Export limit exceeded: 364021 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364021 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28008 | 1 Exim | 1 Exim | 2024-11-21 | 7.8 High |
| Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the spool directory (owned by a non-root user), an attacker can write to a /var/spool/exim4/input spool header file, in which a crafted recipient address can indirectly lead to command execution. | ||||
| CVE-2020-28007 | 1 Exim | 1 Exim | 2024-11-21 | 7.8 High |
| Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in the log directory (owned by a non-root user), a symlink or hard link attack allows overwriting critical root-owned files anywhere on the filesystem. | ||||
| CVE-2020-28005 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-11-21 | 6.5 Medium |
| httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 | ||||
| CVE-2020-28002 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 5.3 Medium |
| In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint. | ||||
| CVE-2020-28001 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 5.4 Medium |
| SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS. | ||||
| CVE-2020-27998 | 1 Fast-report | 1 Fastreport | 2024-11-21 | 9.8 Critical |
| An issue was discovered in FastReport before 2020.4.0. It lacks a ScriptSecurity feature and therefore may mishandle (for example) GetType, typeof, TypeOf, DllImport, LoadLibrary, and GetProcAddress. | ||||
| CVE-2020-27997 | 1 Smartstore | 1 Smartstorenet | 2024-11-21 | 8.8 High |
| An issue was discovered in SmartStoreNET before 4.1.0. Lack of Cross Site Request Forgery (CSRF) protection may lead to elevation of privileges (e.g., /admin/customer/create to create an admin account). | ||||
| CVE-2020-27996 | 1 Smartstore | 1 Smartstorenet | 2024-11-21 | 8.8 High |
| An issue was discovered in SmartStoreNET before 4.0.1. It does not properly consider the need for a CustomModelPartAttribute decoration in certain ModelBase.CustomProperties situations. | ||||
| CVE-2020-27995 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.8 Critical |
| SQL Injection in Zoho ManageEngine Applications Manager 14 before 14560 allows an attacker to execute commands on the server via the MyPage.do template_resid parameter. | ||||
| CVE-2020-27994 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 6.5 Medium |
| SolarWinds Serv-U before 15.2.2 allows Authenticated Directory Traversal. | ||||
| CVE-2020-27993 | 1 Hrsale | 1 Hrsale | 2024-11-21 | 5.3 Medium |
| Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files. | ||||
| CVE-2020-27992 | 1 Wondershare | 1 Dr.fone | 2024-11-21 | 7.8 High |
| Dr.Fone 3.0.0 allows local users to gain privileges via a Trojan horse DriverInstall.exe because %PROGRAMFILES(X86)%\Wondershare\dr.fone\Library\DriverInstaller has Full Control for BUILTIN\Users. | ||||
| CVE-2020-27991 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field). | ||||
| CVE-2020-27990 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in the Deployment tool (add agent). | ||||
| CVE-2020-27989 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Dashboard Tools (Edit Dashboard). | ||||
| CVE-2020-27988 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| Nagios XI before 5.7.5 is vulnerable to XSS in Manage Users (Username field). | ||||
| CVE-2020-27986 | 1 Sonarsource | 1 Sonarqube | 2024-11-21 | 7.5 High |
| SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it. | ||||
| CVE-2020-27985 | 1 Securityonionsolutions | 1 Security Onion | 2024-11-21 | 7.8 High |
| Security Onion v2 prior to 2.3.10 has an incorrect sudo configuration, which allows the administrative user to obtain root access without using the sudo password by editing and executing /home/<user>/SecurityOnion/setup/so-setup. | ||||
| CVE-2020-27982 | 1 Icewarp | 1 Mail Server | 2024-11-21 | 6.1 Medium |
| IceWarp 11.4.5.0 allows XSS via the language parameter. | ||||
| CVE-2020-27980 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2024-11-21 | 5.4 Medium |
| Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users. | ||||