Export limit exceeded: 363345 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363345 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363345 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-20294 | 1 Cmswing | 1 Cmswing | 2024-11-21 | 9.8 Critical |
| An issue was found in CMSWing project version 1.3.8. Because the log function does not check the log parameter, malicious parameters can execute arbitrary commands. | ||||
| CVE-2020-20290 | 1 Yccms | 1 Yccms | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in the yccms 3.3 project. The delete, deletesite, and deleteAll functions' improper judgment of the request parameters, triggers a directory traversal vulnerability. | ||||
| CVE-2020-20289 | 1 Yccms | 1 Yccms | 2024-11-21 | 9.8 Critical |
| Sql injection vulnerability in the yccms 3.3 project. The no_top function's improper judgment of the request parameters, triggers a sql injection vulnerability. | ||||
| CVE-2020-20287 | 1 Yccms | 1 Yccms | 2024-11-21 | 9.8 Critical |
| Unrestricted file upload vulnerability in the yccms 3.3 project. The xhUp function's improper judgment of the request parameters, triggers remote code execution. | ||||
| CVE-2020-20285 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 5.4 Medium |
| There is a XSS in the user login page in zzcms 2019. Users can inject js code by the referer header via user/login.php | ||||
| CVE-2020-20277 | 1 Troglobit | 1 Uftpd | 2024-11-21 | 9.8 Critical |
| There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands in uftpd FTP server versions 2.7 to 2.10 due to improper implementation of a chroot jail in common.c's compose_abspath function that can be abused to read or write to arbitrary files on the filesystem, leak process memory, or potentially lead to remote code execution. | ||||
| CVE-2020-20276 | 1 Troglobit | 1 Uftpd | 2024-11-21 | 9.8 Critical |
| An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution. | ||||
| CVE-2020-20269 | 1 Caret | 1 Caret | 2024-11-21 | 9.8 Critical |
| A specially crafted Markdown document could cause the execution of malicious JavaScript code in Caret Editor before 4.0.0-rc22. | ||||
| CVE-2020-20267 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/resolver process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access. | ||||
| CVE-2020-20266 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/dot1x process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ||||
| CVE-2020-20265 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /ram/pckg/wireless/nova/bin/wireless process. An authenticated remote attacker can cause a Denial of Service due via a crafted packet. | ||||
| CVE-2020-20264 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) in the /ram/pckg/advanced-tools/nova/bin/netwatch process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. | ||||
| CVE-2020-20262 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | ||||
| CVE-2020-20254 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ||||
| CVE-2020-20253 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from a divison by zero vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service due to a divide by zero error. | ||||
| CVE-2020-20252 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ||||
| CVE-2020-20250 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before stable version 6.47 suffers from a memory corruption vulnerability in the /nova/bin/lcdstat process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). NOTE: this is different from CVE-2020-20253 and CVE-2020-20254. All four vulnerabilities in the /nova/bin/lcdstat process are discussed in the CVE-2020-20250 github.com/cq674350529 reference. | ||||
| CVE-2020-20249 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before stable 6.47 suffers from a memory corruption vulnerability in the resolver process. By sending a crafted packet, an authenticated remote attacker can cause a Denial of Service. | ||||
| CVE-2020-20248 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | ||||
| CVE-2020-20247 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.46.5 (stable tree) suffers from a memory corruption vulnerability in the /nova/bin/traceroute process. An authenticated remote attacker can cause a Denial of Service due via the loop counter variable. | ||||