Export limit exceeded: 74739 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74739 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-22784 | 1 Etherpad | 1 Ueberdb | 2024-11-21 | 7.5 High |
| In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing access controls enforced on key names. | ||||
| CVE-2020-22782 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 High |
| Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance. | ||||
| CVE-2020-22781 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 High |
| In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). | ||||
| CVE-2020-22761 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | ||||
| CVE-2020-22741 | 1 Baidu | 1 Xuperchain | 2024-11-21 | 7.5 High |
| An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. | ||||
| CVE-2020-22722 | 2 Microsoft, Rapidscada | 2 Windows, Rapid Scada | 2024-11-21 | 7.8 High |
| Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\SYSTEM by giving the attacker full system access to the remote PC. | ||||
| CVE-2020-22721 | 1 Pnotes.net Project | 1 Pnotes.net | 2024-11-21 | 7.8 High |
| A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous " External Programs by uploading the malicious .exe file to the external program. | ||||
| CVE-2020-22650 | 1 Att | 1 Alienvault Ossim | 2024-11-21 | 7.5 High |
| A memory leak vulnerability in sim-organizer.c of AlienVault Ossim v5 causes a denial of service (DOS) via a system crash triggered by the occurrence of a large number of alarm events. | ||||
| CVE-2020-22643 | 1 Feehi | 1 Feehi Cms | 2024-11-21 | 7.2 High |
| Feehi CMS 2.1.0 is affected by an arbitrary file upload vulnerability, potentially resulting in remote code execution. After an administrator logs in, open the administrator image upload page to potentially upload malicious files. | ||||
| CVE-2020-22623 | 1 Insightsoftware | 1 Jreport | 2024-11-21 | 7.5 High |
| Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information. | ||||
| CVE-2020-22570 | 1 Memcached | 1 Memcached | 2024-11-21 | 7.5 High |
| Memcached 1.6.0 before 1.6.3 allows remote attackers to cause a denial of service (daemon crash) via a crafted meta command. | ||||
| CVE-2020-22552 | 1 Snap7 Project | 1 Snap7 | 2024-11-21 | 7.5 High |
| The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed. | ||||
| CVE-2020-22550 | 1 Veno File Manager Project | 1 Veno File Manager | 2024-11-21 | 7.5 High |
| Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server. | ||||
| CVE-2020-22427 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 7.2 High |
| NagiosXI 5.6.11 is affected by a remote code execution (RCE) vulnerability. An authenticated nagiosadmin user can inject additional commands into a request. NOTE: the vendor disputes whether the CVE and its references are actionable because all technical details are omitted, and the only option is to pay for a subscription service where technical details may be disclosed at an unspecified later time | ||||
| CVE-2020-22425 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Centreon 19.10-3.el7 is affected by a SQL injection vulnerability, where an authorized user is able to inject additional SQL queries to perform remote command execution. | ||||
| CVE-2020-22403 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in Express cart v1.1.16 allows attackers to add an administrator account, add discount code or other unspecified impacts. | ||||
| CVE-2020-22390 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 8.8 High |
| Akaunting <= 2.0.9 is vulnerable to CSV injection in the Item name field, export function. Attackers can inject arbitrary code into the name parameter and perform code execution when the crafted file is opened. | ||||
| CVE-2020-22345 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| /graphStatus/displayServiceStatus.php in Centreon 19.10.8 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the RRDdatabase_path parameter. | ||||
| CVE-2020-22284 | 1 Lwip Project | 1 Lwip | 2024-11-21 | 7.5 High |
| A buffer overflow vulnerability in the zepif_linkoutput() function of Free Software Foundation lwIP git head version and version 2.1.2 allows attackers to access sensitive information via a crafted 6LoWPAN packet. | ||||
| CVE-2020-22283 | 1 Lwip Project | 1 Lwip | 2024-11-21 | 7.5 High |
| A buffer overflow vulnerability in the icmp6_send_response_with_addrs_and_netif() function of Free Software Foundation lwIP version git head allows attackers to access sensitive information via a crafted ICMPv6 packet. | ||||