Search Results (83595 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-13524 2 Apple, Pixar 3 Mac Os X, Macos, Openusd 2024-11-21 5.5 Medium
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
CVE-2020-13520 2 Apple, Pixar 2 Macos, Openusd 2024-11-21 7.8 High
An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
CVE-2020-13494 2 Apple, Pixar 2 Macos, Openusd 2024-11-21 5.5 Medium
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
CVE-2020-13493 2 Apple, Pixar 2 Macos, Openusd 2024-11-21 7.8 High
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.
CVE-2020-13487 1 Bbpress 1 Bbpress 2024-11-21 4.8 Medium
The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?post_type=forum (aka the Forum listing page) for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI.
CVE-2020-13483 1 Bitrix24 1 Bitrix24 2024-11-21 6.1 Medium
The Web Application Firewall in Bitrix24 through 20.0.0 allows XSS via the items[ITEMS][ID] parameter to the components/bitrix/mobileapp.list/ajax.php/ URI.
CVE-2020-13480 1 Verint 1 Workforce Optimization 2024-11-21 5.4 Medium
Verint Workforce Optimization (WFO) 15.2 allows HTML injection via the "send email" feature.
CVE-2020-13476 1 Nchsoftware 1 Express Invoice 2024-11-21 4.8 Medium
NCH Express Invoice 8.06 to 8.24 is vulnerable to Reflected XSS in the Quotes List module.
CVE-2020-13467 1 Cksic 2 Cks32f103, Cks32f103 Firmware 2024-11-21 4.6 Medium
The flash memory readout protection in China Key Systems & Integrated Circuit CKS32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.
CVE-2020-13463 1 Apexmic 2 Apm32f103, Apm32f103 Firmware 2024-11-21 4.6 Medium
The flash memory readout protection in Apex Microelectronics APM32F103 devices allows physical attackers to extract firmware via the debug interface and exception handling.
CVE-2020-13459 1 Verbb 1 Image Resizer 2024-11-21 5.4 Medium
An issue was discovered in the Image Resizer plugin before 2.0.9 for Craft CMS. There is stored XSS in the Bulk Resize action.
CVE-2020-13448 1 Quickbox 1 Quickbox 2024-11-21 8.8 High
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
CVE-2020-13445 1 Liferay 1 Liferay Portal 2024-11-21 8.8 High
In Liferay Portal before 7.3.2 and Liferay DXP 7.0 before fix pack 92, 7.1 before fix pack 18, and 7.2 before fix pack 6, the template API does not restrict user access to sensitive objects, which allows remote authenticated users to execute arbitrary code via crafted FreeMarker and Velocity templates.
CVE-2020-13440 1 Rockcarry 1 Ffjpeg 2024-11-21 6.5 Medium
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13431 1 Geti2p 1 I2p 2024-11-21 7.8 High
I2P before 0.9.46 allows local users to gain privileges via a Trojan horse I2PSvc.exe file because of weak permissions on a certain %PROGRAMFILES% subdirectory.
CVE-2020-13430 2 Grafana, Redhat 3 Grafana, Enterprise Linux, Service Mesh 2024-11-21 6.1 Medium
Grafana before 7.0.0 allows tag value XSS via the OpenTSDB datasource.
CVE-2020-13429 1 Grafana 1 Piechart-panel 2024-11-21 5.4 Medium
legend.ts in the piechart-panel (aka Pie Chart Panel) plugin before 1.5.0 for Grafana allows XSS via the Values Header (aka legend header) option.
CVE-2020-13428 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2024-11-21 7.8 High
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
CVE-2020-13427 1 Victorcms Project 1 Victorcms 2024-11-21 6.1 Medium
Victor CMS 1.0 has Persistent XSS in admin/users.php?source=add_user via the user_name, user_firstname, or user_lastname parameter.
CVE-2020-13423 1 Form Builder For Magento 2 Project 1 Form Builder For Magento 2 2024-11-21 4.8 Medium
Form Builder 2.1.0 for Magento has multiple XSS issues that can be exploited against Magento 2 admin accounts via the Current_url or email field, or the User-Agent HTTP header.