Search Results (363609 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-5570 1 Ni-consul 1 Sales Force Assistant 2024-11-21 5.4 Medium
Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5569 1 Toshiba 19 Hd-ma10ts, Hd-ma10ty, Hd-ma20ts and 16 more 2024-11-21 8.4 High
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.
CVE-2020-5568 1 Cybozu 1 Garoon 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
CVE-2020-5567 1 Cybozu 1 Garoon 2024-11-21 7.5 High
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
CVE-2020-5566 1 Cybozu 1 Garoon 2024-11-21 4.3 Medium
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
CVE-2020-5565 1 Cybozu 1 Garoon 2024-11-21 4.3 Medium
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
CVE-2020-5564 1 Cybozu 1 Garoon 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
CVE-2020-5563 1 Cybozu 1 Garoon 2024-11-21 5.3 Medium
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
CVE-2020-5562 1 Cybozu 1 Garoon 2024-11-21 4.9 Medium
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
CVE-2020-5561 1 Keijiban Tsumiki Project 1 Keijiban Tsumiki 2024-11-21 9.8 Critical
Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2020-5560 1 Wl-enq Project 1 Wl-enq 2024-11-21 9.8 Critical
WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors.
CVE-2020-5559 1 Wl-enq Project 1 Wl-enq 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5558 1 Cutephp 1 Cutenews 2024-11-21 8.8 High
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2020-5557 1 Cutephp 1 Cutenews 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5556 1 Shihonkanri Plus Goout Project 1 Shihonkanri Plus Goout 2024-11-21 9.8 Critical
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2020-5555 1 Shihonkanri Plus Goout Project 1 Shihonkanri Plus Goout 2024-11-21 9.1 Critical
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.
CVE-2020-5554 1 Shihonkanri Plus Goout Project 1 Shihonkanri Plus Goout 2024-11-21 9.1 Critical
Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.
CVE-2020-5553 1 Mailform 1 Mailform 2024-11-21 9.8 Critical
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2020-5552 1 Mailform 1 Mailform 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in mailform version 1.04 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5551 1 Toyota 1 Display Control Unit 2024-11-21 8.8 High
Toyota 2017 Model Year DCU (Display Control Unit) allows an unauthenticated attacker within Bluetooth range to cause a denial of service attack and/or execute an arbitrary command. The affected DCUs are installed in Lexus (LC, LS, NX, RC, RC F), TOYOTA CAMRY, and TOYOTA SIENNA manufactured in the regions other than Japan from Oct. 2016 to Oct. 2019. An attacker with certain knowledge on the target vehicle control system may be able to send some diagnostic commands to ECUs with some limited availability impacts; the vendor states critical vehicle controls such as driving, turning, and stopping are not affected.