Количество 18 769
Количество 18 769
CVE-2020-8130
There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`.
CVE-2020-8127
Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks.
CVE-2020-8112
CVE-2020-8037
ppp decapsulator can be convinced to allocate a large amount of memory
CVE-2020-8032
CVE-2020-7595
xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation.
CVE-2020-7211
tftp.c in libslirp 4.1.0 as used in QEMU 4.2.0 does not prevent ..\ directory traversal on Windows.
CVE-2020-7071
FILTER_VALIDATE_URL accepts URLs with invalid userinfo
CVE-2020-7039
CVE-2020-7021
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
CVE-2020-7020
Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices.
CVE-2020-7019
In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index.
CVE-2020-7014
The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges.
CVE-2020-7009
Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges.
CVE-2020-6750
CVE-2020-6096
CVE-2020-5291
CVE-2020-5247
CVE-2020-5208
remote code execution vulnerability in ipmitool
CVE-2020-4041
The filename of uploaded files vulnerable to stored XSS in Bolt CMS
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
CVE-2020-8130 There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. | 0% Низкий | 4 месяца назад | ||
CVE-2020-8127 Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks. | 1% Низкий | 5 месяцев назад | ||
CVSS3: 8.8 | 1% Низкий | больше 1 года назад | ||
CVE-2020-8037 ppp decapsulator can be convinced to allocate a large amount of memory | CVSS3: 7.5 | 0% Низкий | около 5 лет назад | |
CVSS3: 7 | 0% Низкий | почти 5 лет назад | ||
CVE-2020-7595 xmlStringLenDecodeEntities in parser.c in libxml2 2.9.10 has an infinite loop in a certain end-of-file situation. | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад | |
CVE-2020-7211 tftp.c in libslirp 4.1.0 as used in QEMU 4.2.0 does not prevent ..\ directory traversal on Windows. | CVSS3: 7.5 | 0% Низкий | больше 5 лет назад | |
CVE-2020-7071 FILTER_VALIDATE_URL accepts URLs with invalid userinfo | CVSS3: 5.3 | 7% Низкий | 4 месяца назад | |
CVSS3: 5.6 | 1% Низкий | около 5 лет назад | ||
CVE-2020-7021 Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details. | CVSS3: 4.9 | 0% Низкий | около 4 лет назад | |
CVE-2020-7020 Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. | CVSS3: 3.1 | 0% Низкий | около 4 лет назад | |
CVE-2020-7019 In Elasticsearch before 7.9.0 and 6.8.12 a field disclosure flaw was found when running a scrolling search with Field Level Security. If a user runs the same query another more privileged user recently ran the scrolling search can leak fields that should be hidden. This could result in an attacker gaining additional permissions against a restricted index. | CVSS3: 6.5 | 0% Низкий | около 4 лет назад | |
CVE-2020-7014 The fix for CVE-2020-7009 was found to be incomplete. Elasticsearch versions from 6.7.0 to 6.8.7 and 7.0.0 to 7.6.1 contain a privilege escalation flaw if an attacker is able to create API keys and also authentication tokens. An attacker who is able to generate an API key and an authentication token can perform a series of steps that result in an authentication token being generated with elevated privileges. | CVSS3: 8.8 | 0% Низкий | около 4 лет назад | |
CVE-2020-7009 Elasticsearch versions from 6.7.0 before 6.8.8 and 7.0.0 before 7.6.2 contain a privilege escalation flaw if an attacker is able to create API keys. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges. | CVSS3: 8.8 | 2% Низкий | около 4 лет назад | |
CVSS3: 5.9 | 1% Низкий | около 4 лет назад | ||
CVSS3: 8.1 | 5% Низкий | больше 5 лет назад | ||
CVSS3: 7.8 | 0% Низкий | больше 5 лет назад | ||
CVSS3: 7.5 | 2% Низкий | больше 5 лет назад | ||
CVE-2020-5208 remote code execution vulnerability in ipmitool | CVSS3: 8.8 | 1% Низкий | больше 5 лет назад | |
CVE-2020-4041 The filename of uploaded files vulnerable to stored XSS in Bolt CMS | CVSS3: 7.4 | 0% Низкий | 4 месяца назад |
Уязвимостей на страницу