Export limit exceeded: 344010 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2955 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25649 | 7 Apache, Fasterxml, Fedoraproject and 4 more | 50 Iotdb, Jackson-databind, Fedora and 47 more | 2024-11-21 | 7.5 High |
| A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity. | ||||
| CVE-2020-25374 | 1 Cyberark | 1 Privileged Session Manager | 2024-11-21 | 2.6 Low |
| CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames by reading an error popup message after two hours of idle time. | ||||
| CVE-2020-25257 | 1 Hyland | 1 Onbase | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and below, 19.8.16.1000 and below and 20.3.10.1000 and below. It allows XXE attacks for read/write access to arbitrary files. | ||||
| CVE-2020-25215 | 1 Yworks | 1 Yed | 2024-11-21 | 9.8 Critical |
| yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. | ||||
| CVE-2020-25186 | 1 We-con | 1 Levistudiou | 2024-11-21 | 7.5 High |
| An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing parameter entities, which may allow file disclosure. | ||||
| CVE-2020-25161 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control or influence a path used in an operation on the filesystem and remotely execute code as an administrator. | ||||
| CVE-2020-24713 | 1 Getgophish | 1 Gophish | 2024-11-21 | 7.5 High |
| Gophish through 0.10.1 does not invalidate the gophish cookie upon logout. | ||||
| CVE-2020-24656 | 1 Maltego | 1 Maltego | 2024-11-21 | 6.5 Medium |
| Maltego before 4.2.12 allows XXE attacks. | ||||
| CVE-2020-24591 | 1 Wso2 | 5 Api Manager, Api Manager Analytics, Api Microgateway and 2 more | 2024-11-21 | 6.5 Medium |
| The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. | ||||
| CVE-2020-24589 | 1 Wso2 | 2 Api Manager, Api Microgateway | 2024-11-21 | 9.1 Critical |
| The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. | ||||
| CVE-2020-24454 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 7.5 High |
| Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2020-24379 | 3 Canonical, Debian, Yaws | 3 Ubuntu Linux, Debian Linux, Yaws | 2024-11-21 | 9.8 Critical |
| WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | ||||
| CVE-2020-24052 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2024-11-21 | 9.1 Critical |
| Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. | ||||
| CVE-2020-23322 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0. | ||||
| CVE-2020-23320 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0. | ||||
| CVE-2020-23319 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0. | ||||
| CVE-2020-23314 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0. | ||||
| CVE-2020-23313 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'scope_stack_p > context_p->scope_stack_p' failed at js-scanner-util.c:2510 in scanner_literal_is_created in JerryScript 2.2.0 | ||||
| CVE-2020-23312 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'context.status_flags & PARSER_SCANNING_SUCCESSFUL' failed at js-parser.c:2185 in parser_parse_source in JerryScript 2.2.0. | ||||
| CVE-2020-23311 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' failed at js-parser-expr.c:3230 in parser_parse_object_initializer in JerryScript 2.2.0. | ||||