• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors

CWE-20

CVE-2020-12062

February 26, 2023 by

** DISPUTED ** The scp client in OpenSSH 8.2 incorrectly sends duplicate responses to the server upon a utimes system call failure, which allows a malicious unprivileged user on the remote server to overwrite arbitrary files in the client’s download directory by creating a crafted subdirectory anywhere on the remote server. The victim must use the command scp -rp to download a file hierarchy containing, anywhere inside, this crafted subdirectory. NOTE: the vendor points out that “this attack can achieve no more than a hostile peer is already able to achieve within the scp protocol” and “utimes does not fail under normal circumstances.”

CVE-2020-12066

February 26, 2023 by

CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server.

CVE-2020-12080

February 26, 2023 by

A Denial of Service vulnerability has been identified in FlexNet Publisher’s lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash.

CVE-2020-12029

February 26, 2023 by

All versions of FactoryTalk View SE do not properly validate input of filenames within a project directory. A remote, unauthenticated attacker may be able to execute a crafted file on a remote endpoint that may result in remote code execution (RCE). Rockwell Automation recommends applying patch 1126289. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx.

CVE-2020-12033

February 26, 2023 by

In Rockwell Automation FactoryTalk Services Platform, all versions, the redundancy host service (RdcyHost.exe) does not validate supplied identifiers, which could allow an unauthenticated, adjacent attacker to execute remote COM objects with elevated privileges.

CVE-2020-11987

February 26, 2023 by

Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.

  • « Go to Previous Page
  • Go to page 1
  • Interim pages omitted …
  • Go to page 377
  • Go to page 378
  • Go to page 379
  • Go to page 380
  • Go to page 381
  • Interim pages omitted …
  • Go to page 681
  • Go to Next Page »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE