Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24614 | 3 Fedoraproject, Fossil-scm, Opensuse | 4 Fedora, Fossil, Backports Sle and 1 more | 2024-11-21 | 8.8 High |
| Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated users to execute arbitrary code. An attacker must have check-in privileges on the repository. | ||||
| CVE-2020-24613 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 6.8 Medium |
| wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls13MsgReceived() in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers, and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers. | ||||
| CVE-2020-24612 | 1 Fedoraproject | 1 Selinux-policy | 2024-11-21 | 6.7 Medium |
| An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA. | ||||
| CVE-2020-24609 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 6.1 Medium |
| TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an attacker injecting the XSS payload in the User Registration section and each time the admin visits the manage user section from the admin panel, the XSS triggers and the attacker can steal the cookie via crafted payload. | ||||
| CVE-2020-24606 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 8.6 High |
| Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. | ||||
| CVE-2020-24604 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 6.1 Medium |
| A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vulnerability allows remote attackers to inject arbitrary web script or HTML via the GET request "searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in server-properties.jsp and security-audit-viewer.jsp | ||||
| CVE-2020-24602 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 6.1 Medium |
| Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page | ||||
| CVE-2020-24601 | 1 Igniterealtime | 1 Openfire | 2024-11-21 | 6.1 Medium |
| In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page | ||||
| CVE-2020-24599 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks. | ||||
| CVE-2020-24598 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect. | ||||
| CVE-2020-24595 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 5.3 Medium |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control. | ||||
| CVE-2020-24594 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 9.6 Critical |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | ||||
| CVE-2020-24593 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 7.2 High |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. | ||||
| CVE-2020-24592 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 5.3 Medium |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization. | ||||
| CVE-2020-24591 | 1 Wso2 | 5 Api Manager, Api Manager Analytics, Api Microgateway and 2 more | 2024-11-21 | 6.5 Medium |
| The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0. | ||||
| CVE-2020-24590 | 1 Wso2 | 2 Api Manager, Api Microgateway | 2024-11-21 | 9.1 Critical |
| The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks. | ||||
| CVE-2020-24589 | 1 Wso2 | 2 Api Manager, Api Microgateway | 2024-11-21 | 9.1 Critical |
| The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks. | ||||
| CVE-2020-24587 | 7 Arista, Cisco, Debian and 4 more | 333 C-100, C-100 Firmware, C-110 and 330 more | 2024-11-21 | 2.6 Low |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed. | ||||
| CVE-2020-24586 | 6 Arista, Debian, Ieee and 3 more | 45 C-200, C-200 Firmware, C-230 and 42 more | 2024-11-21 | 3.5 Low |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data. | ||||
| CVE-2020-24585 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 5.3 Medium |
| An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application. | ||||