Search

Search Results (363132 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-29024 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2024-11-21 5.3 Medium
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in (GTA) GoToAppliance of Secomea GateManager could allow an attacker to gain access to sensitive cookies. This issue affects: Secomea GateManager all versions prior to 9.3.
CVE-2020-29023 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2024-11-21 3.5 Low
Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3.
CVE-2020-29022 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2024-11-21 5.3 Medium
Failure to Sanitize host header value on output in the GateManager Web server could allow an attacker to conduct web cache poisoning attacks. This issue affects Secomea GateManager all versions prior to 9.3
CVE-2020-29021 1 Secomea 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more 2024-11-21 3.5 Low
A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3.
CVE-2020-29020 1 Secomea 2 Sitemanager, Sitemanager Firmware 2024-11-21 9.1 Critical
Improper Access Control vulnerability in web service of Secomea SiteManager allows remote attacker to access the web UI from the internet using the configured credentials. This issue affects: Secomea SiteManager All versions prior to 9.4.620527004 on Hardware.
CVE-2020-29019 1 Fortinet 1 Fortiweb 2024-11-21 5.3 Medium
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.
CVE-2020-29018 1 Fortinet 1 Fortiweb 2024-11-21 8.8 High
A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote attacker to read the content of memory and retrieve sensitive data via the redir parameter.
CVE-2020-29017 1 Fortinet 1 Fortideceptor 2024-11-21 8.8 High
An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authenticated attacker to execute arbitrary commands on the system by exploiting a command injection vulnerability on the Customization page.
CVE-2020-29016 1 Fortinet 1 Fortiweb 2024-11-21 9.8 Critical
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
CVE-2020-29015 1 Fortinet 1 Fortiweb 2024-11-21 9.8 Critical
A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to execute arbitrary SQL queries or commands by sending a request with a crafted Authorization header containing a malicious SQL statement.
CVE-2020-29014 1 Fortinet 1 Fortisandbox 2024-11-21 6.3 Medium
A concurrent execution using shared resource with improper synchronization ('race condition') in the command shell of FortiSandbox before 3.2.2 may allow an authenticated attacker to bring the system into an unresponsive state via specifically orchestrated sequences of commands.
CVE-2020-29013 1 Fortinet 1 Fortisandbox 2024-11-21 5.4 Medium
An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may allow an authenticated attacker to silently halt the sniffer via specifically crafted requests.
CVE-2020-29012 1 Fortinet 1 Fortisandbox 2024-11-21 5.6 Medium
An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow an attacker to reuse the unexpired admin user session IDs to gain information about other users configured on the device, should the attacker be able to obtain that session ID (via other, hypothetical attacks)
CVE-2020-29011 1 Fortinet 1 Fortisandbox 2024-11-21 8.8 High
Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of FortiSandbox 3.2.0 through 3.2.2, and 3.1.0 through 3.1.4 may allow an authenticated attacker to execute unauthorized code on the underlying SQL interpreter via specifically crafted HTTP requests.
CVE-2020-29006 1 Misp 1 Misp 2024-11-21 9.8 Critical
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.
CVE-2020-29005 1 Mediawiki 1 Mediawiki 2024-11-21 7.5 High
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
CVE-2020-29004 1 Mediawiki 1 Mediawiki 2024-11-21 8.8 High
The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBase.php and therefore facilitated a CSRF attack.
CVE-2020-29003 1 Mediawiki 1 Mediawiki 2024-11-21 5.4 Medium
The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.
CVE-2020-29002 1 Mediawiki 1 Mediawiki 2024-11-21 4.8 Medium
includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.
CVE-2020-29001 1 Merkuryinnovations 8 Geeni Gnc-cw025, Geeni Gnc-cw025 Firmware, Geeni Gnc-cw028 and 5 more 2024-11-21 7.2 High
An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-CW024 Doorbell 2.9.6, and Merkury MI-CW017 Camera 2.9.6 devices. A vulnerability exists in the RESTful Services API that allows a remote attacker to take full control of the camera with a high-privileged account. The vulnerability exists because a static username and password are compiled into the ppsapp RESTful application.