Search

Search Results (364647 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-9758 1 Livezilla 1 Livezilla 2024-11-21 9.6 Critical
An issue was discovered in chat.php in LiveZilla Live Chat 8.0.1.3 (Helpdesk). A blind JavaScript injection lies in the name parameter. Triggering this can fetch the username and passwords of the helpdesk employees in the URI. This leads to a privilege escalation, from unauthenticated to user-level access, leading to full account takeover. The attack fetches multiple credentials because they are stored in the database (stored XSS). This affects the mobile/chat URI via the lgn and psswrd parameters.
CVE-2020-9757 1 Craftcms 1 Craft Cms 2024-11-21 9.8 Critical
The SEOmatic component before 3.3.0 for Craft CMS allows Server-Side Template Injection that leads to RCE via malformed data to the metacontainers controller.
CVE-2020-9756 1 Patriotmemory 2 Viper Rgb, Viper Rgb Firmware 2024-11-21 7.8 High
Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
CVE-2020-9754 1 Navercorp 1 Whale 2024-11-21 5.3 Medium
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
CVE-2020-9753 1 Naver 1 Whale Browser Installer 2024-11-21 9.1 Critical
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
CVE-2020-9752 1 Naver 1 Cloud Explorer 2024-11-21 9.8 Critical
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
CVE-2020-9751 1 Naver 1 Cloud Explorer 2024-11-21 9.1 Critical
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
CVE-2020-9750 2 Adobe, Microsoft 2 Animate, Windows 2024-11-21 7.8 High
Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.
CVE-2020-9749 2 Adobe, Microsoft 2 Animate, Windows 2024-11-21 7.8 High
Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.
CVE-2020-9748 2 Adobe, Microsoft 2 Animate, Windows 2024-11-21 7.8 High
Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.
CVE-2020-9747 2 Adobe, Microsoft 2 Animate, Windows 2024-11-21 7.8 High
Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-9745 2 Adobe, Microsoft 2 Media Encoder, Windows 2024-11-21 6.1 Medium
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-9744 2 Adobe, Microsoft 2 Media Encoder, Windows 2024-11-21 6.1 Medium
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-9743 1 Adobe 1 Experience Manager 2024-11-21 5.3 Medium
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).
CVE-2020-9742 1 Adobe 1 Experience Manager 2024-11-21 9 Critical
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2020-9741 1 Adobe 1 Experience Manager 2024-11-21 9 Critical
The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2020-9740 1 Adobe 1 Experience Manager 2024-11-21 9 Critical
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2020-9739 2 Adobe, Microsoft 2 Media Encoder, Windows 2024-11-21 6.1 Medium
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-9738 1 Adobe 1 Experience Manager 2024-11-21 6.8 Medium
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when visiting the page containing the vulnerable field.
CVE-2020-9737 1 Adobe 1 Experience Manager 2024-11-21 6.8 Medium
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.