Search Results (83537 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-12697 1 Dkd 1 Direct Mail 2024-11-21 5.3 Medium
The direct_mail extension through 5.2.3 for TYPO3 allows Denial of Service via log entries.
CVE-2020-12696 1 Iframe Project 1 Iframe 2024-11-21 6.1 Medium
The iframe plugin before 4.5 for WordPress does not sanitize a URL.
CVE-2020-12685 1 Redhat 1 Interchange 2024-11-21 6.1 Medium
XSS in the admin help system admin/help.html and admin/quicklinks.html in Interchange 4.7.0 through 5.11.x allows remote attackers to steal credentials or data via browser JavaScript.
CVE-2020-12683 1 Katyshop2 Project 1 Katyshop2 2024-11-21 5.4 Medium
Katyshop2 before 2.12 has multiple stored XSS issues.
CVE-2020-12679 1 Mitel 2 Mivoice Connect, Shoretel Conference Web 2024-11-21 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in the Mitel ShoreTel Conference Web Application 19.50.1000.0 before MiVoice Connect 18.7 SP2 allows remote attackers to inject arbitrary JavaScript and HTML via the PATH_INFO to home.php.
CVE-2020-12677 1 Progress 1 Moveit Automation 2024-11-21 6.1 Medium
An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 2018 SP1 - 2018.2 prior to 2018.2.3, 2018 SP2 - 2018.3 prior to 2018.3.7, 2019 - 2019.0 prior to 2019.0.3, 2019.1 - 2019.1 prior to 2019.1.2, and 2019.2 - 2019.2 prior to 2019.2.2.
CVE-2020-12672 3 Debian, Graphicsmagick, Opensuse 4 Debian Linux, Graphicsmagick, Backports Sle and 1 more 2024-11-21 7.5 High
GraphicsMagick through 1.3.35 has a heap-based buffer overflow in ReadMNGImage in coders/png.c.
CVE-2020-12670 1 Webmin 1 Webmin 2024-11-21 6.1 Medium
XSS exists in Webmin 1.941 and earlier affecting the Save function of the Read User Email Module / mailboxes Endpoint when attempting to save HTML emails. This module parses any output without sanitizing SCRIPT elements, as opposed to the View function, which sanitizes the input correctly. A malicious user can send any JavaScript payload into the message body and execute it if the user decides to save that email.
CVE-2020-12659 3 Linux, Netapp, Redhat 9 Linux Kernel, Active Iq Unified Manager, Aff Baseboard Management Controller and 6 more 2024-11-21 6.7 Medium
An issue was discovered in the Linux kernel before 5.6.7. xdp_umem_reg in net/xdp/xdp_umem.c has an out-of-bounds write (by a user with the CAP_NET_ADMIN capability) because of a lack of headroom validation.
CVE-2020-12654 2 Linux, Redhat 8 Linux Kernel, Enterprise Linux, Enterprise Mrg and 5 more 2024-11-21 7.1 High
An issue was found in Linux kernel before 5.5.4. mwifiex_ret_wmm_get_status() in drivers/net/wireless/marvell/mwifiex/wmm.c allows a remote AP to trigger a heap-based buffer overflow because of an incorrect memcpy, aka CID-3a9b153c5591.
CVE-2020-12653 5 Debian, Linux, Netapp and 2 more 42 Debian Linux, Linux Kernel, A700s and 39 more 2024-11-21 7.8 High
An issue was found in Linux kernel before 5.5.4. The mwifiex_cmd_append_vsie_tlv() function in drivers/net/wireless/marvell/mwifiex/scan.c allows local users to gain privileges or cause a denial of service because of an incorrect memcpy and buffer overflow, aka CID-b70261a288ea.
CVE-2020-12648 1 Tiny 1 Tinymce 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in TinyMCE 5.2.1 and earlier allows remote attackers to inject arbitrary web script when configured in classic editing mode.
CVE-2020-12646 1 Open-xchange 1 Open-xchange Appsuite 2024-11-21 5.4 Medium
OX App Suite 7.10.3 and earlier allows XSS via text/x-javascript, text/rdf, or a PDF document.
CVE-2020-12639 1 Phplist 1 Phplist 2024-11-21 6.1 Medium
phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.
CVE-2020-12635 1 Mageme 1 Webforms Pro M2 2024-11-21 6.1 Medium
XSS exists in the WebForms Pro M2 extension before 2.9.17 for Magento 2 via the textarea field.
CVE-2020-12629 1 Enhancesoft 1 Osticket 2024-11-21 5.4 Medium
include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.
CVE-2020-12627 1 Janeczku 1 Calibre-web 2024-11-21 9.8 Critical
Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.
CVE-2020-12625 3 Debian, Opensuse, Roundcube 4 Debian Linux, Backports Sle, Leap and 1 more 2024-11-21 6.1 Medium
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
CVE-2020-12620 1 Pi-hole 1 Pi-hole 2024-11-21 7.8 High
Pi-hole 4.4 allows a user able to write to /etc/pihole/dns-servers.conf to escalate privileges through command injection (shell metacharacters after an IP address).
CVE-2020-12605 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 7.5 High
Envoy version 1.14.2, 1.13.2, 1.12.4 or earlier may consume excessive amounts of memory when processing HTTP/1.1 headers with long field names or requests with long URLs.