Export limit exceeded: 364156 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364156 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-8101 | 1 Adt | 2 Lifeshield Diy Hd Video Doorbell, Lifeshield Diy Hd Video Doorbell Firmware | 2024-11-21 | 6.9 Medium |
| Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in HTTP interface of ADT LifeShield DIY HD Video Doorbell allows an attacker on the same network to execute commands on the device. This issue affects: ADT LifeShield DIY HD Video Doorbell version 1.0.02R09 and prior versions. | ||||
| CVE-2020-8100 | 1 Bitdefender | 1 Engines | 2024-11-21 | 9 Critical |
| Improper Input Validation vulnerability in the cevakrnl.rv0 module as used in the Bitdefender Engines allows an attacker to trigger a denial of service while scanning a specially-crafted sample. This issue affects: Bitdefender Bitdefender Engines versions prior to 7.84063. | ||||
| CVE-2020-8099 | 1 Bitdefender | 1 Antivirus 2020 | 2024-11-21 | 7.1 High |
| A vulnerability in the improper handling of junctions in Bitdefender Antivirus Free can allow an unprivileged user to substitute a quarantined file, and restore it to a privileged location. This issue affects: Bitdefender Antivirus Free versions prior to 1.0.17. | ||||
| CVE-2020-8097 | 1 Bitdefender | 2 Endpoint Security, Endpoint Security Tools | 2024-11-21 | 8.1 High |
| An improper authentication vulnerability in Bitdefender Endpoint Security Tools for Windows and Bitdefender Endpoint Security SDK allows an unprivileged local attacker to escalate privileges or tamper with the product's security settings. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. This issue affects: Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.18.261. Bitdefender Endpoint Security SDK versions prior to 6.6.18.261. | ||||
| CVE-2020-8096 | 1 Bitdefender | 1 Antimalware Software Development Kit | 2024-11-21 | 6.3 Medium |
| Untrusted Search Path vulnerability in Bitdefender High-Level Antimalware SDK for Windows allows an attacker to load third party code from a DLL library in the search path. This issue affects: Bitdefender High-Level Antimalware SDK for Windows versions prior to 3.0.1.204 . | ||||
| CVE-2020-8095 | 1 Bitdefender | 1 Total Security 2020 | 2024-11-21 | 4.9 Medium |
| A vulnerability in the improper handling of junctions before deletion in Bitdefender Total Security 2020 can allow an attacker to to trigger a denial of service on the affected device. | ||||
| CVE-2020-8093 | 1 Bitdefender | 1 Antivirus | 2024-11-21 | 5.3 Medium |
| A vulnerability in the AntivirusforMac binary as used in Bitdefender Antivirus for Mac allows an attacker to inject a library using DYLD environment variable to cause third-party code execution | ||||
| CVE-2020-8092 | 1 Bitdefender | 1 Antivirus | 2024-11-21 | 1.6 Low |
| A privilege escalation vulnerability in BDLDaemon as used in Bitdefender Antivirus for Mac allows a local attacker to obtain authentication tokens for requests submitted to the Bitdefender Cloud. This issue affects: Bitdefender Bitdefender Antivirus for Mac versions prior to 8.0.0. | ||||
| CVE-2020-8091 | 1 Typo3 | 1 Typo3 | 2024-11-21 | 6.1 Medium |
| svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname. | ||||
| CVE-2020-8090 | 1 A1 | 2 Wlan Box Adb Vv2220, Wlan Box Adb Vv2220 Firmware | 2024-11-21 | 4.8 Medium |
| The Username field in the Storage Service settings of A1 WLAN Box ADB VV2220v2 devices allows stored XSS (after a successful Administrator login). | ||||
| CVE-2020-8089 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 5.4 Medium |
| Piwigo 2.10.1 is affected by stored XSS via the Group Name Field to the group_list page. | ||||
| CVE-2020-8088 | 1 Usebb | 1 Usebb | 2024-11-21 | 9.8 Critical |
| panel_login.php in UseBB 1.0.12 allows type juggling for login bypass because != is used instead of !== for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-8087 | 1 Smc | 2 D3g0804w, D3g0804w Firmware | 2024-11-21 | 9.8 Critical |
| SMC Networks D3G0804W D3GNV5M-3.5.1.6.10_GA devices allow remote command execution by leveraging access to the Network Diagnostic Tools screen, as demonstrated by an admin login. The attacker must use a Parameter Pollution approach against goform/formSetDiagnosticToolsFmPing by providing the vlu_diagnostic_tools__ping_address parameter twice: once with a shell metacharacter and a command name, and once with a command argument. | ||||
| CVE-2020-8086 | 2 Debian, Prosody | 3 Debian Linux, Mod Auth Ldap, Mod Auth Ldap2 | 2024-11-21 | 9.8 Critical |
| The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin. | ||||
| CVE-2020-8037 | 5 Apple, Debian, Fedoraproject and 2 more | 6 Mac Os X, Macos, Debian Linux and 3 more | 2024-11-21 | 7.5 High |
| The ppp decapsulator in tcpdump 4.9.3 can be convinced to allocate a large amount of memory. | ||||
| CVE-2020-8036 | 1 Tcpdump | 1 Tcpdump | 2024-11-21 | 7.5 High |
| The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. | ||||
| CVE-2020-8035 | 1 Horde | 1 Groupware | 2024-11-21 | 6.1 Medium |
| The image view functionality in Horde Groupware Webmail Edition before 5.2.22 is affected by a stored Cross-Site Scripting (XSS) vulnerability via an SVG image upload containing a JavaScript payload. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. | ||||
| CVE-2020-8034 | 1 Horde | 2 Gollem, Groupware | 2024-11-21 | 6.1 Medium |
| Gollem before 3.0.13, as used in Horde Groupware Webmail Edition 5.2.22 and other products, is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the HTTP GET dir parameter in the browser functionality, affecting breadcrumb output. An attacker can obtain access to a victim's webmail account by making them visit a malicious URL. | ||||
| CVE-2020-8033 | 1 Commscope | 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware | 2024-11-21 | 6.1 Medium |
| Ruckus R500 3.4.2.0.384 devices allow XSS via the index.asp Device Name field. | ||||
| CVE-2020-8032 | 1 Opensuse | 1 Cyrus-sasl | 2024-11-21 | 6.7 Medium |
| A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. This issue affects: openSUSE Factory cyrus-sasl version 2.1.27-4.2 and prior versions. | ||||