Search Results (83497 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-10092 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
GitLab 12.1 through 12.8.1 allows XSS. A cross-site scripting vulnerability was present in a particular view relating to the Grafana integration.
CVE-2020-10091 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
GitLab 9.3 through 12.8.1 allows XSS. A cross-site scripting vulnerability was found when viewing particular file types.
CVE-2020-10078 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
GitLab 12.1 through 12.8.1 allows XSS. The merge request submission form was determined to have a stored cross-site scripting vulnerability.
CVE-2020-10076 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
GitLab 12.1 through 12.8.1 allows XSS. A stored cross-site scripting vulnerability was discovered when displaying merge requests.
CVE-2020-10075 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
GitLab 12.5 through 12.8.1 allows HTML Injection. A particular error header was potentially susceptible to injection or potentially other vulnerabilities via unescaped input.
CVE-2020-10065 1 Zephyrproject 1 Zephyr 2024-11-21 3.8 Low
Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c
CVE-2020-10064 1 Zephyrproject 1 Zephyr 2024-11-21 8.3 High
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
CVE-2020-10061 1 Zephyrproject 1 Zephyr 2024-11-21 8.1 High
Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions.
CVE-2020-10043 1 Siemens 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more 2024-11-21 6.1 Medium
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). The web server could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into accessing a malicious link.
CVE-2020-10041 1 Siemens 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more 2024-11-21 6.1 Medium
A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). A stored Cross-Site-Scripting (XSS) vulnerability is present in different locations of the web application. An attacker might be able to take over a session of a legitimate user.
CVE-2020-10029 7 Canonical, Debian, Fedoraproject and 4 more 18 Ubuntu Linux, Debian Linux, Fedora and 15 more 2024-11-21 5.5 Medium
The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c.
CVE-2020-10021 1 Zephyrproject 1 Zephyr 2024-11-21 8.1 High
Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions.
CVE-2020-10017 1 Apple 5 Ipados, Iphone Os, Mac Os X and 2 more 2024-11-21 7.8 High
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution.
CVE-2020-10016 1 Apple 6 Ipados, Iphone Os, Mac Os X and 3 more 2024-11-21 7.8 High
A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-10015 1 Apple 2 Mac Os X, Macos 2024-11-21 7.8 High
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.
CVE-2020-10012 1 Apple 2 Mac Os X, Macos 2024-11-21 6.1 Medium
An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted document may lead to a cross site scripting attack.
CVE-2020-0970 1 Microsoft 4 Chakracore, Edge, Windows 10 and 1 more 2024-11-21 7.5 High
A remote code execution vulnerability exists in the way that the ChakraCore scripting engine handles objects in memory, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0968.
CVE-2020-0969 1 Microsoft 5 Chakracore, Edge, Windows 10 and 2 more 2024-11-21 7.5 High
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge (HTML-based), aka 'Chakra Scripting Engine Memory Corruption Vulnerability'.
CVE-2020-0967 1 Microsoft 9 Internet Explorer, Windows 10, Windows 7 and 6 more 2024-11-21 8.8 High
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0966.
CVE-2020-0950 1 Microsoft 3 Windows 10, Windows Server 2016, Windows Server 2019 2024-11-21 8.8 High
A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0948, CVE-2020-0949.