Search Results (83516 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-10879 1 Rconfig 1 Rconfig 2024-11-21 9.8 Critical
rConfig before 3.9.5 allows command injection by sending a crafted GET request to lib/crud/search.crud.php since the nodeId parameter is passed directly to the exec function without being escaped.
CVE-2020-10860 2 Avast, Microsoft 2 Antivirus, Windows 2024-11-21 7.5 High
An issue was discovered in Avast Antivirus before 20. An Arbitrary Memory Address Overwrite vulnerability in the aswAvLog Log Library results in Denial of Service of the Avast Service (AvastSvc.exe).
CVE-2020-10852 1 Google 1 Android 2024-11-21 7.8 High
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a stack overflow in display driver. The Samsung ID is SVE-2019-15877 (January 2020).
CVE-2020-10851 1 Google 1 Android 2024-11-21 7.8 High
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is a stack overflow in the kperfmon driver. The Samsung ID is SVE-2019-15876 (January 2020).
CVE-2020-10842 1 Google 1 Android 2024-11-21 7.8 High
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (S.LSI chipsets) software. There is a heap out-of-bounds write in the tsmux driver. The Samsung ID is SVE-2019-16295 (February 2020).
CVE-2020-10837 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. The Esecomm Trustlet allows a stack overflow and arbitrary code execution. The Samsung ID is SVE-2019-15984 (February 2020).
CVE-2020-10836 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The Widevine Trustlet allows read and write operations on arbitrary memory locations. The Samsung ID is SVE-2019-15873 (February 2020).
CVE-2020-10832 1 Google 1 Android 2024-11-21 7.8 High
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Kernel Wi-Fi drivers allow out-of-bounds Read or Write operations (e.g., a buffer overflow). The Samsung IDs are SVE-2019-16125, SVE-2019-16134, SVE-2019-16158, SVE-2019-16159, SVE-2019-16319, SVE-2019-16320, SVE-2019-16337, SVE-2019-16464, SVE-2019-16465, SVE-2019-16467 (March 2020).
CVE-2020-10829 1 Google 1 Android 2024-11-21 7.8 High
An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. A kernel driver heap overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-15880 (March 2020).
CVE-2020-10821 1 Nagios 1 Nagios Xi 2024-11-21 4.8 Medium
Nagios XI 5.6.11 allows XSS via the account/main.php theme parameter.
CVE-2020-10820 1 Nagios 1 Nagios Xi 2024-11-21 4.8 Medium
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ password parameter.
CVE-2020-10819 1 Nagios 1 Nagios Xi 2024-11-21 4.8 Medium
Nagios XI 5.6.11 allows XSS via the includes/components/ldap_ad_integration/ username parameter.
CVE-2020-10818 1 Articatech 1 Artica Proxy 2024-11-21 7.2 High
Artica Proxy 4.26 allows remote command execution for an authenticated user via shell metacharacters in the "Modify the hostname" field.
CVE-2020-10809 1 Hdfgroup 1 Hdf5 2024-11-21 5.5 Medium
An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service.
CVE-2020-10808 1 Vestacp 1 Vesta Control Panel 2024-11-21 8.8 High
Vesta Control Panel (VestaCP) through 0.9.8-26 allows Command Injection via the schedule/backup Backup Listing Endpoint. The attacker must be able to create a crafted filename on the server, as demonstrated by an FTP session that renames .bash_logout to a .bash_logout' substring followed by shell metacharacters.
CVE-2020-10803 5 Debian, Fedoraproject, Opensuse and 2 more 7 Debian Linux, Fedora, Backports Sle and 4 more 2024-11-21 5.4 Medium
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XSS attack through retrieving and displaying results (in tbl_get_field.php and libraries/classes/Display/Results.php). The attacker must be able to insert crafted data into certain database tables, which when retrieved (for instance, through the Browse tab) can trigger the XSS attack.
CVE-2020-10797 1 Netgate 1 Pfsense 2024-11-21 6.1 Medium
An XSS vulnerability resides in the hostname field of the diag_ping.php page in pfsense before 2.4.5 version. After passing inputs to the command and executing this command, the $result variable is not sanitized before it is printed.
CVE-2020-10795 1 Gira 2 Tks-ip-gateway, Tks-ip-gateway Firmware 2024-11-21 7.2 High
Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access.
CVE-2020-10790 1 It-novum 1 Openitcockpit 2024-11-21 5.4 Medium
openITCOCKPIT before 3.7.3 has unnecessary files (such as Lodash files) under the web root, which leads to XSS.
CVE-2020-10789 1 It-novum 1 Openitcockpit 2024-11-21 9.8 Critical
openITCOCKPIT before 3.7.3 has a web-based terminal that allows attackers to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.