Search Results (83867 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-28423 1 Monorepo-build Project 1 Monorepo-build 2024-11-21 9.8 Critical
This affects all versions of package monorepo-build.
CVE-2020-28422 1 Git-archive Project 1 Git-archive 2024-11-21 6.4 Medium
All versions of package git-archive are vulnerable to Command Injection via the exports function.
CVE-2020-28415 1 Tranzware Payment Gateway Project 1 Tranzware Payment Gateway 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28414).
CVE-2020-28414 1 Tranzware Payment Gateway Project 1 Tranzware Payment Gateway 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.3.2. A remote unauthenticated attacker is able to execute arbitrary HTML code via crafted url (different vector than CVE-2020-28415).
CVE-2020-28409 1 Dundas 1 Dundas Bi 2024-11-21 5.4 Medium
The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) when events such as click, hover, etc. occur.
CVE-2020-28408 1 Dundas 1 Dundas Bi 2024-11-21 5.4 Medium
The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a dashboard.
CVE-2020-28395 1 Siemens 16 Scalance Xr324-12m, Scalance Xr324-12m Firmware, Scalance Xr324-12m Ts and 13 more 2024-11-21 5.9 Medium
A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). Devices do not create a new unique private key after factory reset. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
CVE-2020-28391 1 Siemens 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more 2024-11-21 5.9 Medium
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-200RNA switch family (All versions < V3.2.7). Devices create a new unique key upon factory reset, except when used with C-PLUG. When used with C-PLUG the devices use the hardcoded private RSA-key shipped with the firmware-image. An attacker could leverage this situation to a man-in-the-middle situation and decrypt previously captured traffic.
CVE-2020-28386 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2020-28385 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)
CVE-2020-28384 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2020-28383 1 Siemens 3 Jt2go, Solid Edge, Teamcenter Visualization 2024-11-21 7.8 High
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11885)
CVE-2020-28382 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2020-28381 1 Siemens 1 Solid Edge 2024-11-21 7.8 High
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.
CVE-2020-28373 1 Netgear 26 R6250, R6250 Firmware, R6400 and 23 more 2024-11-21 8.8 High
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.
CVE-2020-28371 1 Readytalk 1 Avian 2024-11-21 9.8 Critical
An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving the out-of-bounds access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-28365 1 Sapplica 1 Sentrifugo 2024-11-21 6.1 Medium
Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within the X-Forwarded-For HTTP header during the login process. When an administrator looks at logs, the payload is executed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-28364 1 Locust 1 Locust 2024-11-21 6.1 Medium
A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the installation violates the usage expectations by exposing this UI to outside users.
CVE-2020-28351 1 Mitel 2 Shoretel, Shoretel Firmware 2024-11-21 6.1 Medium
The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack (via the PATH_INFO to index.php) due to insufficient validation for the time_zone object in the HOME_MEETING& page.
CVE-2020-28350 1 Sokrates 1 Sowasql 2024-11-21 6.1 Medium
A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter.