Search Results (363282 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-9756 1 Patriotmemory 2 Viper Rgb, Viper Rgb Firmware 2024-11-21 7.8 High
Patriot Viper RGB Driver 1.1 and prior exposes IOCTL and allows insufficient access control. The IOCTL Codes 0x80102050 and 0x80102054 allows a local user with low privileges to read/write 1/2/4 bytes from or to an IO port. This could be leveraged in a number of ways to ultimately run code with elevated privileges.
CVE-2020-9754 1 Navercorp 1 Whale 2024-11-21 5.3 Medium
NAVER Whale browser mobile app before 1.10.6.2 allows the attacker to bypass its browser unlock function via incognito mode.
CVE-2020-9753 1 Naver 1 Whale Browser Installer 2024-11-21 9.1 Critical
Whale Browser Installer before 1.2.0.5 versions don't support signature verification for Flash installer.
CVE-2020-9752 1 Naver 1 Cloud Explorer 2024-11-21 9.8 Critical
Naver Cloud Explorer before 2.2.2.11 allows the attacker can move a local file in any path on the filesystem as a system privilege through its named pipe.
CVE-2020-9751 1 Naver 1 Cloud Explorer 2024-11-21 9.1 Critical
Naver Cloud Explorer before 2.2.2.11 allows the system to download an arbitrary file from the attacker's server and execute it during the upgrade.
CVE-2020-9750 2 Adobe, Microsoft 2 Animate, Windows 2024-11-21 7.8 High
Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability, which could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.
CVE-2020-9749 2 Adobe, Microsoft 2 Animate, Windows 2024-11-21 7.8 High
Adobe Animate version 20.5 (and earlier) is affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.
CVE-2020-9748 2 Adobe, Microsoft 2 Animate, Windows 2024-11-21 7.8 High
Adobe Animate version 20.5 (and earlier) is affected by a stack overflow vulnerability, which could lead to arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .fla file in Animate.
CVE-2020-9747 2 Adobe, Microsoft 2 Animate, Windows 2024-11-21 7.8 High
Adobe Animate version 20.5 (and earlier) is affected by a double free vulnerability when parsing a crafted .fla file, which could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit.
CVE-2020-9745 2 Adobe, Microsoft 2 Media Encoder, Windows 2024-11-21 6.1 Medium
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-9744 2 Adobe, Microsoft 2 Media Encoder, Windows 2024-11-21 6.1 Medium
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-9743 1 Adobe 1 Experience Manager 2024-11-21 5.3 Medium
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by an HTML injection vulnerability in the content editor component that allows unauthenticated users to craft an HTTP request that includes arbitrary HTML code in a parameter value. An attacker could then use the malicious GET request to lure victims to perform unsafe actions in the page (ex. phishing).
CVE-2020-9742 1 Adobe 1 Experience Manager 2024-11-21 9 Critical
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below) and 6.3.3.8 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Inbox calendar feature. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2020-9741 1 Adobe 1 Experience Manager 2024-11-21 9 Critical
The AEM forms add-on for versions 6.5.5.0 (and below) and 6.4.8.2 (and below) is affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Forms component. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2020-9740 1 Adobe 1 Experience Manager 2024-11-21 9 Critical
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with 'Author' privileges to store malicious scripts in fields associated with the Design Importer. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2020-9739 2 Adobe, Microsoft 2 Media Encoder, Windows 2024-11-21 6.1 Medium
Adobe Media Encoder version 14.3.2 (and earlier versions) has an out-of-bounds read vulnerability that could be exploited to read past the end of an allocated buffer, possibly resulting in a crash or disclosure of sensitive information from other memory locations. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
CVE-2020-9738 1 Adobe 1 Experience Manager 2024-11-21 6.8 Medium
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when visiting the page containing the vulnerable field.
CVE-2020-9737 1 Adobe 1 Experience Manager 2024-11-21 6.8 Medium
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when they open the page containing the vulnerable field.
CVE-2020-9736 1 Adobe 1 Experience Manager 2024-11-21 6.8 Medium
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when browsing to the page containing the vulnerable field.
CVE-2020-9735 1 Adobe 1 Experience Manager 2024-11-21 6.8 Medium
AEM versions 6.5.5.0 (and below), 6.4.8.1 (and below), 6.3.3.8 (and below) and 6.2 SP1-CFP20 (and below) are affected by a stored XSS vulnerability that allows users with access to the Content Repository Development Environment to store malicious scripts in certain node fields. These scripts may be executed in a victim’s browser when search queries return the page containing the vulnerable field.