Export limit exceeded: 76320 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76320 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12122 | 1 Maxpcsecure | 1 Max Spyware Detector | 2024-11-21 | 7.8 High |
| In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.) | ||||
| CVE-2020-12120 | 1 Prestashop | 1 Correos Express | 2024-11-21 | 7.5 High |
| The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers. | ||||
| CVE-2020-12119 | 1 Ledger | 1 Ledger Live | 2024-11-21 | 8.1 High |
| Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). It increases the user's balance with the value of an unconfirmed transaction as soon as it is received (before the transaction is confirmed) and does not decrease the balance when it is canceled. As a result, users are exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent. | ||||
| CVE-2020-12118 | 1 Binance | 1 Tss-lib | 2024-11-21 | 8.2 High |
| The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties. | ||||
| CVE-2020-12116 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 High |
| Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. | ||||
| CVE-2020-12112 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 High |
| BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | ||||
| CVE-2020-12111 | 1 Tp-link | 4 Nc260, Nc260 Firmware, Nc450 and 1 more | 2024-11-21 | 8.8 High |
| Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304. | ||||
| CVE-2020-12109 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2024-11-21 | 8.8 High |
| Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | ||||
| CVE-2020-12104 | 1 Internet-formation | 1 Wp-advanced-search | 2024-11-21 | 8.8 High |
| The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation. | ||||
| CVE-2020-12100 | 5 Canonical, Debian, Dovecot and 2 more | 7 Ubuntu Linux, Debian Linux, Dovecot and 4 more | 2024-11-21 | 7.5 High |
| In Dovecot before 2.3.11.3, uncontrolled recursion in submission, lmtp, and lda allows remote attackers to cause a denial of service (resource consumption) via a crafted e-mail message with deeply nested MIME parts. | ||||
| CVE-2020-12081 | 1 Flexera | 1 Flexnet Publisher | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability has been identified in FlexNet Publisher lmadmin.exe 11.14.0.2. The web portal link can be used to access to system files or other important files on the system. | ||||
| CVE-2020-12080 | 1 Flexera | 1 Flexnet Publisher | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability has been identified in FlexNet Publisher's lmadmin.exe version 11.16.6. A certain message protocol can be exploited to cause lmadmin to crash. | ||||
| CVE-2020-12078 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 8.8 High |
| An issue was discovered in Open-AudIT 3.3.1. There is shell metacharacter injection via attributes to an open-audit/configuration/ URI. An attacker can exploit this by adding an excluded IP address to the global discovery settings (internally called exclude_ip). This exclude_ip value is passed to the exec function in the discoveries_helper.php file (inside the all_ip_list function) without being filtered, which means that the attacker can provide a payload instead of a valid IP address. | ||||
| CVE-2020-12077 | 1 Mappresspro | 1 Mappress | 2024-11-21 | 8.8 High |
| The mappress-google-maps-for-wordpress plugin before 2.53.9 for WordPress does not correctly implement AJAX functions with nonces (or capability checks), leading to remote code execution. | ||||
| CVE-2020-12076 | 1 Supsystic | 1 Data Tables Generator | 2024-11-21 | 8.8 High |
| The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks CSRF nonce checks for AJAX actions. One consequence of this is stored XSS. | ||||
| CVE-2020-12075 | 1 Supsystic | 1 Data Tables Generator | 2024-11-21 | 8.8 High |
| The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions. | ||||
| CVE-2020-12074 | 1 Webtoffee | 1 Import Export Wordpress Users | 2024-11-21 | 8.8 High |
| The users-customers-import-export-for-wp-woocommerce plugin before 1.3.9 for WordPress allows subscribers to import administrative accounts via CSV. | ||||
| CVE-2020-12073 | 1 Cyberchimps | 1 Gutenberg \& Elementor Templates Importer For Responsive | 2024-11-21 | 8.8 High |
| The responsive-add-ons plugin before 2.2.7 for WordPress has incorrect access control for wp-admin/admin-ajax.php?action= requests. | ||||
| CVE-2020-12070 | 1 Advanced-woo-search | 1 Advanced Woo Search | 2024-11-21 | 7.5 High |
| The Advanced Woo Search plugin version through 1.99 for Wordpress suffers from a sensitive information disclosure vulnerability in every ajax search request via the sql field to includes/class-aws-search.php. | ||||
| CVE-2020-12066 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 7.5 High |
| CServer::SendMsg in engine/server/server.cpp in Teeworlds 0.7.x before 0.7.5 allows remote attackers to shut down the server. | ||||