Export limit exceeded: 10404 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10404 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24554 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 7.5 High |
| The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a 404 error that is recorded, which allows remote attackers to perform a denial of service attack by making repeated requests for pages that do not exist. | ||||
| CVE-2020-24551 | 1 Iproom | 1 Mmc\+ | 2024-11-21 | 6.1 Medium |
| IProom MMC+ Server login page does not validate specific parameters properly. Attackers can use the vulnerability to redirect to any malicious site and steal the victim's login credentials. | ||||
| CVE-2020-24550 | 1 Episerver | 1 Find | 2024-11-21 | 6.1 Medium |
| An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users to untrusted websites via the _t_redirect parameter in a crafted URL, such as a /find_v2/_click URL. | ||||
| CVE-2020-24511 | 4 Debian, Intel, Netapp and 1 more | 11 Debian Linux, Microcode, Fas\/aff Bios and 8 more | 2024-11-21 | 6.5 Medium |
| Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2020-24507 | 2 Intel, Siemens | 409 B150, B250, B360 and 406 more | 2024-11-21 | 4.4 Medium |
| Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22.86, 12.0.81, 13.0.47, 13.30.17, 14.1.53, 14.5.32, 13.50.11 and 15.0.22 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2020-24475 | 1 Intel | 46 Baseboard Management Controller Firmware, Compute Module Hns2600bpb24r, Compute Module Hns2600bpbr and 43 more | 2024-11-21 | 5.5 Medium |
| Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-24454 | 1 Intel | 1 Quartus Prime | 2024-11-21 | 7.5 High |
| Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro Edition before version 20.3 and Intel(R) Quartus(R) Prime Standard Edition before version 20.2 may allow unauthenticated user to potentially enable information disclosure via network access. | ||||
| CVE-2020-24379 | 3 Canonical, Debian, Yaws | 3 Ubuntu Linux, Debian Linux, Yaws | 2024-11-21 | 9.8 Critical |
| WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection. | ||||
| CVE-2020-24052 | 1 Moog | 4 Exvf5c-2, Exvf5c-2 Firmware, Exvp7c2-3 and 1 more | 2024-11-21 | 9.1 Critical |
| Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units allow remote unauthenticated users to read arbitrary files via a crafted Document Type Definition (DTD) in an XML request. | ||||
| CVE-2020-23804 | 2 Debian, Freedesktop | 2 Debian Linux, Poppler | 2024-11-21 | 7.5 High |
| Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | ||||
| CVE-2020-23722 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 8.8 High |
| An issue was discovered in FUEL CMS 1.4.7. There is a escalation of privilege vulnerability to obtain super admin privilege via the "id" and "fuel_id" parameters. | ||||
| CVE-2020-23478 | 1 Leoeditor | 1 Leo | 2024-11-21 | 7.5 High |
| Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | ||||
| CVE-2020-23449 | 1 Newbee-mall Project | 1 Newbee-mall | 2024-11-21 | 7.5 High |
| newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID. | ||||
| CVE-2020-23446 | 1 Verint | 1 Workforce Optimization | 2024-11-21 | 5.3 Medium |
| Verint Workforce Optimization suite 15.1 (15.1.0.37634) has Unauthenticated Information Disclosure via API | ||||
| CVE-2020-23360 | 1 Oscommerce | 1 Oscommerce | 2024-11-21 | 9.8 Critical |
| oscommerce v2.3.4.1 has a functional problem in user registration and password rechecking, where a non-identical password can bypass the checks in /catalog/admin/administrators.php and /catalog/password_reset.php | ||||
| CVE-2020-23359 | 1 Webidsupport | 1 Webid | 2024-11-21 | 9.8 Critical |
| WeBid 1.2.2 admin/newuser.php has an issue with password rechecking during registration because it uses a loose comparison to check the identicalness of two passwords. Two non-identical passwords can still bypass the check. | ||||
| CVE-2020-23322 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion in 'context_p->token.type == LEXER_RIGHT_BRACE || context_p->token.type == LEXER_ASSIGN || context_p->token.type == LEXER_COMMA' in parser_parse_object_initializer in JerryScript 2.2.0. | ||||
| CVE-2020-23320 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion in 'context_p->next_scanner_info_p->type == SCANNER_TYPE_FUNCTION' in parser_parse_function_arguments in JerryScript 2.2.0. | ||||
| CVE-2020-23319 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion in '(flags >> CBC_STACK_ADJUST_SHIFT) >= CBC_STACK_ADJUST_BASE || (CBC_STACK_ADJUST_BASE - (flags >> CBC_STACK_ADJUST_SHIFT)) <= context_p->stack_depth' in parser_emit_cbc_backward_branch in JerryScript 2.2.0. | ||||
| CVE-2020-23314 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| There is an Assertion 'block_found' failed at js-parser-statm.c:2003 parser_parse_try_statement_end in JerryScript 2.2.0. | ||||