Search

Search Results (363281 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-35575 1 Tp-link 54 Archer C5, Archer C5 Firmware, Archer C7 and 51 more 2024-11-21 9.8 Critical
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9(201211) beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N, WR1043ND, WR1045ND, WR740N, WR741ND, WR749N, WR802N, WR840N, WR841HP, WR841N, WR842N, WR842ND, WR845N, WR940N, WR941HP, WR945N, WR949N, and WRD4300 devices.
CVE-2020-35573 2 Debian, Postsrsd Project 2 Debian Linux, Postsrsd 2024-11-21 7.5 High
srs2.c in PostSRSd before 1.10 allows remote attackers to cause a denial of service (CPU consumption) via a long timestamp tag in an SRS address.
CVE-2020-35572 1 Adminer 1 Adminer 2024-11-21 6.1 Medium
Adminer through 4.7.8 allows XSS via the history parameter to the default URI.
CVE-2020-35571 1 Mantisbt 1 Mantisbt 2024-11-21 6.1 Medium
An issue was discovered in MantisBT through 2.24.3. In the helper_ensure_confirmed call in manage_custom_field_update.php, the custom field name is not sanitized. This may be problematic depending on CSP settings.
CVE-2020-35570 2 Helmholz, Mbconnectline 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more 2024-11-21 5.3 Medium
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing.
CVE-2020-35569 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 6.1 Medium
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page.
CVE-2020-35568 2 Helmholz, Mbconnectline 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more 2024-11-21 4.3 Medium
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An incomplete filter applied to a database response allows an authenticated attacker to gain non-public information about other users and devices in the account.
CVE-2020-35567 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 7.8 High
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The software uses a secure password for database access, but this password is shared across instances.
CVE-2020-35566 2 Helmholz, Mbconnectline 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more 2024-11-21 5.3 Medium
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. An attacker can read arbitrary JSON files via Local File Inclusion.
CVE-2020-35565 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 9.8 Critical
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login pages bruteforce detection is disabled by default.
CVE-2020-35564 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 7.5 High
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an outdated and unused component allowing for malicious user input of active code.
CVE-2020-35563 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 5.4 Medium
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page.
CVE-2020-35561 2 Helmholz, Mbconnectline 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more 2024-11-21 5.3 Medium
An issue was discovered MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2. There is an SSRF in the HA module allowing an unauthenticated attacker to scan for open ports.
CVE-2020-35560 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 6.1 Medium
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unauthenticated open redirect in the redirect.php.
CVE-2020-35559 1 Mbconnectline 2 Mbconnect24, Mymbconnect24 2024-11-21 4.3 Medium
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an unused function that allows an authenticated attacker to use up all available IPs of an account and thus not allow creation of new devices and users.
CVE-2020-35558 2 Helmholz, Mbconnectline 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more 2024-11-21 7.5 High
An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. There is an SSRF in the in the MySQL access check, allowing an attacker to scan for open ports and gain some information about possible credentials.
CVE-2020-35557 2 Helmholz, Mbconnectline 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more 2024-11-21 6.5 Medium
An issue in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2 allows a logged in user to see devices in the account he should not have access to due to improper use of access validation.
CVE-2020-35556 1 Acronis 1 Cyber Protect 2024-11-21 7.5 High
An issue was discovered in Acronis Cyber Protect before 15 Update 1 build 26172. Because the local notification service misconfigures CORS, information disclosure can occur.
CVE-2020-35555 1 Google 1 Android 2024-11-21 7.8 High
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020).
CVE-2020-35554 1 Google 1 Android 2024-11-21 7.8 High
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. There is a WebView SSL error-handler vulnerability. The LG ID is LVE-SMP-200026 (December 2020).