Search Results (83918 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-36408 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
A stored cross scripting (XSS) vulnerability in CMS Made Simple 2.2.14 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Add Shortcut" parameter under the "Manage Shortcuts" module.
CVE-2020-36407 2 Aomedia, Linux 2 Libavif, Linux Kernel 2024-11-21 8.8 High
libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid.
CVE-2020-36406 2 Linux, Uwebsockets Project 2 Linux Kernel, Uwebsockets 2024-11-21 8.8 High
uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate
CVE-2020-36404 2 Keystone-engine, Linux 2 Keystone, Linux Kernel 2024-11-21 7.8 High
Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl.
CVE-2020-36403 2 Htslib, Linux 2 Htslib, Linux Kernel 2024-11-21 8.8 High
HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).
CVE-2020-36402 2 Linux, Soliditylang 2 Linux Kernel, Solidity 2024-11-21 7.8 High
Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change.
CVE-2020-36400 1 Zeromq 1 Libzmq 2024-11-21 9.8 Critical
ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235.
CVE-2020-36399 1 Phplist 1 Phplist 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "rule1" parameter under the "Bounce Rules" module.
CVE-2020-36398 1 Phplist 1 Phplist 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in phplist 3.5.4 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the "Campaign" field under the "Send a campaign" module.
CVE-2020-36397 1 Lavalite 1 Lavalite 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the /admin/contact/contact component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVE-2020-36396 1 Lavalite 1 Lavalite 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the /admin/roles/role component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVE-2020-36395 1 Lavalite 1 Lavalite 2024-11-21 5.4 Medium
A stored cross site scripting (XSS) vulnerability in the /admin/user/team component of LavaLite 5.8.0 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "New" parameter.
CVE-2020-36384 1 Pagelayer 1 Pagelayer 2024-11-21 6.1 Medium
PageLayer before 1.3.5 allows reflected XSS via color settings.
CVE-2020-36383 1 Pagelayer 1 Pagelayer 2024-11-21 6.1 Medium
PageLayer before 1.3.5 allows reflected XSS via the font-size parameter.
CVE-2020-36382 1 Openvpn 1 Openvpn Access Server 2024-11-21 7.5 High
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service.
CVE-2020-36381 1 Aaptjs Project 1 Aaptjs 2024-11-21 9.8 Critical
An issue was discovered in the singleCrunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
CVE-2020-36380 1 Aaptjs Project 1 Aaptjs 2024-11-21 9.8 Critical
An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
CVE-2020-36379 1 Aaptjs Project 1 Aaptjs 2024-11-21 9.8 Critical
An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
CVE-2020-36378 1 Aaptjs Project 1 Aaptjs 2024-11-21 9.8 Critical
An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.
CVE-2020-36377 1 Aaptjs Project 1 Aaptjs 2024-11-21 9.8 Critical
An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters.