Search Results (83537 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-12782 1 Openfind 2 Mailaudit, Mailgates 2024-11-21 9.8 Critical
Openfind MailGates contains a Command Injection flaw, when receiving email with specific strings, malicious code in the mail attachment will be triggered and gain unauthorized access to system files.
CVE-2020-12779 1 Combodo 1 Itop 2024-11-21 6.8 Medium
Combodo iTop contains a stored Cross-site Scripting vulnerability, which can be attacked by uploading file with malicious script.
CVE-2020-12778 1 Combodo 1 Itop 2024-11-21 7.4 High
Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack.
CVE-2020-12775 1 Moica 1 Hicos 2024-11-21 9.8 Critical
Hicos citizen certificate client-side component does not filter special characters for command parameters in specific web URLs. An unauthenticated remote attacker can exploit this vulnerability to perform command injection attack to execute arbitrary system command, disrupt system or terminate service.
CVE-2020-12774 1 Dlink 2 Dsl-7740c, Dsl-7740c Firmware 2024-11-21 8.2 High
D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command.
CVE-2020-12768 3 Canonical, Debian, Linux 3 Ubuntu Linux, Debian Linux, Linux Kernel 2024-11-21 5.5 Medium
An issue was discovered in the Linux kernel before 5.6. svm_cpu_uninit in arch/x86/kvm/svm.c has a memory leak, aka CID-d80b64ff297e. NOTE: third parties dispute this issue because it's a one-time leak at the boot, the size is negligible, and it can't be triggered at will
CVE-2020-12763 1 Trendnet 2 Tv-ip512wn, Tv-ip512wn Firmware 2024-11-21 9.8 Critical
TRENDnet ProView Wireless camera TV-IP512WN 1.0R 1.0.4 is vulnerable to an unauthenticated stack-based buffer overflow in handling RTSP packets. This may result in remote code execution or denial of service. The issue is in the binary rtspd (in /sbin) when parsing a long "Authorization: Basic" RTSP header.
CVE-2020-12759 1 Zulip 1 Zulip Server 2024-11-21 6.1 Medium
Zulip Server before 2.1.5 allows reflected XSS via the Dropbox webhook.
CVE-2020-12753 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).
CVE-2020-12751 1 Google 1 Android 2024-11-21 7.8 High
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020).
CVE-2020-12747 2 Google, Samsung 3 Android, Exynos980\(9630\), Exynos990\(9830\) 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos980 9630 and Exynos990 9830 chipsets) software. The Bootloader has a heap-based buffer overflow because of the mishandling of specific commands. The Samsung IDs are SVE-2020-16981, SVE-2020-16991 (May 2020).
CVE-2020-12746 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) (Exynos chipsets) software. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code. The Samsung ID is SVE-2020-16712 (May 2020).
CVE-2020-12736 1 Code42 1 Code42 2024-11-21 7.2 High
Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.
CVE-2020-12718 1 Php-fusion 1 Php-fusion 2024-11-21 5.4 Medium
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.
CVE-2020-12708 1 Php-fusion 1 Php-fusion 2024-11-21 6.1 Medium
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.
CVE-2020-12707 1 Lepton-cms 1 Lepton Cms 2024-11-21 6.1 Medium
An XSS vulnerability exists in modules/wysiwyg/save.php of LeptonCMS 4.5.0. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT elements. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT elements.
CVE-2020-12706 1 Php-fusion 1 Php-fusion 2024-11-21 5.4 Medium
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
CVE-2020-12705 1 Lepton-cms 1 Leptoncms 2024-11-21 6.1 Medium
Multiple cross-site scripting (XSS) vulnerabilities exist in LeptonCMS before 4.6.0.
CVE-2020-12704 1 Ulicms 1 Ulicms 2024-11-21 6.1 Medium
UliCMS before 2020.2 has PageController stored XSS.
CVE-2020-12703 1 Ulicms 1 Ulicms 2024-11-21 6.1 Medium
UliCMS before 2020.2 has XSS during PackageController uninstall.