Export limit exceeded: 364930 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364930 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15316 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account within the /opt/axess chroot directory tree. | ||||
| CVE-2020-15315 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account within the /opt/axess chroot directory tree. | ||||
| CVE-2020-15314 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded RSA SSH key for the root account. | ||||
| CVE-2020-15313 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded ECDSA SSH key for the root account. | ||||
| CVE-2020-15312 | 1 Zyxel | 1 Cloudcnm Secumanager | 2024-11-21 | 5.9 Medium |
| Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded DSA SSH key for the root account. | ||||
| CVE-2020-15309 | 1 Wolfssl | 1 Wolfssl | 2024-11-21 | 7.0 High |
| An issue was discovered in wolfSSL before 4.5.0, when single precision is not employed. Local attackers can conduct a cache-timing attack against public key operations. These attackers may already have obtained sensitive information if the affected system has been used for private key operations (e.g., signing with a private key). | ||||
| CVE-2020-15308 | 1 Turnkeylinux | 1 Support Incident Tracker | 2024-11-21 | 7.2 High |
| Support Incident Tracker (aka SiT! or SiTracker) 3.67 p2 allows post-authentication SQL injection via the site_edit.php typeid or site parameter, the search_incidents_advanced.php search_title parameter, or the report_qbe.php criteriafield parameter. | ||||
| CVE-2020-15307 | 1 Nozominetworks | 1 Guardian | 2024-11-21 | 6.1 Medium |
| Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. | ||||
| CVE-2020-15306 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in OpenEXR before v2.5.2. Invalid chunkCount attributes could cause a heap buffer overflow in getChunkOffsetTableSize() in IlmImf/ImfMisc.cpp. | ||||
| CVE-2020-15305 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.5 Medium |
| An issue was discovered in OpenEXR before 2.5.2. Invalid input could cause a use-after-free in DeepScanLineInputFile::DeepScanLineInputFile() in IlmImf/ImfDeepScanLineInputFile.cpp. | ||||
| CVE-2020-15304 | 3 Fedoraproject, Openexr, Opensuse | 3 Fedora, Openexr, Leap | 2024-11-21 | 5.5 Medium |
| An issue was discovered in OpenEXR before 2.5.2. An invalid tiled input file could cause invalid memory access in TiledInputFile::TiledInputFile() in IlmImf/ImfTiledInputFile.cpp, as demonstrated by a NULL pointer dereference. | ||||
| CVE-2020-15303 | 1 Infoblox | 1 Nios | 2024-11-21 | 6.5 Medium |
| Infoblox NIOS before 8.5.2 allows entity expansion during an XML upload operation, a related issue to CVE-2003-1564. | ||||
| CVE-2020-15302 | 1 Argent | 1 Recoverymanager | 2024-11-21 | 7.5 High |
| In Argent RecoveryManager before 0xdc350d09f71c48c5D22fBE2741e4d6A03970E192, the executeRecovery function does not require any signatures in the zero-guardian case, which allows attackers to cause a denial of service (locking) or a takeover. | ||||
| CVE-2020-15301 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 7.8 High |
| SuiteCRM through 7.11.13 allows CSV Injection via registration fields in the Accounts, Contacts, Opportunities, and Leads modules. These fields are mishandled during a Download Import File Template operation. | ||||
| CVE-2020-15300 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.1 Medium |
| SuiteCRM through 7.11.13 has an Open Redirect in the Documents module via a crafted SVG document. | ||||
| CVE-2020-15299 | 1 King-theme | 1 Kingcomposer | 2024-11-21 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) Vulnerability in the KingComposer plugin through 2.9.4 for WordPress allows remote attackers to trick a victim into submitting an install_online_preset AJAX request containing base64-encoded JavaScript (in the kc-online-preset-data POST parameter) that is executed in the victim's browser. | ||||
| CVE-2020-15297 | 1 Bitdefender | 1 Update Server | 2024-11-21 | 7.1 High |
| Insufficient validation in the Bitdefender Update Server and BEST Relay components of Bitdefender Endpoint Security Tools versions prior to 6.6.20.294 allows an unprivileged attacker to bypass the in-place mitigations and interact with hosts on the network. This issue affects: Bitdefender Update Server versions prior to 6.6.20.294. | ||||
| CVE-2020-15294 | 1 Bitdefender | 1 Hypervisor Introspection | 2024-11-21 | 7.8 High |
| Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2. | ||||
| CVE-2020-15293 | 1 Bitdefender | 1 Hypervisor Introspection | 2024-11-21 | 6.1 Medium |
| Memory corruption in IntLixCrashDumpDmesg, IntLixTaskFetchCmdLine, IntLixFileReadDentry and IntLixFileGetPath due to insufficient guest-data input validation may lead to denial of service conditions. | ||||
| CVE-2020-15292 | 1 Bitdefender | 1 Hypervisor Introspection | 2024-11-21 | 5.5 Medium |
| Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations. | ||||