Export limit exceeded: 363643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363643 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363643 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26582 | 1 Dlink | 2 Dap-1360u, Dap-1360u Firmware | 2024-11-21 | 8.8 High |
| D-Link DAP-1360U before 3.0.1 devices allow remote authenticated users to execute arbitrary commands via shell metacharacters in the IP JSON value for ping (aka res_config_action=3&res_config_id=18). | ||||
| CVE-2020-26575 | 4 Debian, Fedoraproject, Oracle and 1 more | 5 Debian Linux, Fedora, Zfs Storage Appliance and 2 more | 2024-11-21 | 7.5 High |
| In Wireshark through 3.2.7, the Facebook Zero Protocol (aka FBZERO) dissector could enter an infinite loop. This was addressed in epan/dissectors/packet-fbzero.c by correcting the implementation of offset advancement. | ||||
| CVE-2020-26574 | 1 Leostream | 1 Connection Broker | 2024-11-21 | 9.6 Critical |
| Leostream Connection Broker 8.2.x is affected by stored XSS. An unauthenticated attacker can inject arbitrary JavaScript code via the webquery.pl User-Agent HTTP header. It is rendered by the admins the next time they log in. The JavaScript injected can be used to force the admin to upload a malicious Perl script that will be executed as root via libMisc::browser_client. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-26572 | 4 Debian, Fedoraproject, Opensc Project and 1 more | 4 Debian Linux, Fedora, Opensc and 1 more | 2024-11-21 | 5.5 Medium |
| The TCOS smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in tcos_decipher. | ||||
| CVE-2020-26571 | 4 Debian, Fedoraproject, Opensc Project and 1 more | 4 Debian Linux, Fedora, Opensc and 1 more | 2024-11-21 | 5.5 Medium |
| The gemsafe GPK smart card software driver in OpenSC before 0.21.0-rc1 has a stack-based buffer overflow in sc_pkcs15emu_gemsafeGPK_init. | ||||
| CVE-2020-26570 | 4 Debian, Fedoraproject, Opensc Project and 1 more | 4 Debian Linux, Fedora, Opensc and 1 more | 2024-11-21 | 5.5 Medium |
| The Oberthur smart card software driver in OpenSC before 0.21.0-rc1 has a heap-based buffer overflow in sc_oberthur_read_file. | ||||
| CVE-2020-26569 | 1 Arista | 47 7010t-48, 7050cx3-32s, 7050cx3m-32s and 44 more | 2024-11-21 | 5.9 Medium |
| In EVPN VxLAN setups in Arista EOS, specific malformed packets can lead to incorrect MAC to IP bindings and as a result packets can be incorrectly forwarded across VLAN boundaries. This can result in traffic being discarded on the receiving VLAN. This affects versions: 4.21.12M and below releases in the 4.21.x train; 4.22.7M and below releases in the 4.22.x train; 4.23.5M and below releases in the 4.23.x train; 4.24.2F and below releases in the 4.24.x train. | ||||
| CVE-2020-26567 | 1 Dlink | 2 Dsr-250n, Dsr-250n Firmware | 2024-11-21 | 5.5 Medium |
| An issue was discovered on D-Link DSR-250N before 3.17B devices. The CGI script upgradeStatusReboot.cgi can be accessed without authentication. Any access reboots the device, rendering it therefore unusable for several minutes. | ||||
| CVE-2020-26566 | 1 Motion Project | 1 Motion | 2024-11-21 | 7.5 High |
| A Denial of Service condition in Motion-Project Motion 3.2 through 4.3.1 allows remote unauthenticated users to cause a webu.c segmentation fault and kill the main process via a crafted HTTP request. | ||||
| CVE-2020-26565 | 1 Objectplanet | 1 Opinio | 2024-11-21 | 7.5 High |
| ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data. | ||||
| CVE-2020-26564 | 1 Objectplanet | 1 Opinio | 2024-11-21 | 6.5 Medium |
| ObjectPlanet Opinio before 7.15 allows XXE attacks via three steps: modify a .css file to have <!ENTITY content, create a .xml file for a generic survey template (containing a link to this .css file), and import this .xml file at the survey/admin/folderSurvey.do?action=viewImportSurvey['importFile'] URI. The XXE can then be triggered at a admin/preview.do?action=previewSurvey&surveyId= URI. | ||||
| CVE-2020-26563 | 1 Objectplanet | 1 Opinio | 2024-11-21 | 6.1 Medium |
| ObjectPlanet Opinio before 7.14 allows reflected XSS via the survey/admin/surveyAdmin.do?action=viewSurveyAdmin query string. (There is also stored XSS if input to survey/admin/*.do is accepted from untrusted users.) | ||||
| CVE-2020-26561 | 1 Belkin | 2 Linksys Wrt 160nl, Linksys Wrt 160nl Firmware | 2024-11-21 | 8.8 High |
| Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-26556 | 1 Bluetooth | 2 Bluetooth Core Specification, Mesh Profile | 2024-11-21 | 7.5 High |
| Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to conduct a successful brute-force attack on an insufficiently random AuthValue before the provisioning procedure times out, to complete authentication by leveraging Malleable Commitment. | ||||
| CVE-2020-26554 | 1 Reddoxx | 1 Maildepot | 2024-11-21 | 6.1 Medium |
| REDDOXX MailDepot 2033 (aka 2.3.3022) allows XSS via an incoming HTML e-mail message. | ||||
| CVE-2020-26553 | 1 Aviatrix | 1 Controller | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Aviatrix Controller before R6.0.2483. Several APIs contain functions that allow arbitrary files to be uploaded to the web tree. | ||||
| CVE-2020-26552 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| An issue was discovered in Aviatrix Controller before R6.0.2483. Multiple executable files, that implement API endpoints, do not require a valid session ID for access. | ||||
| CVE-2020-26551 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| An issue was discovered in Aviatrix Controller before R5.3.1151. Encrypted key values are stored in a readable file. | ||||
| CVE-2020-26550 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| An issue was discovered in Aviatrix Controller before R5.3.1151. An encrypted file containing credentials to unrelated systems is protected by a three-character key. | ||||
| CVE-2020-26549 | 1 Aviatrix | 1 Controller | 2024-11-21 | 7.5 High |
| An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection mechanism to prevent requests to directories can be bypassed for file downloading. | ||||