Export limit exceeded: 10089 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10089 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21641 | 1 Zohocorp | 1 Manageengine Analytics Plus | 2024-11-21 | 7.5 High |
| Out-of-Band XML External Entity (OOB-XXE) vulnerability in Zoho ManageEngine Analytics Plus before 4.3.5 allows remote attackers to read arbitrary files, enumerate folders and scan internal ports via crafted XML license file. | ||||
| CVE-2020-21524 | 1 Halo | 1 Halo | 2024-11-21 | 9.1 Critical |
| There is a XML external entity (XXE) vulnerability in halo v1.1.3, The function of importing other blogs in the background(/api/admin/migrations/wordpress) needs to parse the xml file, but it is not used for security defense, This vulnerability can detect the intranet, read files, enable ddos attacks, etc. exp:https://github.com/halo-dev/halo/issues/423 | ||||
| CVE-2020-21503 | 1 Waimai Super Cms Project | 1 Waimai Super Cms | 2024-11-21 | 7.5 High |
| waimai Super Cms 20150505 has a logic flaw allowing attackers to modify a price, before form submission, by observing data in a packet capture. By setting the index.php?m=gift&a=addsave credit parameter to -1, the product is sold for free. | ||||
| CVE-2020-21363 | 1 Maccms | 1 Maccms | 2024-11-21 | 6.5 Medium |
| An arbitrary file deletion vulnerability exists within Maccms10. | ||||
| CVE-2020-21356 | 1 Popojicms | 1 Popojicms | 2024-11-21 | 5.3 Medium |
| An information disclosure vulnerability in upload.php of PopojiCMS 1.2 leads to physical path disclosure of the host when 'name = "file" is deleted during file uploads. | ||||
| CVE-2020-20948 | 1 Jeecg | 1 Jeecg | 2024-11-21 | 7.5 High |
| An arbitrary file download vulnerability in jeecg v3.8 allows attackers to access sensitive files via modification of the "localPath" variable. | ||||
| CVE-2020-20262 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /ram/pckg/security/nova/bin/ipsec process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | ||||
| CVE-2020-20225 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from an assertion failure vulnerability in the /nova/bin/user process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | ||||
| CVE-2020-20214 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs 6.44.6 (long-term tree) suffers from an assertion failure vulnerability in the btest process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | ||||
| CVE-2020-20213 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | ||||
| CVE-2020-20211 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an assertion failure vulnerability in the /nova/bin/console process. An authenticated remote attacker can cause a Denial of Service due to an assertion failure via a crafted packet. | ||||
| CVE-2020-20183 | 1 Zyxel | 2 P1302-t10 V3, P1302-t10 V3 Firmware | 2024-11-21 | 7.5 High |
| Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages. | ||||
| CVE-2020-1997 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 5.3 Medium |
| An open redirection vulnerability in the GlobalProtect component of Palo Alto Networks PAN-OS allows an attacker to specify an arbitrary redirection target away from the trusted GlobalProtect gateway. If the user then successfully authenticates it will cause them to access an unexpected and potentially malicious website. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.0 versions earlier than 8.0.14. | ||||
| CVE-2020-1981 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 7 High |
| A predictable temporary filename vulnerability in PAN-OS allows local privilege escalation. This issue allows a local attacker who bypassed the restricted shell to execute commands as a low privileged user and gain root access on the PAN-OS hardware or virtual appliance. This issue affects only PAN-OS 8.1 versions earlier than PAN-OS 8.1.13. This issue does not affect PAN-OS 7.1, PAN-OS 9.0, or later PAN-OS versions. | ||||
| CVE-2020-1976 | 1 Paloaltonetworks | 1 Globalprotect | 2024-11-21 | 4.7 Medium |
| A denial-of-service (DoS) vulnerability in Palo Alto Networks GlobalProtect software running on Mac OS allows authenticated local users to cause the Mac OS kernel to hang or crash. This issue affects GlobalProtect 5.0.5 and earlier versions of GlobalProtect 5.0 on Mac OS. | ||||
| CVE-2020-1975 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 6.8 Medium |
| Missing XML validation vulnerability in the PAN-OS web interface on Palo Alto Networks PAN-OS software allows authenticated users to inject arbitrary XML that results in privilege escalation. This issue affects PAN-OS 8.1 versions earlier than PAN-OS 8.1.12 and PAN-OS 9.0 versions earlier than PAN-OS 9.0.6. This issue does not affect PAN-OS 7.1, PAN-OS 8.0, or PAN-OS 9.1 or later versions. | ||||
| CVE-2020-1945 | 6 Apache, Canonical, Fedoraproject and 3 more | 54 Ant, Ubuntu Linux, Fedora and 51 more | 2024-11-21 | 6.3 Medium |
| Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process. | ||||
| CVE-2020-1927 | 9 Apache, Broadcom, Canonical and 6 more | 17 Http Server, Brocade Fabric Operating System, Ubuntu Linux and 14 more | 2024-11-21 | 6.1 Medium |
| In Apache HTTP Server 2.4.0 to 2.4.41, redirects configured with mod_rewrite that were intended to be self-referential might be fooled by encoded newlines and redirect instead to an an unexpected URL within the request URL. | ||||
| CVE-2020-1920 | 1 Facebook | 1 React-native | 2024-11-21 | 7.5 High |
| A regular expression denial of service (ReDoS) vulnerability in the validateBaseUrl function can cause the application to use excessive resources, become unresponsive, or crash. This was introduced in react-native version 0.59.0 and fixed in version 0.64.1. | ||||
| CVE-2020-1914 | 1 Facebook | 1 Hermes | 2024-11-21 | 9.8 Critical |
| A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is only exploitable if the application using Hermes permits evaluation of untrusted JavaScript. Hence, most React Native applications are not affected. | ||||