Export limit exceeded: 363315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363315 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363315 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-24602 1 Igniterealtime 1 Openfire 2024-11-21 6.1 Medium
Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an attacker to execute arbitrary malicious URL via the vulnerable GET parameter searchName", "searchValue", "searchDescription", "searchDefaultValue","searchPlugin", "searchDescription" and "searchDynamic" in the Server Properties and Security Audit Viewer JSP page
CVE-2020-24601 1 Igniterealtime 1 Openfire 2024-11-21 6.1 Medium
In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an arbitrary malicious URL via the vulnerable POST parameter searchName", "alias" in the import certificate trusted page
CVE-2020-24599 1 Joomla 1 Joomla\! 2024-11-21 6.1 Medium
An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS attacks.
CVE-2020-24598 1 Joomla 1 Joomla\! 2024-11-21 6.1 Medium
An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of com_content leads to an open redirect.
CVE-2020-24595 1 Mitel 1 Micloud Management Portal 2024-11-21 5.3 Medium
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to retrieve sensitive information due to insufficient access control.
CVE-2020-24594 1 Mitel 1 Micloud Management Portal 2024-11-21 9.6 Critical
Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
CVE-2020-24593 1 Mitel 1 Micloud Management Portal 2024-11-21 7.2 High
Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation.
CVE-2020-24592 1 Mitel 1 Micloud Management Portal 2024-11-21 5.3 Medium
Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request, to view system information due to insufficient output sanitization.
CVE-2020-24591 1 Wso2 5 Api Manager, Api Manager Analytics, Api Microgateway and 2 more 2024-11-21 6.5 Medium
The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. This affects API Manager through 3.0.0, API Manager Analytics 2.2.0 and 2.5.0, API Microgateway 2.2.0, Enterprise Integrator 6.2.0 and 6.3.0, and Identity Server Analytics through 5.6.0.
CVE-2020-24590 1 Wso2 2 Api Manager, Api Microgateway 2024-11-21 9.1 Critical
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entity Expansion attacks.
CVE-2020-24589 1 Wso2 2 Api Manager, Api Microgateway 2024-11-21 9.1 Critical
The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML External Entity injection (XXE) attacks.
CVE-2020-24587 7 Arista, Cisco, Debian and 4 more 333 C-100, C-100 Firmware, C-110 and 330 more 2024-11-21 2.6 Low
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.
CVE-2020-24586 6 Arista, Debian, Ieee and 3 more 45 C-200, C-200 Firmware, C-230 and 42 more 2024-11-21 3.5 Low
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.
CVE-2020-24585 1 Wolfssl 1 Wolfssl 2024-11-21 5.3 Medium
An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS application_data messages in epoch 0 do not produce an out-of-order error. Instead, these messages are returned to the application.
CVE-2020-24584 4 Canonical, Djangoproject, Fedoraproject and 1 more 4 Ubuntu Linux, Django, Fedora and 1 more 2024-11-21 7.5 High
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). The intermediate-level directories of the filesystem cache had the system's standard umask rather than 0o077.
CVE-2020-24583 4 Canonical, Djangoproject, Fedoraproject and 1 more 4 Ubuntu Linux, Django, Fedora and 1 more 2024-11-21 7.5 High
An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when Python 3.7+ is used). FILE_UPLOAD_DIRECTORY_PERMISSIONS mode was not applied to intermediate-level directories created in the process of uploading files. It was also not applied to intermediate-level collected static directories when using the collectstatic management command.
CVE-2020-24582 1 Zulipchat 1 Zulip Desktop 2024-11-21 6.1 Medium
Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of the HTML for the user interface.
CVE-2020-24581 1 Dlink 2 Dsl2888a, Dsl2888a Firmware 2024-11-21 8.0 High
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands.
CVE-2020-24580 1 Dlink 2 Dsl2888a, Dsl2888a Firmware 2024-11-21 7.5 High
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack of authentication functionality allows an attacker to assign a static IP address that was once used by a valid user.
CVE-2020-24579 1 Dlink 2 Dsl2888a, Dsl2888a Firmware 2024-11-21 8.8 High
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An unauthenticated attacker could bypass authentication to access authenticated pages and functionality.