Export limit exceeded: 367109 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367109 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12480 | 1 Lightbend | 1 Play Framework | 2024-11-21 | 6.5 Medium |
| In Play Framework 2.6.0 through 2.8.1, the CSRF filter can be bypassed by making CORS simple requests with content types that contain parameters that can't be parsed. | ||||
| CVE-2020-12479 | 1 Teampass | 1 Teampass | 2024-11-21 | 8.8 High |
| TeamPass 2.1.27.36 allows any authenticated TeamPass user to trigger a PHP file include vulnerability via a crafted HTTP request with sources/users.queries.php newValue directory traversal. | ||||
| CVE-2020-12478 | 1 Teampass | 1 Teampass | 2024-11-21 | 7.5 High |
| TeamPass 2.1.27.36 allows an unauthenticated attacker to retrieve files from the TeamPass web root. This may include backups or LDAP debug files. | ||||
| CVE-2020-12477 | 1 Teampass | 1 Teampass | 2024-11-21 | 7.5 High |
| The REST API functions in TeamPass 2.1.27.36 allow any user with a valid API token to bypass IP address whitelist restrictions via an X-Forwarded-For client HTTP header to the getIp function. | ||||
| CVE-2020-12475 | 1 Tp-link | 1 Omada Controller | 2024-11-21 | 5.5 Medium |
| TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-web-3.2.6.jar. | ||||
| CVE-2020-12474 | 1 Telegram | 2 Telegram, Telegram Desktop | 2024-11-21 | 6.5 Medium |
| Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL. | ||||
| CVE-2020-12473 | 1 Mono | 1 Monox | 2024-11-21 | 7.2 High |
| MonoX through 5.1.40.5152 allows admins to execute arbitrary programs by reconfiguring the Converter Executable setting from ffmpeg.exe to a different program. | ||||
| CVE-2020-12472 | 1 Mono | 1 Monox | 2024-11-21 | 5.4 Medium |
| MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description. | ||||
| CVE-2020-12471 | 1 Mono | 1 Monox | 2024-11-21 | 9.8 Critical |
| MonoX through 5.1.40.5152 allows remote code execution via HTML5Upload.ashx or Pages/SocialNetworking/lng/en-US/PhotoGallery.aspx because of deserialization in ModuleGallery.HTML5Upload, ModuleGallery.SilverLightUploadModule, HTML5Upload, and SilverLightUploadHandler. | ||||
| CVE-2020-12470 | 1 Mono | 1 Monox | 2024-11-21 | 7.2 High |
| MonoX through 5.1.40.5152 allows administrators to execute arbitrary code by modifying an ASPX template. | ||||
| CVE-2020-12469 | 1 Intelliants | 1 Subrion | 2024-11-21 | 6.5 Medium |
| admin/blocks.php in Subrion CMS through 4.2.1 allows PHP Object Injection (with resultant file deletion) via serialized data in the subpages value within a block to blocks/edit. | ||||
| CVE-2020-12468 | 1 Intelliants | 1 Subrion | 2024-11-21 | 7.8 High |
| Subrion CMS 4.2.1 allows CSV injection via a phrase value within a language. This is related to phrases/add/ and languages/download/. | ||||
| CVE-2020-12467 | 1 Intelliants | 1 Subrion | 2024-11-21 | 6.5 Medium |
| Subrion CMS 4.2.1 allows session fixation via an alphanumeric value in a session cookie. | ||||
| CVE-2020-12465 | 3 Linux, Netapp, Redhat | 10 Linux Kernel, Active Iq Unified Manager, Aff Baseboard Management Controller and 7 more | 2024-11-21 | 6.7 Medium |
| An array overflow was discovered in mt76_add_fragment in drivers/net/wireless/mediatek/mt76/dma.c in the Linux kernel before 5.5.10, aka CID-b102f0c522cf. An oversized packet with too many rx fragments can corrupt memory of adjacent pages. | ||||
| CVE-2020-12464 | 3 Linux, Netapp, Redhat | 11 Linux Kernel, Active Iq Unified Manager, Aff A700s and 8 more | 2024-11-21 | 6.7 Medium |
| usb_sg_cancel in drivers/usb/core/message.c in the Linux kernel before 5.6.8 has a use-after-free because a transfer occurs without a reference, aka CID-056ad39ee925. | ||||
| CVE-2020-12463 | 1 Avira | 1 Software Updater | 2024-11-21 | 7.8 High |
| An elevation of privilege vulnerability exists in Avira Software Updater before 2.0.6.27476 due to improperly handling file hard links. This allows local users to obtain take control of arbitrary files. | ||||
| CVE-2020-12462 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 6.1 Medium |
| The ninja-forms plugin before 3.4.24.2 for WordPress allows CSRF with resultant XSS. | ||||
| CVE-2020-12461 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 8.8 High |
| PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query. | ||||
| CVE-2020-12460 | 3 Debian, Fedoraproject, Trusteddomain | 3 Debian Linux, Fedora, Opendmarc | 2024-11-21 | 9.8 Critical |
| OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag. | ||||
| CVE-2020-12459 | 3 Fedoraproject, Grafana, Redhat | 4 Fedora, Grafana, Enterprise Linux and 1 more | 2024-11-21 | 5.5 Medium |
| In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable. | ||||