Export limit exceeded: 350402 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80552 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12825 | 2 Gnome, Redhat | 2 Libcroco, Enterprise Linux | 2024-11-21 | 7.1 High |
| libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | ||||
| CVE-2020-12824 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 7.5 High |
| Pexip Infinity 23.x before 23.3 has improper input validation, leading to a temporary software abort via RTP. | ||||
| CVE-2020-12817 | 1 Fortinet | 2 Fortianalyzer, Fortitester | 2024-11-21 | 8.8 High |
| An improper neutralization of input vulnerability in FortiAnalyzer before 6.4.1 and 6.2.5 may allow a remote authenticated attacker to inject script related HTML tags via Name parameter of Storage Connectors. | ||||
| CVE-2020-12798 | 1 Sun-denshi | 4 Universal Forensic Extraction Device Firmware, Universal Forensic Extraction Device Ruggedized Panasonic Laptop, Universal Forensic Extraction Device Touch 2 and 1 more | 2024-11-21 | 7.8 High |
| Cellebrite UFED 5.0 to 7.5.0.845 implements local operating system policies that can be circumvented to obtain a command prompt via the Windows file dialog that is reachable via the Certificate-Based Authentication option of the Wireless Network Connection screen. | ||||
| CVE-2020-12790 | 1 Nystudio107 | 1 Seomatic | 2024-11-21 | 7.5 High |
| In the SEOmatic plugin before 3.2.49 for Craft CMS, helpers/DynamicMeta.php does not properly sanitize the URL. This leads to Server-Side Template Injection and credentials disclosure via a crafted Twig template after a semicolon. | ||||
| CVE-2020-12789 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 7.5 High |
| The Secure Monitor in Microchip Atmel ATSAMA5 products use a hardcoded key to encrypt and authenticate secure applets. | ||||
| CVE-2020-12788 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 7.5 High |
| CMAC verification functionality in Microchip Atmel ATSAMA5 products is vulnerable to vulnerable to timing and power analysis attacks. | ||||
| CVE-2020-12787 | 1 Microchip | 152 Atsama5d21c-cu, Atsama5d21c-cu Firmware, Atsama5d21c-cur and 149 more | 2024-11-21 | 7.5 High |
| Microchip Atmel ATSAMA5 products in Secure Mode allow an attacker to bypass existing security mechanisms related to applet handling. | ||||
| CVE-2020-12785 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 8.1 High |
| cPanel before 86.0.14 allows attackers to obtain access to the current working directory via the account backup feature (SEC-540). | ||||
| CVE-2020-12783 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2024-11-21 | 7.5 High |
| Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. | ||||
| CVE-2020-12780 | 1 Combodo | 1 Itop | 2024-11-21 | 7.5 High |
| A security misconfiguration exists in Combodo iTop, which can expose sensitive information. | ||||
| CVE-2020-12778 | 1 Combodo | 1 Itop | 2024-11-21 | 7.4 High |
| Combodo iTop does not validate inputted parameters, attackers can inject malicious commands and launch XSS attack. | ||||
| CVE-2020-12777 | 1 Combodo | 1 Itop | 2024-11-21 | 7.5 High |
| A function in Combodo iTop contains a vulnerability of Broken Access Control, which allows unauthorized attacker to inject command and disclose system information. | ||||
| CVE-2020-12774 | 1 Dlink | 2 Dsl-7740c, Dsl-7740c Firmware | 2024-11-21 | 8.2 High |
| D-Link DSL-7740C does not properly validate user input, which allows an authenticated LAN user to inject arbitrary command. | ||||
| CVE-2020-12772 | 2 Igniterealtime, Microsoft | 2 Spark, Windows | 2024-11-21 | 8.8 High |
| An issue was discovered in Ignite Realtime Spark 2.8.3 (and the ROAR plugin for it) on Windows. A chat message can include an IMG element with a SRC attribute referencing an external host's IP address. Upon access to this external host, the (NT)LM hashes of the user are sent with the HTTP request. This allows an attacker to collect these hashes, crack them, and potentially compromise the computer. (ROAR can be configured for automatic access. Also, access can occur if the user clicks.) | ||||
| CVE-2020-12760 | 1 Opennms | 2 Opennms Horizon, Opennms Meridian | 2024-11-21 | 8.8 High |
| An issue was discovered in OpenNMS Horizon before 26.0.1, and Meridian before 2018.1.19 and 2019 before 2019.1.7. The ActiveMQ channel configuration allowed for arbitrary deserialization of Java objects (aka ActiveMQ Minion payload deserialization), leading to remote code execution for any authenticated channel user regardless of its assigned permissions. | ||||
| CVE-2020-12758 | 1 Hashicorp | 1 Consul | 2024-11-21 | 7.5 High |
| HashiCorp Consul and Consul Enterprise could crash when configured with an abnormally-formed service-router entry. Introduced in 1.6.0, fixed in 1.6.6 and 1.7.4. | ||||
| CVE-2020-12754 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A crafted application can obtain control of device input via the window system service. The LG ID is LVE-SMP-170011 (May 2020). | ||||
| CVE-2020-12752 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. Attackers can determine user credentials via a brute-force attack against the Gatekeeper trustlet. The Samsung ID is SVE-2020-16908 (May 2020). | ||||
| CVE-2020-12751 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| An issue was discovered on Samsung mobile devices with O(8.X), P(9.0), and Q(10.0) software. The Quram image codec library allows attackers to overwrite memory and execute arbitrary code via crafted JPEG data that is mishandled during decoding. The Samsung ID is SVE-2020-16943 (May 2020). | ||||