Export limit exceeded: 364396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364396 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-8101 1 Adt 2 Lifeshield Diy Hd Video Doorbell, Lifeshield Diy Hd Video Doorbell Firmware 2024-11-21 6.9 Medium
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version 1.0.02R09 and prior versions.
CVE-2020-8100 1 Bitdefender 1 Engines 2024-11-21 9 Critical
Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063.
CVE-2020-8099 1 Bitdefender 1 Antivirus 2020 2024-11-21 7.1 High
A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17.
CVE-2020-8097 1 Bitdefender 2 Endpoint Security, Endpoint Security Tools 2024-11-21 8.1 High
An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261.
CVE-2020-8096 1 Bitdefender 1 Antimalware Software Development Kit 2024-11-21 6.3 Medium
Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 .
CVE-2020-8095 1 Bitdefender 1 Total Security 2020 2024-11-21 4.9 Medium
A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device.
CVE-2020-8093 1 Bitdefender 1 Antivirus 2024-11-21 5.3 Medium
A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution
CVE-2020-8092 1 Bitdefender 1 Antivirus 2024-11-21 1.6 Low
A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0.
CVE-2020-8091 1 Typo3 1 Typo3 2024-11-21 6.1 Medium
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
CVE-2020-8090 1 A1 2 Wlan Box Adb Vv2220, Wlan Box Adb Vv2220 Firmware 2024-11-21 4.8 Medium
The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login).
CVE-2020-8089 1 Piwigo 1 Piwigo 2024-11-21 5.4 Medium
Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page.
CVE-2020-8088 1 Usebb 1 Usebb 2024-11-21 9.8 Critical
panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters.
CVE-2020-8087 1 Smc 2 D3g0804w, D3g0804w Firmware 2024-11-21 9.8 Critical
SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument.
CVE-2020-8086 2 Debian, Prosody 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 2024-11-21 9.8 Critical
The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.
CVE-2020-8037 5 Apple, Debian, Fedoraproject and 2 more 6 Mac Os X, Macos, Debian Linux and 3 more 2024-11-21 7.5 High
The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory.
CVE-2020-8036 1 Tcpdump 1 Tcpdump 2024-11-21 7.5 High
The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way.
CVE-2020-8035 1 Horde 1 Groupware 2024-11-21 6.1 Medium
The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVE-2020-8034 1 Horde 2 Gollem, Groupware 2024-11-21 6.1 Medium
Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL.
CVE-2020-8033 1 Commscope 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware 2024-11-21 6.1 Medium
Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field.
CVE-2020-8032 1 Opensuse 1 Cyrus-sasl 2024-11-21 6.7 Medium
A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions.