Export limit exceeded: 34243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (34243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25047 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and India) software. The S Secure application does not enforce the intended password requirement for a locked application. The Samsung IDs are SVE-2020-16746, SVE-2020-16764 (August 2020). | ||||
| CVE-2020-25044 | 1 Kaspersky | 1 Virus Removal Tool | 2024-11-21 | 7.1 High |
| Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system. | ||||
| CVE-2020-25043 | 1 Kaspersky | 1 Vpn Secure Connection | 2024-11-21 | 7.1 High |
| The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system. | ||||
| CVE-2020-25035 | 1 Ucopia | 1 Express Wireless Appliance | 2024-11-21 | 6.7 Medium |
| UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322. | ||||
| CVE-2020-25026 | 1 Derhansen | 1 Event Management And Registration | 2024-11-21 | 4.3 Medium |
| The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1 for TYPO3 allows Information Disclosure (participant data, and event data via email) because of Broken Access Control. | ||||
| CVE-2020-25018 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 High |
| Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization. | ||||
| CVE-2020-25013 | 1 Jetbrains | 1 Toolbox | 2024-11-21 | 7.5 High |
| JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler. | ||||
| CVE-2020-24981 | 1 Ucms Project | 1 Ucms | 2024-11-21 | 5.3 Medium |
| An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in information leak via an error message caused by directly accessing the website built by UCMS. | ||||
| CVE-2020-24949 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 8.8 High |
| Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). | ||||
| CVE-2020-24930 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 8.1 High |
| Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. | ||||
| CVE-2020-24904 | 1 Davesteele | 1 Gnome-gmail | 2024-11-21 | 6.5 Medium |
| An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to gain sensitive information via crafted "mailto" link. | ||||
| CVE-2020-24827 | 1 Libelfin Project | 1 Libelfin | 2024-11-21 | 5.5 Medium |
| A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted ELF file. | ||||
| CVE-2020-24743 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 9.8 Critical |
| An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows attackers to gain escalated privileges via the resourceid parameter. | ||||
| CVE-2020-24742 | 1 Qt | 1 Qt | 2024-11-21 | 7.8 High |
| An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. | ||||
| CVE-2020-24721 | 2 Apple, Google | 2 Exposure Notifications, Exposure Notifications | 2024-11-21 | 5.7 Medium |
| An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-09-29, as used in COVID-19 applications on Android and iOS. It allows a user to be put in a position where he or she can be coerced into proving or disproving an exposure notification, because of the persistent state of a private framework. | ||||
| CVE-2020-24705 | 1 Wso2 | 6 Api Manager, Api Manager Analytics, Identity Server and 3 more | 2024-11-21 | 8.8 High |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | ||||
| CVE-2020-24703 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-11-21 | 8.8 High |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | ||||
| CVE-2020-24697 | 1 Powerdns | 1 Authoritative | 2024-11-21 | 7.5 High |
| An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. | ||||
| CVE-2020-24693 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 3.3 Low |
| The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to view system information due to insufficient output sanitization. | ||||
| CVE-2020-24678 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 8.8 High |
| An authenticated user might execute malicious code under the user context and take control of the system. S+ Operations or S+ Historian database is affected by multiple vulnerabilities such as the possibility to allow remote authenticated users to gain high privileges. | ||||