Search Results (83805 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-25066 1 Treck 1 Tcp\/ip 2024-11-21 10 Critical
A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code.
CVE-2020-25056 2 Google, Samsung 2 Android, Galaxy S20 2024-11-21 7.5 High
An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 (August 2020).
CVE-2020-25052 2 Google, Samsung 2 Android, Exynos 9830 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020).
CVE-2020-25036 1 Ucopia 1 Ucopia Wireless Appliance 2024-11-21 8.8 High
UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.
CVE-2020-25033 1 Blubrry 1 Subscribe Sidebar 2024-11-21 6.1 Medium
The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_sidebar.php&status= reflected XSS.
CVE-2020-25023 1 Noise-java Project 1 Noise-java 2024-11-21 9.8 Critical
An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access.
CVE-2020-25022 1 Noise-java Project 1 Noise-java 2024-11-21 9.8 Critical
An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access.
CVE-2020-25021 1 Noise-java Project 1 Noise-java 2024-11-21 9.8 Critical
An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access.
CVE-2020-25011 1 Kyland 2 Kps2204 6 Port Managed Din-rail Programmable Serial Device, Kps2204 6 Port Managed Din-rail Programmable Serial Device Firmware 2024-11-21 9.8 Critical
A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Serial Device Servers Software Version:R0002.P05 allows remote attackers to get username and password by request /cgi-bin/webadminget.cgi script via the browser.
CVE-2020-24999 1 Xpdfreader 1 Xpdf 2024-11-21 7.8 High
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2020-24994 1 Libass Project 1 Libass 2024-11-21 8.8 High
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
CVE-2020-24993 1 Cmswing 1 Cmswing 2024-11-21 5.4 Medium
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module.
CVE-2020-24992 1 Cmswing 1 Cmswing 2024-11-21 5.4 Medium
There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module.
CVE-2020-24963 1 Appsbd 1 Best Support System 2024-11-21 5.4 Medium
An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested version v3.0.4.
CVE-2020-24924 1 Elkarbackup 1 Elkarbackup 2024-11-21 5.4 Medium
A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker can steal the user session cookie using this vulnerability present on Policies >> action >> Name Parameter
CVE-2020-24917 1 Osticket 1 Osticket 2024-11-21 6.1 Medium
osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in include/ajax.draft.php.
CVE-2020-24916 3 Canonical, Debian, Yaws 3 Ubuntu Linux, Debian Linux, Yaws 2024-11-21 9.8 Critical
CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
CVE-2020-24903 1 Cutesoft 1 Cute Editor 2024-11-21 6.1 Medium
Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2020-24902 1 Quixplorer Project 1 Quixplorer 2024-11-21 4.7 Medium
Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validation of user supplied input. A remote attacker could exploit this vulnerability using a specially crafted URL to execute a script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
CVE-2020-24900 1 Krpano 1 Krpano 2024-11-21 6.1 Medium
The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to insecure XML load in file /viewer/krpano.html, parameter xml.