Export limit exceeded: 79577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35785 | 1 Netgear | 2 Dgn2200, Dgn2200 Firmware | 2024-11-21 | 8.3 High |
| NETGEAR DGN2200v1 devices before v1.0.0.60 mishandle HTTPd authentication (aka PSV-2020-0363, PSV-2020-0364, and PSV-2020-0365). | ||||
| CVE-2020-35782 | 1 Netgear | 8 Gs116e, Gs116e Firmware, Jgs516pe and 5 more | 2024-11-21 | 8.1 High |
| Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory. | ||||
| CVE-2020-35781 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 8.3 High |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | ||||
| CVE-2020-35780 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 7.1 High |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | ||||
| CVE-2020-35779 | 1 Netgear | 2 Nms300, Nms300 Firmware | 2024-11-21 | 7.5 High |
| NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service. | ||||
| CVE-2020-35777 | 1 Netgear | 2 Dgn2200v1, Dgn2200v1 Firmware | 2024-11-21 | 8.4 High |
| NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection. | ||||
| CVE-2020-35773 | 1 Freehtmldesigns | 1 Site Offline | 2024-11-21 | 8.8 High |
| The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF. | ||||
| CVE-2020-35766 | 1 Opendkim | 1 Opendkim | 2024-11-21 | 7.8 High |
| The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation. | ||||
| CVE-2020-35765 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do. | ||||
| CVE-2020-35756 | 1 Librewireless | 2 Ls9, Ls9 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS command. As such, any unauthenticated person with access to port 7777 on the device will be able to leak the user's personal device configuration password by issuing the GETPASS command. | ||||
| CVE-2020-35755 | 1 Librewireless | 2 Ls9, Ls9 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service Read_ NVRAM Direct Access Information Leak. The luci_service deamon running on port 7777 provides a sub-category of commands for which Read_ is prepended. Commands in this category are able to directly read the contents of the device configuration NVRAM. The NVRAM contains sensitive information, such as the Wi-Fi password (in cleartext), as well as connected account tokens for services such as Spotify. | ||||
| CVE-2020-35754 | 1 Opensolution | 2 Quick.cart, Quick.cms | 2024-11-21 | 7.2 High |
| OpenSolution Quick.CMS < 6.7 and Quick.Cart < 6.7 allow an authenticated user to perform code injection (and consequently Remote Code Execution) via the input fields of the Language tab. | ||||
| CVE-2020-35749 | 1 Presstigers | 1 Simple Board Job | 2024-11-21 | 7.7 High |
| Directory traversal vulnerability in class-simple_job_board_resume_download_handler.php in the Simple Board Job plugin 2.9.3 and earlier for WordPress allows remote attackers to read arbitrary files via the sjb_file parameter to wp-admin/post.php. | ||||
| CVE-2020-35745 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 8.8 High |
| PHPGURUKUL Hospital Management System V 4.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, doctors, patients, change admin password, get appointment history and access all session logs. | ||||
| CVE-2020-35743 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 7 High |
| HGiga MailSherlock contains a SQL injection flaw. Attackers can inject and launch SQL commands in a URL parameter of specific cgi pages. | ||||
| CVE-2020-35742 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 7 High |
| HGiga MailSherlock contains a vulnerability of SQL Injection. Attackers can inject and launch SQL commands in a URL parameter. | ||||
| CVE-2020-35741 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 7 High |
| HGiga MailSherlock does not validate user parameters on multiple login pages. Attackers can use the vulnerability to inject JavaScript syntax for XSS attacks. | ||||
| CVE-2020-35740 | 1 Hgiga | 4 Msr45 Isherlock-antispam, Msr45 Isherlock-user, Ssr45 Isherlock-antispam and 1 more | 2024-11-21 | 7 High |
| HGiga MailSherlock does not validate specific URL parameters properly that allows attackers to inject JavaScript syntax for XSS attacks. | ||||
| CVE-2020-35737 | 1 Newgensoft | 1 Egov | 2024-11-21 | 7.5 High |
| In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference. | ||||
| CVE-2020-35736 | 1 Liftoffsoftware | 1 Gateone | 2024-11-21 | 7.5 High |
| GateOne 1.1 allows arbitrary file download without authentication via /downloads/.. directory traversal because os.path.join is misused. | ||||