Search Results (83837 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-26914 1 Netgear 28 D6200, D6200 Firmware, D7000 and 25 more 2024-11-21 6.7 Medium
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D6200 before 1.1.00.38, D7000 before 1.0.1.78, JR6150 before 1.0.1.24, R6020 before 1.0.0.42, R6050 before 1.0.1.24, R6080 before 1.0.0.42, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.64, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.
CVE-2020-26913 1 Netgear 42 D6100, D6100 Firmware, R7800 and 39 more 2024-11-21 6.8 Medium
Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.63, R7800 before 1.0.2.60, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, SRK60 before 2.2.2.20, SRR60 before 2.2.2.20, SRS60 before 2.2.2.20, WN3000RPv2 before 1.0.0.78, WNDR4300v2 before 1.0.0.58, WNDR4500v3 before 1.0.0.58, WNR2000v5 before 1.0.0.70, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.
CVE-2020-26910 1 Netgear 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more 2024-11-21 8.4 High
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
CVE-2020-26909 1 Netgear 4 D7800, D7800 Firmware, R7500v2 and 1 more 2024-11-21 8.8 High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects D7800 before 1.0.1.58 and R7500v2 before 1.0.3.48.
CVE-2020-26907 1 Netgear 6 Rbk852, Rbk852 Firmware, Rbr850 and 3 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, and RBS850 before 3.2.16.6.
CVE-2020-26902 1 Netgear 12 Rbk752, Rbk752 Firmware, Rbk852 and 9 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25.
CVE-2020-26892 2 Fedoraproject, Linuxfoundation 2 Fedora, Nats-server 2024-11-21 9.8 Critical
The JWT library in NATS nats-server before 2.1.9 has Incorrect Access Control because of how expired credentials are handled.
CVE-2020-26891 1 Matrix 1 Synapse 2024-11-21 6.1 Medium
AuthRestServlet in Matrix Synapse before 1.21.0 is vulnerable to XSS due to unsafe interpolation of the session GET parameter. This allows a remote attacker to execute an XSS attack on the domain Synapse is hosted on, by supplying the victim user with a malicious URL to the /_matrix/client/r0/auth/*/fallback/web or /_matrix/client/unstable/auth/*/fallback/web Synapse endpoints.
CVE-2020-26885 1 2sic 1 2sxc 2024-11-21 6.1 Medium
An issue was discovered in 2sic 2sxc before 11.22. A XSS vulnerability in the sxcver parameter of dnn/ui.html allows an attacker to craft a malicious URL that executes a JavaScript payload in a victim's browser.
CVE-2020-26884 1 Rsa 1 Archer 2024-11-21 6.1 Medium
RSA Archer 6.8 through 6.8.0.3 and 6.9 contains a URL injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability by tricking a victim application user into executing malicious JavaScript code in the context of the web application.
CVE-2020-26879 1 Commscope 2 Ruckus Iot Module, Ruckus Vriot 2024-11-21 9.8 Critical
Ruckus vRioT through 1.5.1.0.21 has an API backdoor that is hardcoded into validate_token.py. An unauthenticated attacker can interact with the service API by using a backdoor value as the Authorization header.
CVE-2020-26878 1 Commscope 2 Ruckus Iot Module, Ruckus Vriot 2024-11-21 8.8 High
Ruckus through 1.5.1.0.21 is affected by remote command injection. An authenticated user can submit a query to the API (/service/v1/createUser endpoint), injecting arbitrary commands that will be executed as root user via web.py.
CVE-2020-26870 4 Cure53, Debian, Microsoft and 1 more 5 Dompurify, Debian Linux, Visual Studio 2017 and 2 more 2024-11-21 6.1 Medium
Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements.
CVE-2020-26868 1 Pcvuesolutions 1 Pcvue 2024-11-21 7.5 High
ARC Informatique PcVue prior to version 12.0.17 is vulnerable to a denial-of-service attack due to the ability of an unauthorized user to modify information used to validate messages sent by legitimate web clients. This issue also affects third-party systems based on the Web Services Toolkit.
CVE-2020-26838 1 Sap 2 Business Warehouse, Bw\/4hana 2024-11-21 9.1 Critical
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.
CVE-2020-26835 1 Sap 1 Netweaver Application Server Abap 2024-11-21 6.1 Medium
SAP NetWeaver AS ABAP, versions - 740, 750, 751, 752, 753, 754 , does not sufficiently encode URL which allows an attacker to input malicious java script in the URL which could be executed in the browser resulting in Reflected Cross-Site Scripting (XSS) vulnerability.
CVE-2020-26825 1 Sap 1 Fiori Launchpad \(news Tile Application\) 2024-11-21 6.1 Medium
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to use SAP Fiori Launchpad News tile Application to send malicious code, to a different end user (victim), because News tile does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Information maintained in the victim's web browser can be read, modified, and sent to the attacker. The malicious code cannot significantly impact the victim's browser and the victim can easily close the browser tab to terminate it.
CVE-2020-26817 1 Sap 1 3d Visual Enterprise Viewer 2024-11-21 7.8 High
SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
CVE-2020-26801 1 Tripplite 2 Su2200rtxl2ua, Su2200rtxl2ua Firmware 2024-11-21 5.4 Medium
A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users' information via a crafted POST request.
CVE-2020-26800 1 Ethereum 1 Aleth 2024-11-21 5.5 Medium
A stack overflow vulnerability in Aleth Ethereum C++ client version <= 1.8.0 using a specially crafted a config.json file may result in a denial of service.