Search
Total
13 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1595 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-31 | 6.5 MEDIUM | 9.9 CRITICAL |
| <p>A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly protected from unsafe data input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user access a susceptible API on an affected version of SharePoint with specially-formatted input.</p> <p>The security update addresses the vulnerability by correcting how SharePoint handles deserialization of untrusted data.</p> | |||||
| CVE-2020-1210 | 1 Microsoft | 3 Sharepoint Enterprise Server, Sharepoint Foundation, Sharepoint Server | 2023-12-31 | 6.5 MEDIUM | 9.9 CRITICAL |
| <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.</p> <p>Exploitation of this vulnerability requires that a user uploads a specially crafted SharePoint application package to an affected version of SharePoint.</p> <p>The security update addresses the vulnerability by correcting how SharePoint checks the source markup of application packages.</p> | |||||
| CVE-2023-4041 | 1 Silabs | 1 Gecko Bootloader | 2023-08-29 | N/A | 9.8 CRITICAL |
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow'), Out-of-bounds Write, Download of Code Without Integrity Check vulnerability in Silicon Labs Gecko Bootloader on ARM (Firmware Update File Parser modules) allows Code Injection, Authentication Bypass.This issue affects "Standalone" and "Application" versions of Gecko Bootloader. | |||||
| CVE-2023-40254 | 1 Genians | 2 Genian Nac, Genian Ztna | 2023-08-23 | N/A | 9.8 CRITICAL |
| Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian NAC V5.0, Genians Genian NAC Suite V5.0, Genians Genian ZTNA allows Malicious Software Update.This issue affects Genian NAC V4.0: from V4.0.0 through V4.0.155; Genian NAC V5.0: from V5.0.0 through V5.0.42 (Revision 117460); Genian NAC Suite V5.0: from V5.0.0 through V5.0.54; Genian ZTNA: from V6.0.0 through V6.0.15. | |||||
| CVE-2020-7883 | 2 Microsoft, Wowsoft | 2 Windows, Printchaser | 2022-01-11 | 7.5 HIGH | 9.8 CRITICAL |
| Printchaser v2.2021.804.1 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution. | |||||
| CVE-2020-7873 | 1 Ksystem | 1 K-system Wellcomm | 2021-09-22 | 7.5 HIGH | 9.8 CRITICAL |
| Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd allows the attacker to cause a arbitrary file download and execution. | |||||
| CVE-2020-2320 | 1 Jenkins | 1 Installation Manager Tool | 2020-12-08 | 10.0 HIGH | 9.8 CRITICAL |
| Jenkins Plugin Installation Manager Tool 2.1.3 and earlier does not verify plugin downloads. | |||||
| CVE-2020-28332 | 1 Barco | 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W firmware does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images. | |||||
| CVE-2020-7826 | 1 Eyesurfer | 1 Bflyinstallerx.ocx | 2020-07-22 | 7.5 HIGH | 9.8 CRITICAL |
| EyeSurfer BflyInstallerX.ocx v1.0.0.16 and earlier versions contain a vulnerability that could allow remote files to be download by setting the arguments to the vulnerable method. This can be leveraged for code execution. When the vulnerable method is called, they fail to properly check the parameters that are passed to it. | |||||
| CVE-2020-7812 | 2 Kaoni, Microsoft | 2 Ezhttptrans, Windows | 2020-05-28 | 7.5 HIGH | 9.8 CRITICAL |
| Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution by rebooting the victim’s PC. | |||||
| CVE-2020-7813 | 1 Kaoni | 1 Ezhttptrans | 2020-05-27 | 7.5 HIGH | 9.8 CRITICAL |
| Ezhttptrans.ocx ActiveX Control in Kaoni ezHTTPTrans 1.0.0.70 and prior versions contain a vulnerability that could allow remote attacker to download and execute arbitrary file by setting the arguments to the activex method. This can be leveraged for code execution. | |||||
| CVE-2020-7806 | 2 Microsoft, Tobesoft | 2 Windows, Xplatform | 2020-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| Tobesoft Xplatform 9.2.2.250 and earlier version have an arbitrary code execution vulnerability by using method supported by Xplatform ActiveX Control. It allows attacker to cause remote code execution. | |||||
| CVE-2020-9751 | 1 Naver | 1 Cloud Explorer | 2020-03-04 | 6.4 MEDIUM | 9.1 CRITICAL |
| Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade. | |||||