Export limit exceeded: 363345 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363345 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21676 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 5.5 Medium |
| A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | ||||
| CVE-2020-21675 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 5.5 Medium |
| A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | ||||
| CVE-2020-21674 | 1 Libarchive | 1 Libarchive | 2024-11-21 | 6.5 Medium |
| Heap-based buffer overflow in archive_string_append_from_wcs() (archive_string.c) in libarchive-3.4.1dev allows remote attackers to cause a denial of service (out-of-bounds write in heap memory resulting into a crash) via a crafted archive file. NOTE: this only affects users who downloaded the development code from GitHub. Users of the product's official releases are unaffected. | ||||
| CVE-2020-21667 | 1 Fastadmin-tp6 Project | 1 Fastadmin-tp6 | 2024-11-21 | 7.2 High |
| In fastadmin-tp6 v1.0, in the file app/admin/controller/Ajax.php the 'table' parameter passed is not filtered so a malicious parameter can be passed for SQL injection. | ||||
| CVE-2020-21665 | 1 Fastadmin | 1 Fastadmin | 2024-11-21 | 7.2 High |
| In fastadmin V1.0.0.20191212_beta, when a user with administrator rights has logged in, a malicious parameter can be passed for SQL injection in URL /admin/ajax/weigh. | ||||
| CVE-2020-21662 | 1 Yunyecms | 1 Yunyecms | 2024-11-21 | 9.8 Critical |
| SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF. | ||||
| CVE-2020-21658 | 1 Wdja | 1 Wdja Cms | 2024-11-21 | 6.5 Medium |
| A Cross-Site Request Forgery (CSRF) in WDJA CMS v1.5.2 allows attackers to arbitrarily add administrator accounts via a crafted URL. | ||||
| CVE-2020-21656 | 1 Xyhcms | 1 Xyhcms | 2024-11-21 | 5.4 Medium |
| XYHCMS v3.6 contains a stored cross-site scripting (XSS) vulnerability in the component xyhai.php?s=/Link/index. | ||||
| CVE-2020-21654 | 1 Emlog | 1 Emlog | 2024-11-21 | 7.2 High |
| emlog v6.0 contains a vulnerability in the component admin\template.php, which allows attackers to getshell via a crafted Zip file. | ||||
| CVE-2020-21653 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.1 Critical |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sj() method. | ||||
| CVE-2020-21652 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the addqq() method. | ||||
| CVE-2020-21651 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 9.8 Critical |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\point.php, which can be exploited via the add() method. | ||||
| CVE-2020-21650 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.8 High |
| Myucms v2.2.1 contains a remote code execution (RCE) vulnerability in the component \controller\Config.php, which can be exploited via the add() method. | ||||
| CVE-2020-21649 | 1 Myucms Project | 1 Myucms | 2024-11-21 | 8.1 High |
| Myucms v2.2.1 contains a server-side request forgery (SSRF) in the component \controller\index.php, which can be exploited via the sql() method. | ||||
| CVE-2020-21648 | 1 Wdja | 1 Wdja Cms | 2024-11-21 | 9.1 Critical |
| WDJA CMS v1.5.2 contains an arbitrary file deletion vulnerability in the component admin/cache/manage.php. | ||||
| CVE-2020-21642 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-11-21 | 9.8 Critical |
| Directory Traversal vulnerability ZDBQAREFSUBDIR parameter in /zropusermgmt API in Zoho ManageEngine Analytics Plus before 4350 allows remote attackers to run arbitrary code. | ||||
| CVE-2020-21641 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-11-21 | 7.5 High |
| Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | ||||
| CVE-2020-21639 | 1 Ruijie | 2 Rg-uac 6000-e50, Rg-uac 6000-e50 Firmware | 2024-11-21 | 6.1 Medium |
| Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting (XSS) vulnerability via the rule_name parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2020-21627 | 1 Ruijie | 2 Rg-uac, Rg-uac Firmware | 2024-11-21 | 7.5 High |
| Ruijie RG-UAC commit 9071227 was discovered to contain a vulnerability in the component /current_action.php?action=reboot, which allows attackers to cause a denial of service (DoS) via unspecified vectors. | ||||
| CVE-2020-21606 | 1 Struktur | 1 Libde265 | 2024-11-21 | 6.5 Medium |
| libde265 v1.0.4 contains a heap buffer overflow fault in the put_epel_16_fallback function, which can be exploited via a crafted a file. | ||||