Export limit exceeded: 367124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367124 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-9038 1 Joplin Project 1 Joplin 2024-11-21 5.4 Medium
Joplin through 1.0.184 allows Arbitrary File Read via XSS.
CVE-2020-9036 1 Jeedom 1 Jeedom 2024-11-21 6.1 Medium
Jeedom through 4.0.38 allows XSS.
CVE-2020-9034 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 7.5 High
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of users.
CVE-2020-9033 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to authlog.php.
CVE-2020-9032 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to kernlog.php.
CVE-2020-9031 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to daemonlog.php.
CVE-2020-9030 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to the syslog.php.
CVE-2020-9029 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.5 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow Directory Traversal via the FileName parameter to messagelog.php.
CVE-2020-9028 1 Microchip 10 Syncserver S100, Syncserver S100 Firmware, Syncserver S200 and 7 more 2024-11-21 6.1 Medium
Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices allow stored XSS via the newUserName parameter on the "User Creation, Deletion and Password Maintenance" screen (when creating a new user).
CVE-2020-9027 1 Eltex-co 4 Ntp-2, Ntp-2 Firmware, Ntp-rg-1402g and 1 more 2024-11-21 9.8 Critical
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected.
CVE-2020-9026 1 Eltex-co 4 Ntp-2, Ntp-2 Firmware, Ntp-rg-1402g and 1 more 2024-11-21 9.8 Critical
ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected.
CVE-2020-9025 1 Iteris 2 Vantage Velocity, Vantage Velocity Firmware 2024-11-21 6.1 Medium
Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script.
CVE-2020-9024 1 Iteris 2 Vantage Velocity, Vantage Velocity Firmware 2024-11-21 9.8 Critical
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts.
CVE-2020-9023 1 Iteris 2 Vantage Velocity, Vantage Velocity Firmware 2024-11-21 9.8 Critical
Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). Also, bluetooth is the root password.
CVE-2020-9022 1 Cambiumnetworks 8 Xh2-120, Xh2-120 Firmware, Xr2436 and 5 more 2024-11-21 6.1 Medium
An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS.
CVE-2020-9021 1 Postoaktraffic 2 Awam Bluetooth Field Device, Awam Bluetooth Field Device Firmware 2024-11-21 9.8 Critical
Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter.
CVE-2020-9020 1 Iteris 2 Vantage Velocity, Vantage Velocity Firmware 2024-11-21 9.8 Critical
Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.
CVE-2020-9019 1 Wpjobboard 1 Wpjobboard 2024-11-21 6.1 Medium
The WPJobBoard plugin 5.5.3 for WordPress allows Persistent XSS via the Add Job form, as demonstrated by title and Description.
CVE-2020-9018 1 Litecart 1 Litecart 2024-11-21 5.3 Medium
LiteCart through 2.2.1 allows admin/?app=users&doc=edit_user CSRF to add a user.
CVE-2020-9017 1 Litecart 1 Litecart 2024-11-21 8.0 High
LiteCart through 2.2.1 allows CSV injection via a customer's profile.