Search

Search Results (364155 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-8100 1 Bitdefender 1 Engines 2024-11-21 9 Critical
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063.
CVE-2020-8099 1 Bitdefender 1 Antivirus 2020 2024-11-21 7.1 High
A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17.
CVE-2020-8097 1 Bitdefender 2 Endpoint Security, Endpoint Security Tools 2024-11-21 8.1 High
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.
CVE-2020-8096 1 Bitdefender 1 Antimalware Software Development Kit 2024-11-21 6.3 Medium
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 .
CVE-2020-8095 1 Bitdefender 1 Total Security 2020 2024-11-21 4.9 Medium
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.
CVE-2020-8093 1 Bitdefender 1 Antivirus 2024-11-21 5.3 Medium
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
CVE-2020-8092 1 Bitdefender 1 Antivirus 2024-11-21 1.6 Low
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.
CVE-2020-8091 1 Typo3 1 Typo3 2024-11-21 6.1 Medium
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
CVE-2020-8090 1 A1 2 Wlan Box Adb Vv2220, Wlan Box Adb Vv2220 Firmware 2024-11-21 4.8 Medium
The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login).
CVE-2020-8089 1 Piwigo 1 Piwigo 2024-11-21 5.4 Medium
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
CVE-2020-8088 1 Usebb 1 Usebb 2024-11-21 9.8 Critical
panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
CVE-2020-8087 1 Smc 2 D3g0804w, D3g0804w Firmware 2024-11-21 9.8 Critical
SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument.
CVE-2020-8086 2 Debian, Prosody 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 2024-11-21 9.8 Critical
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.
CVE-2020-8037 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2024-11-21 7.5 High
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVE-2020-8036 1 Tcpdump 1 Tcpdump 2024-11-21 7.5 High
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
CVE-2020-8035 1 Horde 1 Groupware 2024-11-21 6.1 Medium
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVE-2020-8034 1 Horde 2 Gollem, Groupware 2024-11-21 6.1 Medium
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVE-2020-8033 1 Commscope 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware 2024-11-21 6.1 Medium
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.
CVE-2020-8032 1 Opensuse 1 Cyrus-sasl 2024-11-21 6.7 Medium
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.
CVE-2020-8031 1 Opensuse 1 Open Build Service 2024-11-21 6.3 Medium
A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8.