Export limit exceeded: 350349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80533 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-11610 | 1 Cross Domain Local Storage Project | 1 Cross Domain Local Storage | 2024-11-21 | 8.8 High |
| An issue was discovered in xdLocalStorage through 2.0.5. The postData() function in xdLocalStoragePostMessageApi.js specifies the wildcard (*) as the targetOrigin when calling the postMessage() function on the parent object. Therefore any domain can load the application hosting the "magical iframe" and receive the messages that the "magical iframe" sends. | ||||
| CVE-2020-11605 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is sensitive information exposure from dumpstate in NFC logs. The Samsung ID is SVE-2019-16359 (April 2020). | ||||
| CVE-2020-11599 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 6.80 Build 2016031401. GetDistributedPOP3 allows attackers to obtain the username and password of the SMTP user. | ||||
| CVE-2020-11596 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| A Directory Traversal issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make HTTP GET requests to a certain URL and obtain information about what files and directories reside on the server. | ||||
| CVE-2020-11595 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path. | ||||
| CVE-2020-11594 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request that causes a stack error to be shown providing the full file path. | ||||
| CVE-2020-11593 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an HTTP POST request with injected HTML data that is later leveraged to send emails from a customer trusted email address. | ||||
| CVE-2020-11592 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the columns of a specific table within the CIP database. | ||||
| CVE-2020-11589 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An Insecure Direct Object Reference issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make a GET request to a certain URL and obtain information that should be provided to authenticated users only. | ||||
| CVE-2020-11587 | 1 Cipplanner | 1 Cipace | 2024-11-21 | 7.5 High |
| An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and get the content of ETL Processes running on the server. | ||||
| CVE-2020-11582 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2024-11-21 | 8.8 High |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, launches a TCP server that accepts local connections on a random port. This can be reached by local HTTP clients, because up to 25 invalid lines are ignored, and because DNS rebinding can occur. (This server accepts, for example, a setcookie command that might be relevant to CVE-2020-11581 exploitation.) | ||||
| CVE-2020-11581 | 4 Apple, Linux, Oracle and 1 more | 5 Macos, Linux Kernel, Solaris and 2 more | 2024-11-21 | 8.1 High |
| An issue was discovered in Pulse Secure Pulse Connect Secure (PCS) through 2020-04-06. The applet in tncc.jar, executed on macOS, Linux, and Solaris clients when a Host Checker policy is enforced, allows a man-in-the-middle attacker to perform OS command injection attacks (against a client) via shell metacharacters to the doCustomRemediateInstructions method, because Runtime.getRuntime().exec() is used. | ||||
| CVE-2020-11579 | 2 Chadhaajay, Php | 2 Phpkb, Php | 2024-11-21 | 7.5 High |
| An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php (part of the installation process) allows a remote unauthenticated attacker to disclose local files on hosts running PHP before 7.2.16, or on hosts where the MySQL ALLOW LOCAL DATA INFILE option is enabled. | ||||
| CVE-2020-11561 | 1 Nchsoftware | 1 Express Invoice | 2024-11-21 | 8.8 High |
| In NCH Express Invoice 7.25, an authenticated low-privilege user can enter a crafted URL to access higher-privileged functionalities such as the "Add New Item" screen. | ||||
| CVE-2020-11560 | 1 Nchsoftware | 1 Express Invoice | 2024-11-21 | 7.8 High |
| NCH Express Invoice 7.25 allows local users to discover the cleartext password by reading the configuration file. | ||||
| CVE-2020-11557 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 7.5 High |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It includes the username and password values in cleartext within each request's cookie value. | ||||
| CVE-2020-11555 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 7.5 High |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive credential information from backup files. | ||||
| CVE-2020-11554 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 7.5 High |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. It allows remote attackers to obtain sensitive information via info.php4. | ||||
| CVE-2020-11553 | 1 Castlerock | 1 Snmpc Online | 2024-11-21 | 8.8 High |
| An issue was discovered in Castle Rock SNMPc Online 12.10.10 before 2020-01-28. There is pervasive CSRF. | ||||
| CVE-2020-11551 | 1 Netgear | 6 Rbs50y, Rbs50y Firmware, Srr60 and 3 more | 2024-11-21 | 8.8 High |
| An issue was discovered on NETGEAR Orbi Tri-Band Business WiFi Add-on Satellite (SRS60) AC3000 V2.5.1.106, Outdoor Satellite (RBS50Y) V2.5.1.106, and Pro Tri-Band Business WiFi Router (SRR60) AC3000 V2.5.1.106. The administrative SOAP interface allows an unauthenticated remote write of arbitrary Wi-Fi configuration data such as authentication details (e.g., the Web-admin password), network settings, DNS settings, system administration interface configuration, etc. | ||||