Export limit exceeded: 363449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363449 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5570 | 1 Ni-consul | 1 Sales Force Assistant | 2024-11-21 | 5.4 Medium |
| Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2020-5569 | 1 Toshiba | 19 Hd-ma10ts, Hd-ma10ty, Hd-ma20ts and 16 more | 2024-11-21 | 8.4 High |
| An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service. | ||||
| CVE-2020-5568 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'. | ||||
| CVE-2020-5567 | 1 Cybozu | 1 Garoon | 2024-11-21 | 7.5 High |
| Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu. | ||||
| CVE-2020-5566 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'. | ||||
| CVE-2020-5565 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.3 Medium |
| Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'. | ||||
| CVE-2020-5564 | 1 Cybozu | 1 Garoon | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'. | ||||
| CVE-2020-5563 | 1 Cybozu | 1 Garoon | 2024-11-21 | 5.3 Medium |
| Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API. | ||||
| CVE-2020-5562 | 1 Cybozu | 1 Garoon | 2024-11-21 | 4.9 Medium |
| Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function. | ||||
| CVE-2020-5561 | 1 Keijiban Tsumiki Project | 1 Keijiban Tsumiki | 2024-11-21 | 9.8 Critical |
| Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2020-5560 | 1 Wl-enq Project | 1 Wl-enq | 2024-11-21 | 9.8 Critical |
| WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors. | ||||
| CVE-2020-5559 | 1 Wl-enq Project | 1 Wl-enq | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2020-5558 | 1 Cutephp | 1 Cutenews | 2024-11-21 | 8.8 High |
| CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2020-5557 | 1 Cutephp | 1 Cutenews | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2020-5556 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2024-11-21 | 9.8 Critical |
| Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors. | ||||
| CVE-2020-5555 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2024-11-21 | 9.1 Critical |
| Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue. | ||||
| CVE-2020-5554 | 1 Shihonkanri Plus Goout Project | 1 Shihonkanri Plus Goout | 2024-11-21 | 9.1 Critical |
| Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors. | ||||
| CVE-2020-5553 | 1 Mailform | 1 Mailform | 2024-11-21 | 9.8 Critical |
| mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors. | ||||
| CVE-2020-5552 | 1 Mailform | 1 Mailform | 2024-11-21 | 6.1 Medium |
| Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2020-5551 | 1 Toyota | 1 Display Control Unit | 2024-11-21 | 8.8 High |
| Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected. | ||||