Search Results (83528 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-11930 1 Gtranslate 1 Translate Wordpress With Gtranslate 2024-11-21 6.1 Medium
The GTranslate plugin before 2.8.52 for WordPress has Reflected XSS via a crafted link. This requires use of the hreflang tags feature within a sub-domain or sub-directory paid option.
CVE-2020-11920 1 Svakom 3 Siime Eye, Siime Eye Firmware, Svakom Siime Eye 2024-11-21 9.8 Critical
An issue was discovered in Svakom Siime Eye 14.1.00000001.3.330.0.0.3.14. A command injection vulnerability resides in the HOST/IP section of the NFS settings menu in the webserver running on the device. By injecting Bash commands via shell metacharacters here, the device executes arbitrary code with root privileges (all of the device's services are running as root).
CVE-2020-11911 1 Treck 1 Tcp\/ip 2024-11-21 5.3 Medium
The Treck TCP/IP stack before 6.0.1.66 has Improper ICMPv4 Access Control.
CVE-2020-11901 1 Treck 1 Tcp\/ip 2024-11-21 9.0 Critical
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response.
CVE-2020-11897 1 Treck 1 Tcp\/ip 2024-11-21 10.0 Critical
The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets.
CVE-2020-11896 1 Treck 1 Tcp\/ip 2024-11-21 10.0 Critical
The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling.
CVE-2020-11888 1 Python-markdown2 Project 1 Python-markdown2 2024-11-21 6.1 Medium
python-markdown2 through 2.3.8 allows XSS because element names are mishandled unless a \w+ match succeeds. For example, an attack might use elementname@ or elementname- with an onclick attribute.
CVE-2020-11887 1 Svg2png Project 1 Svg2png 2024-11-21 6.1 Medium
svg2png 4.1.1 allows XSS with resultant SSRF via JavaScript inside an SVG document.
CVE-2020-11878 1 Jitsi 1 Meet 2024-11-21 9.8 Critical
The Jitsi Meet (aka docker-jitsi-meet) stack on Docker before stable-4384-1 uses default passwords (such as passw0rd) for system accounts.
CVE-2020-11875 1 Google 1 Android 2024-11-21 7.8 High
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10.0 (MTK chipsets) software. The MTK kernel does not properly implement exception handling, allowing an attacker to gain privileges. The LG ID is LVE-SMP-200001 (February 2020).
CVE-2020-11873 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID is LVE-SMP-200005 (April 2020).
CVE-2020-11869 1 Qemu 1 Qemu 2024-11-21 3.3 Low
An integer overflow was found in QEMU 4.0.1 through 4.2.0 in the way it implemented ATI VGA emulation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati-2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service.
CVE-2020-11860 1 Microfocus 1 Arcsight Logger 2024-11-21 6.1 Medium
Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting all version prior to 7.1.1. The vulnerability could be remotely exploited resulting in Cross-Site Scripting (XSS)
CVE-2020-11857 1 Microfocus 1 Operation Bridge Reporter 2024-11-21 9.8 Critical
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow remote attackers to access the OBR host as a non-admin user
CVE-2020-11855 1 Microfocus 1 Operation Bridge Reporter 2024-11-21 7.8 High
An Authorization Bypass vulnerability on Micro Focus Operation Bridge Reporter, affecting version 10.40 and earlier. The vulnerability could allow local attackers on the OBR host to execute code with escalated privileges.
CVE-2020-11854 1 Microfocus 4 Application Performance Management, Operations Bridge, Operations Bridge Manager and 1 more 2024-11-21 9.8 Critical
Arbitrary code execution vlnerability in Operation bridge Manager, Application Performance Management and Operations Bridge (containerized) vulnerability in Micro Focus products products Operation Bridge Manager, Operation Bridge (containerized) and Application Performance Management. The vulneravility affects: 1.) Operation Bridge Manager versions 2020.05, 2019.11, 2019.05, 2018.11, 2018.05, 10.63,10.62, 10.61, 10.60, 10.12, 10.11, 10.10 and all earlier versions. 2.) Operations Bridge (containerized) 2020.05, 2019.08, 2019.05, 2018.11, 2018.08, 2018.05. 2018.02 and 2017.11. 3.) Application Performance Management versions 9,51, 9.50 and 9.40 with uCMDB 10.33 CUP 3. The vulnerability could allow Arbitrary code execution.
CVE-2020-11852 1 Microfocus 1 Secure Messaging Gateway 2024-11-21 8.8 High
DKIM key management page vulnerability on Micro Focus Secure Messaging Gateway (SMG). Affecting all SMG Appliance running releases prior to July 2020. The vulnerability could allow a logged in user with rights to generate DKIM key information to inject system commands into the call to the DKIM system command.
CVE-2020-11845 1 Microfocus 1 Service Manager 2024-11-21 6.1 Medium
Cross Site Scripting vulnerability in Micro Focus Service Manager product. Affecting versions 9.50, 9.51, 9.52, 9.60, 9.61, 9.62, 9.63. The vulnerability could be exploited to allow remote attackers to inject arbitrary web script or HTML.
CVE-2020-11839 1 Microfocus 1 Arcsight Logger 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Logger product, affecting all version from 6.6.1 up to version 7.0.1. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.
CVE-2020-11838 1 Microfocus 1 Arcsight Management Center 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in Micro Focus ArcSight Management Center product, Affecting versions 2.6.1, 2.7.x, 2.8.x, 2.9.x prior to 2.9.4. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS) or information disclosure.