Search Results (363429 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35986 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Users Access Groups' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVE-2020-35985 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name' parameter.
CVE-2020-35984 1 Rukovoditel 1 Rukovoditel 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the 'Users Alerts' feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' parameter.
CVE-2020-35982 1 Gpac 1 Gpac 2024-11-21 7.8 High
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function gf_hinter_track_finalize() in media_tools/isom_hinter.c.
CVE-2020-35981 1 Gpac 1 Gpac 2024-11-21 7.8 High
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is an invalid pointer dereference in the function SetupWriters() in isomedia/isom_store.c.
CVE-2020-35980 1 Gpac 1 Gpac 2024-11-21 7.8 High
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is a use-after-free in the function gf_isom_box_del() in isomedia/box_funcs.c.
CVE-2020-35979 1 Gpac 1 Gpac 2024-11-21 7.8 High
An issue was discovered in GPAC version 0.8.0 and 1.0.1. There is heap-based buffer overflow in the function gp_rtp_builder_do_avc() in ietf/rtp_pck_mpeg4.c.
CVE-2020-35973 1 Zzcms 1 Zzcms 2024-11-21 5.4 Medium
An issue was discovered in zzcms2020. There is a XSS vulnerability that can insert and execute JS code arbitrarily via /user/manage.php.
CVE-2020-35972 1 Yzmcms 1 Yzmcms 2024-11-21 4.3 Medium
An issue was discovered in YzmCMS V5.8. There is a CSRF vulnerability that can add member user accounts via member/member/add.html.
CVE-2020-35971 1 Yzmcms 1 Yzmcms 2024-11-21 5.4 Medium
A storage XSS vulnerability is found in YzmCMS v5.8, which can be used by attackers to inject JS code and attack malicious XSS on the /admin/system_manage/user_config_edit.html page.
CVE-2020-35970 1 Yzmcms 1 Yzmcms 2024-11-21 7.5 High
An issue was discovered in YzmCMS 5.8. There is a SSRF vulnerability in the background collection management that allows arbitrary file read.
CVE-2020-35965 2 Debian, Ffmpeg 2 Debian Linux, Ffmpeg 2024-11-21 7.5 High
decode_frame in libavcodec/exr.c in FFmpeg 4.3.1 has an out-of-bounds write because of errors in calculations of when to perform memset zero operations.
CVE-2020-35964 2 Ffmpeg, Linux 2 Ffmpeg, Linux Kernel 2024-11-21 6.5 Medium
track_header in libavformat/vividas.c in FFmpeg 4.3.1 has an out-of-bounds write because of incorrect extradata packing.
CVE-2020-35963 2 Linux, Treasuredata 2 Linux Kernel, Fluent Bit 2024-11-21 7.8 High
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.
CVE-2020-35962 1 Loopring 1 Loopring 2024-11-21 7.5 High
The sellTokenForLRC function in the vault protocol in the smart contract implementation for Loopring (LRC), an Ethereum token, lacks access control for fee swapping and thus allows price manipulation.
CVE-2020-35952 1 Php-fusion 1 Php-fusion 2024-11-21 6.5 Medium
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration.
CVE-2020-35951 1 Expresstech 1 Quiz And Survey Master 2024-11-21 9.9 Critical
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It allows users to delete arbitrary files such as wp-config.php file, which could effectively take a site offline and allow an attacker to reinstall with a WordPress instance under their control. This occurred via qsm_remove_file_fd_question, which allowed unauthenticated deletions (even though it was only intended for a person to delete their own quiz-answer files).
CVE-2020-35950 1 Xcloner 1 Xcloner 2024-11-21 9.8 Critical
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.153 for WordPress. It allows CSRF (via almost any endpoint).
CVE-2020-35949 1 Expresstech 1 Quiz And Survey Master 2024-11-21 10 Critical
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made it possible for unauthenticated attackers to upload arbitrary files and achieve remote code execution. If a quiz question could be answered by uploading a file, only the Content-Type header was checked during the upload, and thus the attacker could use text/plain for a .php file.
CVE-2020-35948 1 Xcloner 1 Xcloner 2024-11-21 9.9 Critical
An issue was discovered in the XCloner Backup and Restore plugin before 4.2.13 for WordPress. It gave authenticated attackers the ability to modify arbitrary files, including PHP files. Doing so would allow an attacker to achieve remote code execution. The xcloner_restore.php write_file_action could overwrite wp-config.php, for example. Alternatively, an attacker could create an exploit chain to obtain a database dump.