| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-24000 | SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and di... | E | |
| CVE-2020-24003 | Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which all... | E | |
| CVE-2020-24007 | Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may expl... | E | |
| CVE-2020-24008 | Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, wher... | E | |
| CVE-2020-24020 | Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backen... | | |
| CVE-2020-24025 | Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the... | | |
| CVE-2020-24026 | TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affec... | E | |
| CVE-2020-24027 | In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in t... | E | |
| CVE-2020-24028 | ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via use... | | |
| CVE-2020-24029 | Because of unauthenticated password changes in ForLogic Qualiex v1 and v3, customer and admin permis... | | |
| CVE-2020-24030 | ForLogic Qualiex v1 and v3 has weak token expiration. This allows remote unauthenticated privilege e... | | |
| CVE-2020-24032 | tz.pl on XoruX LPAR2RRD and STOR2RRD 2.70 virtual appliances allows cmd=set&tz=OS command injection ... | | |
| CVE-2020-24033 | An issue was discovered in fs.com S3900 24T4S 1.7.0 and earlier. The form does not have an authentic... | E | |
| CVE-2020-24034 | Sagemcom F@ST 5280 routers using firmware version 1.150.61 have insecure deserialization that allows... | E | |
| CVE-2020-24036 | PHP object injection in the Ajax endpoint of the backend in ForkCMS below version 5.8.3 allows an au... | E S | |
| CVE-2020-24038 | myFax version 229 logs sensitive information in the export log module which allows any user to acces... | E | |
| CVE-2020-24045 | A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to... | E | |
| CVE-2020-24046 | A sandbox escape issue was discovered in TitanHQ SpamTitan Gateway 7.07. It limits the admin user to... | E | |
| CVE-2020-24051 | The Moog EXO Series EXVF5C-2 and EXVP7C2-3 units support the ONVIF interoperability IP-based physica... | E | |
| CVE-2020-24052 | Several XML External Entity (XXE) vulnerabilities in the Moog EXO Series EXVF5C-2 and EXVP7C2-3 unit... | E | |
| CVE-2020-24053 | Moog EXO Series EXVF5C-2 and EXVP7C2-3 units have a hardcoded credentials vulnerability. This could ... | E | |
| CVE-2020-24054 | The administration console of the Moog EXO Series EXVF5C-2 and EXVP7C2-3 units features a 'statusbro... | E | |
| CVE-2020-24055 | Verint 5620PTZ Verint_FW_0_42 and Verint 4320 V4320_FW_0_23, and V4320_FW_0_31 units feature an auto... | E | |
| CVE-2020-24056 | A hardcoded credentials vulnerability exists in Verint 5620PTZ Verint_FW_0_42, Verint 4320 V4320_FW_... | E | |
| CVE-2020-24057 | The management website of the Verint S5120FD Verint_FW_0_42 unit features a CGI endpoint ('ipfilter.... | E | |
| CVE-2020-24061 | Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4... | E | |
| CVE-2020-24063 | The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF.... | | |
| CVE-2020-24074 | The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, ... | E S | |
| CVE-2020-24075 | Cross Site Scripting (XSS) vulnerability in Name Input Field in Contact Us form in Laborator Kalium ... | | |
| CVE-2020-24085 | A cross-site scripting (XSS) vulnerability exists in MISP v2.4.128 in app/Controller/UserSettingsCon... | S | |
| CVE-2020-24088 | An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows loca... | E | |
| CVE-2020-24089 | An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local a... | | |
| CVE-2020-24102 | Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute a... | | |
| CVE-2020-24104 | XSS on the PIX-Link Repeater/Router LV-WR07 with firmware v28K.Router.20170904 allows attackers to s... | E | |
| CVE-2020-24113 | Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.... | | |
| CVE-2020-24115 | In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin p... | E | |
| CVE-2020-24119 | A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not pe... | E S | |
| CVE-2020-24130 | A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 al... | E | |
| CVE-2020-24133 | A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commi... | S | |
| CVE-2020-24135 | A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Wcms 0.3.2, which allows remo... | E | |
| CVE-2020-24136 | Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is r... | E | |
| CVE-2020-24137 | Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the se... | | |
| CVE-2020-24138 | Cross Site Scripting (XSS) vulnerability in wcms 0.3.2 allows remote attackers to inject arbitrary w... | E | |
| CVE-2020-24139 | Server-side request forgery in Wcms 0.3.2 lets an attacker send crafted requests from the back-end s... | E | |
| CVE-2020-24140 | Server-side request forgery in Wcms 0.3.2 let an attacker send crafted requests from the back-end se... | E | |
| CVE-2020-24141 | Server-side request forgery in the WP-DownloadManager plugin 1.68.4 for WordPress lets an attacker s... | | |
| CVE-2020-24142 | Server-side request forgery in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 fo... | | |
| CVE-2020-24143 | Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPr... | | |
| CVE-2020-24144 | Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPres... | | |
| CVE-2020-24145 | Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin... | | |
| CVE-2020-24146 | Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress ... | | |
| CVE-2020-24147 | Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.... | | |
| CVE-2020-24148 | Server-side request forgery (SSRF) in the Import XML and RSS Feeds (import-xml-feed) plugin 2.0.1 fo... | | |
| CVE-2020-24149 | Server-side request forgery (SSRF) in the Podcast Importer SecondLine (podcast-importer-secondline) ... | E | |
| CVE-2020-24158 | 360 Speed Browser 12.0.1247.0 has a DLL hijacking vulnerability, which can be exploited by attackers... | | |
| CVE-2020-24159 | NetEase Youdao Dictionary has a DLL hijacking vulnerability, which can be exploited by attackers to ... | | |
| CVE-2020-24160 | Shenzhen Tencent TIM Windows client 3.0.0.21315 has a DLL hijacking vulnerability, which can be expl... | | |
| CVE-2020-24161 | Guangzhou NetEase Mail Master 4.14.1.1004 on Windows has a DLL hijacking vulnerability. Attackers ca... | | |
| CVE-2020-24162 | The Shenzhen Tencent app 5.8.2.5300 for PC platforms (from Tencent App Center) has a DLL hijacking v... | | |
| CVE-2020-24164 | A deserialization flaw is present in Taoensso Nippy before 2.14.2. In some circumstances, it is poss... | | |
| CVE-2020-24165 | An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrar... | | |
| CVE-2020-24175 | Buffer overflow in Yz1 0.30 and 0.32, as used in IZArc 4.4, ZipGenius 6.3.2.3116, and Explzh (extens... | E | |
| CVE-2020-24186 | A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for W... | E | |
| CVE-2020-24187 | An issue was discovered in ecma-helpers.c in jerryscript version 2.3.0, allows local attackers to ca... | E | |
| CVE-2020-24188 | Cross-site scripting (XSS) vulnerability in the search functionality in Intrexx before 9.4.0 allows ... | | |
| CVE-2020-24193 | A SQL injection vulnerability in login in Sourcecodetester Daily Tracker System 1.0 allows unauthent... | E | |
| CVE-2020-24194 | A Cross-site scripting (XSS) vulnerability in 'user-profile.php' in SourceCodester Daily Tracker Sys... | E | |
| CVE-2020-24195 | An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 all... | | |
| CVE-2020-24196 | An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated adm... | E | |
| CVE-2020-24197 | A SQL injection vulnerability in the login component in Stock Management System v1.0 allows remote a... | E | |
| CVE-2020-24198 | A persistent cross-site scripting vulnerability in Sourcecodester Stock Management System v1.0 allow... | E | |
| CVE-2020-24199 | Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management ... | E | |
| CVE-2020-24200 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-24202 | File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vuln... | E | |
| CVE-2020-24203 | Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.... | E | |
| CVE-2020-24208 | A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthen... | | |
| CVE-2020-24212 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. This candidate was erroneously published without ... | R | |
| CVE-2020-24213 | An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game s... | E | |
| CVE-2020-24214 | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. A... | E | |
| CVE-2020-24215 | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. A... | E | |
| CVE-2020-24216 | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. W... | E | |
| CVE-2020-24217 | An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. T... | E | |
| CVE-2020-24218 | An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log ... | E | |
| CVE-2020-24219 | An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send... | E | |
| CVE-2020-24220 | ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute... | | |
| CVE-2020-24221 | An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers ... | E | |
| CVE-2020-24222 | Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, a... | E | |
| CVE-2020-24223 | Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters.... | E | |
| CVE-2020-24227 | Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text al... | E | |
| CVE-2020-24231 | Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and... | | |
| CVE-2020-24240 | GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex)... | S | |
| CVE-2020-24241 | In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.... | E | |
| CVE-2020-24242 | In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessin... | E | |
| CVE-2020-24246 | Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration fil... | E | |
| CVE-2020-24263 | Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to r... | | |
| CVE-2020-24264 | Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitra... | | |
| CVE-2020-24265 | An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability i... | E S | |
| CVE-2020-24266 | An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability i... | E S | |
| CVE-2020-24271 | A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?... | E | |
| CVE-2020-24275 | A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrar... | E S | |
| CVE-2020-24285 | INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information ... | E | |
| CVE-2020-24292 | Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows r... | E | |
| CVE-2020-24293 | Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] all... | E | |
| CVE-2020-24294 | Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 ... | E | |
| CVE-2020-24295 | Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows r... | E | |
| CVE-2020-24297 | httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to exec... | E | |
| CVE-2020-24301 | Users of the HAPI FHIR Testpage Overlay 5.0.0 and below can use a specially crafted URL to exploit a... | E | |
| CVE-2020-24303 | Grafana before 7.1.0-beta 1 allows XSS via a query alias for the ElasticSearch datasource.... | S | |
| CVE-2020-24307 | An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file... | | |
| CVE-2020-24312 | mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to the fm_backups dire... | E | |
| CVE-2020-24313 | Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does n... | E | |
| CVE-2020-24314 | Fahad Mahmood RSS Feed Widget Plugin v2.7.9 and lower does not sanitize the value of the "t" GET par... | E | |
| CVE-2020-24315 | Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid PO... | E | |
| CVE-2020-24316 | WP Plugin Rednumber Admin Menu v1.1 and lower does not sanitize the value of the "role" GET paramete... | E | |
| CVE-2020-24327 | Server Side Request Forgery (SSRF) vulnerability exists in Discourse 2.3.2 and 2.6 via the email fun... | E S | |
| CVE-2020-24330 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileg... | E S | |
| CVE-2020-24331 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileg... | E S | |
| CVE-2020-24332 | An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileg... | E S | |
| CVE-2020-24333 | A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” o... | E M | |
| CVE-2020-24334 | The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does no... | | |
| CVE-2020-24335 | An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing l... | | |
| CVE-2020-24336 | An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type... | | |
| CVE-2020-24337 | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with... | | |
| CVE-2020-24338 | An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functiona... | | |
| CVE-2020-24339 | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompre... | | |
| CVE-2020-24340 | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS respons... | | |
| CVE-2020-24341 | An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing funct... | | |
| CVE-2020-24342 | Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism w... | E S | |
| CVE-2020-24343 | Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.... | E S | |
| CVE-2020-24344 | JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.... | E S | |
| CVE-2020-24345 | JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("... | E S | |
| CVE-2020-24346 | njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c... | E S | |
| CVE-2020-24347 | njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c... | E S | |
| CVE-2020-24348 | njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_js... | E S | |
| CVE-2020-24349 | njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. N... | E S | |
| CVE-2020-24352 | An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI V... | | |
| CVE-2020-24353 | Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.... | | |
| CVE-2020-24354 | Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware a... | E | |
| CVE-2020-24355 | Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware a... | E | |
| CVE-2020-24356 | Local Privilege Escalation in cloudflared | | |
| CVE-2020-24359 | HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH O... | | |
| CVE-2020-24360 | An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of product... | E | |
| CVE-2020-24361 | SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.... | | |
| CVE-2020-24363 | TP-Link TL-WA855RE V5 20200415-rel37464 devices allow an unauthenticated attacker (on the same netwo... | | |
| CVE-2020-24364 | MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could le... | E | |
| CVE-2020-24365 | An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The ... | E | |
| CVE-2020-24366 | Sensitive information could be disclosed in the JetBrains YouTrack application before 2020.2.0 for A... | | |
| CVE-2020-24367 | Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escala... | S | |
| CVE-2020-24368 | Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability whic... | E | |
| CVE-2020-24369 | ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function,... | E S | |
| CVE-2020-24370 | ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as... | E S | |
| CVE-2020-24371 | lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a mem... | E S | |
| CVE-2020-24372 | LuaJIT through 2.1.0-beta3 has an out-of-bounds read in lj_err_run in lj_err.c.... | E | |
| CVE-2020-24373 | A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.... | E | |
| CVE-2020-24374 | A DNS rebinding vulnerability in Freebox v5 before 1.5.29.... | E | |
| CVE-2020-24375 | A DNS rebinding vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3.... | E | |
| CVE-2020-24376 | A DNS rebinding vulnerability in the UPnP IGD implementations in Freebox v5 before 1.5.29 and Freebo... | | |
| CVE-2020-24377 | A DNS rebinding vulnerability in the Freebox OS web interface in Freebox Server before 4.2.3.... | E | |
| CVE-2020-24379 | WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.... | E S | |
| CVE-2020-24381 | GUnet Open eClass Platform (aka openeclass) before 3.11 might allow remote attackers to read student... | E S | |
| CVE-2020-24383 | An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS quer... | | |
| CVE-2020-24384 | A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Re... | S | |
| CVE-2020-24385 | In MidnightBSD before 1.2.6 and 1.3 before August 2020, and FreeBSD before 7, a NULL pointer derefer... | | |
| CVE-2020-24386 | An issue was discovered in Dovecot before 2.3.13. By using IMAP IDLE, an authenticated attacker can ... | | |
| CVE-2020-24387 | An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The func... | E | |
| CVE-2020-24388 | An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The funct... | E | |
| CVE-2020-24390 | eonweb in EyesOfNetwork before 5.3-7 does not properly escape the username on the /module/admin_logs... | S | |
| CVE-2020-24391 | mongo-express before 1.0.0 offers support for certain advanced syntax but implements this in an unsa... | S | |
| CVE-2020-24392 | In voloko twitter-stream 0.1.10, missing TLS hostname validation allows an attacker to perform a man... | E | |
| CVE-2020-24393 | TweetStream 2.6.1 uses the library eventmachine in an insecure way that does not have TLS hostname v... | E | |
| CVE-2020-24394 | In the Linux kernel before 5.7.8, fs/nfsd/vfs.c (in the NFS server) can set incorrect permissions on... | S | |
| CVE-2020-24395 | The USB firmware update script of homee Brain Cube v2 (2.28.2 and 2.28.4) devices allows an attacker... | | |
| CVE-2020-24396 | homee Brain Cube v2 (2.28.2 and 2.28.4) devices have sensitive SSH keys within downloadable and unen... | | |
| CVE-2020-24397 | An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An at... | | |
| CVE-2020-24400 | SQL injection allows arbitrary read from database | | |
| CVE-2020-24401 | Incorrect permissions following the deletion of a user role or deactivation of a user | | |
| CVE-2020-24402 | Incorrect permissions in the Integrations component could lead to unauthorized deletion of customer details via REST API | | |
| CVE-2020-24403 | Incorrect permissions could lead to unauthorized modification of inventory source data via REST API | | |
| CVE-2020-24404 | Incorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST API | | |
| CVE-2020-24405 | Incorrect permissions in Inventory module could lead to unauthorized modification of inventory stock data | | |
| CVE-2020-24406 | Document root path disclosure on Maintenance page | | |
| CVE-2020-24407 | Arbitrary code execution via file import functionality | | |
| CVE-2020-24408 | Stored XSS in customer address upload feature | | |
| CVE-2020-24409 | Adobe Illustrator PDF File Parsing Out-Of-Bounds Read Vulnerability | S | |
| CVE-2020-24410 | Adobe Illustrator PDF File Parsing Out-Of-Bounds Read Vulnerability | S | |
| CVE-2020-24411 | Adobe Illustrator PDF File Parsing Out-Of-Bounds Write Vulnerability | S | |
| CVE-2020-24412 | Adobe Illustrator Memory Corruption Vulnerability | S | |
| CVE-2020-24413 | Adobe Illustrator Memory Corruption Vulnerability | S | |
| CVE-2020-24414 | Adobe Illustrator Memory Corruption Vulnerability | S | |
| CVE-2020-24415 | Adobe Illustrator Memory Corruption Vulnerability | S | |
| CVE-2020-24416 | Blind stored XSS in Marketo Sales insight plugin for SalesForce | | |
| CVE-2020-24418 | Adobe After Effects Out-of-Bounds Read Vulnerability | S | |
| CVE-2020-24419 | Uncontrolled Search Path Element in Adobe After Effects for Windows | S | |
| CVE-2020-24420 | Uncontrolled Search Path Element in Adobe Photoshop for Windows | S | |
| CVE-2020-24421 | Adobe InDesign 15.1.2 NULL Pointer Dereference Bug | | |
| CVE-2020-24422 | Uncontrolled Search Path in Creative Cloud Desktop Application | | |
| CVE-2020-24423 | Uncontrolled Search Path in Adobe Media Encoder for Windows | | |
| CVE-2020-24424 | Uncontrolled Search Path in Adobe Premiere Pro for Windows | | |
| CVE-2020-24425 | Privilege escalation vulnerability in Dreamweaver version 20.2 | S | |
| CVE-2020-24426 | Acrobat Reader DC Out-Of-Bounds Read Information Disclosure Vulnerability | | |
| CVE-2020-24427 | Acrobat Reader DC Codec Input Validation Vulnerability Could Lead to Information Disclosure | | |
| CVE-2020-24428 | Acrobat Reader DC for macOS Race Condition Vulnerability Could Lead to Privilege Escalation | | |
| CVE-2020-24429 | Acrobat Reader DC for macOS Signature Verification Bypass Could Lead to Privilege Escalation | | |
| CVE-2020-24430 | Acrobat Pro DC Use-After-Free vulnerability Could Lead to Arbitrary Code Execution | | |
| CVE-2020-24431 | Acrobat Reader DC for macOS Dynamic Library Injection Vulnerability | | |
| CVE-2020-24432 | Acrobat Reader DC Arbitrary JavaScript Execution in PDF Documents | | |
| CVE-2020-24433 | Adobe Acrobat Reader DC Local Privilege Escalation via Installer Component | | |
| CVE-2020-24434 | Acrobat Pro DC Out-Of-Bounds Read Vulnerability Could Lead to Information Disclosure | | |
| CVE-2020-24435 | Acrobat Reader DC Heap-based Buffer Overflow Could Lead to Arbitrary Code Execution | | |
| CVE-2020-24436 | Acrobat Pro DC PDF Export Out-Of-Bounds Write Vulnerability Could Lead to Arbitrary Code Execution | | |
| CVE-2020-24437 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead to Arbitrary Code Execution | | |
| CVE-2020-24438 | Acrobat Reader DC Use-After-Free Vulnerability Could Lead to Information Disclosure | | |
| CVE-2020-24439 | Acrobat Reader DC for macOS Signature Validation Bypass | S | |
| CVE-2020-24440 | Uncontrolled Search Path Element in Adobe Prelude for Windows | S | |
| CVE-2020-24441 | Improper Access Control in Adobe Acrobat Reader for Android | S | |
| CVE-2020-24442 | Reflected Cross-Site Scripting (XSS) in Adobe Connect | | |
| CVE-2020-24443 | Reflected Cross-Site Scripting (XSS) in Adobe Connect | | |
| CVE-2020-24444 | Blind SSRF in Forms add-on for AEM | | |
| CVE-2020-24445 | Cross-site Scripting Vulnerability in Commenting Function of Adobe Experience Manager (AEM) | | |
| CVE-2020-24447 | Uncontrolled Search Path Element vulnerability in Lightroom Classic 10.0 | S | |
| CVE-2020-24448 | Uncaught exception in some Intel(R) Graphics Drivers before version 15.33.51.5146 may allow an authe... | | |
| CVE-2020-24449 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24450 | Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32... | | |
| CVE-2020-24451 | Uncontrolled search path in the Intel(R) Optane(TM) DC Persistent Memory installer for Windows* befo... | S | |
| CVE-2020-24452 | Improper input validation in the Intel(R) SGX Platform Software for Windows* may allow an authentica... | S | |
| CVE-2020-24453 | Improper input validation in the Intel(R) EPID SDK before version 8, may allow an authenticated user... | S | |
| CVE-2020-24454 | Improper Restriction of XML External Entity Reference in subsystem forIntel(R) Quartus(R) Prime Pro ... | S | |
| CVE-2020-24455 | Missing initialization of a variable in the TPM2 source may allow a privileged user to potentially e... | S | |
| CVE-2020-24456 | Incorrect default permissions in the Intel(R) Board ID Tool version v.1.01 may allow an authenticate... | | |
| CVE-2020-24457 | Logic error in BIOS firmware for 8th, 9th and 10th Generation Intel(R) Core(TM) Processors may allow... | | |
| CVE-2020-24458 | Incomplete cleanup in some Intel(R) PROSet/Wireless WiFi and Killer (TM) drivers before version 22.0... | S | |
| CVE-2020-24459 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24460 | Incorrect default permissions in the Intel(R) DSA before version 20.8.30.6 may allow an authenticate... | | |
| CVE-2020-24461 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24462 | Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.... | | |
| CVE-2020-24463 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24464 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24465 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24466 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24467 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24468 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24469 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24470 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24471 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24472 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24473 | Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute ... | | |
| CVE-2020-24474 | Buffer overflow in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modu... | | |
| CVE-2020-24475 | Improper initialization in the BMC firmware for some Intel(R) Server Boards, Server Systems and Comp... | | |
| CVE-2020-24476 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24477 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24478 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24479 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24480 | Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to poten... | S | |
| CVE-2020-24481 | Insecure inherited permissions for the Intel(R) Quartus Prime Pro and Standard edition software may ... | S | |
| CVE-2020-24482 | Improper buffer restrictions in firmware for Intel(R) 7360 Cell Modem before UDE version 9.4.370 may... | | |
| CVE-2020-24483 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24484 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24485 | Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may ... | | |
| CVE-2020-24486 | Improper input validation in the firmware for some Intel(R) Processors may allow an authenticated us... | S | |
| CVE-2020-24487 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24488 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24489 | Incomplete cleanup in some Intel(R) VT-d products may allow an authenticated user to potentially ena... | | |
| CVE-2020-24490 | Improper buffer restrictions in BlueZ may allow an unauthenticated user to potentially enable denial... | S | |
| CVE-2020-24491 | Debug message containing addresses of memory transactions in some Intel(R) 10th Generation Core Proc... | S | |
| CVE-2020-24492 | Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version... | S | |
| CVE-2020-24493 | Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers befo... | S | |
| CVE-2020-24494 | Insufficient access control in the firmware for the Intel(R) 722 Ethernet Controllers before version... | S | |
| CVE-2020-24495 | Insufficient access control in the firmware for the Intel(R) 700-series of Ethernet Controllers befo... | S | |
| CVE-2020-24496 | Insufficient input validation in the firmware for Intel(R) 722 Ethernet Controllers before version 1... | S | |
| CVE-2020-24497 | Insufficient Access Control in the firmware for Intel(R) E810 Ethernet Controllers before version 1.... | S | |
| CVE-2020-24498 | Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may a... | S | |
| CVE-2020-24499 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24500 | Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may a... | S | |
| CVE-2020-24501 | Buffer overflow in the firmware for Intel(R) E810 Ethernet Controllers before version 1.4.1.13 may a... | S | |
| CVE-2020-24502 | Improper input validation in some Intel(R) Ethernet E810 Adapter drivers for Linux before version 1.... | S | |
| CVE-2020-24503 | Insufficient access control in some Intel(R) Ethernet E810 Adapter drivers for Linux before version ... | S | |
| CVE-2020-24504 | Uncontrolled resource consumption in some Intel(R) Ethernet E810 Adapter drivers for Linux before ve... | S | |
| CVE-2020-24505 | Insufficient input validation in the firmware for the Intel(R) 700-series of Ethernet Controllers be... | S | |
| CVE-2020-24506 | Out of bound read in a subsystem in the Intel(R) CSME versions before 12.0.81, 13.0.47, 13.30.17, 14... | | |
| CVE-2020-24507 | Improper initialization in a subsystem in the Intel(R) CSME versions before 11.8.86, 11.12.86, 11.22... | | |
| CVE-2020-24508 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24509 | Insufficient control flow management in subsystem in Intel(R) SPS versions before SPS_E3_05.01.04.30... | | |
| CVE-2020-24510 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24511 | Improper isolation of shared resources in some Intel(R) Processors may allow an authenticated user t... | | |
| CVE-2020-24512 | Observable timing discrepancy in some Intel(R) Processors may allow an authenticated user to potenti... | | |
| CVE-2020-24513 | Domain-bypass transient execution vulnerability in some Intel Atom(R) Processors may allow an authen... | | |
| CVE-2020-24514 | Improper authentication in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to pote... | | |
| CVE-2020-24515 | Protection mechanism failure in some Intel(R) RealSense(TM) IDs may allow an unauthenticated user to... | | |
| CVE-2020-24516 | Modification of assumed-immutable data in subsystem in Intel(R) CSME versions before 13.0.47, 13.30.... | | |
| CVE-2020-24517 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24518 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24519 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24520 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24521 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24522 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24523 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24524 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24525 | Insecure inherited permissions in firmware update tool for some Intel(R) NUCs may allow an authentic... | | |
| CVE-2020-24526 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24527 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24528 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24529 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24530 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24531 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24532 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24533 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24534 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24535 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24536 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24537 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24538 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24539 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24540 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24541 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24542 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24543 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24544 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24545 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24546 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24547 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-24548 | Ericom Access Server 9.2.0 (for AccessNow and Ericom Blaze) allows SSRF to make outbound WebSocket c... | E | |
| CVE-2020-24549 | openMAINT before 1.1-2.4.2 allows remote authenticated users to run arbitrary JSP code on the underl... | E | |
| CVE-2020-24550 | An Open Redirect vulnerability in EpiServer Find before 13.2.7 allows an attacker to redirect users ... | E | |
| CVE-2020-24551 | IProom MMC+ Server - URL Redirection to Untrusted Site (Open Redirect') | S | |
| CVE-2020-24552 | Atop Technology 3G/4G LTE Cellular to Ethernet and Serial Secure Industrial Gateway - Command Injection | S | |
| CVE-2020-24553 | Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI h... | E S | |
| CVE-2020-24554 | The redirect module in Liferay Portal before 7.3.3 does not limit the number of URLs resulting in a ... | | |
| CVE-2020-24556 | A vulnerability in Trend Micro Apex One, OfficeScan XG SP1, Worry-Free Business Security 10 SP1 and ... | | |
| CVE-2020-24557 | A vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 on Microsoft Windo... | KEV | |
| CVE-2020-24558 | A vulnerability in an Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Bus... | | |
| CVE-2020-24559 | A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Busine... | | |
| CVE-2020-24560 | An incomplete SSL server certification validation vulnerability in the Trend Micro Security 2019 (v1... | | |
| CVE-2020-24561 | A command injection vulnerability in Trend Micro ServerProtect for Linux 3.0 could allow an attacker... | | |
| CVE-2020-24562 | A vulnerability in Trend Micro OfficeScan XG SP1 on Microsoft Windows may allow an attacker to creat... | | |
| CVE-2020-24563 | A vulnerability in Trend Micro Apex One may allow a local attacker to manipulate the process of the ... | | |
| CVE-2020-24564 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc... | | |
| CVE-2020-24565 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc... | | |
| CVE-2020-24566 | In Octopus Deploy 2020.3.x before 2020.3.4 and 2020.4.x before 2020.4.1, if an authenticated user cr... | | |
| CVE-2020-24567 | voidtools Everything before 1.4.1 Beta Nightly 2020-08-18 allows privilege escalation via a Trojan h... | E | |
| CVE-2020-24568 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a b... | | |
| CVE-2020-24569 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a b... | | |
| CVE-2020-24570 | An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.1. There is a C... | | |
| CVE-2020-24571 | NexusQA NexusDB before 4.50.23 allows the reading of files via ../ directory traversal.... | E | |
| CVE-2020-24572 | An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an atta... | E S | |
| CVE-2020-24573 | BAB TECHNOLOGIE GmbH eibPort V3 prior to 3.8.3 devices allow denial of service (Uncontrolled Resourc... | E | |
| CVE-2020-24574 | The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/... | E | |
| CVE-2020-24576 | Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\S... | | |
| CVE-2020-24577 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. The ... | E | |
| CVE-2020-24578 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It h... | E | |
| CVE-2020-24579 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. An u... | E | |
| CVE-2020-24580 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. Lack... | E | |
| CVE-2020-24581 | An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It c... | E | |
| CVE-2020-24582 | Zulip Desktop before 5.4.3 allows XSS because string escaping is mishandled during composition of th... | | |
| CVE-2020-24583 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when P... | S | |
| CVE-2020-24584 | An issue was discovered in Django 2.2 before 2.2.16, 3.0 before 3.0.10, and 3.1 before 3.1.1 (when P... | S | |
| CVE-2020-24585 | An issue was discovered in the DTLS handshake implementation in wolfSSL before 4.5.0. Clear DTLS app... | | |
| CVE-2020-24586 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent... | E | |
| CVE-2020-24587 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent... | E | |
| CVE-2020-24588 | The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent... | E | |
| CVE-2020-24589 | The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Exter... | S | |
| CVE-2020-24590 | The Management Console in WSO2 API Manager through 3.1.0 and API Microgateway 2.2.0 allows XML Entit... | | |
| CVE-2020-24591 | The Management Console in certain WSO2 products allows XXE attacks during EventReceiver updates. Thi... | | |
| CVE-2020-24592 | Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request... | | |
| CVE-2020-24593 | Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Inject... | | |
| CVE-2020-24594 | Mitel MiCloud Management Portal before 6.1 SP5 could allow an unauthenticated attacker to execute ar... | | |
| CVE-2020-24595 | Mitel MiCloud Management Portal before 6.1 SP5 could allow an attacker, by sending a crafted request... | | |
| CVE-2020-24598 | An issue was discovered in Joomla! before 3.9.21. Lack of input validation in the vote feature of co... | | |
| CVE-2020-24599 | An issue was discovered in Joomla! before 3.9.21. Lack of escaping in mod_latestactions allows XSS a... | | |
| CVE-2020-24600 | Shilpi CAPExWeb 1.1 allows SQL injection via a servlet/capexweb.cap_sendMail GET request.... | E | |
| CVE-2020-24601 | In Ignite Realtime Openfire 4.5.1 a Stored Cross-site Vulnerability allows an attacker to execute an... | E | |
| CVE-2020-24602 | Ignite Realtime Openfire 4.5.1 has a reflected Cross-site scripting vulnerability which allows an at... | E | |
| CVE-2020-24604 | A Reflected XSS vulnerability was discovered in Ignite Realtime Openfire version 4.5.1. The XSS vuln... | E | |
| CVE-2020-24606 | Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consumi... | S | |
| CVE-2020-24609 | TechKshetra Info Solutions Pvt. Ltd Savsoft Quiz 5.5 and earlier has XSS which can result in an atta... | | |
| CVE-2020-24612 | An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24... | S | |
| CVE-2020-24613 | wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAIT_CERT_CR state, within SanityCheckTls... | E | |
| CVE-2020-24614 | Fossil before 2.10.2, 2.11.x before 2.11.2, and 2.12.x before 2.12.1 allows remote authenticated use... | | |
| CVE-2020-24615 | Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via... | | |
| CVE-2020-24616 | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadg... | S | |
| CVE-2020-24617 | Mailtrain through 1.24.1 allows SQL Injection in statsClickedSubscribersByColumn in lib/models/campa... | E S | |
| CVE-2020-24618 | In JetBrains YouTrack versions before 2020.3.4313, 2020.2.11008, 2020.1.11011, 2019.1.65514, 2019.2.... | | |
| CVE-2020-24619 | In mainwindow.cpp in Shotcut before 20.09.13, the upgrade check misuses TLS because of setPeerVerify... | S | |
| CVE-2020-24620 | Unisys Stealth(core) before 4.0.134 stores passwords in a recoverable format. Therefore, a search of... | | |
| CVE-2020-24621 | A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry... | E S | |
| CVE-2020-24622 | In Sonatype Nexus Repository 3.26.1, an S3 secret key can be exposed by an admin user.... | | |
| CVE-2020-24623 | A potential security vulnerability has been identified in Hewlett Packard Enterprise Universal API F... | | |
| CVE-2020-24624 | Unathenticated directory traversal in the DownloadServlet class execute() method can lead to arbitra... | | |
| CVE-2020-24625 | Unathenticated directory traversal in the ReceiverServlet class doGet() method can lead to arbitrary... | | |
| CVE-2020-24626 | Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrar... | | |
| CVE-2020-24627 | A remote stored xss vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4x1Ex... | | |
| CVE-2020-24628 | A remote code injection vulnerability was discovered in HPE KVM IP Console Switches version(s): G2 4... | | |
| CVE-2020-24629 | A remote urlaccesscontroller authentication bypass vulnerability was discovered in HPE Intelligent M... | | |
| CVE-2020-24630 | A remote operatoronlinelist_content privilege escalation vulnerability was discovered in HPE Intelli... | | |
| CVE-2020-24631 | A remote execution of arbitrary commands vulnerability was discovered in Aruba Airwave Software vers... | | |
| CVE-2020-24632 | A remote execution of arbitrary commandss vulnerability was discovered in Aruba Airwave Software ver... | | |
| CVE-2020-24633 | There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code ex... | | |
| CVE-2020-24634 | An attacker is able to remotely inject arbitrary commands by sending especially crafted packets dest... | | |
| CVE-2020-24635 | A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access P... | S | |
| CVE-2020-24636 | A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access P... | S | |
| CVE-2020-24637 | Two vulnerabilities in ArubaOS GRUB2 implementation allows for an attacker to bypass secureboot. Suc... | | |
| CVE-2020-24638 | Multiple authenticated remote command executions are possible in Airwave Glass before 1.3.3 via the ... | | |
| CVE-2020-24639 | There is a vulnerability caused by unsafe Java deserialization that allows for arbitrary command exe... | | |
| CVE-2020-24640 | There is a vulnerability caused by insufficient input validation that allows for arbitrary command e... | | |
| CVE-2020-24641 | In Aruba AirWave Glass before 1.3.3, there is a Server-Side Request Forgery vulnerability through an... | | |
| CVE-2020-24642 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2020-24643 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2020-24644 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2020-24645 | Rejected reason: CVE was unused by HPE.... | R | |
| CVE-2020-24646 | A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE I... | | |
| CVE-2020-24647 | A remote accessmgrservlet classname input validation code execution vulnerability was discovered in ... | | |
| CVE-2020-24648 | A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability w... | | |
| CVE-2020-24649 | A remote bytemessageresource transformentity" input validation code execution vulnerability was disc... | | |
| CVE-2020-24650 | A legend expression language injection remote code execution vulnerability was discovered in HPE Int... | | |
| CVE-2020-24651 | A syslogtempletselectwin expression language injection remote code execution vulnerability was disco... | | |
| CVE-2020-24652 | A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discover... | | |
| CVE-2020-24653 | secure-store in Expo through 2.16.1 on iOS provides the insecure kSecAttrAccessibleAlwaysThisDeviceO... | S | |
| CVE-2020-24654 | In KDE Ark before 20.08.1, a crafted TAR archive with symlinks can install files outside the extract... | S | |
| CVE-2020-24655 | A race condition in the Twilio Authy 2-Factor Authentication application before 24.3.7 for Android a... | | |
| CVE-2020-24656 | Maltego before 4.2.12 allows XXE attacks.... | E | |
| CVE-2020-24658 | Arm Compiler 5 through 5.06u6 has an error in a stack protection feature designed to help spot stack... | | |
| CVE-2020-24659 | An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in ... | E | |
| CVE-2020-24660 | An issue was discovered in LemonLDAP::NG through 2.0.8, when NGINX is used. An attacker may bypass U... | E | |
| CVE-2020-24661 | GNOME Geary before 3.36.3 mishandles pinned TLS certificate verification for IMAP and SMTP services ... | E | |
| CVE-2020-24662 | SmartStream Transaction Lifecycle Management (TLM) Reconciliation Premium (RP) <3.1.0 allows XSS. Th... | | |
| CVE-2020-24663 | Trace Financial CRESTBridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0.... | | |
| CVE-2020-24664 | The dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site sc... | | |
| CVE-2020-24665 | The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains an XML Entity Expansion i... | | |
| CVE-2020-24666 | The Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a stored Cross-site script... | | |
| CVE-2020-24667 | Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which w... | | |
| CVE-2020-24668 | Trace Financial Crest Bridge <6.3.0.02 contains a stored XSS vulnerability, which was fixed in 6.3.0... | | |
| CVE-2020-24669 | The New Analysis Report in Hitachi Vantara Pentaho through 7.x - 8.x contains a DOM-based Cross-site... | | |
| CVE-2020-24670 | The Dashboard Editor in Hitachi Vantara Pentaho through 7.x - 8.x contains a reflected Cross-site sc... | | |
| CVE-2020-24671 | Trace Financial CRESTBridge <6.3.0.02 contains an authenticated SQL injection vulnerability, which w... | | |
| CVE-2020-24672 | ABB Base Software for SoftControl Remote Code Execution vulnerability | M | |
| CVE-2020-24673 | SQL Injection in Symphony Plus | M | |
| CVE-2020-24674 | Improper Authorization in Symphony Plus | M | |
| CVE-2020-24675 | Weak Authentication in Symphony Plus | M | |
| CVE-2020-24676 | Insecure Windows Services in Symphony Plus | M | |
| CVE-2020-24677 | Insecure Web Service in Symphony Plus | M | |
| CVE-2020-24678 | Potential Privilege Escalation in Symphony Plus | M | |
| CVE-2020-24679 | Denial of Service attack on Symphony Plus | M | |
| CVE-2020-24680 | Improper Credential Storage in Symphony Plus | M | |
| CVE-2020-24681 | Automation Studio and PVI Multiple incorrect permission assignments for services | M | |
| CVE-2020-24682 | Automation Studio and PVI Multiple unquoted service path vulnerabilities | M | |
| CVE-2020-24683 | Authentication Bypass in Symphony Plus | M | |
| CVE-2020-24685 | AC500 V2 unauthenticated crafter packet vulnerability | S | |
| CVE-2020-24686 | AC500 V2 webserver denial of service vulnerability | | |
| CVE-2020-24692 | The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execu... | | |
| CVE-2020-24693 | The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow a local attacker to ... | | |
| CVE-2020-24696 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig ... | | |
| CVE-2020-24697 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig ... | | |
| CVE-2020-24698 | An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig ... | | |
| CVE-2020-24699 | The Chamber Dashboard Business Directory plugin 3.2.8 for WordPress allows XSS.... | E | |
| CVE-2020-24700 | OX App Suite through 7.10.3 allows SSRF because GET requests are sent to arbitrary domain names with... | E | |
| CVE-2020-24701 | OX App Suite through 7.10.4 allows XSS via the app loading mechanism (the PATH_INFO to the /appsuite... | E | |
| CVE-2020-24703 | An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie m... | | |
| CVE-2020-24704 | An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects... | | |
| CVE-2020-24705 | An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie m... | | |
| CVE-2020-24706 | An issue was discovered in certain WSO2 products. The Try It tool allows Reflected XSS. This affects... | | |
| CVE-2020-24707 | Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content.... | E S | |
| CVE-2020-24708 | Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the Host field on the send pro... | E S | |
| CVE-2020-24709 | Cross Site Scripting (XSS) vulnerability in Gophish through 0.10.1 via a crafted landing page or ema... | E | |
| CVE-2020-24710 | Gophish before 0.11.0 allows SSRF attacks.... | E S | |
| CVE-2020-24711 | The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a d... | E S | |
| CVE-2020-24712 | Cross Site Scripting (XSS) vulnerability in Gophish before 0.11.0 via the IMAP Host field on the acc... | E S | |
| CVE-2020-24713 | Gophish through 0.10.1 does not invalidate the gophish cookie upon logout.... | E | |
| CVE-2020-24714 | The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances... | E | |
| CVE-2020-24715 | The Scalyr Agent before 2.1.10 has Missing SSL Certificate Validation because, in some circumstances... | E | |
| CVE-2020-24716 | OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.... | E S | |
| CVE-2020-24717 | OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions,... | E S | |
| CVE-2020-24718 | bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana ... | E | |
| CVE-2020-24719 | Exposed Erlang Cookie could lead to Remote Command Execution (RCE) attack. Communication between Erl... | | |
| CVE-2020-24721 | An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-... | | |
| CVE-2020-24722 | An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications) protocol through 2020-... | E | |
| CVE-2020-24723 | Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul U... | E | |
| CVE-2020-24736 | Buffer Overflow vulnerability found in SQLite3 v.3.27.1 and before allows a local attacker to cause ... | E S | |
| CVE-2020-24739 | A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When... | E | |
| CVE-2020-24740 | An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a ... | E | |
| CVE-2020-24741 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-0570. Reason: This candidate... | R | |
| CVE-2020-24742 | An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative ... | S | |
| CVE-2020-24743 | An issue was found in /showReports.do Zoho ManageEngine Applications Manager up to 14550, allows att... | | |
| CVE-2020-24750 | FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadg... | S | |
| CVE-2020-24753 | A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020... | E S | |
| CVE-2020-24755 | In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the... | E | |
| CVE-2020-24765 | InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diag... | E | |
| CVE-2020-24769 | SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows remote attackers to execute ar... | E | |
| CVE-2020-24770 | SQL injection vulnerability in modrules.php in NexusPHP 1.5 allows remote attackers to execute arbit... | E | |
| CVE-2020-24771 | Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access publ... | E | |
| CVE-2020-24772 | In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with... | E | |
| CVE-2020-24786 | An issue was discovered in Zoho ManageEngine Exchange Reporter Plus before build number 5510, AD360 ... | | |
| CVE-2020-24791 | FUEL CMS 1.4.8 allows SQL injection via the 'fuel_replace_id' parameter in pages/replace/1. Exploiti... | E | |
| CVE-2020-24794 | Cross Site Scripting (XSS) vulnerability in Kentico before 12.0.75.... | | |
| CVE-2020-24804 | Plaintext Password vulnerability in AddAdmin.py in cms-dev/cms v1.4.rc1, allows attackers to gain se... | | |
| CVE-2020-24807 | The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types... | | |
| CVE-2020-24815 | A Server-Side Request Forgery (SSRF) affecting the PDF generation in MicroStrategy 10.4, 2019 before... | E | |
| CVE-2020-24821 | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause ... | E | |
| CVE-2020-24822 | A vulnerability in the dwarf::cursor::uleb function of Libelfin v0.3 allows attackers to cause a den... | E | |
| CVE-2020-24823 | A vulnerability in the dwarf::to_string function of Libelfin v0.3 allows attackers to cause a denial... | E | |
| CVE-2020-24824 | A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows... | E | |
| CVE-2020-24825 | A vulnerability in the line_table::line_table function of Libelfin v0.3 allows attackers to cause a ... | E | |
| CVE-2020-24826 | A vulnerability in the elf::section::as_strtab function of Libelfin v0.3 allows attackers to cause a... | E | |
| CVE-2020-24827 | A vulnerability in the dwarf::cursor::skip_form function of Libelfin v0.3 allows attackers to cause ... | E | |
| CVE-2020-24829 | An issue was discovered in GPAC from v0.5.2 to v0.8.0, as demonstrated by MP4Box. It contains a heap... | E S | |
| CVE-2020-24837 | An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' a... | S | |
| CVE-2020-24838 | An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be... | S | |
| CVE-2020-24841 | PNPSCADA 2.200816204020 allows SQL injection via parameter 'interf' in /browse.jsp. Exploiting this ... | E | |
| CVE-2020-24842 | PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in... | | |
| CVE-2020-24847 | A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a ... | E | |
| CVE-2020-24848 | FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an ... | E | |
| CVE-2020-24849 | A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly esc... | E | |
| CVE-2020-24855 | Directory Traversal vulnerability in easywebpack-cli before 4.5.2 allows attackers to obtain sensiti... | E | |
| CVE-2020-24857 | Cross Site Scripting vulnerabilty found in IXPManager v.5.6.0 allows attackers to excute arbitrary c... | S | |
| CVE-2020-24860 | CMS Made Simple 2.2.14 allows an authenticated user with access to the Content Manager to edit conte... | E | |
| CVE-2020-24861 | GetSimple CMS 3.3.16 allows in parameter 'permalink' on the Settings page persistent Cross Site Scri... | E | |
| CVE-2020-24862 | The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to... | E | |
| CVE-2020-24863 | A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD bef... | E S | |
| CVE-2020-24870 | Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify... | S | |
| CVE-2020-24872 | Cross Site Scripting (XSS) vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, al... | | |
| CVE-2020-24876 | Use of a hard-coded cryptographic key in Pancake versions < 4.13.29 allows an attacker to forge sess... | | |
| CVE-2020-24877 | A SQL injection vulnerability in zzzphp v1.8.0 through /form/index.php?module=getjson may lead to a ... | E | |
| CVE-2020-24881 | SSRF exists in osTicket before 1.14.3, where an attacker can add malicious file to server or perform... | E S | |
| CVE-2020-24889 | A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/... | E | |
| CVE-2020-24890 | libraw 20.0 has a null pointer dereference vulnerability in parse_tiff_ifd in src/metadata/tiff.cpp,... | E | |
| CVE-2020-24891 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-24897 | The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow... | | |
| CVE-2020-24898 | The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allow... | | |
| CVE-2020-24899 | Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user ca... | E | |
| CVE-2020-24900 | The default installation of Krpano Panorama Viewer version <=1.20.8 is prone to Reflected XSS due to... | E | |
| CVE-2020-24901 | The default installation of Krpano Panorama Viewer version <=1.20.8 is vulnerable to Reflected XSS d... | E | |
| CVE-2020-24902 | Quixplorer <=2.4.1 is vulnerable to reflected cross-site scripting (XSS) caused by improper validati... | E | |
| CVE-2020-24903 | Cute Editor for ASP.NET 6.4 is vulnerable to reflected cross-site scripting (XSS) caused by improper... | E | |
| CVE-2020-24904 | An issue was discovered in attach parameter in GNOME Gmail version 2.5.4, allows remote attackers to... | E | |
| CVE-2020-24908 | Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell scri... | | |
| CVE-2020-24912 | A reflected cross-site scripting (XSS) vulnerability in qcubed (all versions including 3.1.1) in pro... | E S | |
| CVE-2020-24913 | A SQL injection vulnerability in qcubed (all versions including 3.1.1) in profile.php via the strQue... | E S | |
| CVE-2020-24914 | A PHP object injection bug in profile.php in qcubed (all versions including 3.1.1) unserializes the ... | E S | |
| CVE-2020-24916 | CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.... | E S | |
| CVE-2020-24917 | osTicket before 1.14.3 allows XSS via a crafted filename to DraftAjaxAPI::_uploadInlineImage() in in... | S | |
| CVE-2020-24918 | A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthe... | E | |
| CVE-2020-24922 | Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version... | E | |
| CVE-2020-24924 | A Persistent Cross-site Scripting vulnerability is found in ElkarBackup v1.3.3, where an attacker ca... | E | |
| CVE-2020-24925 | A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is... | E | |
| CVE-2020-24928 | managers/socketManager.ts in PreMiD through 2.1.3 has a locally hosted socketio web server (port 302... | S | |
| CVE-2020-24930 | Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management sys... | E | |
| CVE-2020-24932 | An SQL Injection vulnerability exists in Sourcecodester Complaint Management System 1.0 via the cid ... | E | |
| CVE-2020-24939 | Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base... | E | |
| CVE-2020-24940 | An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are save... | | |
| CVE-2020-24941 | An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mi... | | |
| CVE-2020-24944 | picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via... | E | |
| CVE-2020-24948 | The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file pro... | E | |
| CVE-2020-24949 | Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not... | E | |
| CVE-2020-24950 | SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9,... | E | |
| CVE-2020-24955 | SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because i... | E | |
| CVE-2020-24963 | An Authenticated Persistent XSS vulnerability was discovered in the Best Support System, tested vers... | | |
| CVE-2020-24972 | The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to exe... | E S | |
| CVE-2020-24977 | GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesIntern... | E S | |
| CVE-2020-24978 | In NASM 2.15.04rc3, there is a double-free vulnerability in pp_tokline asm/preproc.c. This is fixed ... | E | |
| CVE-2020-24979 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-24980 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-24981 | An Incorrect Access Control vulnerability exists in /ucms/chk.php in UCMS 1.4.8. This results in inf... | E | |
| CVE-2020-24982 | An issue was discovered in Quadbase ExpressDashboard (EDAB) 7 Update 9. It allows CSRF. An attacker ... | E | |
| CVE-2020-24983 | An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can cr... | E | |
| CVE-2020-24984 | An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacke... | E | |
| CVE-2020-24985 | An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to n... | E | |
| CVE-2020-24986 | Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a... | E | |
| CVE-2020-24987 | Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a re... | | |
| CVE-2020-24990 | An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UD... | | |
| CVE-2020-24992 | There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is t... | E | |
| CVE-2020-24993 | There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is t... | E | |
| CVE-2020-24994 | Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote... | S | |
| CVE-2020-24995 | Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, ... | E S | |
| CVE-2020-24996 | There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in... | E | |
| CVE-2020-24999 | There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can ... | E |