Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363994 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363994 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28044 | 1 Pax | 1 Prolinos | 2024-11-21 | 6.8 Medium |
| An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R can boot it in management mode, enable the XCB service, and then list, read, create, and overwrite files with MAINAPP permissions. | ||||
| CVE-2020-28043 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrary URL. | ||||
| CVE-2020-28042 | 1 Servicestack | 1 Servicestack | 2024-11-21 | 5.3 Medium |
| ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom ValidateToken function that establishes a valid minimum length for a signature. | ||||
| CVE-2020-28041 | 1 Netgear | 2 Nighthawk R7000, Nighthawk R7000 Firmware | 2024-11-21 | 6.5 Medium |
| The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attackers to communicate with arbitrary TCP and UDP services on a victim's intranet machine, if the victim visits an attacker-controlled web site with a modern browser, aka NAT Slipstreaming. This occurs because the ALG takes action based on an IP packet with an initial REGISTER substring in the TCP data, and the correct intranet IP address in the subsequent Via header, without properly considering that connection progress and fragmentation affect the meaning of the packet data. | ||||
| CVE-2020-28040 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-11-21 | 4.3 Medium |
| WordPress before 5.5.2 allows CSRF attacks that change a theme's background image. | ||||
| CVE-2020-28039 | 3 Canonical, Debian, Wordpress | 3 Ubuntu Linux, Debian Linux, Wordpress | 2024-11-21 | 9.1 Critical |
| is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion because it does not properly determine whether a meta key is considered protected. | ||||
| CVE-2020-28038 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.5.2 allows stored XSS via post slugs. | ||||
| CVE-2020-28037 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 9.8 Critical |
| is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines whether WordPress is already installed, which might allow an attacker to perform a new installation, leading to remote code execution (as well as a denial of service for the old installation). | ||||
| CVE-2020-28036 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 9.8 Critical |
| wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges by using XML-RPC to comment on a post. | ||||
| CVE-2020-28035 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 9.8 Critical |
| WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC. | ||||
| CVE-2020-28034 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 6.1 Medium |
| WordPress before 5.5.2 allows XSS associated with global variables. | ||||
| CVE-2020-28033 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 7.5 High |
| WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated by allowing a spam embed. | ||||
| CVE-2020-28032 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2024-11-21 | 9.8 Critical |
| WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredIterator.php. | ||||
| CVE-2020-28031 | 1 Eramba | 1 Eramba | 2024-11-21 | 4.3 Medium |
| eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF printing by authenticated users. | ||||
| CVE-2020-28030 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | ||||
| CVE-2020-28026 | 1 Exim | 1 Exim | 2024-11-21 | 9.8 Critical |
| Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configurations that enable Delivery Status Notification (DSN). Certain uses of ORCPT= can place a newline into a spool header file, and indirectly allow unauthenticated remote attackers to execute arbitrary commands as root. | ||||
| CVE-2020-28025 | 1 Exim | 1 Exim | 2024-11-21 | 7.5 High |
| Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the relationship between sig->bodyhash.len and b->bh.len; thus, a crafted DKIM-Signature header might lead to a leak of sensitive information from process memory. | ||||
| CVE-2020-28024 | 1 Exim | 1 Exim | 2024-11-21 | 9.8 Critical |
| Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF. | ||||
| CVE-2020-28023 | 1 Exim | 1 Exim | 2024-11-21 | 7.5 High |
| Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information from process memory to an unauthenticated SMTP client. | ||||
| CVE-2020-28022 | 1 Exim | 1 Exim | 2024-11-21 | 9.8 Critical |
| Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands. | ||||