Export limit exceeded: 364883 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15059 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-11-21 | 8.8 High |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | ||||
| CVE-2020-15058 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-11-21 | 8.8 High |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-15057 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 6.5 Medium |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | ||||
| CVE-2020-15056 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 4.3 Medium |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | ||||
| CVE-2020-15055 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 8.8 High |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | ||||
| CVE-2020-15054 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 8.8 High |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-15053 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects. | ||||
| CVE-2020-15052 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 7.5 High |
| An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields. | ||||
| CVE-2020-15051 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Artica Proxy before 4.30.000000. Stored XSS exists via the Server Domain Name, Your Email Address, Group Name, MYSQL Server, Database, MYSQL Username, Group Name, and Task Description fields. | ||||
| CVE-2020-15050 | 1 Supremainc | 1 Biostar 2 | 2024-11-21 | 7.5 High |
| An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal. | ||||
| CVE-2020-15049 | 3 Fedoraproject, Redhat, Squid-cache | 3 Fedora, Enterprise Linux, Squid | 2024-11-21 | 9.9 Critical |
| An issue was discovered in http/ContentLengthInterpreter.cc in Squid before 4.12 and 5.x before 5.0.3. A Request Smuggling and Poisoning attack can succeed against the HTTP cache. The client sends an HTTP request with a Content-Length header containing "+\ "-" or an uncommon shell whitespace character prefix to the length field-value. | ||||
| CVE-2020-15047 | 1 Trojita Project | 1 Trojita | 2024-11-21 | 5.9 Medium |
| MSA/SMTP.cpp in Trojita before 0.8 ignores certificate-verification errors, which allows man-in-the-middle attackers to spoof SMTP servers. | ||||
| CVE-2020-15046 | 1 Supermicro | 3 X10drh-it, X10drh-it Bios, X10drh-it Firmware | 2024-11-21 | 8.8 High |
| The web interface on Supermicro X10DRH-iT motherboards with BIOS 2.0a and IPMI firmware 03.40 allows remote attackers to exploit a cgi/config_user.cgi CSRF issue to add new admin users. The fixed versions are BIOS 3.2 and firmware 03.88. | ||||
| CVE-2020-15043 | 1 Iball | 2 Wrb303n, Wrb303n Firmware | 2024-11-21 | 6.5 Medium |
| iBall WRB303N devices allow CSRF attacks, as demonstrated by enabling remote management, enabling DHCP, or modifying the subnet range for IP addresses. | ||||
| CVE-2020-15041 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 4.8 Medium |
| PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. | ||||
| CVE-2020-15038 | 1 Seedprod | 1 Coming Soon Page\, Under Construction \& Maintenance Mode | 2024-11-21 | 5.4 Medium |
| The SeedProd coming-soon plugin before 5.1.1 for WordPress allows XSS. | ||||
| CVE-2020-15037 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter. | ||||
| CVE-2020-15036 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter. | ||||
| CVE-2020-15035 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter. | ||||
| CVE-2020-15034 | 1 Nedi | 1 Nedi | 2024-11-21 | 5.4 Medium |
| NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter. | ||||