Export limit exceeded: 347785 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79543 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79543 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29238 | 1 Expressvpn | 1 Expressvpn | 2024-11-21 | 7.5 High |
| An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attackers to obtain sensitive information when the server running as reverse proxy via specially crafted request. | ||||
| CVE-2020-29228 | 1 Egavilanmedia | 1 User Registration And Login System With Admin Panel | 2024-11-21 | 7.5 High |
| EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection in the User Login Page. | ||||
| CVE-2020-29194 | 1 Panasonic | 2 Wv-s2231l, Wv-s2231l Firmware | 2024-11-21 | 7.5 High |
| Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (which will require a physical reset to restore administrative control) via Randomnum=99AC8CEC6E845B28&mode=1 in a POST request to the cgi-bin/set_factory URI. | ||||
| CVE-2020-29189 | 1 Terra-master | 1 Tos | 2024-11-21 | 8.1 High |
| Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated attackers to bypass read-only restriction and obtain full access to any folder within the NAS | ||||
| CVE-2020-29176 | 1 Zblogcn | 1 Z-blogphp | 2024-11-21 | 7.8 High |
| An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrary code via a crafted JPG file. | ||||
| CVE-2020-29166 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 7.5 High |
| PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can result in remote information disclosure. | ||||
| CVE-2020-29163 | 1 Rainbowfishsoftware | 1 Pacsone Server | 2024-11-21 | 8.8 High |
| PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection. | ||||
| CVE-2020-29160 | 1 Zammad | 1 Zammad | 2024-11-21 | 7.5 High |
| An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing. | ||||
| CVE-2020-29157 | 1 Raonwiz | 1 Raon K Editor | 2024-11-21 | 7.8 High |
| An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when the service or system is restarted. | ||||
| CVE-2020-29147 | 1 Wayang-cms Project | 1 Wayang-cms | 2024-11-21 | 7.5 High |
| A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attackers to obtain sensitive database information. | ||||
| CVE-2020-29143 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | ||||
| CVE-2020-29142 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the schedule_facility parameter when restrict_user_facility=on is in global settings. | ||||
| CVE-2020-29140 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the form_code parameter. | ||||
| CVE-2020-29139 | 1 Open-emr | 1 Openemr | 2024-11-21 | 7.2 High |
| A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc in OpenEMR before 5.0.2.5 allows a remote authenticated attacker to execute arbitrary SQL commands via the searchFields parameter. | ||||
| CVE-2020-29134 | 1 Totvs | 1 Fluig | 2024-11-21 | 8.6 High |
| The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64. This affects all versions Fluig Lake 1.7.0, Fluig 1.6.5 and Fluig 1.6.4 | ||||
| CVE-2020-29075 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.1 High |
| Acrobat Reader DC versions 2020.013.20066 (and earlier), 2020.001.30010 (and earlier) and 2017.011.30180 (and earlier) are affected by an information exposure vulnerability, that could enable an attacker to get a DNS interaction and track if the user has opened or closed a PDF file when loaded from the filesystem without a prompt. User interaction is required to exploit this vulnerability. | ||||
| CVE-2020-29074 | 3 Debian, Fedoraproject, X11vnc Project | 3 Debian Linux, Fedora, X11vnc | 2024-11-21 | 8.8 High |
| scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other than the current user. | ||||
| CVE-2020-29063 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-11-21 | 7.5 High |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. A custom encryption algorithm is used to store encrypted passwords. This algorithm will XOR the password with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g value. | ||||
| CVE-2020-29057 | 1 Cdatatec | 56 72408a, 72408a Firmware, 9008a and 53 more | 2024-11-21 | 7.5 High |
| An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, 97042P, 97084P, 97168P, FD1002S, FD1104, FD1104B, FD1104S, FD1104SN, FD1108S, FD1204S-R2, FD1204SN, FD1204SN-R2, FD1208S-R2, FD1216S-R1, FD1608GS, FD1608SN, FD1616GS, FD1616SN, and FD8000 devices. It allows remote attackers to cause a denial of service (reboot) by sending random bytes to the telnet server on port 23, aka a "shawarma" attack. | ||||
| CVE-2020-29050 | 2 Debian, Sphinxsearch | 2 Debian Linux, Sphinx | 2024-11-21 | 7.5 High |
| SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction with CVE-2019-14511) because the mysql client can be used for CALL SNIPPETS and load_file operations on a full pathname (e.g., a file in the /etc directory). NOTE: this is unrelated to CMUSphinx. | ||||