Search Results (83534 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-12513 1 Pepperl-fuchs 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more 2024-11-21 7.5 High
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated blind OS Command Injection.
CVE-2020-12512 1 Pepperl-fuchs 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more 2024-11-21 7.5 High
Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting
CVE-2020-12501 2 Korenix, Pepperl-fuchs 52 Jetnet4510 Firmware, Jetnet4706 Firmware, Jetnet4706f Firmware and 49 more 2024-11-21 9.8 Critical
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT, ES8510-XT, ES9528-XTv2, ES7506, ES7510, ES7528, ES8508, ES8508F, ES8510, ES8510-XTE, ES9528/ES9528-XT (all versions) use undocumented accounts.
CVE-2020-12497 1 Phoenixcontact 2 Pc Worx, Pc Worx Express 2024-11-21 7.8 High
PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation.
CVE-2020-12472 1 Mono 1 Monox 2024-11-21 5.4 Medium
MonoX through 5.1.40.5152 allows stored XSS via User Status, Blog Comments, or Blog Description.
CVE-2020-12460 3 Debian, Fedoraproject, Trusteddomain 3 Debian Linux, Fedora, Opendmarc 2024-11-21 9.8 Critical
OpenDMARC through 1.3.2 and 1.4.x through 1.4.0-Beta1 has improper null termination in the function opendmarc_xml_parse that can result in a one-byte heap overflow in opendmarc_xml when parsing a specially crafted DMARC aggregate report. This can cause remote memory corruption when a '\0' byte overwrites the heap metadata of the next chunk and its PREV_INUSE flag.
CVE-2020-12459 3 Fedoraproject, Grafana, Redhat 4 Fedora, Grafana, Enterprise Linux and 1 more 2024-11-21 5.5 Medium
In certain Red Hat packages for Grafana 6.x through 6.3.6, the configuration files /etc/grafana/grafana.ini and /etc/grafana/ldap.toml (which contain a secret_key and a bind_password) are world readable.
CVE-2020-12458 3 Fedoraproject, Grafana, Redhat 4 Fedora, Grafana, Ceph Storage and 1 more 2024-11-21 5.5 Medium
An information-disclosure flaw was found in Grafana through 6.7.3. The database directory /var/lib/grafana and database file /var/lib/grafana/grafana.db are world readable. This can result in exposure of sensitive information (e.g., cleartext or encrypted datasource passwords).
CVE-2020-12438 1 Php-fusion 1 Php-fusion 2024-11-21 5.4 Medium
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.
CVE-2020-12432 1 Collaboraoffice 1 Collabora Online Development Edition 2024-11-21 6.1 Medium
The WOPI API integration for Vereign Collabora CODE through 4.2.2 does not properly restrict delivery of JavaScript to a victim's browser, and lacks proper MIME type access control, which could lead to XSS that steals account credentials via cookies or local storage. The attacker must first obtain an API access token, which can be accomplished if the attacker is able to upload a .docx or .odt file. The associated API endpoints for exploitation are /wopi/files and /wopi/getAccessToken.
CVE-2020-12431 1 Splashtop 2 Software Updater, Streamer 2024-11-21 6.6 Medium
A Windows privilege change issue was discovered in Splashtop Software Updater before 1.5.6.16. Insecure permissions on the configuration file and named pipe allow for local privilege escalation to NT AUTHORITY/SYSTEM, by forcing a permission change to any Splashtop files and directories, with resultant DLL hijacking. This product is bundled with Splashtop Streamer (before 3.3.8.0) and Splashtop Business (before 3.3.8.0).
CVE-2020-12426 2 Mozilla, Opensuse 2 Firefox, Leap 2024-11-21 8.8 High
Mozilla developers and community members reported memory safety bugs present in Firefox 77. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 78.
CVE-2020-12422 3 Mozilla, Opensuse, Redhat 5 Firefox, Leap, Enterprise Linux and 2 more 2024-11-21 8.8 High
In non-standard configurations, a JPEG image created by JavaScript could have caused an internal variable to overflow, resulting in an out of bounds write, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 78.
CVE-2020-12417 4 Canonical, Mozilla, Opensuse and 1 more 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more 2024-11-21 8.8 High
Due to confusion about ValueTags on JavaScript Objects, an object may pass through the type barrier, resulting in memory corruption and a potentially exploitable crash. *Note: this issue only affects Firefox on ARM64 platforms.* This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0.
CVE-2020-12411 1 Mozilla 1 Firefox 2024-11-21 8.8 High
Mozilla developers reported memory safety bugs present in Firefox 76. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 77.
CVE-2020-12410 3 Canonical, Mozilla, Redhat 6 Ubuntu Linux, Firefox, Firefox Esr and 3 more 2024-11-21 8.8 High
Mozilla developers reported memory safety bugs present in Firefox 76 and Firefox ESR 68.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firefox ESR < 68.9.
CVE-2020-12404 1 Mozilla 1 Firefox 2024-11-21 4.3 Medium
For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnerability affects Firefox for iOS < 26.
CVE-2020-12396 1 Mozilla 1 Firefox 2024-11-21 9.8 Critical
Mozilla developers and community members reported memory safety bugs present in Firefox 75. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 76.
CVE-2020-12395 3 Canonical, Mozilla, Redhat 7 Ubuntu Linux, Firefox, Firefox Esr and 4 more 2024-11-21 9.8 Critical
Mozilla developers and community members reported memory safety bugs present in Firefox 75 and Firefox ESR 68.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.
CVE-2020-12393 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2024-11-21 7.8 High
The 'Copy as cURL' feature of Devtools' network tab did not properly escape the HTTP method of a request, which can be controlled by the website. If a user used the 'Copy as cURL' feature and pasted the command into a terminal, it could have resulted in command injection and arbitrary command execution. *Note: this issue only affects Firefox on Windows operating systems.*. This vulnerability affects Firefox ESR < 68.8, Firefox < 76, and Thunderbird < 68.8.0.