Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search Last 3 Months
There are 5,320 matching records.
Displaying matches 101 through 120.
Vuln ID Summary CVSS Severity
CVE-2020-12821

Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.

Published: July 07, 2020; 4:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-12736

Code42 environments with on-premises server versions 7.0.4 and earlier allow for possible remote code execution. When an administrator creates a local (non-SSO) user via a Code42-generated email, the administrator has the option to modify content for the email invitation. If the administrator entered template language code in the subject line, that code could be interpreted by the email generation services, potentially resulting in server-side code injection.

Published: July 07, 2020; 4:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15095

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.

Published: July 07, 2020; 3:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2019-20896

WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.

Published: July 07, 2020; 3:15:10 PM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-15350

RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow.

Published: July 07, 2020; 1:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15515

The turn extension through 0.3.2 for TYPO3 allows Remote Code Execution.

Published: July 07, 2020; 12:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15035

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Map.php hde parameter.

Published: July 07, 2020; 12:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-15034

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Setup.php tet parameter.

Published: July 07, 2020; 12:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-15033

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the snmpget.php ip parameter.

Published: July 07, 2020; 12:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-15032

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Monitoring-Incidents.php id parameter.

Published: July 07, 2020; 12:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-15031

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php chg parameter.

Published: July 07, 2020; 12:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-15030

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Routes.php rtr parameter.

Published: July 07, 2020; 12:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-15029

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Assets-Management.php sn parameter.

Published: July 07, 2020; 12:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-15028

NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Map.php xo parameter.

Published: July 07, 2020; 12:15:10 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-11882

The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. However, the deeplink format is not properly validated. This can be abused by an attacker to redirect a user to any page and deliver any content to the user.

Published: July 07, 2020; 12:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2019-19935

Froala Editor before 3.0.6 allows XSS.

Published: July 07, 2020; 12:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-15037

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Reports-Devices.php page st[] parameter.

Published: July 07, 2020; 11:15:11 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-15036

NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. The application allows an attacker to execute arbitrary JavaScript code via the Topology-Linked.php dv parameter.

Published: July 07, 2020; 11:15:10 AM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2019-4324

"HCL AppScan Enterprise is susceptible to Cross-Site Scripting while importing a specially crafted test policy."

Published: July 07, 2020; 11:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2019-4323

"HCL AppScan Enterprise advisory API documentation is susceptible to clickjacking, which could allow an attacker to embed the contents of untrusted web pages in a frame."

Published: July 07, 2020; 11:15:10 AM -0400
V3.x:(not available)
V2.0:(not available)