Search Results (83663 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-16157 1 Nagios 1 Log Server 2024-11-21 5.4 Medium
A Stored XSS vulnerability exists in Nagios Log Server before 2.1.7 via the Notification Methods -> Email Users menu.
CVE-2020-16148 1 Telmat 6 Accesslog, Accesslog Firmware, Educ\@box and 3 more 2024-11-21 7.2 High
The ping page of the administration panel in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via authenticated code injection over the network.
CVE-2020-16147 1 Telmat 6 Accesslog, Accesslog Firmware, Educ\@box and 3 more 2024-11-21 9.8 Critical
The login page in Telmat AccessLog <= 6.0 (TAL_20180415) allows an attacker to get root shell access via Unauthenticated code injection over the network.
CVE-2020-16145 2 Fedoraproject, Roundcube 2 Fedora, Webmail 2024-11-21 6.1 Medium
Roundcube Webmail before 1.3.15 and 1.4.8 allows stored XSS in HTML messages during message display via a crafted SVG document. This issue has been fixed in 1.4.8 and 1.3.15.
CVE-2020-16140 1 Thembay 1 Greenmart 2024-11-21 6.1 Medium
The search functionality of the Greenmart theme 2.4.2 for WordPress is vulnerable to XSS.
CVE-2020-16131 1 Tiki 1 Tiki 2024-11-21 6.1 Medium
Tiki before 21.2 allows XSS because [\s\/"\'] is not properly considered in lib/core/TikiFilter/PreventXss.php.
CVE-2020-16125 2 Gnome, Redhat 2 Gnome Display Manager, Enterprise Linux 2024-11-21 7.2 High
gdm3 versions before 3.36.2 or 3.38.2 would start gnome-initial-setup if gdm3 can't contact the accountservice service via dbus in a timely manner; on Ubuntu (and potentially derivatives) this could be be chained with an additional issue that could allow a local user to create a new privileged account.
CVE-2020-16103 1 Gallagher 1 Command Centre 2024-11-21 8.8 High
Type confusion in Gallagher Command Centre Server allows a remote attacker to crash the server or possibly cause remote code execution. This issue affects: Gallagher Command Centre 8.30 versions prior to 8.30.1236(MR1); 8.20 versions prior to 8.20.1166(MR3); 8.10 versions prior to 8.10.1211(MR5); version 8.00 and prior versions.
CVE-2020-16095 1 Kitodo 1 Kitodo.presentation 2024-11-21 6.1 Medium
The dlf (aka Kitodo.Presentation) extension before 3.1.2 for TYPO3 allows XSS.
CVE-2020-16087 2 Microsoft, Vng 2 Windows, Zalo Desktop 2024-11-21 8.6 High
An issue was discovered in Zalo.exe in VNG Zalo Desktop 19.8.1.0. An attacker can run arbitrary commands on a remote Windows machine running the Zalo client by sending the user of the device a crafted file.
CVE-2020-16046 2 Apple, Google 2 Iphone Os, Chrome 2024-11-21 6.1 Medium
Script injection in iOSWeb in Google Chrome on iOS prior to 84.0.4147.105 allowed a remote attacker to execute arbitrary code via a crafted HTML page.
CVE-2020-16044 2 Google, Redhat 3 Chrome, Enterprise Linux, Rhel Eus 2024-11-21 8.8 High
Use after free in WebRTC in Google Chrome prior to 88.0.4324.96 allowed a remote attacker to potentially exploit heap corruption via a crafted SCTP packet.
CVE-2020-16040 1 Google 1 Chrome 2024-11-21 6.5 Medium
Insufficient data validation in V8 in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16039 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in extensions in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16038 1 Google 2 Chrome, Chrome Os 2024-11-21 8.8 High
Use after free in media in Google Chrome on OS X prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16037 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in clipboard in Google Chrome prior to 87.0.4280.88 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16030 1 Google 1 Chrome 2024-11-21 6.1 Medium
Insufficient data validation in Blink in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page.
CVE-2020-16028 1 Google 1 Chrome 2024-11-21 8.8 High
Heap buffer overflow in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16026 1 Google 1 Chrome 2024-11-21 8.8 High
Use after free in WebRTC in Google Chrome prior to 87.0.4280.66 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-16025 1 Google 1 Chrome 2024-11-21 9.6 Critical
Heap buffer overflow in clipboard in Google Chrome prior to 87.0.4280.66 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.