Export limit exceeded: 76245 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76245 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14028 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 7.2 High |
| An issue was discovered in Ozeki NG SMS Gateway through 4.17.6. By leveraging a path traversal vulnerability in the Autoreply module's Script Name, an attacker may write to or overwrite arbitrary files, with arbitrary content, usually with NT AUTHORITY\SYSTEM privileges. | ||||
| CVE-2020-14026 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 8.8 High |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. | ||||
| CVE-2020-14025 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 8.8 High |
| Ozeki NG SMS Gateway through 4.17.6 has multiple CSRF vulnerabilities. For example, an administrator, by following a link, can be tricked into making unwanted changes such as installing new modules or changing a password. | ||||
| CVE-2020-14022 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 8.8 High |
| Ozeki NG SMS Gateway 4.17.1 through 4.17.6 does not check the file type when bulk importing new contacts ("Import Contacts" functionality) from a file. It is possible to upload an executable or .bat file that can be executed with the help of a functionality (E.g. the "Application Starter" module) within the application. | ||||
| CVE-2020-14019 | 2 Redhat, Rtslib-fb Project | 2 Enterprise Linux, Rtslib-fb | 2024-11-21 | 7.8 High |
| Open-iSCSI rtslib-fb through 2.1.72 has weak permissions for /etc/target/saveconfig.json because shutil.copyfile (instead of shutil.copy) is used, and thus permissions are not preserved. | ||||
| CVE-2020-14017 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 7.5 High |
| An issue was discovered in Navigate CMS 2.9 r1433. Sessions, as well as associated information such as CSRF tokens, are stored in cleartext files in the directory /private/sessions. An unauthenticated user could use a brute-force approach to attempt to identify existing sessions, or view the contents of this file to discover details about a session. | ||||
| CVE-2020-14015 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 7.5 High |
| An issue was discovered in Navigate CMS 2.9 r1433. When performing a password reset, a user is emailed an activation code that allows them to reset their password. There is, however, a flaw when no activation code is supplied. The system will allow an unauthorized user to continue setting a password, even though no activation code was supplied, setting the password for the most recently created user in the system (the user with the highest user id). | ||||
| CVE-2020-14008 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 7.2 High |
| Zoho ManageEngine Applications Manager 14710 and before allows an authenticated admin user to upload a vulnerable jar in a specific location, which leads to remote code execution. | ||||
| CVE-2020-14005 | 1 Solarwinds | 2 Orion Network Performance Monitor, Orion Web Performance Monitor | 2024-11-21 | 8.8 High |
| Solarwinds Orion (with Web Console WPM 2019.4.1, and Orion Platform HF4 or NPM HF2 2019.4) allows remote attackers to execute arbitrary code via a defined event. | ||||
| CVE-2020-14004 | 2 Icinga, Opensuse | 3 Icinga, Backports Sle, Leap | 2024-11-21 | 7.8 High |
| An issue was discovered in Icinga2 before v2.12.0-rc1. The prepare-dirs script (run as part of the icinga2 systemd service) executes chmod 2750 /run/icinga2/cmd. /run/icinga2 is under control of an unprivileged user by default. If /run/icinga2/cmd is a symlink, then it will by followed and arbitrary files can be changed to mode 2750 by the unprivileged icinga2 user. | ||||
| CVE-2020-13998 | 1 Citrix | 1 Xenapp | 2024-11-21 | 7.5 High |
| Citrix XenApp 6.5, when 2FA is enabled, allows a remote unauthenticated attacker to ascertain whether a user exists on the server, because the 2FA error page only occurs after a valid username is entered. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-13997 | 1 Shopware | 1 Shopware | 2024-11-21 | 7.5 High |
| In Shopware before 6.2.3, the database password is leaked to an unauthenticated user when a DriverException occurs and verbose error handling is enabled. | ||||
| CVE-2020-13996 | 1 J2store | 1 J2store | 2024-11-21 | 8.8 High |
| The J2Store plugin before 3.3.13 for Joomla! allows a SQL injection attack by a trusted store manager. | ||||
| CVE-2020-13994 | 1 Mods-for-hesk | 1 Mods For Hesk | 2024-11-21 | 8.8 High |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A privileged user can achieve code execution on the server via a ticket because of improper access control of uploaded resources. This might be exploitable in conjunction with CVE-2020-13992 by an unauthenticated attacker. | ||||
| CVE-2020-13993 | 1 Mods-for-hesk | 1 Mods For Hesk | 2024-11-21 | 7.5 High |
| An issue was discovered in Mods for HESK 3.1.0 through 2019.1.0. A blind time-based SQL injection issue allows remote unauthenticated attackers to retrieve information from the database via a ticket. | ||||
| CVE-2020-13991 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. | ||||
| CVE-2020-13988 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | 7.5 High |
| An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c. | ||||
| CVE-2020-13987 | 5 Contiki-os, Open-iscsi Project, Redhat and 2 more | 12 Contiki, Open-iscsi, Enterprise Linux and 9 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. | ||||
| CVE-2020-13986 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 7.5 High |
| An issue was discovered in Contiki through 3.0. An infinite loop exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. | ||||
| CVE-2020-13985 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 7.5 High |
| An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. | ||||