Export limit exceeded: 364862 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364862 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36408 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 5.4 Medium |
| A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module. | ||||
| CVE-2020-36407 | 2 Aomedia, Linux | 2 Libavif, Linux Kernel | 2024-11-21 | 8.8 High |
| libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. | ||||
| CVE-2020-36406 | 2 Linux, Uwebsockets Project | 2 Linux Kernel, Uwebsockets | 2024-11-21 | 8.8 High |
| uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate | ||||
| CVE-2020-36405 | 2 Keystone-engine, Linux | 2 Keystone Engine, Linux Kernel | 2024-11-21 | 7.8 High |
| Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken. | ||||
| CVE-2020-36404 | 2 Keystone-engine, Linux | 2 Keystone, Linux Kernel | 2024-11-21 | 7.8 High |
| Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. | ||||
| CVE-2020-36403 | 2 Htslib, Linux | 2 Htslib, Linux Kernel | 2024-11-21 | 8.8 High |
| HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). | ||||
| CVE-2020-36402 | 2 Linux, Soliditylang | 2 Linux Kernel, Solidity | 2024-11-21 | 7.8 High |
| Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change. | ||||
| CVE-2020-36401 | 2 Linux, Mruby | 2 Linux Kernel, Mruby | 2024-11-21 | 7.8 High |
| mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). | ||||
| CVE-2020-36400 | 1 Zeromq | 1 Libzmq | 2024-11-21 | 9.8 Critical |
| ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235. | ||||
| CVE-2020-36399 | 1 Phplist | 1 Phplist | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module. | ||||
| CVE-2020-36398 | 1 Phplist | 1 Phplist | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module. | ||||
| CVE-2020-36397 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | ||||
| CVE-2020-36396 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | ||||
| CVE-2020-36395 | 1 Lavalite | 1 Lavalite | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter. | ||||
| CVE-2020-36394 | 1 Pam Setquota Project | 1 Pam Setquota | 2024-11-21 | 7.0 High |
| pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home. | ||||
| CVE-2020-36389 | 1 Civicrm | 1 Civicrm | 2024-11-21 | 4.3 Medium |
| In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF. | ||||
| CVE-2020-36388 | 1 Civicrm | 1 Civicrm | 2024-11-21 | 8.8 High |
| In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. | ||||
| CVE-2020-36387 | 2 Linux, Netapp | 17 Linux Kernel, H300e, H300e Firmware and 14 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.8.2. fs/io_uring.c has a use-after-free related to io_async_task_func and ctx reference holding, aka CID-6d816e088c35. | ||||
| CVE-2020-36386 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 7.1 High |
| An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf. | ||||
| CVE-2020-36385 | 4 Linux, Netapp, Redhat and 1 more | 26 Linux Kernel, H300e, H300e Firmware and 23 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after-free because the ctx is reached via the ctx_list in some ucma_migrate_id situations where ucma_close is called, aka CID-f5449e74802c. | ||||