Search Results (Refine Search)

Search Parameters:
There are 138,369 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2020-15540

We-com OpenData CMS 2.0 allows SQL Injection via the username field on the administrator login page.

Published: July 05, 2020; 12:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15539

SQL injection can occur in We-com Municipality portal CMS 2.1.x via the cerca/ keywords field.

Published: July 05, 2020; 12:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15538

XSS can occur in We-com Municipality portal CMS 2.1.x via the cerca/ search bar.

Published: July 05, 2020; 12:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15537

An issue was discovered in the Vanguard plugin 2.1 for WordPress. XSS can occur via the mails/new title field, a product field to the p/ URI, or the Products Search box.

Published: July 05, 2020; 12:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15536

An issue was discovered in the bestsoftinc Hotel Booking System Pro plugin through 1.1 for WordPress. Persistent XSS can occur via any of the registration fields.

Published: July 05, 2020; 12:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15535

An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields.

Published: July 05, 2020; 12:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15466

In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations.

Published: July 05, 2020; 7:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15530

An issue was discovered in Valve Steam Client 2.10.91.91. The installer allows local users to gain NT AUTHORITY\SYSTEM privileges because some parts of %PROGRAMFILES(X86)%\Steam and/or %COMMONPROGRAMFILES(X86)%\Steam have weak permissions during a critical time window. An attacker can make this time window arbitrarily long by using opportunistic locks.

Published: July 04, 2020; 9:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15529

An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user installs a game or performs a verify/repair operation. The issue exists because of weak file permissions and can be exploited by using opportunistic locks.

Published: July 04, 2020; 9:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15528

An issue was discovered in GOG Galaxy Client 2.0.17. Local escalation of privileges is possible when a user starts or uninstalls a game because of weak file permissions and missing file integrity checks.

Published: July 04, 2020; 9:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15523

In Python 3.6 through 3.6.10, 3.7 through 3.7.8, 3.8 through 3.8.4rc1, and 3.9 through 3.9.0b4 on Windows, a Trojan horse python3.dll might be used in cases where CPython is embedded in a native application. This occurs because python3X.dll may use an invalid search path for python3.dll loading (after Py_SetPath has been used). NOTE: this issue CANNOT occur when using python.exe from a standard (non-embedded) Python installation on Windows.

Published: July 04, 2020; 7:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7284

Exposure of Sensitive Information in McAfee Network Security Management (NSM) prior to 10.1.7.7 allows local users to gain unauthorised access to the root account via execution of carefully crafted commands from the restricted command line interface (CLI).

Published: July 03, 2020; 3:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-10282

The Micro Air Vehicle Link (MAVLink) protocol presents no authentication mechanism on its version 1.0 (nor authorization) whichs leads to a variety of attacks including identity spoofing, unauthorized access, PITM attacks and more. According to literature, version 2.0 optionally allows for package signing which mitigates this flaw. Another source mentions that MAVLink 2.0 only provides a simple authentication system based on HMAC. This implies that the flying system overall should add the same symmetric key into all devices of network. If not the case, this may cause a security issue, that if one of the devices and its symmetric key are compromised, the whole authentication system is not reliable.

Published: July 03, 2020; 11:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-10281

This vulnerability applies to the Micro Air Vehicle Link (MAVLink) protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer (and reception speed) and efficiency by design. The increasing popularity of the protocol (used accross different autopilots) has led to its use in wired and wireless mediums through insecure communication channels exposing sensitive information to a remote attacker with ability to intercept network traffic.

Published: July 03, 2020; 11:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7283

Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to create and edit files via symbolic link manipulation in a location they would otherwise not have access to. This is achieved through running a malicious script or program on the target machine.

Published: July 03, 2020; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7282

Privilege Escalation vulnerability in McAfee Total Protection (MTP) before 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Published: July 03, 2020; 10:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-7281

Privilege Escalation vulnerability in McAfee Total Protection (MTP) prior to 16.0.R26 allows local users to delete files the user would otherwise not have access to via manipulating symbolic links to redirect a McAfee delete action to an unintended file. This is achieved through running a malicious script or program on the target machine.

Published: July 03, 2020; 10:15:09 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15518

VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests.

Published: July 03, 2020; 7:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-14173

The file upload feature in Atlassian Jira Server and Data Center in affected versions allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. The affected versions are before version 8.5.4, from version 8.6.0 before 8.6.2, and from version 8.7.0 before 8.7.1.

Published: July 02, 2020; 10:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-14172

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to achieve template injection via the Web Resources Manager. The affected versions are before version 8.8.1.

Published: July 02, 2020; 10:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)