Lucene search
K

12649 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 6:40 p.m.16 views

CVE-2021-38159

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

9.8CVSS8.1AI score0.01891EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:20 p.m.9 views

CVE-2021-22572

On unix-like systems, the system temporary directory is shared between all users on that system. The root cause is File.createTempFile creates files in the the system temporary directory with world readable permissions. Any sensitive information written to theses files is visible to all other loc...

5.5CVSS6.3AI score0.00128EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:54 p.m.5 views

CVE-2020-7659

reel through 0.6.1 allows Request Smuggling attacks due to incorrect Content-Length and Transfer encoding header parsing. It is possible to conduct HTTP request smuggling attacks by sending the Content-Length header twice. Furthermore, invalid Transfer Encoding headers were found to be parsed as...

7.5CVSS6.8AI score0.01334EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:11 p.m.9 views

CVE-2020-8503

Biscom Secure File Transfer SFT 5.0.1050 through 5.1.1067 and 6.0.1000 through 6.0.1003 allows Insecure Direct Object Reference IDOR by an authenticated sender because of an error in a file-upload feature. This is fixed in 5.1.1068 and 6.0.1004...

6.5CVSS6.6AI score0.00731EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:10 p.m.4 views

CVE-2020-35884

An issue was discovered in the tinyhttp crate through 2020-06-16 for Rust. HTTP Request smuggling can occur via a malformed Transfer-Encoding header...

6.5CVSS6.8AI score0.01065EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 p.m.7 views

CVE-2020-8611

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, multiple SQL Injection vulnerabilities have been found in the REST API that could allow an authenticated attacker to gain unauthorized access to MOVEit Transfer's database via the REST API. Depending on the database...

8.8CVSS8.1AI score0.01233EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:3 p.m.8 views

CVE-2020-6835

An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking...

9.8CVSS6.9AI score0.02016EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:2 p.m.6 views

CVE-2020-36502

Swift File Transfer Mobile v1.1.2 was discovered to contain a cross-site scripting XSS vulnerability via the devicename parameter which allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered as the device name itself...

6.1CVSS6.2AI score0.00702EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:57 p.m.5 views

CVE-2020-0232

Function abcpcieissuedmaxfersync creates a transfer object, adds it to the session object then continues to work with it. A concurrent thread could retrieve created transfer object from the session object and delete it using abcpciedmauserxferclean. If this happens, abcpciestartdmaxfer and...

9.8CVSS6.8AI score0.00443EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:52 p.m.6 views

CVE-2020-8796

Biscom Secure File Transfer SFT before 5.1.1071 and 6.0.1xxx before 6.0.1005 allows Remote Code Execution on the server...

9.8CVSS7.6AI score0.02928EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:39 p.m.5 views

CVE-2020-3674

Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55,...

5.5CVSS9.1AI score0.00207EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:39 p.m.7 views

CVE-2020-36486

Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting XSS vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling...

6.1CVSS6.2AI score0.00702EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:20 p.m.7 views

CVE-2020-14294

An issue was discovered in Secudos Qiata FTA 1.70.19. The comment feature allows persistent XSS that is executed when reading transfer comments or the global notice board...

6.1CVSS6AI score0.01235EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 4:13 p.m.8 views

CVE-2020-1255

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

8.8CVSS6.9AI score0.03366EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:8 p.m.6 views

CVE-2020-1112

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS IIS module improperly handles uploaded content, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

9.9CVSS6.9AI score0.03679EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:2 p.m.8 views

CVE-2020-0787

An elevation of privilege vulnerability exists when the Windows Background Intelligent Transfer Service BITS improperly handles symbolic links, aka 'Windows Background Intelligent Transfer Service Elevation of Privilege Vulnerability'...

7.8CVSS7.7AI score0.42524EPSS
Exploits7References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:51 p.m.12 views

CVE-2020-29137

cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface SEC-577...

6.1CVSS7AI score0.00634EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:49 p.m.5 views

CVE-2020-13282

For GitLab before 13.0.12, 13.1.6, 13.2.3 after a group transfer occurs, members from a parent group keep their access level on the subgroup leading to improper access...

4.9CVSS6.6AI score0.00683EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:47 p.m.5 views

CVE-2020-13246

An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another...

7.5CVSS6.6AI score0.01987EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 3:46 p.m.8 views

CVE-2020-8612

In Progress MOVEit Transfer 2019.1 before 2019.1.4 and 2019.2 before 2019.2.1, a REST API endpoint failed to adequately sanitize malicious input, which could allow an authenticated attacker to execute arbitrary code in a victim's browser, aka XSS...

9CVSS7.6AI score0.01674EPSS
Exploits0References1
Rows per page
Query Builder