Export limit exceeded: 74763 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74763 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23545 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531. | ||||
| CVE-2020-23539 | 1 Realtek | 2 Rtl8723de, Rtl8723de Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message. | ||||
| CVE-2020-23533 | 1 Unionpayintl | 1 Union Pay | 2024-11-21 | 7.5 High |
| Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. | ||||
| CVE-2020-23520 | 1 Txjia | 1 Imcat | 2024-11-21 | 7.2 High |
| imcat 5.2 allows an authenticated file upload and consequently remote code execution via the picture functionality. | ||||
| CVE-2020-23490 | 1 Wwbn | 1 Avideo | 2024-11-21 | 7.5 High |
| There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file. | ||||
| CVE-2020-23489 | 1 Wwbn | 1 Avideo | 2024-11-21 | 8.8 High |
| The import.json.php file before 8.9 for Avideo is vulnerable to a File Deletion vulnerability. This allows the deletion of configuration.php, which leads to certain privilege checks not being in place, and therefore a user can escalate privileges to admin. | ||||
| CVE-2020-23478 | 1 Leoeditor | 1 Leo | 2024-11-21 | 7.5 High |
| Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | ||||
| CVE-2020-23469 | 1 Gmate Project | 1 Gmate | 2024-11-21 | 7.5 High |
| gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. | ||||
| CVE-2020-23451 | 1 Spiceworks | 1 Spiceworks | 2024-11-21 | 8.8 High |
| Spiceworks Version <= 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function. | ||||
| CVE-2020-23449 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 High |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID. | ||||
| CVE-2020-23356 | 1 Nibbleblog | 1 Nibbleblog | 2024-11-21 | 7.5 High |
| dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-23355 | 1 Codiad | 1 Codiad | 2024-11-21 | 7.5 High |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate. | ||||
| CVE-2020-23352 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 7.5 High |
| Z-BlogPHP 1.6.0 Valyria is affected by incorrect access control. PHP loose comparison and a magic hash can be used to bypass authentication. zb_user/plugin/passwordvisit/include.php:passwordvisit_input_password() uses loose comparison to authenticate, which can be bypassed via magic hash values. | ||||
| CVE-2020-23349 | 1 Weibo | 1 Android Software Development Kit | 2024-11-21 | 7.5 High |
| An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk.share.WbShareTransActivity), any unexported Activities could be started by the com.sina.weibo.sdk.share.WbShareTransActivity. | ||||
| CVE-2020-23342 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 8.8 High |
| A CSRF vulnerability exists in Anchor CMS 0.12.7 anchor/views/users/edit.php that can change the Delete admin users. | ||||
| CVE-2020-23334 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| A WRITE memory access in the AP4_NullTerminatedStringAtom::AP4_NullTerminatedStringAtom component of Bento4 version 06c39d9 can lead to a segmentation fault. | ||||
| CVE-2020-23333 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS). | ||||
| CVE-2020-23332 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS). | ||||
| CVE-2020-23331 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_DescriptorListWriter::Action component located in /Core/Ap4Descriptor.h. It allows an attacker to cause a denial of service (DOS). | ||||
| CVE-2020-23330 | 1 Axiosys | 1 Bento4 | 2024-11-21 | 7.5 High |
| An issue was discovered in Bento4 version 06c39d9. A NULL pointer dereference exists in the AP4_Stz2Atom::GetSampleSize component located in /Core/Ap4Stz2Atom.cpp. It allows an attacker to cause a denial of service (DOS). | ||||