Export limit exceeded: 363500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363500 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25286 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 5.3 Medium |
| In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could sometimes be seen in the latest comments even if the post or page was not public. | ||||
| CVE-2020-25285 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 6.4 Medium |
| A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812. | ||||
| CVE-2020-25284 | 4 Debian, Linux, Opensuse and 1 more | 4 Debian Linux, Linux Kernel, Leap and 1 more | 2024-11-21 | 4.1 Medium |
| The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe. | ||||
| CVE-2020-25283 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020). | ||||
| CVE-2020-25282 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for the LG Universal Integrated Circuit Card) allows attackers to bypass intended access restrictions on property values. The LG ID is LVE-SMP-200020 (September 2020). | ||||
| CVE-2020-25281 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. Applications with sensitive security settings (such as the package verifier application) mishandle unknown-source installations. The LG ID is LVE-SMP-190002 (September 2020). | ||||
| CVE-2020-25280 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020). | ||||
| CVE-2020-25279 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020). | ||||
| CVE-2020-25278 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung IDs are SVE-2020-18088, SVE-2020-18225, SVE-2020-18301 (September 2020). | ||||
| CVE-2020-25276 | 1 Primekey | 1 Ejbca | 2024-11-21 | 7.3 High |
| An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate to enroll over the EST protocol, no revocation check is performed on that certificate. This vulnerability can only affect a system that has EST configured, uses client certificates to authenticate enrollment, and has had such a certificate revoked. This certificate needs to belong to a role that is authorized to enroll new end entities. (To completely mitigate this problem prior to upgrade, remove any revoked client certificates from their respective roles.) | ||||
| CVE-2020-25275 | 4 Debian, Dovecot, Fedoraproject and 1 more | 4 Debian Linux, Dovecot, Fedora and 1 more | 2024-11-21 | 7.5 High |
| Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an application crash via a crafted email message with certain choices for ten thousand MIME parts. | ||||
| CVE-2020-25273 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 9.8 Critical |
| In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. | ||||
| CVE-2020-25272 | 1 Online Bus Booking System Project | 1 Online Bus Booking System | 2024-11-21 | 6.1 Medium |
| In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. | ||||
| CVE-2020-25271 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 5.4 Medium |
| PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/search.php, book-appointment.php, doctor/appointment-history.php, or admin/appointment-history.php. | ||||
| CVE-2020-25270 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 5.4 Medium |
| PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Contact no, Address, or City. | ||||
| CVE-2020-25269 | 2 Debian, Inspircd | 2 Debian Linux, Inspircd | 2024-11-21 | 6.5 Medium |
| An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules, this vulnerability can be used for remote crashing of an InspIRCd server by any user able to connect to a server. | ||||
| CVE-2020-25268 | 1 Ilias | 1 Ilias | 2024-11-21 | 8.8 High |
| Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. | ||||
| CVE-2020-25267 | 1 Ilias | 1 Ilias | 2024-11-21 | 5.4 Medium |
| An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. | ||||
| CVE-2020-25266 | 1 Appimage | 1 Appimaged | 2024-11-21 | 5.5 Medium |
| AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimage. For example, it will accept a crafted mp3 file that contains an appimage, and install it. | ||||
| CVE-2020-25265 | 1 Appimage | 1 Libappimage | 2024-11-21 | 6.5 Medium |
| AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .desktop file by providing a .desktop file that contains Name= with path components. | ||||