Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367102 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11807 | 1 Sourcefabric | 1 Newscoop | 2024-11-21 | 7.8 High |
| Because of Unrestricted Upload of a File with a Dangerous Type, Sourcefabric Newscoop 4.4.7 allows an authenticated user to execute arbitrary PHP code (and sometimes terminal commands) on a server by making an avatar update and then visiting the avatar file under the /images/ path. | ||||
| CVE-2020-11806 | 1 Mailstore | 1 Mailstore Server | 2024-11-21 | 5.9 Medium |
| In MailStore Outlook Add-in (and Email Archive Outlook Add-in) through 12.1.2, the login process does not validate the validity of the certificate presented by the server. | ||||
| CVE-2020-11805 | 1 Pexip | 2 Pexip Infinity, Reverse Proxy And Turn Server | 2024-11-21 | 9.8 Critical |
| Pexip Reverse Proxy and TURN Server before 6.1.0 has Incorrect UDP Access Control via TURN. | ||||
| CVE-2020-11804 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 8.8 High |
| An issue was discovered in Titan SpamTitan 7.07. Due to improper sanitization of the parameter quid, used in the page mailqueue.php, code injection can occur. The input for this parameter is provided directly by an authenticated user via an HTTP GET request. | ||||
| CVE-2020-11803 | 1 Titanhq | 1 Spamtitan | 2024-11-21 | 8.8 High |
| An issue was discovered in Titan SpamTitan 7.07. Improper sanitization of the parameter jaction when interacting with the page mailqueue.php could lead to PHP code evaluation server-side, because the user-provided input is passed directly to the php eval() function. The user has to be authenticated on the web platform before interacting with the page. | ||||
| CVE-2020-11800 | 3 Debian, Opensuse, Zabbix | 4 Debian Linux, Backports Sle, Leap and 1 more | 2024-11-21 | 9.8 Critical |
| Zabbix Server 2.2.x and 3.0.x before 3.0.31, and 3.2 allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-11799 | 1 Z-cron | 1 Z-cron | 2024-11-21 | 9.8 Critical |
| Z-Cron 5.6 Build 04 allows an unprivileged attacker to elevate privileges by modifying a privileged user's task. This can also affect all users who are signed in on the system if a shell is placed in a location that other unprivileged users have access to. | ||||
| CVE-2020-11798 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 5.3 Medium |
| A Directory Traversal vulnerability in the web conference component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an attacker to access arbitrary files from restricted directories of the server via a crafted URL, due to insufficient access validation. A successful exploit could allow an attacker to access sensitive information from the restricted directories. | ||||
| CVE-2020-11797 | 1 Mitel | 1 Micollab Audio\, Web \& Video Conferencing | 2024-11-21 | 7.5 High |
| An Authentication Bypass vulnerability in the Published Area of the web conferencing component of Mitel MiCollab AWV before 8.1.2.4 and 9.x before 9.1.3 could allow an unauthenticated attacker to gain access to unauthorized information due to insufficient access validation. A successful exploit could allow an attacker to access sensitive shared files. | ||||
| CVE-2020-11796 | 1 Jetbrains | 1 Space | 2024-11-21 | 9.8 Critical |
| In JetBrains Space through 2020-04-22, the password authentication implementation was insecure. | ||||
| CVE-2020-11795 | 1 Jetbrains | 1 Space | 2024-11-21 | 7.5 High |
| In JetBrains Space through 2020-04-22, the session timeout period was configured improperly. | ||||
| CVE-2020-11793 | 6 Canonical, Fedoraproject, Opensuse and 3 more | 6 Ubuntu Linux, Fedora, Leap and 3 more | 2024-11-21 | 8.8 High |
| A use-after-free issue exists in WebKitGTK before 2.28.1 and WPE WebKit before 2.28.1 via crafted web content that allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash). | ||||
| CVE-2020-11792 | 1 Netgear | 8 R8900, R8900 Firmware, R9000 and 5 more | 2024-11-21 | 7.5 High |
| NETGEAR R8900, R9000, RAX120, and XR700 devices before 2020-01-20 are affected by Transport Layer Security (TLS) certificate private key disclosure. | ||||
| CVE-2020-11791 | 1 Netgear | 2 Jgs516pe, Jgs516pe Firmware | 2024-11-21 | 6.1 Medium |
| NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS. | ||||
| CVE-2020-11790 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 9.8 Critical |
| NETGEAR R7800 devices before 1.0.2.68 are affected by remote code execution by unauthenticated attackers. | ||||
| CVE-2020-11789 | 1 Netgear | 8 R6400, R6400 Firmware, R6700 and 5 more | 2024-11-21 | 9.8 Critical |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects R6400v2 before 1.0.4.84, R6700 before 1.0.2.8, R6700v3 before 1.0.4.84, R6900 before 1.0.2.8, and R7900 before 1.0.3.10. | ||||
| CVE-2020-11788 | 1 Netgear | 24 D6200, D6200 Firmware, D7000 and 21 more | 2024-11-21 | 8.8 High |
| Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.34, D7000 before 1.0.1.68, PR2000 before 1.0.0.28, R6050 before 1.0.1.18, JR6150 before 1.0.1.18, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.64, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, and R6900v2 before 1.2.0.36. | ||||
| CVE-2020-11787 | 1 Netgear | 34 D7800, D7800 Firmware, R7500 and 31 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK20 before 2.3.5.26, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK40 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11786 | 1 Netgear | 22 D7800, D7800 Firmware, R7500 and 19 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||
| CVE-2020-11785 | 1 Netgear | 22 D7800, D7800 Firmware, R7500 and 19 more | 2024-11-21 | 4.8 Medium |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.68, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, RBK50 before 2.3.5.30, XR500 before 2.3.2.56, and XR700 before 1.0.1.10. | ||||