Export limit exceeded: 341342 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (77069 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28885 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 7.2 High |
| Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject commands through the Gogo Shell module to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to access and execute commands in Gogo Shell and therefore not a design fla | ||||
| CVE-2020-28884 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 7.2 High |
| Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An administrator user can inject Groovy script to execute any OS command on the Liferay Portal Sever. NOTE: The developer disputes this as a vulnerability since it is a feature for administrators to run groovy scripts and therefore not a design flaw. | ||||
| CVE-2020-28874 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 7.5 High |
| reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because of incorrect business logic. Errors are not properly considered (an invalid token parameter). | ||||
| CVE-2020-28873 | 1 Fluxbb | 1 Fluxbb | 2024-11-21 | 7.5 High |
| Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long password via the user login form. When a long password is sent, the password hashing process will result in CPU and memory exhaustion on the server. | ||||
| CVE-2020-28865 | 1 Powerjob | 1 Powerjob | 2024-11-21 | 7.5 High |
| An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwords via the id parameter to /appinfo/save. | ||||
| CVE-2020-28860 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 8.8 High |
| OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection. | ||||
| CVE-2020-28858 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 8.8 High |
| OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions. | ||||
| CVE-2020-28856 | 1 Openasset | 1 Digital Asset Management | 2024-11-21 | 7.5 High |
| OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls. | ||||
| CVE-2020-28852 | 2 Golang, Redhat | 5 Text, Acm, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28851 | 2 Golang, Redhat | 5 Go, Acm, Enterprise Linux and 2 more | 2024-11-21 | 7.5 High |
| In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.) | ||||
| CVE-2020-28848 | 1 Churchcrm | 1 Churchcrm | 2024-11-21 | 8.8 High |
| CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file. | ||||
| CVE-2020-28845 | 1 Netskope | 1 Netskope | 2024-11-21 | 7.8 High |
| A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. | ||||
| CVE-2020-28840 | 1 Matthiaswandel | 1 Jhead | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). | ||||
| CVE-2020-28736 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role). | ||||
| CVE-2020-28735 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role). | ||||
| CVE-2020-28734 | 1 Plone | 1 Plone | 2024-11-21 | 8.8 High |
| Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role. | ||||
| CVE-2020-28723 | 1 Cloudavid | 1 Pparam | 2024-11-21 | 7.5 High |
| Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. | ||||
| CVE-2020-28702 | 1 Pybbs Project | 1 Pybbs | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensitive database information. | ||||
| CVE-2020-28695 | 1 Askey | 2 Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7, Rtf3505vw-n1 Br Sv G000 R3505vwn1001 S32 7 Firmware | 2024-11-21 | 8.8 High |
| Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution and retrieval of admin credentials to log into the Dashboard or login via SSH, leading to code execution as root. | ||||
| CVE-2020-28693 | 1 Horizontcms Project | 1 Horizontcms | 2024-11-21 | 8.8 High |
| An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP GET request to /themes/<php_file_name> | ||||