Export limit exceeded: 35014 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35014 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28340 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020). | ||||
| CVE-2020-28281 | 1 Set-object-value Project | 1 Set-object-value | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28280 | 1 Predefine Project | 1 Predefine | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28279 | 1 Flattenizer Project | 1 Flattenizer | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28278 | 1 Shvl Project | 1 Shvl | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28277 | 1 Dset Project | 1 Dset | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28276 | 1 Deep-set Project | 1 Deep-set | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28274 | 1 Deepref Project | 1 Deepref | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28273 | 1 Set-in Project | 1 Set-in | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28272 | 1 Keyget Project | 1 Keyget | 2024-11-21 | 9.8 Critical |
| Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28267 | 1 Set Project | 1 Set | 2024-11-21 | 7.5 High |
| Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2020-28251 | 1 Netscout | 7 Airmagnet Enterprise, Sensor4-r1s1w1-e, Sensor4-r2s1-e and 4 more | 2024-11-21 | 8.1 High |
| NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulnerability that can be exploited to provide someone with administrative access to a sensor, with credentials to invoke a command to provide root access to the operating system. The attacker must complete a straightforward password-cracking exercise. | ||||
| CVE-2020-28247 | 1 Lettre | 1 Lettre | 2024-11-21 | 5.3 Medium |
| The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via transport/sendmail/mod.rs. | ||||
| CVE-2020-28190 | 1 Terra-master | 1 Tos | 2024-11-21 | 5.9 Medium |
| TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an insecure channel (HTTP). Man-in-the-middle attackers are able to intercept these requests and serve a weaponized/infected version of applications or updates. | ||||
| CVE-2020-28185 | 1 Terra-master | 1 Tos | 2024-11-21 | 5.3 Medium |
| User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to identify valid users within the system via the username parameter to wizard/initialise.php. | ||||
| CVE-2020-28175 | 1 Almico | 1 Speedfan | 2024-11-21 | 7.8 High |
| There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Attackers can use constructed programs to increase user privileges | ||||
| CVE-2020-28096 | 1 Foscammall | 2 Foscam X1, Foscam X1 Firmware | 2024-11-21 | 6.8 Medium |
| FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~ password. | ||||
| CVE-2020-28094 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2024-11-21 | 7.5 High |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed test contain links to download malware named elive or CNKI E-Learning. | ||||
| CVE-2020-28093 | 1 Tendacn | 2 Ac1200, Ac1200 Firmware | 2024-11-21 | 7.2 High |
| On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a password of 1234. | ||||
| CVE-2020-28054 | 1 Tsmmanager | 1 Tsmmanager | 2024-11-21 | 7.5 High |
| JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because the Collector component is not properly validating an authenticated session with the Viewer. If the Viewer has been modified (binary patched) and the Bypass Login functionality is being used, an attacker can request every Collector's functionality as if they were a properly logged-in user: administrating connected instances, reviewing logs, editing configurations, accessing the instances' consoles, accessing hardware configurations, etc.Exploiting this vulnerability won't grant an attacker access nor control on remote ISP servers as no credentials is sent with the request. | ||||