Search

Search Results (363286 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35782 1 Netgear 8 Gs116e, Gs116e Firmware, Jgs516pe and 5 more 2024-11-21 8.1 High
Certain NETGEAR devices are affected by lack of access control at the function level. This affects JGS516PE before 2.6.0.48, JGS524Ev2 before 2.6.0.48, JGS524PE before 2.6.0.48, and GS116Ev2 before 2.6.0.48. The TFTP firmware update mechanism does not properly implement firmware validations, allowing remote attackers to write arbitrary data to internal memory.
CVE-2020-35781 1 Netgear 2 Nms300, Nms300 Firmware 2024-11-21 8.3 High
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.
CVE-2020-35780 1 Netgear 2 Nms300, Nms300 Firmware 2024-11-21 7.1 High
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.
CVE-2020-35779 1 Netgear 2 Nms300, Nms300 Firmware 2024-11-21 7.5 High
NETGEAR NMS300 devices before 1.6.0.27 are affected by denial of service.
CVE-2020-35778 1 Netgear 4 Gs716t, Gs716t Firmware, Gs724t and 1 more 2024-11-21 4.3 Medium
Certain NETGEAR devices are affected by CSRF. This affects GS716Tv3 before 6.3.1.36 and GS724Tv4 before 6.3.1.36.
CVE-2020-35777 1 Netgear 2 Dgn2200v1, Dgn2200v1 Firmware 2024-11-21 8.4 High
NETGEAR DGN2200v1 devices before v1.0.0.58 are affected by command injection.
CVE-2020-35776 1 Digium 1 Asterisk 2024-11-21 6.5 Medium
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
CVE-2020-35775 1 Citsmart 1 Citsmart 2024-11-21 9.8 Critical
CITSmart before 9.1.2.23 allows LDAP Injection.
CVE-2020-35774 1 Twitter 1 Twitter-server 2024-11-21 5.4 Medium
server/handler/HistogramQueryHandler.scala in Twitter TwitterServer (aka twitter-server) before 20.12.0, in some configurations, allows XSS via the /histograms endpoint.
CVE-2020-35773 1 Freehtmldesigns 1 Site Offline 2024-11-21 8.8 High
The site-offline plugin before 1.4.4 for WordPress lacks certain wp_create_nonce and wp_verify_nonce calls, aka CSRF.
CVE-2020-35769 2 Microsoft, Webmin 2 Windows, Webmin 2024-11-21 9.8 Critical
miniserv.pl in Webmin 1.962 on Windows mishandles special characters in query arguments to the CGI program.
CVE-2020-35766 1 Opendkim 1 Opendkim 2024-11-21 7.8 High
The test suite in libopendkim in OpenDKIM through 2.10.3 allows local users to gain privileges via a symlink attack against the /tmp/testkeys file (related to t-testdata.h, t-setup.c, and t-cleanup.c). NOTE: this is applicable to persons who choose to engage in the "A number of self-test programs are included here for unit-testing the library" situation.
CVE-2020-35765 1 Zohocorp 1 Manageengine Applications Manager 2024-11-21 8.8 High
doFilter in com.adventnet.appmanager.filter.UriCollector in Zoho ManageEngine Applications Manager through 14930 allows an authenticated SQL Injection via the resourceid parameter to showresource.do.
CVE-2020-35762 1 Bloofox 1 Bloofoxcms 2024-11-21 2.7 Low
bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files.
CVE-2020-35761 1 Bloofox 1 Bloofoxcms 2024-11-21 5.4 Medium
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code.
CVE-2020-35760 1 Bloofox 1 Bloofoxcms 2024-11-21 9.8 Critical
bloofoxCMS 0.5.2.1 is infected with Unrestricted File Upload that allows attackers to upload malicious files (ex: php files).
CVE-2020-35759 1 Bloofox 1 Bloofoxcms 2024-11-21 6.5 Medium
bloofoxCMS 0.5.2.1 is infected with a CSRF Attack that leads to an attacker editing any file content (Locally/Remotely).
CVE-2020-35758 1 Librewireless 2 Ls9, Ls9 Firmware 2024-11-21 9.8 Critical
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a Authentication Bypass in the Web Interface. This interface does not properly restrict access to internal functionality. Despite presenting a password login page on first access, authentication is not required to access privileged functionality. As such, it's possible to directly access APIs that should not be exposed to an unauthenticated user.
CVE-2020-35757 1 Librewireless 2 Ls9, Ls9 Firmware 2024-11-21 9.8 Critical
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is Unauthenticated Root ADB Access Over TCP. The LS9 web interface provides functionality to access ADB over TCP. This is not enabled by default, but can be enabled by sending a crafted request to a web management interface endpoint. Requests made to this endpoint do not require authentication. As such, any unauthenticated user who is able to access the web interface will be able to gain root privileges on the LS9 module.
CVE-2020-35756 1 Librewireless 2 Ls9, Ls9 Firmware 2024-11-21 7.5 High
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service GETPASS Configuration Password Information Leak. The luci_service daemon running on port 7777 does not require authentication to return the device configuration password in cleartext when using the GETPASS command. As such, any unauthenticated person with access to port 7777 on the device will be able to leak the user's personal device configuration password by issuing the GETPASS command.