Search Results (83643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-15902 1 Nagios 1 Nagios Xi 2024-11-21 6.1 Medium
Graph Explorer in Nagios XI before 5.7.2 allows XSS via the link url option.
CVE-2020-15900 3 Artifex, Canonical, Opensuse 3 Ghostscript, Ubuntu Linux, Leap 2024-11-21 9.8 Critical
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
CVE-2020-15895 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 6.1 Medium
An XSS issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. In the file webinc/js/info.php, no output filtration is applied to the RESULT parameter, before it's printed on the webpage.
CVE-2020-15893 1 Dlink 2 Dir-816l, Dir-816l Firmware 2024-11-21 9.8 Critical
An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. Universal Plug and Play (UPnP) is enabled by default on port 1900. An attacker can perform command injection by injecting a payload into the Search Target (ST) field of the SSDP M-SEARCH discover packet.
CVE-2020-15892 1 Dlink 2 Dap-1520, Dap-1520 Firmware 2024-11-21 9.8 Critical
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user.
CVE-2020-15888 1 Lua 1 Lua 2024-11-21 8.8 High
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
CVE-2020-15885 1 Munkireport Project 1 Comment 2024-11-21 5.4 Medium
A Cross-Site Scripting (XSS) vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment.
CVE-2020-15883 1 Managedinstalls Project 1 Managedinstalls 2024-11-21 6.1 Medium
A Cross-Site Scripting (XSS) vulnerability in the managedinstalls module before 2.6 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the last two URL parameters (through which installed packages names and versions are reported).
CVE-2020-15881 1 Munki Facts Project 1 Munki Facts 2024-11-21 6.1 Medium
A Cross-Site Scripting (XSS) vulnerability in the munki_facts (aka Munki Conditions) module before 1.5 for MunkiReport allows remote attackers to inject arbitrary web script or HTML via the key name.
CVE-2020-15870 1 Sonatype 1 Nexus Repository Manager 3 2024-11-21 6.1 Medium
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (Issue 2 of 2).
CVE-2020-15869 1 Sonatype 1 Nexus Repository Manager 3 2024-11-21 5.4 Medium
Sonatype Nexus Repository Manager OSS/Pro versions before 3.25.1 allow XSS (issue 1 of 2).
CVE-2020-15866 2 Debian, Mruby 2 Debian Linux, Mruby 2024-11-21 9.8 Critical
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
CVE-2020-15864 1 Quali 1 Cloudshell 2024-11-21 6.1 Medium
An issue was discovered in Quali CloudShell 9.3. An XSS vulnerability in the login page allows an attacker to craft a URL, with a constructor.constructor substring in the username field, that executes a payload when the user visits the /Account/Login page.
CVE-2020-15863 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2024-11-21 5.3 Medium
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
CVE-2020-15855 1 Redhat 1 Bodhi 2024-11-21 6.1 Medium
Two cross-site scripting vulnerabilities were fixed in Bodhi 5.6.1.
CVE-2020-15838 1 Connectwise 1 Automate 2024-11-21 8.8 High
The Agent Update System in ConnectWise Automate before 2020.8 allows Privilege Escalation because the _LTUPDATE folder has weak permissions.
CVE-2020-15833 1 Mofinetwork 2 Mofi4500-4gxelte, Mofi4500-4gxelte Firmware 2024-11-21 9.8 Critical
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.1.5-std devices. The Dropbear SSH daemon has been modified to accept an alternate hard-coded path to a public key that allows root access. This key is stored in a /rom location that cannot be modified by the device owner.
CVE-2020-15831 1 Jetbrains 1 Teamcity 2024-11-21 6.1 Medium
JetBrains TeamCity before 2019.2.3 is vulnerable to reflected XSS in the administration UI.
CVE-2020-15830 1 Jetbrains 1 Teamcity 2024-11-21 6.1 Medium
JetBrains TeamCity before 2019.2.3 is vulnerable to stored XSS in the administration UI.
CVE-2020-15803 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Backports and 2 more 2024-11-21 6.1 Medium
Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.