Search Results (362833 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35458 1 Clusterlabs 1 Hawk 2024-11-21 9.8 Critical
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.
CVE-2020-35457 1 Gnome 1 Glib 2024-11-21 7.8 High
GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented
CVE-2020-35456 1 Taidii 1 Diibear 2024-11-21 5.5 Medium
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to view private chat messages and media files via logcat because of excessive logging.
CVE-2020-35455 1 Taidii 1 Diibear 2024-11-21 7.8 High
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage.
CVE-2020-35454 1 Taidii 1 Diibear 2024-11-21 6.8 Medium
The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from an Android backup because of insecure application configuration.
CVE-2020-35453 1 Hashicorp 1 Vault 2024-11-21 5.3 Medium
HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1.
CVE-2020-35452 5 Apache, Debian, Fedoraproject and 2 more 8 Http Server, Debian Linux, Fedora and 5 more 2024-11-21 7.3 High
Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow
CVE-2020-35450 1 Gobby Project 1 Gobby 2024-11-21 7.5 High
Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls.
CVE-2020-35448 3 Gnu, Netapp, Redhat 3 Binutils, Ontap Select Deploy Administration Utility, Enterprise Linux 2024-11-21 3.3 Low
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c.
CVE-2020-35442 1 Fangfa 1 Fdcms 2024-11-21 9.8 Critical
FDCMS (also known as Fangfa Content Management System) 4.0 allows remote attackers to get a webshell in the background via Front/lib/Action/FindexAction.class.php.
CVE-2020-35441 1 Fangfa 1 Fdcms 2024-11-21 9.8 Critical
FDCMS (aka Fangfa Content Management System) 4.0 contains a front-end SQL injection via Admin/Lib/Action/FloginAction.class.php.
CVE-2020-35438 1 Kamalkhan 1 Kk Star Ratings 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in the kk Star Ratings plugin before 4.1.5.
CVE-2020-35437 1 Intelliants 1 Subrion Cms 2024-11-21 6.1 Medium
Subrion CMS 4.2.1 is affected by: Cross Site Scripting (XSS) through the avatar[path] parameter in a POST request to the /_core/profile/ URI.
CVE-2020-35430 1 Inxedu 1 Inxedu 2024-11-21 9.8 Critical
SQL Injection in com/inxedu/OS/edu/controller/letter/AdminMsgSystemController in Inxedu v2.0.6 via the ids parameter to admin/letter/delsystem.
CVE-2020-35427 1 Phpgurukul 1 Employee Record Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
CVE-2020-35419 1 Group-office 1 Group Office 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Group Office CRM 6.4.196 via the SET_LANGUAGE parameter.
CVE-2020-35418 1 Group-office 1 Group Office 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in the contact page of Group Office CRM 6.4.196 by uploading a crafted svg file.
CVE-2020-35416 1 Onlineonly 1 Phpjabbers Appointment Scheduler 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities exist in PHPJabbers Appointment Scheduler 2.3, in the index.php admin login webpage (with different request parameters), allows remote attackers to inject arbitrary web script or HTML.
CVE-2020-35398 1 Utimf 1 Uti Mutual Fund Invest Online 2024-11-21 5.3 Medium
An issue was discovered in UTI Mutual fund Android application 5.4.18 and prior, allows attackers to brute force enumeration of usernames determined by the error message returned after invalid credentials are attempted.
CVE-2020-35396 1 Egavilanmedia 1 Barcodes Generator 2024-11-21 6.1 Medium
EGavilan Barcodes generator 1.0 is affected by: Cross Site Scripting (XSS) via the index.php. An Attacker is able to inject the XSS payload in the web application each time a user visits the website.