Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366256 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5517 | 1 Blueonyx | 2 5209r, 5209r Firmware | 2024-11-21 | 6.5 Medium |
| CSRF in the /login URI in BlueOnyx 5209R allows an attacker to access the dashboard and perform scraping or other analysis. | ||||
| CVE-2020-5515 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 7.2 High |
| Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection. | ||||
| CVE-2020-5514 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 9.1 Critical |
| Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI. | ||||
| CVE-2020-5513 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 Medium |
| Gila CMS 1.11.8 allows /cm/delete?t=../ Directory Traversal. | ||||
| CVE-2020-5512 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 6.8 Medium |
| Gila CMS 1.11.8 allows /admin/media?path=../ Path Traversal. | ||||
| CVE-2020-5511 | 1 Small Crm Project | 1 Small Crm | 2024-11-21 | 8.8 High |
| PHPGurukul Small CRM v2.0 was found vulnerable to authentication bypass via SQL injection when logging into the administrator login page. | ||||
| CVE-2020-5509 | 1 Phpgurukul | 1 Car Rental Portal | 2024-11-21 | 7.2 High |
| PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image. | ||||
| CVE-2020-5505 | 1 Vaaip | 1 Freelancy | 2024-11-21 | 9.8 Critical |
| Freelancy v1.0.0 allows remote command execution via the "file":"data:application/x-php;base64 substring (in conjunction with "type":"application/x-php"} to the /api/files/ URI. | ||||
| CVE-2020-5502 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 6.5 Medium |
| phpBB 3.2.8 allows a CSRF attack that can approve pending group memberships. | ||||
| CVE-2020-5501 | 1 Phpbb | 1 Phpbb | 2024-11-21 | 4.3 Medium |
| phpBB 3.2.8 allows a CSRF attack that can modify a group avatar. | ||||
| CVE-2020-5499 | 1 Apache | 1 Rust Sgx Sdk | 2024-11-21 | 9.8 Critical |
| Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same. | ||||
| CVE-2020-5497 | 1 Mitreid | 1 Connect | 2024-11-21 | 6.1 Medium |
| The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript. | ||||
| CVE-2020-5496 | 2 Fontforge, Opensuse | 2 Fontforge, Leap | 2024-11-21 | 8.8 High |
| FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. | ||||
| CVE-2020-5428 | 1 Vmware | 1 Spring Cloud Task | 2024-11-21 | 6.0 Medium |
| In applications using Spring Cloud Task 2.2.4.RELEASE and below, may be vulnerable to SQL injection when exercising certain lookup queries in the TaskExplorer. | ||||
| CVE-2020-5427 | 1 Vmware | 1 Spring Cloud Data Flow | 2024-11-21 | 7.2 High |
| In Spring Cloud Data Flow, versions 2.6.x prior to 2.6.5, versions 2.5.x prior 2.5.4, an application is vulnerable to SQL injection when requesting task execution. | ||||
| CVE-2020-5426 | 1 Vmware | 1 Pivotal Scheduler | 2024-11-21 | 9.8 Critical |
| Scheduler for TAS prior to version 1.4.0 was permitting plaintext transmission of UAA client token by sending it over a non-TLS connection. This also depended on the configuration of the MySQL server which is used to cache a UAA client token used by the service. If intercepted the token can give an attacker admin level access in the cloud controller. | ||||
| CVE-2020-5425 | 1 Vmware | 1 Single Sign-on For Tanzu | 2024-11-21 | 7.9 High |
| Single Sign-On for Vmware Tanzu all versions prior to 1.11.3 ,1.12.x versions prior to 1.12.4 and 1.13.x prior to 1.13.1 are vulnerable to user impersonation attack.If two users are logged in to the SSO operator dashboard at the same time, with the same username, from two different identity providers, one can acquire the token of the other and thus operate with their permissions. Note: Foundation may be vulnerable only if: 1) The system zone is set up to use a SAML identity provider 2) There are internal users that have the same username as users in the external SAML provider 3) Those duplicate-named users have the scope to access the SSO operator dashboard 4) The vulnerability doesn't appear with LDAP because of chained authentication. | ||||
| CVE-2020-5423 | 1 Cloudfoundry | 2 Capi-release, Cf-deployment | 2024-11-21 | 7.5 High |
| CAPI (Cloud Controller) versions prior to 1.101.0 are vulnerable to a denial-of-service attack in which an unauthenticated malicious attacker can send specially-crafted YAML files to certain endpoints, causing the YAML parser to consume excessive CPU and RAM. | ||||
| CVE-2020-5422 | 1 Cloud Foundry | 1 Bosh System Metrics Server | 2024-11-21 | 6.5 Medium |
| BOSH System Metrics Server releases prior to 0.1.0 exposed the UAA password as a flag to a process running on the BOSH director. It exposed the password to any user or process with access to the same VM (through ps or looking at process details). | ||||
| CVE-2020-5421 | 4 Netapp, Oracle, Redhat and 1 more | 39 Oncommand Insight, Snap Creator Framework, Snapcenter and 36 more | 2024-11-21 | 6.5 Medium |
| In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter. | ||||