Export limit exceeded: 367121 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367121 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12652 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 4.1 Medium |
| The __mptctl_ioctl function in drivers/message/fusion/mptctl.c in the Linux kernel before 5.4.14 allows local users to hold an incorrect lock during the ioctl operation and trigger a race condition, i.e., a "double fetch" vulnerability, aka CID-28d76df18f0a. NOTE: the vendor states "The security impact of this bug is not as bad as it could have been because these operations are all privileged and root already has enormous destructive power." | ||||
| CVE-2020-12651 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2024-11-21 | 9.8 Critical |
| SecureCRT before 8.7.2 allows remote attackers to execute arbitrary code via an Integer Overflow and a Buffer Overflow because a banner can trigger a line number to CSI functions that exceeds INT_MAX. | ||||
| CVE-2020-12649 | 1 Gurbalib Project | 1 Gurbalib | 2024-11-21 | 7.5 High |
| Gurbalib through 2020-04-30 allows lib/cmds/player/help.c directory traversal for reading administrative paths. | ||||
| CVE-2020-12648 | 1 Tiny | 1 Tinymce | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode. | ||||
| CVE-2020-12647 | 1 Unisys | 1 Algol Compiler | 2024-11-21 | 8.8 High |
| Unisys ALGOL Compiler 58.1 before 58.1a.15, 59.1 before 59.1a.9, and 60.0 before 60.0a.5 can emit invalid code sequences under rare circumstances related to syntax. The resulting code could, for example, trigger a system fault or adversely affect confidentiality, integrity, and availability. | ||||
| CVE-2020-12646 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.4 Medium |
| OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document. | ||||
| CVE-2020-12645 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 9.8 Critical |
| OX App Suite 7.10.1 to 7.10.3 has improper input validation for rate limits with a crafted User-Agent header, spoofed vacation notices, and /apps/load memory consumption. | ||||
| CVE-2020-12644 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 5.0 Medium |
| OX App Suite 7.10.3 and earlier allows SSRF, related to the mail account API and the /folder/list API. | ||||
| CVE-2020-12643 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 Medium |
| OX App Suite 7.10.3 and earlier has Incorrect Access Control via an /api/subscriptions request for a snippet containing an email address. | ||||
| CVE-2020-12642 | 1 Reportportal | 1 Service-api | 2024-11-21 | 7.5 High |
| An issue was discovered in service-api before 4.3.12 and 5.x before 5.1.1 for Report Portal. It allows XXE, with resultant secrets disclosure and SSRF, via JUnit XML launch import. | ||||
| CVE-2020-12640 | 2 Opensuse, Roundcube | 3 Backports Sle, Leap, Webmail | 2024-11-21 | 9.8 Critical |
| Roundcube Webmail before 1.4.4 allows attackers to include local files and execute code via directory traversal in a plugin name to rcube_plugin_api.php. | ||||
| CVE-2020-12639 | 1 Phplist | 1 Phplist | 2024-11-21 | 6.1 Medium |
| phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php. | ||||
| CVE-2020-12638 | 1 Espressif | 3 Esp-idf, Esp8266 Nonos Sdk, Esp8266 Rtos Sdk | 2024-11-21 | 6.8 Medium |
| An encryption-bypass issue was discovered on Espressif ESP-IDF devices through 4.2, ESP8266_NONOS_SDK devices through 3.0.3, and ESP8266_RTOS_SDK devices through 3.3. Broadcasting forged beacon frames forces a device to change its authentication mode to OPEN, effectively disabling its 802.11 encryption. | ||||
| CVE-2020-12637 | 1 Zulipchat | 1 Zulip Desktop | 2024-11-21 | 9.8 Critical |
| Zulip Desktop before 5.2.0 has Missing SSL Certificate Validation because all validation was inadvertently disabled during an attempt to recognize the ignoreCerts option. | ||||
| CVE-2020-12635 | 1 Mageme | 1 Webforms Pro M2 | 2024-11-21 | 6.1 Medium |
| XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field. | ||||
| CVE-2020-12629 | 1 Enhancesoft | 1 Osticket | 2024-11-21 | 5.4 Medium |
| include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name. | ||||
| CVE-2020-12627 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 9.8 Critical |
| Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key. | ||||
| CVE-2020-12626 | 2 Debian, Roundcube | 2 Debian Linux, Webmail | 2024-11-21 | 6.5 Medium |
| An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered. | ||||
| CVE-2020-12625 | 3 Debian, Opensuse, Roundcube | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message. | ||||
| CVE-2020-12624 | 1 Theleague | 1 The League | 2024-11-21 | 6.5 Medium |
| The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, which allows remote attackers to hijack sessions. | ||||