Export limit exceeded: 364514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9382 | 1 Widgets Project | 1 Widgets | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Widgets extension through 1.4.0 for MediaWiki. Improper title sanitization allowed for the execution of any wiki page as a widget (as defined by this extension) via MediaWiki's {{#widget:}} parser function. | ||||
| CVE-2020-9381 | 1 Totaljs | 1 Total.js Cms | 2024-11-21 | 7.5 High |
| controllers/admin.js in Total.js CMS 13 allows remote attackers to execute arbitrary code via a POST to the /admin/api/widgets/ URI. This can be exploited in conjunction with CVE-2019-15954. | ||||
| CVE-2020-9380 | 1 Whmcssmarters | 1 Web Tv Player | 2024-11-21 | 9.8 Critical |
| IPTV Smarters WEB TV PLAYER through 2020-02-22 allows attackers to execute OS commands by uploading a script. | ||||
| CVE-2020-9379 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 6.5 Medium |
| The Software Development Kit of the MiContact Center Business with Site Based Security 8.0 through 9.0.1.0 before KB496276 allows an authenticated user to access sensitive information. A successful exploit could allow unauthorized access to user conversations. | ||||
| CVE-2020-9376 | 1 Dlink | 2 Dir-610, Dir-610 Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-610 devices allow Information Disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=1 to getcfg.php. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-9374 | 1 Tp-link | 2 Tl-wr849n, Tl-wr849n Firmware | 2024-11-21 | 9.8 Critical |
| On TP-Link TL-WR849N 0.9.1 4.16 devices, a remote command execution vulnerability in the diagnostics area can be exploited when an attacker sends specific shell metacharacters to the panel's traceroute feature. | ||||
| CVE-2020-9372 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 7.8 High |
| The Appointment Booking Calendar plugin before 1.3.35 for WordPress allows user input (in fields such as Description or Name) in any booking form to be any formula, which then could be exported via the Bookings list tab in /wp-admin/admin.php?page=cpabc_appointments.php. The attacker could achieve remote code execution via CSV injection. | ||||
| CVE-2020-9371 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 4.8 Medium |
| Stored XSS exists in the Appointment Booking Calendar plugin before 1.3.35 for WordPress. In the cpabc_appointments.php file, the Calendar Name input could allow attackers to inject arbitrary JavaScript or HTML. | ||||
| CVE-2020-9370 | 1 Humaxdigital | 2 Hga12r-02, Hga12r-02 Firmware | 2024-11-21 | 9.1 Critical |
| HUMAX HGA12R-02 BRGCAA 1.1.53 devices allow Session Hijacking. | ||||
| CVE-2020-9369 | 3 Debian, Fedoraproject, Sympa | 3 Debian Linux, Fedora, Sympa | 2024-11-21 | 7.5 High |
| Sympa 6.2.38 through 6.2.52 allows remote attackers to cause a denial of service (disk consumption from temporary files, and a flood of notifications to listmasters) via a series of requests with malformed parameters. | ||||
| CVE-2020-9368 | 1 Oleacorner | 1 Olea Gift On Order | 2024-11-21 | 7.5 High |
| The Module Olea Gift On Order module through 5.0.8 for PrestaShop enables an unauthenticated user to read arbitrary files on the server via getfile.php?file=/.. directory traversal. | ||||
| CVE-2020-9367 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.8 High |
| The MPS Agent in Zoho ManageEngine Desktop Central MSP build MSP build 10.0.486 is vulnerable to DLL Hijacking: dcinventory.exe and dcconfig.exe try to load CSUNSAPI.dll without supplying the complete path. The issue is aggravated because this DLL is missing from the installation, thus making it possible to hijack the DLL and subsequently inject code, leading to an escalation of privilege to NT AUTHORITY\SYSTEM. | ||||
| CVE-2020-9366 | 1 Gnu | 1 Screen | 2024-11-21 | 9.8 Critical |
| A buffer overflow was found in the way GNU Screen before 4.8.0 treated the special escape OSC 49. Specially crafted output, or a special program, could corrupt memory and crash Screen or possibly have unspecified other impact. | ||||
| CVE-2020-9365 | 2 Fedoraproject, Pureftpd | 2 Fedora, Pure-ftpd | 2024-11-21 | 7.5 High |
| An issue was discovered in Pure-FTPd 1.0.49. An out-of-bounds (OOB) read has been detected in the pure_strcmp function in utils.c. | ||||
| CVE-2020-9364 | 1 Creative-solutions | 1 Creative Contact Form | 2024-11-21 | 5.3 Medium |
| An issue was discovered in helpers/mailer.php in the Creative Contact Form extension 4.6.2 before 2019-12-03 for Joomla!. A directory traversal vulnerability resides in the filename field for uploaded attachments via the creativecontactform_upload parameter. An attacker could exploit this vulnerability with the "Send me a copy" option to receive any files of the filesystem via email. | ||||
| CVE-2020-9363 | 1 Sophos | 6 Cloud Optix, Endpoint Protection, Intercept X Endpoint and 3 more | 2024-11-21 | 7.8 High |
| The Sophos AV parsing engine before 2020-01-14 allows virus-detection bypass via a crafted ZIP archive. This affects Endpoint Protection, Cloud Optix, Mobile, Intercept X Endpoint, Intercept X for Server, and Secure Web Gateway. NOTE: the vendor feels that this does not apply to endpoint-protection products because the virus would be detected upon extraction. | ||||
| CVE-2020-9362 | 1 Quickheal | 6 Antivirus For Server, Antivirus Pro, Home Security and 3 more | 2024-11-21 | 7.8 High |
| The Quick Heal AV parsing engine (November 2019) allows virus-detection bypass via a crafted GPFLAG in a ZIP archive. This affects Total Security, Home Security, Total Security Multi-Device, Internet Security, Total Security for Mac, AntiVirus Pro, AntiVirus for Server, and Total Security for Android. | ||||
| CVE-2020-9361 | 1 Cryptopro | 1 Csp | 2024-11-21 | 5.5 Medium |
| CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation. | ||||
| CVE-2020-9359 | 4 Debian, Fedoraproject, Kde and 1 more | 4 Debian Linux, Fedora, Okular and 1 more | 2024-11-21 | 5.3 Medium |
| KDE Okular before 1.10.0 allows code execution via an action link in a PDF document. | ||||
| CVE-2020-9355 | 2 Debian, Networkmanager-ssh Project | 2 Debian Linux, Networkmanager-ssh | 2024-11-21 | 9.8 Critical |
| danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation because extra options are mishandled. | ||||