Search Results (Refine Search)

Search Parameters:
There are 143,933 matching records.
Displaying matches 301 through 320.
Vuln ID Summary CVSS Severity
CVE-2020-18766

A cross-site scripting (XSS) vulnerability AntSword v2.0.7 can remotely execute system commands.

Published: October 26, 2020; 12:15:13 PM -0400
V3.1: 9.6 CRITICAL
V2.0: 6.8 MEDIUM
CVE-2020-15897

Arista EOS before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause traffic loss or incorrect forwarding of traffic via a malformed link-state PDU to the IS-IS router.

Published: October 26, 2020; 12:15:13 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-13100

Arista’s CloudVision eXchange (CVX) server before 4.21.12M, 4.22.x before 4.22.7M, 4.23.x before 4.23.5M, and 4.24.x before 4.24.2F allows remote attackers to cause a denial of service (crash and restart) in the ControllerOob agent via a malformed control-plane packet.

Published: October 26, 2020; 11:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-25470

AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution.

Published: October 26, 2020; 10:15:13 AM -0400
V3.1: 6.1 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-7751

This affects all versions of package pathval.

Published: October 26, 2020; 8:17:13 AM -0400
V3.1: 6.0 MEDIUM
V2.0:(not available)
CVE-2020-27678

An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c.

Published: October 26, 2020; 8:17:12 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-27388

Multiple Stored Cross Site Scripting (XSS) vulnerabilities exist in the YOURLS Admin Panel, Versions 1.5 - 1.7.10. An authenticated user must modify a PHP plugin with a malicious payload and upload it, resulting in multiple stored XSS issues.

Published: October 23, 2020; 4:15:12 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2020-24848

FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.

Published: October 23, 2020; 3:15:12 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-24847

A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticated attacker can change the newSSID and hostapd_wpa_passphrase.

Published: October 23, 2020; 3:15:12 PM -0400
V3.1: 4.3 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2020-5990

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.

Published: October 23, 2020; 2:15:17 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-5978

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in its services in which a folder is created by nvcontainer.exe under normal user login with LOCAL_SYSTEM privileges which may lead to a denial of service or escalation of privileges.

Published: October 23, 2020; 2:15:16 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2020-5977

NVIDIA GeForce Experience, all versions prior to 3.20.5.70, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Published: October 23, 2020; 2:15:16 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.4 MEDIUM
CVE-2020-25483

An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.

Published: October 23, 2020; 2:15:16 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-25466

A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download arbitrary files on the server and remotely execute arbitrary code.

Published: October 23, 2020; 11:15:12 AM -0400
V3.1: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2020-3998

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. A malicious attacker with local privileges on the machine where Horizon Client for Windows is installed may be able to retrieve hashed credentials if the client crashes.

Published: October 23, 2020; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-3997

VMware Horizon Server (7.x prior to 7.10.3 or 7.13.0) contains a Cross Site Scripting (XSS) vulnerability. Successful exploitation of this issue may allow an attacker to inject malicious script which will be executed.

Published: October 23, 2020; 10:15:12 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-27216

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. If the attacker wins the race then they will have read and write permission to the subdirectory used to unpack web applications, including their WEB-INF/lib jar files and JSP files. If any code is ever executed out of this temporary directory, this can lead to a local privilege escalation vulnerability.

Published: October 23, 2020; 9:15:16 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-26561

** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Published: October 23, 2020; 2:15:12 AM -0400
V3.1: 8.8 HIGH
V2.0: 6.5 MEDIUM
CVE-2020-9361

CryptoPro CSP through 5.0.0.10004 on 64-bit platforms allows local users with the SeChangeNotifyPrivilege right to cause denial of service because user-mode input is mishandled during process creation.

Published: October 23, 2020; 1:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-9331

CryptoPro CSP through 5.0.0.10004 on 32-bit platforms allows Local Privilege Escalation (by local users with the SeChangeNotifyPrivilege right) because user-mode input is mishandled during process creation. An attacker can write arbitrary data to an arbitrary location in the kernel's address space.

Published: October 23, 2020; 1:15:13 AM -0400
V3.x:(not available)
V2.0:(not available)