Export limit exceeded: 85567 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (85567 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29260 | 2 Debian, Libvncserver Project | 2 Debian Linux, Libvncserver | 2024-11-21 | 7.5 High |
| libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup(). | ||||
| CVE-2020-29254 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 8.8 High |
| TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected system. An attacker could exploit this vulnerability by persuading a user of the interface to follow a maliciously crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system with the privileges of the user. These action include allowing attackers to submit their own code through an authenticated user resulting in local file Inclusion. If an authenticated user who is able to edit TikiWiki templates visits an malicious website, template code can be edited. | ||||
| CVE-2020-29238 | 1 Expressvpn | 1 Expressvpn | 2024-11-21 | 7.5 High |
| An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request. | ||||
| CVE-2020-29228 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 7.5 High |
| EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page. | ||||
| CVE-2020-29194 | 1 Panasonic | 2 Wv-s2231l, Wv-s2231l Firmware | 2024-11-21 | 7.5 High |
| Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI. | ||||
| CVE-2020-29189 | 1 Terra-master | 1 Tos | 2024-11-21 | 8.1 High |
| Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS | ||||
| CVE-2020-29176 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 7.8 High |
| An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. | ||||
| CVE-2020-29166 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 7.5 High |
| PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure. | ||||
| CVE-2020-29163 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 8.8 High |
| PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection. | ||||
| CVE-2020-29160 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing. | ||||
| CVE-2020-29157 | 1 Raonwiz | 1 Raon K Editor | 2024-11-21 | 7.8 High |
| An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted. | ||||
| CVE-2020-29147 | 1 Wayang-cms Project | 1 Wayang-cms | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information. | ||||
| CVE-2020-29143 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | ||||
| CVE-2020-29142 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings. | ||||
| CVE-2020-29140 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | ||||
| CVE-2020-29139 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter. | ||||
| CVE-2020-29134 | 1 Totvs | 1 Fluig | 2024-11-21 | 8.6 High |
| The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4 | ||||
| CVE-2020-29075 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.1 High |
| Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability. | ||||
| CVE-2020-29074 | 3 Debian, Fedoraproject, X11vnc Project | 3 Debian Linux, Fedora, X11vnc | 2024-11-21 | 8.8 High |
| scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. | ||||
| CVE-2020-29063 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-11-21 | 7.5 High |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value. | ||||