Search Results (83866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-28343 2 Google, Samsung 4 Android, Exynos 980, Exynos 9820 and 1 more 2024-11-21 7.8 High
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020).
CVE-2020-28334 1 Barco 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware 2024-11-21 9.8 Critical
Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19. The Barco wePresent WiPG-1600W device has a hardcoded root password hash included in the firmware image. Exploiting CVE-2020-28329, CVE-2020-28330 and CVE-2020-28331 could potentially be used in a simple and automated exploit chain to go from unauthenticated remote attacker to root shell.
CVE-2020-28329 1 Barco 2 Wepresent Wipg-1600w, Wepresent Wipg-1600w Firmware 2024-11-21 9.8 Critical
Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverable by inspecting the firmware image. A malicious actor could use this password to access authenticated, administrative functions in the API. Affected Version(s): 2.5.1.8, 2.5.0.25, 2.5.0.24, 2.4.1.19.
CVE-2020-28249 1 Joplin Project 1 Joplin 2024-11-21 6.1 Medium
Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.
CVE-2020-28248 1 Png-img Project 1 Png-img 2024-11-21 8.8 High
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.
CVE-2020-28246 1 Form 1 Form.io 2024-11-21 9.8 Critical
A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code Execution during deletion of the default Email template URL. NOTE: the email templating service was removed after 2020. Additionally, the vendor disputes this issue indicating this is sandboxed and only executable by admins.
CVE-2020-28243 3 Debian, Fedoraproject, Saltstack 3 Debian Linux, Fedora, Salt 2024-11-21 7.8 High
An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory.
CVE-2020-28200 2 Dovecot, Fedoraproject 2 Dovecot, Fedora 2024-11-21 4.3 Medium
The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension.
CVE-2020-28198 1 Ibm 1 Tivoli Storage Manager 2024-11-21 7.0 High
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2020-28188 1 Terra-master 1 Tos 2024-11-21 9.8 Critical
Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticated attackers to inject OS commands via /include/makecvs.php in Event parameter.
CVE-2020-28184 1 Terra-master 1 Tos 2024-11-21 5.4 Medium
Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated users to inject arbitrary web script or HTML via the mod parameter to /module/index.php.
CVE-2020-28169 3 Debian, Microsoft, Td-agent-builder Project 3 Debian Linux, Windows, Td-agent-builder 2024-11-21 7.0 High
The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges because the bin directory is writable by a user account, but a file in bin is executed as NT AUTHORITY\SYSTEM.
CVE-2020-28149 1 Mydbr 1 Mydbr 2024-11-21 9.6 Critical
myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: CSRF Token. The attack vector is: CSRF token injection to XSS.
CVE-2020-28146 1 Eyoucms 1 Eyoucms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter.
CVE-2020-28141 1 Online Discussion Forum Project 1 Online Discussion Forum 2024-11-21 5.4 Medium
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page.
CVE-2020-28139 1 Online Clothing Store Project 1 Online Clothing Store 2024-11-21 6.1 Medium
SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.
CVE-2020-28124 1 Lavalite 1 Lavalite 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.
CVE-2020-28119 1 53kf 1 53kf 2024-11-21 6.1 Medium
Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed via crafted HTML statement inserted into chat window.
CVE-2020-28097 2 Linux, Netapp 18 Linux Kernel, Cloud Backup, H300e and 15 more 2024-11-21 5.9 Medium
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
CVE-2020-28092 1 Pescms 1 Pescms Team 2024-11-21 6.1 Medium
PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=