Search

Search Results (364891 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35990 1 Foxit 1 Pdf Reader 2024-11-21 5.5 Medium
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.
CVE-2020-35987 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Entities List' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVE-2020-35986 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVE-2020-35985 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVE-2020-35984 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
CVE-2020-35982 1 Gpac 1 Gpac 2024-11-21 7.8 High
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
CVE-2020-35981 1 Gpac 1 Gpac 2024-11-21 7.8 High
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
CVE-2020-35980 1 Gpac 1 Gpac 2024-11-21 7.8 High
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
CVE-2020-35979 1 Gpac 1 Gpac 2024-11-21 7.8 High
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
CVE-2020-35973 1 Zzcms 1 Zzcms 2024-11-21 5.4 Medium
An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php.
CVE-2020-35972 1 Yzmcms 1 Yzmcms 2024-11-21 4.3 Medium
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.
CVE-2020-35971 1 Yzmcms 1 Yzmcms 2024-11-21 5.4 Medium
A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.
CVE-2020-35970 1 Yzmcms 1 Yzmcms 2024-11-21 7.5 High
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
CVE-2020-35965 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 7.5 High
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
CVE-2020-35964 2 Ffmpeg, Linux 2 Ffmpeg, Linux Kernel 2024-11-21 6.5 Medium
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
CVE-2020-35963 2 Linux, Treasuredata 2 Linux Kernel, Fluent Bit 2024-11-21 7.8 High
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.
CVE-2020-35962 1 Loopring 1 Loopring 2024-11-21 7.5 High
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.
CVE-2020-35952 1 Php-fusion 1 Php-fusion 2024-11-21 6.5 Medium
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.
CVE-2020-35951 1 Expresstech 1 Quiz And Survey Master 2024-11-21 9.9 Critical
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
CVE-2020-35950 1 Xcloner 1 Xcloner 2024-11-21 9.8 Critical
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).