Search Results (83643 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-15800 1 Siemens 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more 2024-11-21 9.8 Critical
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily.
CVE-2020-15795 1 Siemens 2 Nucleus Net, Nucleus Source Code 2024-11-21 8.1 High
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.
CVE-2020-15788 1 Siemens 1 Polarion Subversion Webclient 2024-11-21 6.1 Medium
A vulnerability has been identified in Polarion Subversion Webclient (All versions). The Polarion subversion web application does not filter user input in a way that prevents Cross-Site Scripting. If a user is enticed into passing specially crafted, malicious input to the web client (e.g. by clicking on a malicious URL with embedded JavaScript), then JavaScript code can be returned and may then be executed by the user’s client. Various actions could be triggered by running malicious JavaScript code.
CVE-2020-15781 1 Siemens 2 Sicam A8000, Sicam A8000 Firmware 2024-11-21 9.6 Critical
A vulnerability has been identified in SICAM WEB firmware for SICAM A8000 RTUs (All versions < V05.30). The login screen does not sufficiently sanitize input, which enables an attacker to generate specially crafted log messages. If an unsuspecting victim views the log messages via the web browser, these log messages might be interpreted and executed as code by the web application. This Cross-Site-Scripting (XSS) vulnerability might compromize the confidentiality, integrity and availability of the web application.
CVE-2020-15776 1 Gradle 1 Enterprise 2024-11-21 8.8 High
An issue was discovered in Gradle Enterprise 2018.2 - 2020.2.4. The CSRF prevention token is stored in a request cookie that is not annotated as HttpOnly. An attacker with the ability to execute arbitrary code in a user's browser could impose an arbitrary value for this token, allowing them to perform cross-site request forgery.
CVE-2020-15769 1 Gradle 1 Enterprise 2024-11-21 6.1 Medium
An issue was discovered in Gradle Enterprise 2020.2 - 2020.2.4. An XSS issue exists via the request URL.
CVE-2020-15744 1 Govicture 2 Pc420, Pc420 Firmware 2024-11-21 9.6 Critical
Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions.
CVE-2020-15721 1 Rosariosis 1 Rosariosis 2024-11-21 6.1 Medium
RosarioSIS through 6.8-beta allows modules/Custom/NotifyParents.php XSS because of the href attributes for AddStudents.php and User.php.
CVE-2020-15717 1 Rosariosis 1 Rosariosis 2024-11-21 6.1 Medium
RosarioSIS 6.7.2 is vulnerable to XSS, caused by improper validation of user-supplied input by the Search.inc.php script. A remote attacker could exploit this vulnerability using the advanced parameter in a crafted URL.
CVE-2020-15708 1 Canonical 1 Ubuntu Linux 2024-11-21 9.3 Critical
Ubuntu's packaging of libvirt in 20.04 LTS created a control socket with world read and write permissions. An attacker could use this to overwrite arbitrary files or execute arbitrary code.
CVE-2020-15701 1 Canonical 2 Apport, Ubuntu Linux 2024-11-21 5.5 Medium
An unhandled exception in check_ignored() in apport/report.py can be exploited by a local attacker to cause a denial of service. If the mtime attribute is a string value in apport-ignore.xml, it will trigger an unhandled exception, resulting in a crash. Fixed in 2.20.1-0ubuntu2.24, 2.20.9-0ubuntu7.16, 2.20.11-0ubuntu27.6.
CVE-2020-15697 1 Joomla 1 Joomla\! 2024-11-21 4.3 Medium
An issue was discovered in Joomla! through 3.9.19. Internal read-only fields in the User table class could be modified by users.
CVE-2020-15696 1 Joomla 1 Joomla\! 2024-11-21 6.1 Medium
An issue was discovered in Joomla! through 3.9.19. Lack of input filtering and escaping allows XSS attacks in mod_random_image.
CVE-2020-15693 1 Nim-lang 1 Nim 2024-11-21 6.5 Medium
In Nim 1.2.4, the standard library httpClient is vulnerable to a CR-LF injection in the target URL. An injection is possible if the attacker controls any part of the URL provided in a call (such as httpClient.get or httpClient.post), the User-Agent header value, or custom HTTP header names or values.
CVE-2020-15690 1 Nim-lang 1 Nim 2024-11-21 9.8 Critical
In Nim before 1.2.6, the standard library asyncftpclient lacks a check for whether a message contains a newline character.
CVE-2020-15683 4 Debian, Mozilla, Opensuse and 1 more 8 Debian Linux, Firefox, Firefox Esr and 5 more 2024-11-21 9.8 Critical
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
CVE-2020-15676 4 Debian, Mozilla, Opensuse and 1 more 8 Debian Linux, Firefox, Firefox Esr and 5 more 2024-11-21 6.1 Medium
Firefox sometimes ran the onload handler for SVG elements that the DOM sanitizer decided to remove, resulting in JavaScript being executed after pasting attacker-controlled data into a contenteditable element. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3.
CVE-2020-15674 1 Mozilla 1 Firefox 2024-11-21 8.8 High
Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.
CVE-2020-15667 1 Mozilla 1 Firefox 2024-11-21 8.8 High
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.
CVE-2020-15659 4 Canonical, Mozilla, Opensuse and 1 more 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more 2024-11-21 8.8 High
Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1.