Export limit exceeded: 364816 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364816 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35735 | 1 Vidyo | 1 Vidyo | 2024-11-21 | 4.7 Medium |
| Vidyo 02-09-/D allows clickjacking via the portal/ URI. | ||||
| CVE-2020-35734 | 1 Batflat | 1 Batflat | 2024-11-21 | 7.2 High |
| Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data (username, displayed name, etc.). NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35733 | 2 Erlang, Fedoraproject | 2 Erlang\/otp, Fedora | 2024-11-21 | 7.5 High |
| An issue was discovered in Erlang/OTP before 23.2.2. The ssl application 10.2 accepts and trusts an invalid X.509 certificate chain to a trusted root Certification Authority. | ||||
| CVE-2020-35729 | 1 Klogserver | 1 Klog Server | 2024-11-21 | 9.8 Critical |
| KLog Server 2.4.1 allows OS command injection via shell metacharacters in the actions/authenticate.php user parameter. | ||||
| CVE-2020-35727 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 5.4 Medium |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseDirs.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35726 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 6.1 Medium |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Reports/index.jsp file via the by parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35725 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 6.1 Medium |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/index.jsp file via the msg parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35724 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 5.4 Medium |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the Error.jsp file via the err parameter (or indirectly via the cpr, tcp, or abs parameter). NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35723 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 5.4 Medium |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the ReportPreview.do file via the referer parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35722 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 6.5 Medium |
| CSRF in Web Compliance Manager in Quest Policy Authority 8.1.2.200 allows remote attackers to force user modification/creation via a specially crafted link to the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35721 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 5.4 Medium |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the BrowseAssets.do file via the title parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35720 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 5.4 Medium |
| Stored XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to store malicious code in multiple fields (first name, last name, and logon name) when creating or modifying a user via the submitUser.jsp file. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35719 | 1 Quest | 1 Policy Authority For Unified Communications | 2024-11-21 | 6.1 Medium |
| Reflected XSS in Quest Policy Authority 8.1.2.200 allows remote attackers to inject malicious code into the browser via a specially crafted link to the /WebCM/Applications/Search/index.jsp file via the added parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-35717 | 1 Electronjs | 1 Zonote | 2024-11-21 | 9.0 Critical |
| zonote through 0.4.0 allows XSS via a crafted note, with resultant Remote Code Execution (because nodeIntegration in webPreferences is true). | ||||
| CVE-2020-35716 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 7.5 High |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to cause a persistent denial of service (segmentation fault) via a long /goform/langSwitch langSelectionOnly parameter. | ||||
| CVE-2020-35715 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 8.8 High |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote authenticated users to execute arbitrary commands via shell metacharacters in a filename to the upload_settings.cgi page. | ||||
| CVE-2020-35714 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 8.8 High |
| Belkin LINKSYS RE6500 devices before 1.0.11.001 allow remote authenticated users to execute arbitrary commands via goform/systemCommand?command= in conjunction with the goform/pingstart program. | ||||
| CVE-2020-35713 | 1 Linksys | 2 Re6500, Re6500 Firmware | 2024-11-21 | 9.8 Critical |
| Belkin LINKSYS RE6500 devices before 1.0.012.001 allow remote attackers to execute arbitrary commands or set a new password via shell metacharacters to the goform/setSysAdm page. | ||||
| CVE-2020-35712 | 3 Esri, Linux, Microsoft | 3 Arcgis Server, Linux Kernel, Windows | 2024-11-21 | 9.8 Critical |
| Esri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations. | ||||
| CVE-2020-35711 | 1 Arc-swap Project | 1 Arc-swap | 2024-11-21 | 7.5 High |
| An issue has been discovered in the arc-swap crate before 0.4.8 (and 1.x before 1.1.0) for Rust. Use of arc_swap::access::Map with the Constant test helper (or with a user-supplied implementation of the Access trait) could sometimes lead to dangling references being returned by the map. | ||||