Export limit exceeded: 23134 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335511 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10062 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10062 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11664 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 4.3.1 and earlier handles homeRedirect page redirects in an insecure manner, which allows attackers to perform open redirect attacks. | ||||
| CVE-2020-11663 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 6.1 Medium |
| CA API Developer Portal 4.3.1 and earlier handles 404 requests in an insecure manner, which allows attackers to perform open redirect attacks. | ||||
| CVE-2020-11659 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 4.3 Medium |
| CA API Developer Portal 4.3.1 and earlier contains an access control flaw that allows privileged users to perform a restricted user administration action. | ||||
| CVE-2020-11658 | 1 Broadcom | 1 Ca Api Developer Portal | 2024-11-21 | 9.8 Critical |
| CA API Developer Portal 4.3.1 and earlier handles shared secret keys in an insecure manner, which allows attackers to bypass authorization. | ||||
| CVE-2020-11655 | 7 Canonical, Debian, Netapp and 4 more | 18 Ubuntu Linux, Debian Linux, Ontap Select Deploy Administration Utility and 15 more | 2024-11-21 | 7.5 High |
| SQLite through 3.31.1 allows attackers to cause a denial of service (segmentation fault) via a malformed window-function query because the AggInfo object's initialization is mishandled. | ||||
| CVE-2020-11653 | 5 Debian, Opensuse, Redhat and 2 more | 6 Debian Linux, Backports Sle, Leap and 3 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Varnish Cache before 6.0.6 LTS, 6.1.x and 6.2.x before 6.2.3, and 6.3.x before 6.3.2. It occurs when communication with a TLS termination proxy uses PROXY version 2. There can be an assertion failure and daemon restart, which causes a performance loss. | ||||
| CVE-2020-11647 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. | ||||
| CVE-2020-11611 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-11-21 | 6.1 Medium |
| An issue was discovered in xdLocalStorage through 2.0.5. The buildMessage() function in xdLocalStorage.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the iframe object. Therefore any domain that is currently loaded within the iframe can receive the messages that the client sends. | ||||
| CVE-2020-11610 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-11-21 | 8.8 High |
| An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and receive the messages that the "magical iframe" sends. | ||||
| CVE-2020-11589 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only. | ||||
| CVE-2020-11586 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 9.8 Critical |
| An XXE issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that contains malicious XML DTD data. | ||||
| CVE-2020-11585 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | 4.3 Medium |
| There is an information disclosure issue in DNN (formerly DotNetNuke) 9.5 within the built-in Activity-Feed/Messaging/Userid/ Message Center module. A registered user is able to enumerate any file in the Admin File Manager (other than ones contained in a secure folder) by sending themselves a message with the file attached, e.g., by using an arbitrary small integer value in the fileIds parameter. | ||||
| CVE-2020-11582 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2024-11-21 | 8.8 High |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) | ||||
| CVE-2020-11541 | 1 Techsmith | 1 Snagit | 2024-11-21 | 5.5 Medium |
| In TechSmith SnagIt 11.2.1 through 20.0.3, an XML External Entity (XXE) injection issue exists that would allow a local attacker to exfiltrate data under the local Administrator account. | ||||
| CVE-2020-11529 | 1 Getgrav | 1 Grav | 2024-11-21 | 6.1 Medium |
| Common/Grav.php in Grav before 1.7 has an Open Redirect. This is partially fixed in 1.6.23 and still present in 1.6.x. | ||||
| CVE-2020-11515 | 1 Rankmath | 1 Seo | 2024-11-21 | 6.1 Medium |
| The Rank Math plugin through 1.0.40.2 for WordPress allows unauthenticated remote attackers to create new URIs (that redirect to an external web site) via the unsecured rankmath/v1/updateRedirection REST API endpoint. In other words, this is not an "Open Redirect" issue; instead, it allows the attacker to create a new URI with an arbitrary name (e.g., the /exampleredirect URI). | ||||
| CVE-2020-11303 | 1 Qualcomm | 182 Apq8009, Apq8009 Firmware, Apq8053 and 179 more | 2024-11-21 | 8.6 High |
| Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2020-11296 | 1 Qualcomm | 1064 Apq8009, Apq8009 Firmware, Apq8017 and 1061 more | 2024-11-21 | 7.5 High |
| Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2020-11284 | 1 Qualcomm | 262 Aqt1000, Aqt1000 Firmware, Ar8035 and 259 more | 2024-11-21 | 8.4 High |
| Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2020-11280 | 1 Qualcomm | 824 Aqt1000, Aqt1000 Firmware, Ar7420 and 821 more | 2024-11-21 | 7.5 High |
| Denial of service while processing fine timing measurement request (FTMR) frame with reserved bits set in the FTM parameter IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking | ||||