Search Results (83805 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-24899 1 Nagios 1 Nagios Xi 2024-11-21 8.8 High
Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query.
CVE-2020-24897 1 Stiltsoft 1 Table Filter And Charts For Confluence Server 2024-11-21 8.9 High
The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro.
CVE-2020-24876 1 Pancakeapp 1 Pancake 2024-11-21 9.8 Critical
Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge session cookies, which may lead to remote privilege escalation.
CVE-2020-24872 1 Lepton-cms 1 Leptoncms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code.
CVE-2020-24870 2 Libraw, Redhat 2 Libraw, Enterprise Linux 2024-11-21 8.8 High
Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
CVE-2020-24863 2 Freebsd, Midnightbsd 2 Freebsd, Midnightbsd 2024-11-21 5.5 Medium
A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode.
CVE-2020-24861 1 Get-simple 1 Getsimple Cms 2024-11-21 5.4 Medium
GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scripting which is executed when you create and open a new page
CVE-2020-24860 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 5.4 Medium
CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit content and put persistent XSS payload in the affected text fields. The user can get cookies from every authenticated user who visits the website.
CVE-2020-24849 1 Fruitywifi Project 1 Fruitywifi 2024-11-21 8.8 High
A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317.
CVE-2020-24842 1 Sdgc 1 Pnpscada 2024-11-21 6.1 Medium
PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser.
CVE-2020-24826 1 Libelfin Project 1 Libelfin 2024-11-21 5.5 Medium
A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
CVE-2020-24825 1 Libelfin Project 1 Libelfin 2024-11-21 5.5 Medium
A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
CVE-2020-24823 1 Libelfin Project 1 Libelfin 2024-11-21 5.5 Medium
A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
CVE-2020-24822 1 Libelfin Project 1 Libelfin 2024-11-21 5.5 Medium
A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
CVE-2020-24821 1 Libelfin Project 1 Libelfin 2024-11-21 5.5 Medium
A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file.
CVE-2020-24753 1 Objective Open Cbor Run-time Project 1 Objective Open Cbor Run-time 2024-11-21 9.8 Critical
A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption.
CVE-2020-24719 1 Couchbase 1 Couchbase Server 2024-11-21 9.8 Critical
Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erlang nodes is done by exchanging a shared secret (aka "magic cookie"). There are cases where the magic cookie is included in the content of the logs. An attacker can use the cookie to attach to an Erlang node and run OS level commands on the system running the Erlang node. Affects version: 6.5.1. Fix version: 6.6.0.
CVE-2020-24712 1 Getgophish 1 Gophish 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the account settings page.
CVE-2020-24709 1 Getgophish 1 Gophish 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or email template.
CVE-2020-24708 1 Getgophish 1 Gophish 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send profile form.