Export limit exceeded: 364787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364787 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35149 | 2 Mquery Project, Redhat | 2 Mquery, Acm | 2024-11-21 | 5.3 Medium |
| lib/utils.js in mquery before 3.2.3 allows a pollution attack because a special property (e.g., __proto__) can be copied during a merge or clone operation. | ||||
| CVE-2020-35145 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | ||||
| CVE-2020-35138 | 1 Mobileiron | 1 Mobile\@work | 2024-11-21 | 9.8 Critical |
| The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded encryption key, used to encrypt the submission of username/password details during the authentication process, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in the com/mobileiron/common/utils/C4928m.java file. NOTE: It has been asserted that there is no causality or connection between credential encryption and the MiTM attack | ||||
| CVE-2020-35137 | 1 Mobileiron | 1 Mobile\@work | 2024-11-21 | 7.5 High |
| The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. NOTE: Vendor states that this is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, they do not plan change to make any changes to this feature. | ||||
| CVE-2020-35136 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.2 High |
| Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. | ||||
| CVE-2020-35135 | 1 Infolific | 1 Ultimate Category Excluder | 2024-11-21 | 8.8 High |
| The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. | ||||
| CVE-2020-35133 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.5 High |
| irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60. | ||||
| CVE-2020-35132 | 2 Fedoraproject, Phpldapadmin Project | 2 Fedora, Phpldapadmin | 2024-11-21 | 5.4 Medium |
| An XSS issue has been discovered in phpLDAPadmin before 1.2.6.2 that allows users to store malicious values that may be executed by other users at a later time via get_request in lib/function.php. | ||||
| CVE-2020-35131 | 1 Agentejo | 1 Cockpit | 2024-11-21 | 9.8 Critical |
| Cockpit before 0.6.1 allows an attacker to inject custom PHP code and achieve Remote Command Execution via registerCriteriaFunction in lib/MongoLite/Database.php, as demonstrated by values in JSON data to the /auth/check or /auth/requestreset URI. | ||||
| CVE-2020-35129 | 1 Mautic | 1 Mautic | 2024-11-21 | 9.0 Critical |
| Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account. | ||||
| CVE-2020-35128 | 1 Acquia | 1 Mautic | 2024-11-21 | 9.0 Critical |
| Mautic before 3.2.4 is affected by stored XSS. An attacker with permission to manage companies, an application feature, could attack other users, including administrators. For example, by loading an externally crafted JavaScript file, an attacker could eventually perform actions as the target user. These actions include changing the user passwords, altering user or email addresses, or adding a new administrator to the system. | ||||
| CVE-2020-35127 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 5.4 Medium |
| Ignite Realtime Openfire 4.6.0 has plugins/bookmarks/create-bookmark.jsp Stored XSS. | ||||
| CVE-2020-35126 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 4.8 Medium |
| Typesetter CMS 5.x through 5.1 allows admins to conduct Site Title persistent XSS attacks via an Admin/Configuration URI. NOTE: the significance of this report is disputed because "admins are considered trustworthy. | ||||
| CVE-2020-35125 | 1 Acquia | 1 Mautic | 2024-11-21 | 9.6 Critical |
| A cross-site scripting (XSS) vulnerability in the forms component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript via mautic[return] (a different attack method than CVE-2020-35124, but also related to the Referer concept). | ||||
| CVE-2020-35124 | 1 Acquia | 1 Mautic | 2024-11-21 | 9.6 Critical |
| A cross-site scripting (XSS) vulnerability in the assets component of Mautic before 3.2.4 allows remote attackers to inject executable JavaScript through the Referer header of asset downloads. | ||||
| CVE-2020-35123 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 6.5 Medium |
| In Zimbra Collaboration Suite Network Edition versions < 9.0.0 P10 and 8.8.15 P17, there exists an XXE vulnerability in the saml consumer store extension, which is vulnerable to XXE attacks. This has been fixed in Zimbra Collaboration Suite Network edition 9.0.0 Patch 10 and 8.8.15 Patch 17. | ||||
| CVE-2020-35122 | 1 Keysight | 1 Keysight Database Connector | 2024-11-21 | 7.5 High |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. | ||||
| CVE-2020-35121 | 1 Keysight | 1 Database Connector | 2024-11-21 | 8.8 High |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. | ||||
| CVE-2020-35114 | 1 Mozilla | 1 Firefox | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84. | ||||
| CVE-2020-35113 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | ||||