Search Results (83804 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-24704 1 Wso2 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more 2024-11-21 6.1 Medium
An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1.
CVE-2020-24701 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 6.1 Medium
OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite URI).
CVE-2020-24699 1 Chamber Dashboard Business Directory Project 1 Chamber Dashboard Business Directory 2024-11-21 6.1 Medium
The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS.
CVE-2020-24692 1 Mitel 1 Micontact Center Business 2024-11-21 7.1 High
The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session.
CVE-2020-24685 1 Abb 3 Ac500 Cpu Firmware, Pm573-eth, Pm583-eth 2024-11-21 8.6 High
An unauthenticated specially crafted packet sent by an attacker over the network will cause a denial-of-service (DoS) vulnerability. Vulnerability allows attacker to stop the PLC. After stopping (ERR LED flashing red), physical access to the PLC is required in order to restart the application. This issue affects: ABB AC500 V2 products with onboard Ethernet version 2.8.4 and prior versions.
CVE-2020-24677 1 Abb 2 Symphony \+ Historian, Symphony \+ Operations 2024-11-21 8.8 High
Vulnerabilities in the S+ Operations and S+ Historian web applications can lead to a possible code execution and privilege escalation, redirect the user somewhere else or download unwanted data.
CVE-2020-24670 1 Hitachi 1 Vantara Pentaho 2024-11-21 5.4 Medium
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'type' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
CVE-2020-24669 1 Hitachi 1 Vantara Pentaho 2024-11-21 5.4 Medium
The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Analysis Report Description' field in 'About this Report' section. Remediated in >= 8.3.0.9, >= 9.0.0.1, and >= 9.1.0.0 GA.
CVE-2020-24668 1 Tracefinancial 1 Crestbridge 2024-11-21 5.4 Medium
Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.
CVE-2020-24666 1 Hitachi 1 Vantara Pentaho 2024-11-21 5.4 Medium
The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'Display Name' parameter. Remediated in >= 9.1.0.1
CVE-2020-24665 1 Hitachi 1 Vantara Pentaho 2024-11-21 6.5 Medium
The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion injection vulnerability, which allows an authenticated remote users to trigger a denial of service (DoS) condition. Specifically, the vulnerability lies in the 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, >= 8.3.0.0 GA
CVE-2020-24664 1 Hitachi 1 Vantara Pentaho 2024-11-21 5.4 Medium
The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site scripting vulnerability, which allows an authenticated remote users to execute arbitrary JavaScript code. Specifically, the vulnerability lies in the 'pho:title' attribute of 'dashboardXml' parameter. Remediated in >= 7.1.0.25, >= 8.2.0.6, and >= 8.3.0.0 GA.
CVE-2020-24663 1 Tracefinanacial 1 Crestbridge 2024-11-21 5.4 Medium
Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.03.
CVE-2020-24662 1 Smartstream 1 Transaction Lifecycle Management Reconciliations-premium 2024-11-21 5.4 Medium
SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. This was fixed in TLM RP 3.1.0.
CVE-2020-24659 5 Canonical, Fedoraproject, Gnu and 2 more 5 Ubuntu Linux, Fedora, Gnutls and 2 more 2024-11-21 7.5 High
An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure.
CVE-2020-24658 1 Arm 1 Arm Compiler 2024-11-21 7.8 High
Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack-based buffer overflows in local arrays. When this feature is enabled, a protected function writes a guard value to the stack prior to (above) any vulnerable arrays in the stack. The guard value is checked for corruption on function return; corruption leads to an error-handler call. In certain circumstances, the reference value that is compared against the guard value is itself also written to the stack (after any vulnerable arrays). The reference value is written to the stack when the function runs out of registers to use for other temporary data. If both the reference value and the guard value are written to the stack, then the stack protection will fail to spot corruption when both values are overwritten with the same value. For both the reference value and the guard value to be corrupted, there would need to be both a buffer overflow and a buffer underflow in the vulnerable arrays (or some other vulnerability that causes two separated stack entries to be corrupted).
CVE-2020-24646 1 Hp 1 Intelligent Management Center 2024-11-21 9.8 Critical
A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07).
CVE-2020-24636 2 Arubanetworks, Siemens 3 Instant, Scalance W1750d, Scalance W1750d Firmware 2024-11-21 9.8 Critical
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVE-2020-24635 2 Arubanetworks, Siemens 3 Instant, Scalance W1750d, Scalance W1750d Firmware 2024-11-21 7.2 High
A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability.
CVE-2020-24634 1 Arubanetworks 15 7005, 7008, 7010 and 12 more 2024-11-21 9.8 Critical
An attacker is able to remotely inject arbitrary commands by sending especially crafted packets destined to the PAPI (Aruba Networks AP Management protocol) UDP port (8211) of access-pointsor controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below ; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below.