aka CID-54ffccbf053b. | ||||
| CVE-2020-29660 | 6 Broadcom, Debian, Fedoraproject and 3 more | 18 Fabric Operating System, Debian Linux, Fedora and 15 more | 2024-11-21 | 4.4 Medium |
| A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/tty_io.c and drivers/tty/tty_jobctrl.c may allow a read-after-free attack against TIOCGSID, aka CID-c8bcd9c5be24. | ||||