Export limit exceeded: 364918 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364918 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15078 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 7.5 High |
| OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | ||||
| CVE-2020-15077 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 5.3 Medium |
| OpenVPN Access Server 2.8.7 and earlier versions allows a remote attackers to bypass authentication and access control channel data on servers configured with deferred authentication, which can be used to potentially trigger further information leaks. | ||||
| CVE-2020-15076 | 1 Openvpn | 1 Private Tunnel | 2024-11-21 | 7.8 High |
| Private Tunnel installer for macOS version 3.0.1 and older versions may corrupt system critical files it should not have access via symlinks in /tmp. | ||||
| CVE-2020-15075 | 1 Openvpn | 1 Connect | 2024-11-21 | 7.1 High |
| OpenVPN Connect installer for macOS version 3.2.6 and older may corrupt system critical files it should not have access via symlinks in /tmp. | ||||
| CVE-2020-15074 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 7.5 High |
| OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial token expiry timestamp. | ||||
| CVE-2020-15073 | 1 Phplist | 1 Phplist | 2024-11-21 | 5.4 Medium |
| An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists section. | ||||
| CVE-2020-15072 | 1 Phplist | 1 Phplist | 2024-11-21 | 8.8 High |
| An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section. | ||||
| CVE-2020-15071 | 1 Getsymphony | 1 Symphony | 2024-11-21 | 6.1 Medium |
| content/content.blueprintsevents.php in Symphony CMS 3.0.0 allows XSS via fields['name'] to appendSubheading. | ||||
| CVE-2020-15070 | 1 Zulip | 1 Zulip Server | 2024-11-21 | 8.8 High |
| Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. | ||||
| CVE-2020-15065 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2024-11-21 | 6.5 Medium |
| DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to denial-of-service the device via long input values. | ||||
| CVE-2020-15064 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2024-11-21 | 4.3 Medium |
| DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | ||||
| CVE-2020-15063 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2024-11-21 | 8.8 High |
| DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | ||||
| CVE-2020-15062 | 1 Digitus | 2 Da-70254, Da-70254 Firmware | 2024-11-21 | 8.8 High |
| DIGITUS DA-70254 4-Port Gigabit Network Hub 2.073.000.E0008 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-15061 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-11-21 | 6.5 Medium |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to denial-of-service the device via long input values. | ||||
| CVE-2020-15060 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-11-21 | 4.3 Medium |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | ||||
| CVE-2020-15059 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-11-21 | 8.8 High |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | ||||
| CVE-2020-15058 | 1 Lindy-international | 2 42633, 42633 Firmware | 2024-11-21 | 8.8 High |
| Lindy 42633 4-Port USB 2.0 Gigabit Network Server 2.078.000 devices allow an attacker on the same network to elevate privileges because the administrative password can be discovered by sniffing unencrypted UDP traffic. | ||||
| CVE-2020-15057 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 6.5 Medium |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to denial-of-service the device via long input values. | ||||
| CVE-2020-15056 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 4.3 Medium |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to conduct persistent XSS attacks by leveraging administrative privileges to set a crafted server name. | ||||
| CVE-2020-15055 | 1 Tp-link | 2 Tl-ps310u, Tl-ps310u Firmware | 2024-11-21 | 8.8 High |
| TP-Link USB Network Server TL-PS310U devices before 2.079.000.t0210 allow an attacker on the same network to bypass authentication via a web-administration request that lacks a password parameter. | ||||