Export limit exceeded: 363785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363785 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6850 | 1 Miniorange | 1 Saml Sp Single Sign On | 2024-11-21 | 6.1 Medium |
| Utilities.php in the miniorange-saml-20-single-sign-on plugin before 4.8.84 for WordPress allows XSS via a crafted SAML XML Response to wp-login.php. This is related to the SAMLResponse and RelayState variables, and the Destination parameter of the samlp:Response XML element. | ||||
| CVE-2020-6849 | 1 Hutchhouse | 1 Marketo Forms And Tracking | 2024-11-21 | 8.8 High |
| The marketo-forms-and-tracking plugin through 1.0.2 for WordPress allows wp-admin/admin.php?page=marketo_fat CSRF with resultant XSS. | ||||
| CVE-2020-6848 | 1 Axper | 2 Vision Ii, Vision Ii Firmware | 2024-11-21 | 6.1 Medium |
| Axper Vision II 4 devices allow XSS via the DEVICE_NAME (aka Device Name) parameter to the configWebParams.cgi URI. | ||||
| CVE-2020-6847 | 1 Opentrade Project | 1 Opentrade | 2024-11-21 | 5.4 Medium |
| OpenTrade through 0.2.0 has a DOM-based XSS vulnerability that is executed when an administrator attempts to delete a message that contains JavaScript. | ||||
| CVE-2020-6845 | 1 Topmanage | 1 Olk Webstore | 2024-11-21 | 6.1 Medium |
| An issue was discovered in TopManage OLK 2020. As there is no ReadOnly on the Session cookie, the user and admin accounts can be taken over in a DOM-Based XSS attack. | ||||
| CVE-2020-6844 | 1 Topmanage | 1 Olk Webstore | 2024-11-21 | 8.8 High |
| In TopManage OLK 2020, login CSRF can be chained with another vulnerability in order to takeover admin and user accounts. | ||||
| CVE-2020-6843 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.8 Medium |
| Zoho ManageEngine ServiceDesk Plus 11.0 Build 11007 allows XSS. This issue was fixed in version 11.0 Build 11010, SD-83959. | ||||
| CVE-2020-6842 | 1 Dlink | 2 Dch-m225, Dch-m225 Firmware | 2024-11-21 | 7.2 High |
| D-Link DCH-M225 1.05b01 and earlier devices allow remote authenticated admins to execute arbitrary OS commands via shell metacharacters in the media renderer name. | ||||
| CVE-2020-6841 | 1 Dlink | 2 Dch-m225, Dch-m225 Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DCH-M225 1.05b01 and earlier devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the spotifyConnect.php userName parameter. | ||||
| CVE-2020-6840 | 1 Mruby | 1 Mruby | 2024-11-21 | 9.8 Critical |
| In mruby 2.1.0, there is a use-after-free in hash_slice in mrbgems/mruby-hash-ext/src/hash-ext.c. | ||||
| CVE-2020-6839 | 1 Mruby | 1 Mruby | 2024-11-21 | 9.8 Critical |
| In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. | ||||
| CVE-2020-6838 | 1 Mruby | 1 Mruby | 2024-11-21 | 9.8 Critical |
| In mruby 2.1.0, there is a use-after-free in hash_values_at in mrbgems/mruby-hash-ext/src/hash-ext.c. | ||||
| CVE-2020-6836 | 1 Hot-formula-parser Project | 1 Hot-formula-parser | 2024-11-21 | 9.8 Critical |
| grammar-parser.jison in the hot-formula-parser package before 3.0.1 for Node.js is vulnerable to arbitrary code injection. The package fails to sanitize values passed to the parse function and concatenates them in an eval call. If a value of the formula is taken from user-controlled input, it may allow attackers to run arbitrary commands on the server. | ||||
| CVE-2020-6835 | 1 Bftpd Project | 1 Bftpd | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking. | ||||
| CVE-2020-6833 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| An issue was discovered in GitLab EE 11.3 and later. A GitLab Workhorse bypass could lead to package and file disclosure via request smuggling. | ||||
| CVE-2020-6832 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.3 Medium |
| An issue was discovered in GitLab Enterprise Edition (EE) 8.9.0 through 12.6.1. Using the project import feature, it was possible for someone to obtain issues from private projects. | ||||
| CVE-2020-6831 | 5 Canonical, Debian, Mozilla and 2 more | 10 Ubuntu Linux, Debian Linux, Firefox and 7 more | 2024-11-21 | 9.8 Critical |
| A buffer overflow could occur when parsing and validating SCTP chunks in WebRTC. This could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0. | ||||
| CVE-2020-6830 | 1 Mozilla | 1 Firefox | 2024-11-21 | 7.5 High |
| For native-to-JS bridging, the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token was being used for JS-to-native also, but it isn't needed in this case, and its usage was also leaking this token. This vulnerability affects Firefox for iOS < 25. | ||||
| CVE-2020-6829 | 2 Mozilla, Redhat | 3 Firefox, Enterprise Linux, Openshift Do | 2024-11-21 | 5.3 Medium |
| When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed. This vulnerability affects Firefox < 80 and Firefox for Android < 80. | ||||
| CVE-2020-6828 | 2 Google, Mozilla | 2 Android, Firefox Esr | 2024-11-21 | 7.5 High |
| A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user's profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.<br> *Note: This issue only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.7. | ||||