Search Results (83752 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-19188 2 Gnu, Netapp 2 Ncurses, Active Iq Unified Manager 2024-11-21 6.5 Medium
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVE-2020-19187 2 Gnu, Netapp 2 Ncurses, Active Iq Unified Manager 2024-11-21 6.5 Medium
Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVE-2020-19185 2 Gnu, Netapp 2 Ncurses, Active Iq Unified Manager 2024-11-21 6.5 Medium
Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.
CVE-2020-19158 1 S-cms 1 S-cms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
CVE-2020-19157 1 Wenkucms Project 1 Wenkucms 2024-11-21 6.1 Medium
Cross Site Scripting (CSS) in Wenku CMS v3.4 allows remote attackers to execute arbitrary code via the 'Intro' parameter for the component '/index.php?m=ucenter&a=index'.
CVE-2020-19156 1 Ari-soft 1 Ari Adminer 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.
CVE-2020-19151 1 Jflyfox 1 Jfinal Cms 2024-11-21 8.8 High
Command Injection in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code by uploading a malicious HTML template file via the component 'jfinal_cms/admin/filemanager/list'.
CVE-2020-19148 1 Jflyfox 1 Jfinal Cms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.
CVE-2020-19144 3 Debian, Netapp, Simplesystems 3 Debian Linux, Ontap Select Deploy Administration Utility, Libtiff 2024-11-21 6.5 Medium
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the 'in _TIFFmemcpy' funtion in the component 'tif_unix.c'.
CVE-2020-19143 2 Debian, Simplesystems 2 Debian Linux, Libtiff 2024-11-21 6.5 Medium
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'.
CVE-2020-19142 1 Idreamsoft 1 Icms 2024-11-21 9.8 Critical
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
CVE-2020-19131 3 Debian, Redhat, Simplesystems 3 Debian Linux, Enterprise Linux, Libtiff 2024-11-21 7.5 High
Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop".
CVE-2020-19118 1 Yzmcms 1 Yzmcms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html.
CVE-2020-19049 1 Mybb 1 Mybb 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
CVE-2020-19048 1 Mybb 1 Mybb 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Title" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'.
CVE-2020-19046 1 S-cms 1 S-cms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
CVE-2020-19042 1 Zzcms 1 Zzcms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in zzcms 2019 XSS via a modify action in user/adv.php.
CVE-2020-19007 1 Halo 1 Halo 2024-11-21 5.4 Medium
Halo blog 1.2.0 allows users to submit comments on blog posts via /api/content/posts/comments. The javascript code supplied by the attacker will then execute in the victim user's browser.
CVE-2020-19002 1 Jupo 1 Mezzanine 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632.
CVE-2020-19001 1 Simiki Project 1 Simiki 2024-11-21 9.8 Critical
Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'.