Export limit exceeded: 367176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12801 | 2 Libreoffice, Opensuse | 2 Libreoffice, Leap | 2024-11-21 | 5.3 Medium |
| If LibreOffice has an encrypted document open and crashes, that document is auto-saved encrypted. On restart, LibreOffice offers to restore the document and prompts for the password to decrypt it. If the recovery is successful, and if the file format of the recovered document was not LibreOffice's default ODF file format, then affected versions of LibreOffice default that subsequent saves of the document are unencrypted. This may lead to a user accidentally saving a MSOffice file format document unencrypted while believing it to be encrypted. This issue affects: LibreOffice 6-3 series versions prior to 6.3.6; 6-4 series versions prior to 6.4.3. | ||||
| CVE-2020-12800 | 1 Codedropz | 1 Drag And Drop Multiple File Upload - Contact Form 7 | 2024-11-21 | 9.8 Critical |
| The drag-and-drop-multiple-file-upload-contact-form-7 plugin before 1.3.3.3 for WordPress allows Unrestricted File Upload and remote code execution by setting supported_type to php% and uploading a .php% file. | ||||
| CVE-2020-12798 | 1 Sun-denshi | 4 Universal Forensic Extraction Device Firmware, Universal Forensic Extraction Device Ruggedized Panasonic Laptop, Universal Forensic Extraction Device Touch 2 and 1 more | 2024-11-21 | 7.8 High |
| Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. | ||||
| CVE-2020-12797 | 1 Hashicorp | 1 Consul | 2024-11-21 | 5.3 Medium |
| HashiCorp Consul and Consul Enterprise failed to enforce changes to legacy ACL token rules due to non-propagation to secondary data centers. Introduced in 1.4.0, fixed in 1.6.6 and 1.7.4. | ||||
| CVE-2020-12790 | 1 Nystudio107 | 1 Seomatic | 2024-11-21 | 7.5 High |
| In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon. | ||||
| CVE-2020-12789 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 7.5 High |
| The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | ||||
| CVE-2020-12788 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 7.5 High |
| CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | ||||
| CVE-2020-12787 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 7.5 High |
| Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | ||||
| CVE-2020-12785 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 8.1 High |
| cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). | ||||
| CVE-2020-12784 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 5.3 Medium |
| cPanel before 86.0.14 allows remote attackers to trigger a bandwidth suspension via mail log strings (SEC-505). | ||||
| CVE-2020-12783 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2024-11-21 | 7.5 High |
| Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. | ||||
| CVE-2020-12782 | 1 Openfind | 2 Mailaudit, Mailgates | 2024-11-21 | 9.8 Critical |
| Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files. | ||||
| CVE-2020-12781 | 1 Combodo | 1 Itop | 2024-11-21 | 5.7 Medium |
| Combodo iTop contains a cross-site request forgery (CSRF) vulnerability, attackers can execute specific commands via malicious site request forgery. | ||||
| CVE-2020-12780 | 1 Combodo | 1 Itop | 2024-11-21 | 7.5 High |
| A security misconfiguration exists in Combodo iTop, which can expose sensitive information. | ||||
| CVE-2020-12779 | 1 Combodo | 1 Itop | 2024-11-21 | 6.8 Medium |
| Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script. | ||||
| CVE-2020-12778 | 1 Combodo | 1 Itop | 2024-11-21 | 7.4 High |
| Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | ||||
| CVE-2020-12777 | 1 Combodo | 1 Itop | 2024-11-21 | 7.5 High |
| A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. | ||||
| CVE-2020-12776 | 1 Openfind | 1 Mail2000 | 2024-11-21 | 6.6 Medium |
| Openfind Mail2000 contains Broken Access Control vulnerability, which can be used to execute unauthorized commands after attackers obtain the administrator access token or cookie. | ||||
| CVE-2020-12775 | 1 Moica | 1 Hicos | 2024-11-21 | 9.8 Critical |
| Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service. | ||||
| CVE-2020-12774 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2024-11-21 | 8.2 High |
| D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. | ||||