Export limit exceeded: 363502 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363502 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23360 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 9.8 Critical |
| oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | ||||
| CVE-2020-23359 | 1 Webidsupport | 1 Webid | 2024-11-21 | 9.8 Critical |
| WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. | ||||
| CVE-2020-23356 | 1 Nibbleblog | 1 Nibbleblog | 2024-11-21 | 7.5 High |
| dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-23355 | 1 Codiad | 1 Codiad | 2024-11-21 | 7.5 High |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate. | ||||
| CVE-2020-23352 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 7.5 High |
| Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values. | ||||
| CVE-2020-23349 | 1 Weibo | 1 Android Software Development Kit | 2024-11-21 | 7.5 High |
| An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | ||||
| CVE-2020-23342 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 8.8 High |
| A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. | ||||
| CVE-2020-23341 | 1 Atutor | 1 Atutor | 2024-11-21 | 6.1 Medium |
| A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-23334 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault. | ||||
| CVE-2020-23333 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS). | ||||
| CVE-2020-23332 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS). | ||||
| CVE-2020-23331 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DescriptorListWriter::Action component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS). | ||||
| CVE-2020-23330 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS). | ||||
| CVE-2020-23323 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 9.8 Critical |
| There is a heap-buffer-overflow at re-parser.c in re_parse_char_escape in JerryScript 2.2.0. | ||||
| CVE-2020-23322 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0. | ||||
| CVE-2020-23321 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 9.8 Critical |
| There is a heap-buffer-overflow at lit-strings.c:431 in lit_read_code_unit_from_utf8 in JerryScript 2.2.0. | ||||
| CVE-2020-23320 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0. | ||||
| CVE-2020-23319 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0. | ||||
| CVE-2020-23315 | 1 Microsoft | 1 Chakracore | 2024-11-21 | 7.5 High |
| There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta. | ||||
| CVE-2020-23314 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0. | ||||