Search Results (322799 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-12679 1 Mitel 2 Mivoice Connect, Shoretel Conference Web 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.
CVE-2020-12677 1 Progress 1 Moveit Automation 2024-11-21 6.1 Medium
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2.
CVE-2020-12676 1 Fusionauth 1 Samlv2 2024-11-21 9.1 Critical
FusionAuth fusionauth-samlv2 0.2.3 allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack".
CVE-2020-12675 1 Mappresspro 1 Mappress 2024-11-21 8.8 High
The mappress-google-maps-for-wordpress plugin before 2.54.6 for WordPress does not correctly implement capability checks for AJAX functions related to creation/retrieval/deletion of PHP template files, leading to Remote Code Execution. NOTE: this issue exists because of an incomplete fix for CVE-2020-12077.
CVE-2020-12674 5 Canonical, Debian, Dovecot and 2 more 7 Ubuntu Linux, Debian Linux, Dovecot and 4 more 2024-11-21 7.5 High
In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled.
CVE-2020-12673 5 Canonical, Debian, Dovecot and 2 more 7 Ubuntu Linux, Debian Linux, Dovecot and 4 more 2024-11-21 7.5 High
In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read.
CVE-2020-12672 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports Sle and 1 more 2024-11-21 7.5 High
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
CVE-2020-12670 1 Webmin 1 Webmin 2024-11-21 6.1 Medium
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
CVE-2020-12669 1 Dolibarr 1 Dolibarr 2024-11-21 8.8 High
core/get_menudiv.php in Dolibarr before 11.0.4 allows remote authenticated attackers to bypass intended access restrictions via a non-alphanumeric menu parameter.
CVE-2020-12668 1 Hubspot 1 Jinjava 2024-11-21 6.5 Medium
Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure.
CVE-2020-12667 1 Nic 1 Knot Resolver 2024-11-21 7.5 High
Knot Resolver before 5.1.1 allows traffic amplification via a crafted DNS answer from an attacker-controlled server, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
CVE-2020-12666 3 Fedoraproject, Go-macaron, Redhat 3 Fedora, Macaron, Service Mesh 2024-11-21 6.1 Medium
macaron before 1.3.7 has an open redirect in the static handler, as demonstrated by the http://127.0.0.1:4000//example.com/ URL.
CVE-2020-12663 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 7.5 High
Unbound before 1.10.1 has an infinite loop via malformed DNS answers received from upstream servers.
CVE-2020-12662 6 Canonical, Debian, Fedoraproject and 3 more 8 Ubuntu Linux, Debian Linux, Fedora and 5 more 2024-11-21 7.5 High
Unbound before 1.10.1 has Insufficient Control of Network Message Volume, aka an "NXNSAttack" issue. This is triggered by random subdomains in the NSDNAME in NS records.
CVE-2020-12659 3 Linux, Netapp, Redhat 9 Linux Kernel, Active Iq Unified Manager, Aff Baseboard Management Controller and 6 more 2024-11-21 6.7 Medium
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
CVE-2020-12658 2 Debian, Gssproxy Project 2 Debian Linux, Gssproxy 2024-11-21 9.8 Critical
gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states "We are already on a shutdown path when running the code in question, so a DoS there doesn't make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.
CVE-2020-12657 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel E4s and 1 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel before 5.6.5. There is a use-after-free in block/bfq-iosched.c related to bfq_idle_slice_timer_body.
CVE-2020-12656 3 Canonical, Linux, Opensuse 3 Ubuntu Linux, Linux Kernel, Leap 2024-11-21 5.5 Medium
gss_mech_free in net/sunrpc/auth_gss/gss_mech_switch.c in the rpcsec_gss_krb5 implementation in the Linux kernel through 5.6.10 lacks certain domain_release calls, leading to a memory leak. Note: This was disputed with the assertion that the issue does not grant any access not already available. It is a problem that on unloading a specific kernel module some memory is leaked, but loading kernel modules is a privileged operation. A user could also write a kernel module to consume any amount of memory they like and load that replicating the effect of this bug
CVE-2020-12655 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2024-11-21 5.5 Medium
An issue was discovered in xfs_agf_verify in fs/xfs/libxfs/xfs_alloc.c in the Linux kernel through 5.6.10. Attackers may trigger a sync of excessive duration via an XFS v5 image with crafted metadata, aka CID-d0c7feaf8767.
CVE-2020-12654 2 Linux, Redhat 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more 2024-11-21 7.1 High
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.