Export limit exceeded: 85629 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85629 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35227 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 7.2 High |
| A buffer overflow vulnerability in the access control section on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices (in the administration web panel) allows an attacker to inject IP addresses into the whitelist via the checkedList parameter to the delete command. | ||||
| CVE-2020-35226 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 7.1 High |
| NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allow unauthenticated users to modify the switch DHCP configuration by sending the corresponding write request command. | ||||
| CVE-2020-35223 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 8.8 High |
| The CSRF protection mechanism implemented in the web administration panel on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices could be bypassed by omitting the CSRF token parameter in HTTP requests. | ||||
| CVE-2020-35221 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 8.8 High |
| The hashing algorithm implemented for NSDP password authentication on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was found to be insecure, allowing attackers (with access to a network capture) to quickly generate multiple collisions to generate valid passwords, or infer some parts of the original. | ||||
| CVE-2020-35217 | 1 Eclipse | 1 Vert.x-web | 2024-11-21 | 8.8 High |
| Vert.x-Web framework v4.0 milestone 1-4 does not perform a correct CSRF verification. Instead of comparing the CSRF token in the request with the CSRF token in the cookie, it compares the CSRF token in the cookie against a CSRF token that is stored in the session. An attacker does not even need to provide a CSRF token in the request because the framework does not consider it. The cookies are automatically sent by the browser and the verification will always succeed, leading to a successful CSRF attack. | ||||
| CVE-2020-35214 | 1 Atomix | 1 Atomix | 2024-11-21 | 8.1 High |
| An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations. | ||||
| CVE-2020-35213 | 1 Atomix | 1 Atomix | 2024-11-21 | 8.1 High |
| An issue in Atomix v3.1.5 allows attackers to cause a denial of service (DoS) via false link event messages sent to a master ONOS node. | ||||
| CVE-2020-35211 | 1 Atomix | 1 Atomix | 2024-11-21 | 7.5 High |
| An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext. | ||||
| CVE-2020-35209 | 1 Atomix | 1 Atomix | 2024-11-21 | 7.5 High |
| An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information. | ||||
| CVE-2020-35151 | 1 Phpgurukul | 1 Online Marriage Registration System | 2024-11-21 | 8.8 High |
| The Online Marriage Registration System 1.0 post parameter "searchdata" in the user/search.php request is vulnerable to Time Based Sql Injection. | ||||
| CVE-2020-35145 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image for Windows prior to 2021 Update 3 allowed local privilege escalation due to a DLL hijacking vulnerability in multiple components, aka an Untrusted Search Path issue. | ||||
| CVE-2020-35137 | 1 Mobileiron | 1 Mobile\@work | 2024-11-21 | 7.5 High |
| The MobileIron agents through 2021-03-22 for Android and iOS contain a hardcoded API key, used to communicate with the MobileIron SaaS discovery API, as demonstrated by Mobile@Work (aka com.mobileiron). The key is in com/mobileiron/registration/RegisterActivity.java and can be used for api/v1/gateway/customers/servers requests. NOTE: Vendor states that this is an opt-in feature to the product - it is not enabled by default and customers cannot enable it without an explicit email to support. At this time, they do not plan change to make any changes to this feature. | ||||
| CVE-2020-35136 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 7.2 High |
| Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilename_template parameter to admin/tools/dolibarr_export.php. | ||||
| CVE-2020-35135 | 1 Infolific | 1 Ultimate Category Excluder | 2024-11-21 | 8.8 High |
| The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. | ||||
| CVE-2020-35133 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.5 High |
| irfanView 4.56 contains an error processing parsing files of type .pcx. Which leads to out-of-bounds writing at i_view32+0xdb60. | ||||
| CVE-2020-35122 | 1 Keysight | 1 Keysight Database Connector | 2024-11-21 | 7.5 High |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could bypass the access controls for using a saved database connection profile to submit arbitrary SQL against a saved database connection. | ||||
| CVE-2020-35121 | 1 Keysight | 1 Database Connector | 2024-11-21 | 8.8 High |
| An issue was discovered in the Keysight Database Connector plugin before 1.5.0 for Confluence. A malicious user could insert arbitrary JavaScript into saved macro parameters that would execute when a user viewed a page with that instance of the macro. | ||||
| CVE-2020-35114 | 1 Mozilla | 1 Firefox | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 83. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84. | ||||
| CVE-2020-35113 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 83 and Firefox ESR 78.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | ||||
| CVE-2020-35112 | 2 Microsoft, Mozilla | 4 Windows, Firefox, Firefox Esr and 1 more | 2024-11-21 | 8.8 High |
| If a user downloaded a file lacking an extension on Windows, and then "Open"-ed it from the downloads panel, if there was an executable file in the downloads directory with the same name but with an executable extension (such as .bat or .exe) that executable would have been launched instead. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | ||||