| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-25004 | Heybbs v1.2 has a SQL injection vulnerability in user.php file via the ID parameter which may allow ... | | |
| CVE-2020-25005 | Heybbs v1.2 has a SQL injection vulnerability in msg.php file via the ID parameter which may allow a... | | |
| CVE-2020-25006 | Heybbs v1.2 has a SQL injection vulnerability in login.php file via the username parameter which may... | | |
| CVE-2020-25010 | An arbitrary code execution vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programmable Ser... | | |
| CVE-2020-25011 | A sensitive information disclosure vulnerability in Kyland KPS2204 6 Port Managed Din-Rail Programma... | | |
| CVE-2020-25013 | JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser prot... | | |
| CVE-2020-25014 | A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running... | | |
| CVE-2020-25015 | A specific router allows changing the Wi-Fi password remotely. Genexis Platinum 4410 V2-1.28, a comp... | E | |
| CVE-2020-25016 | A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) ... | E | |
| CVE-2020-25017 | Envoy through 1.15.0 only considers the first value when multiple header values are present for some... | E | |
| CVE-2020-25018 | Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicali... | | |
| CVE-2020-25019 | jitsi-meet-electron (aka Jitsi Meet Electron) before 2.3.0 calls the Electron shell.openExternal fun... | E S | |
| CVE-2020-25020 | MPXJ through 8.1.3 allows XXE attacks. This affects the GanttProjectReader and PhoenixReader compone... | S | |
| CVE-2020-25021 | An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allo... | S | |
| CVE-2020-25022 | An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() ... | S | |
| CVE-2020-25023 | An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() all... | S | |
| CVE-2020-25025 | The l10nmgr (aka Localization Manager) extension before 7.4.0, 8.x before 8.7.0, and 9.x before 9.2.... | S | |
| CVE-2020-25026 | The sf_event_mgt (aka Event management and registration) extension before 4.3.1 and 5.x before 5.1.1... | | |
| CVE-2020-25031 | checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation ... | E | |
| CVE-2020-25032 | An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ di... | | |
| CVE-2020-25033 | The Blubrry subscribe-sidebar (aka Subscribe Sidebar) plugin 1.3.1 for WordPress allows subscribe_si... | | |
| CVE-2020-25034 | eMPS prior to eMPS 9.0 FireEye EX 3500 devices allows remote authenticated users to conduct SQL inje... | E | |
| CVE-2020-25035 | UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_c... | E | |
| CVE-2020-25036 | UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administ... | | |
| CVE-2020-25037 | UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escap... | E | |
| CVE-2020-25039 | Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fak... | M | |
| CVE-2020-25040 | Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit ... | M | |
| CVE-2020-25042 | An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must ha... | E | |
| CVE-2020-25043 | The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file delet... | | |
| CVE-2020-25044 | Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption t... | | |
| CVE-2020-25045 | Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prio... | | |
| CVE-2020-25046 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The USB... | | |
| CVE-2020-25047 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (released in China and Ind... | | |
| CVE-2020-25048 | An issue was discovered on Samsung mobile devices with Q(10.0) (with ONEUI 2.1) software. In the Loc... | | |
| CVE-2020-25049 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. StatusBarService... | | |
| CVE-2020-25050 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service ... | | |
| CVE-2020-25051 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can by... | | |
| CVE-2020-25052 | An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx... | | |
| CVE-2020-25053 | An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP a... | | |
| CVE-2020-25054 | An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chi... | | |
| CVE-2020-25055 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The per... | | |
| CVE-2020-25056 | An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL im... | | |
| CVE-2020-25057 | An issue was discovered on LG mobile devices with Android OS 10 software. MDMService does not proper... | | |
| CVE-2020-25058 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9, and 10 software. The netwo... | | |
| CVE-2020-25059 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A se... | | |
| CVE-2020-25060 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Loca... | | |
| CVE-2020-25061 | An issue was discovered on LG mobile devices with Android OS 9 and 10 software on the VZW network. l... | | |
| CVE-2020-25062 | An issue was discovered on LG mobile devices with Android OS 9 and 10 software. LGTelephonyProvider ... | | |
| CVE-2020-25063 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An a... | | |
| CVE-2020-25064 | An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1,... | | |
| CVE-2020-25065 | An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1,... | | |
| CVE-2020-25066 | A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attack... | | |
| CVE-2020-25067 | NETGEAR R8300 devices before 1.0.2.134 are affected by command injection by an unauthenticated attac... | | |
| CVE-2020-25068 | Setelsa Conacwin v3.7.1.2 is vulnerable to a local file inclusion vulnerability. This vulnerability ... | E | |
| CVE-2020-25069 | USVN (aka User-friendly SVN) before 1.0.10 allows attackers to execute arbitrary code in the commit ... | | |
| CVE-2020-25070 | USVN (aka User-friendly SVN) before 1.0.10 allows CSRF, related to the lack of the SameSite Strict f... | | |
| CVE-2020-25071 | Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon ... | | |
| CVE-2020-25073 | FreedomBox through 20.13 allows remote attackers to obtain sensitive information from the /server-st... | E | |
| CVE-2020-25074 | The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a ... | | |
| CVE-2020-25078 | An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices... | KEV S | |
| CVE-2020-25079 | An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices... | KEV E S | |
| CVE-2020-25082 | An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) c... | | |
| CVE-2020-25084 | QEMU 5.0.0 has a use-after-free in hw/usb/hcd-xhci.c because the usb_packet_map return value is not ... | S | |
| CVE-2020-25085 | QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.... | E S | |
| CVE-2020-25086 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/adva... | S | |
| CVE-2020-25087 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/adva... | S | |
| CVE-2020-25088 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/blog... | S | |
| CVE-2020-25089 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecom... | S | |
| CVE-2020-25090 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/admin/views/ecom... | S | |
| CVE-2020-25091 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in application/modules/vendor/views/add... | S | |
| CVE-2020-25092 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in _parts/header.php, within applicatio... | S | |
| CVE-2020-25093 | Ecommerce-CodeIgniter-Bootstrap before 2020-08-03 allows XSS in blog.php. within application/views/t... | S | |
| CVE-2020-25094 | LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject a... | E | |
| CVE-2020-25095 | LogRhythm Platform Manager (PM) 7.4.9 allows CSRF. The Web interface is vulnerable to Cross-site Web... | | |
| CVE-2020-25096 | LogRhythm Platform Manager (PM) 7.4.9 has Incorrect Access Control. Users within LogRhythm can be de... | | |
| CVE-2020-25097 | An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validatio... | S | |
| CVE-2020-25102 | silverstripe-advancedreports (aka the Advanced Reports module for SilverStripe) 1.0 through 2.0 is v... | E | |
| CVE-2020-25104 | eramba c2.8.1 and Enterprise before e2.19.3 allows XSS via a crafted filename for a file attached to... | E | |
| CVE-2020-25105 | eramba c2.8.1 and Enterprise before e2.19.3 has a weak password recovery token (createHash has only ... | | |
| CVE-2020-25106 | Nanosystems SupRemo 4.1.3.2348 allows attackers to obtain LocalSystem access because File Manager ca... | E | |
| CVE-2020-25107 | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on wh... | | |
| CVE-2020-25108 | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data l... | | |
| CVE-2020-25109 | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queri... | | |
| CVE-2020-25110 | An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a do... | | |
| CVE-2020-25111 | An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for... | | |
| CVE-2020-25112 | An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for ... | | |
| CVE-2020-25115 | The Admin CP in vBulletin 5.6.3 allows XSS via an Occupation Title or Description to User Profile Fi... | E | |
| CVE-2020-25116 | The Admin CP in vBulletin 5.6.3 allows XSS via an Announcement Title to Channel Manager.... | E | |
| CVE-2020-25117 | The Admin CP in vBulletin 5.6.3 allows XSS via a Junior Member Title to User Title Manager.... | E | |
| CVE-2020-25118 | The Admin CP in vBulletin 5.6.3 allows XSS via a Style Options Settings Title to Styles Manager.... | E | |
| CVE-2020-25119 | The Admin CP in vBulletin 5.6.3 allows XSS via a Title of a Child Help Item in the Login/Logoff part... | E | |
| CVE-2020-25120 | The Admin CP in vBulletin 5.6.3 allows XSS via the admincp/search.php?do=dosearch URI.... | E | |
| CVE-2020-25121 | The Admin CP in vBulletin 5.6.3 allows XSS via the Paid Subscription Email Notification field in the... | E | |
| CVE-2020-25122 | The Admin CP in vBulletin 5.6.3 allows XSS via a Rank Type to User Rank Manager.... | E | |
| CVE-2020-25123 | The Admin CP in vBulletin 5.6.3 allows XSS via a Smilie Title to Smilies Manager.... | E | |
| CVE-2020-25124 | The Admin CP in vBulletin 5.6.3 allows XSS via an admincp/attachment.php&do=rebuild&type= URI.... | E | |
| CVE-2020-25125 | GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly u... | E S | |
| CVE-2020-25130 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25131 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25132 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25133 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | | |
| CVE-2020-25134 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | | |
| CVE-2020-25135 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25136 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25137 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25138 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25139 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25140 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | | |
| CVE-2020-25141 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25142 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | | |
| CVE-2020-25143 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | | |
| CVE-2020-25144 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | | |
| CVE-2020-25145 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | | |
| CVE-2020-25146 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25147 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | | |
| CVE-2020-25148 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | E | |
| CVE-2020-25149 | An issue was discovered in Observium Professional, Enterprise & Community 20.8.10631. It is vulnerab... | | |
| CVE-2020-25150 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25151 | The affected product does not properly validate input, which may allow an attacker to execute a deni... | | |
| CVE-2020-25152 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25153 | MOXA NPort IAW5000A-I/O Series | S | |
| CVE-2020-25154 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25155 | The affected product transmits unencrypted sensitive information, which may allow an attacker to acc... | | |
| CVE-2020-25156 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25157 | The R-SeeNet webpage (1.5.1 through 2.4.10) suffers from SQL injection, which allows a remote attack... | | |
| CVE-2020-25158 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25159 | Real Time Automation EtherNet/IP | | |
| CVE-2020-25160 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25161 | The WADashboard component of WebAccess/SCADA Versions 9.0 and prior may allow an attacker to control... | | |
| CVE-2020-25162 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25163 | OSIsoft PI Vision Cross-site Scripting | S | |
| CVE-2020-25164 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25165 | BD Alaris PC Unit, Model 8015, Versions 9.33.1 and earlier and BD Alaris Systems Manager, Versions 4... | | |
| CVE-2020-25166 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25167 | OSIsoft PI Vision Incorrect Authorization | S | |
| CVE-2020-25168 | B. Braun SpaceCom, Battery Pack SP with Wi-Fi, and Data module compactplus | S | |
| CVE-2020-25169 | Reolink P2P Cameras | | |
| CVE-2020-25170 | B. Braun OnlineSuite | | |
| CVE-2020-25171 | Fuji Electric V-Server Lite | S | |
| CVE-2020-25172 | B. Braun OnlineSuite | | |
| CVE-2020-25173 | Reolink P2P Cameras | | |
| CVE-2020-25174 | B. Braun OnlineSuite | | |
| CVE-2020-25175 | GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during tr... | | |
| CVE-2020-25176 | Rockwell Automation ISaGRAF5 Runtime Relative Path Traversal | S | |
| CVE-2020-25177 | WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been i... | | |
| CVE-2020-25178 | Rockwell Automation ISaGRAF5 Runtime Cleartext Transmission of Sensitive Information | S | |
| CVE-2020-25179 | GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during tr... | | |
| CVE-2020-25180 | Rockwell Automation ISaGRAF5 Runtime Use of Hard-coded Cryptographic Key | S | |
| CVE-2020-25181 | WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been... | | |
| CVE-2020-25182 | Rockwell Automation ISaGRAF5 Runtime Uncontrolled Search Path Element | S | |
| CVE-2020-25183 | Medtronic MyCareLink Smart Improper Authentication | S | |
| CVE-2020-25184 | Rockwell Automation ISaGRAF5 Runtime Unprotected Storage of Credentials | S | |
| CVE-2020-25185 | The affected product is vulnerable to five post-authentication buffer overflows, which may allow a l... | | |
| CVE-2020-25186 | An XXE vulnerability exists within LeviStudioU Release Build 2019-09-21 and prior when processing pa... | | |
| CVE-2020-25187 | Medtronic MyCareLink Smart Heap-based Buffer Overflow | S | |
| CVE-2020-25188 | An attacker who convinces a valid user to open a specially crafted project file to exploit could exe... | | |
| CVE-2020-25189 | The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthe... | | |
| CVE-2020-25190 | MOXA NPort IAW5000A-I/O Series | S | |
| CVE-2020-25191 | Incorrect permissions are set by default for an API entry-point of a specific service, allowing a no... | M | |
| CVE-2020-25192 | MOXA NPort IAW5000A-I/O Series | S | |
| CVE-2020-25193 | GE Reason RT43X Clocks Use of Hard-coded Cryptographic Key | S | |
| CVE-2020-25194 | MOXA NPort IAW5000A-I/O Series | S | |
| CVE-2020-25195 | The length of the input fields of Host Engineering H0-ECOM100, H2-ECOM100, and H4-ECOM100 modules ar... | | |
| CVE-2020-25196 | MOXA NPort IAW5000A-I/O Series | S | |
| CVE-2020-25197 | GE Reason RT43X Clocks Code Injection | S | |
| CVE-2020-25198 | MOXA NPort IAW5000A-I/O Series | S | |
| CVE-2020-25199 | A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09... | | |
| CVE-2020-25200 | Pritunl 1.29.2145.25 allows attackers to enumerate valid VPN usernames via a series of /auth/session... | E | |
| CVE-2020-25201 | HashiCorp Consul Enterprise version 1.7.0 up to 1.8.4 includes a namespace replication bug which can... | | |
| CVE-2020-25203 | The Framer Preview application 12 for Android exposes com.framer.viewer.FramerViewActivity to other ... | E | |
| CVE-2020-25204 | The God Kings application 0.60.1 for Android exposes a broadcast receiver to other apps called com.i... | E | |
| CVE-2020-25205 | The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in ... | E | |
| CVE-2020-25206 | The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command in... | E | |
| CVE-2020-25207 | JetBrains ToolBox before version 1.18 is vulnerable to Remote Code Execution via a browser protocol ... | | |
| CVE-2020-25208 | In JetBrains YouTrack before 2020.4.4701, an attacker could enumerate users via the REST API without... | | |
| CVE-2020-25209 | In JetBrains YouTrack before 2020.3.6638, improper access control for some subresources leads to inf... | | |
| CVE-2020-25210 | In JetBrains YouTrack before 2020.3.7955, an attacker could access workflow rules without appropriat... | | |
| CVE-2020-25211 | In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration co... | E S | |
| CVE-2020-25212 | A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local att... | S | |
| CVE-2020-25213 | The File Manager (wp-file-manager) plugin before 6.9 for WordPress allows remote attackers to upload... | KEV E S | |
| CVE-2020-25214 | In the client in Overwolf 0.149.2.30, a channel can be accessed or influenced by an actor that is no... | E | |
| CVE-2020-25215 | yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document.... | | |
| CVE-2020-25216 | yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML f... | | |
| CVE-2020-25217 | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allows Command Injection as r... | | |
| CVE-2020-25218 | Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication Bypass i... | | |
| CVE-2020-25219 | url::recvline in url.cpp in libproxy 0.4.x through 0.4.15 allows a remote HTTP server to trigger unc... | E | |
| CVE-2020-25220 | The Linux kernel 4.9.x before 4.9.233, 4.14.x before 4.14.194, and 4.19.x before 4.19.140 has a use-... | S | |
| CVE-2020-25221 | get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalati... | S | |
| CVE-2020-25223 | A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM before v9.705 MR5, v9.... | KEV E | |
| CVE-2020-25226 | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All... | | |
| CVE-2020-25228 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). A s... | | |
| CVE-2020-25229 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The... | | |
| CVE-2020-25230 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due... | | |
| CVE-2020-25231 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOG... | | |
| CVE-2020-25232 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). Due... | | |
| CVE-2020-25233 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The... | | |
| CVE-2020-25234 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3), LOG... | | |
| CVE-2020-25235 | A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (All versions < V8.3). The... | | |
| CVE-2020-25236 | A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA1) (All versions), LOGO! 12/... | | |
| CVE-2020-25237 | A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP1 Update 1), SINEMA Server (... | | |
| CVE-2020-25238 | A vulnerability has been identified in PCS neo (Administration Console) (All versions < V3.1), TIA P... | | |
| CVE-2020-25239 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). The webse... | | |
| CVE-2020-25240 | A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0). Unprivile... | | |
| CVE-2020-25241 | A vulnerability has been identified in SIMATIC MV400 family (All Versions < V7.0.6). The underlying ... | | |
| CVE-2020-25242 | A vulnerability has been identified in SIMATIC NET CP 343-1 Advanced (incl. SIPLUS variants) (All ve... | | |
| CVE-2020-25243 | A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). A zip slip vulnerab... | | |
| CVE-2020-25244 | A vulnerability has been identified in LOGO! Soft Comfort (All versions < V8.4). The software insecu... | | |
| CVE-2020-25245 | A vulnerability has been identified in DIGSI 4 (All versions < V4.94 SP1 HF 1). Several folders in t... | S | |
| CVE-2020-25247 | An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Directory t... | | |
| CVE-2020-25248 | An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.3... | | |
| CVE-2020-25249 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25250 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25251 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25252 | An issue was discovered in Hyland OnBase through 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.3... | | |
| CVE-2020-25253 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25254 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25255 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25256 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25257 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25258 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25259 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25260 | An issue was discovered in Hyland OnBase 16.0.2.83 and below, 17.0.2.109 and below, 18.0.0.37 and be... | | |
| CVE-2020-25262 | PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/pages/delete/ URI: page... | E | |
| CVE-2020-25263 | PyroCMS 3.7 is vulnerable to cross-site request forgery (CSRF) via the admin/addons/uninstall/anomal... | E | |
| CVE-2020-25265 | AppImage libappimage before 1.0.3 allows attackers to trigger an overwrite of a system-installed .de... | | |
| CVE-2020-25266 | AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid appimag... | | |
| CVE-2020-25267 | An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4.... | E | |
| CVE-2020-25268 | Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect paramet... | E | |
| CVE-2020-25269 | An issue was discovered in InspIRCd 2 before 2.0.29 and 3 before 3.6.0. The pgsql module contains a ... | S | |
| CVE-2020-25270 | PHPGurukul hostel-management-system 2.1 allows XSS via Guardian Name, Guardian Relation, Guardian Co... | E | |
| CVE-2020-25271 | PHPGurukul hospital-management-system-in-php 4.0 allows XSS via admin/patient-search.php, doctor/sea... | E | |
| CVE-2020-25272 | In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now... | E | |
| CVE-2020-25273 | In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login s... | E | |
| CVE-2020-25275 | Dovecot before 2.3.13 has Improper Input Validation in lda, lmtp, and imap, leading to an applicatio... | | |
| CVE-2020-25276 | An issue was discovered in PrimeKey EJBCA 6.x and 7.x before 7.4.1. When using a client certificate ... | | |
| CVE-2020-25278 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The Qur... | | |
| CVE-2020-25279 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets)... | | |
| CVE-2020-25280 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) softwa... | | |
| CVE-2020-25281 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 software. A... | | |
| CVE-2020-25282 | An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software (for t... | | |
| CVE-2020-25283 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT mana... | | |
| CVE-2020-25284 | The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete... | S | |
| CVE-2020-25285 | A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 co... | S | |
| CVE-2020-25286 | In wp-includes/comment-template.php in WordPress before 5.4.2, comments from a post or page could so... | S | |
| CVE-2020-25287 | Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template edi... | E | |
| CVE-2020-25288 | An issue was discovered in MantisBT before 2.24.3. When editing an Issue in a Project where a Custom... | E S | |
| CVE-2020-25289 | The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary fil... | E | |
| CVE-2020-25291 | GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a cr... | E | |
| CVE-2020-25340 | An issue was discovered in NFStream 5.2.0. Because some allocated modules are not correctly freed, i... | E | |
| CVE-2020-25343 | Cross-site scripting (XSS) vulnerabilities in Symphony CMS 3.0.0 allow remote attackers to inject ar... | E | |
| CVE-2020-25351 | An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This vuln... | E | |
| CVE-2020-25352 | A stored cross-site scripting (XSS) vulnerability in the /devices.php function inrConfig 3.9.5 has b... | E | |
| CVE-2020-25353 | A server-side request forgery (SSRF) vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This v... | E | |
| CVE-2020-25359 | An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerabili... | E | |
| CVE-2020-25362 | The id paramater in Online Shopping Alphaware 1.0 has been discovered to be vulnerable to an Error-B... | E | |
| CVE-2020-25366 | An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows attac... | E | |
| CVE-2020-25367 | A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices wi... | E | |
| CVE-2020-25368 | A command injection vulnerability was discovered in the HNAP1 protocol in D-Link DIR-823G devices wi... | E | |
| CVE-2020-25374 | CyberArk Privileged Session Manager (PSM) 10.9.0.15 allows attackers to discover internal pathnames ... | | |
| CVE-2020-25375 | Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting vi... | E | |
| CVE-2020-25378 | Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scrip... | E | |
| CVE-2020-25379 | Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Man... | E | |
| CVE-2020-25380 | Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting ... | E | |
| CVE-2020-25385 | Nagios Log Server 2.1.7 contains a cross-site scripting (XSS) vulnerability in /nagioslogserver/conf... | E | |
| CVE-2020-25391 | A cross site scripting vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary web scri... | E | |
| CVE-2020-25392 | A cross site scripting (XSS) vulnerability in CSZ CMS 1.2.9 allows attackers to execute arbitrary we... | E | |
| CVE-2020-25394 | A stored cross site scripting (XSS) vulnerability in moziloCMS 2.0 allows authenticated attackers to... | E | |
| CVE-2020-25398 | CSV Injection exists in InterMind iMind Server through 3.13.65 via the csv export functionality.... | E | |
| CVE-2020-25399 | Stored XSS in InterMind iMind Server through 3.13.65 allows any user to hijack another user's sessio... | E | |
| CVE-2020-25400 | Cross domain policies in Taskcafe Project Management tool before version 0.1.0 and 0.1.1 allows remo... | | |
| CVE-2020-25406 | app\admin\controller\sys\Uploads.php in lemocms 1.8.x allows users to upload files to upload executa... | E | |
| CVE-2020-25408 | A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System ... | | |
| CVE-2020-25409 | Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple... | | |
| CVE-2020-25411 | Projectworlds Online Examination System 1.0 is vulnerable to CSRF, which allows a remote attacker to... | | |
| CVE-2020-25412 | com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead ... | E | |
| CVE-2020-25414 | A local file inclusion vulnerability was discovered in the captcha function in Monstra 3.0.4 which a... | E | |
| CVE-2020-25422 | A cross site scripting (XSS) vulnerability in menuedit.php of Mara CMS 7.5 allows attackers to execu... | E | |
| CVE-2020-25427 | A Null pointer dereference vulnerability exits in MP4Box - GPAC version 0.8.0-rev177-g51a8ef874-mast... | S | |
| CVE-2020-25444 | Cross Site Scripting (XSS) vulnerability in Booking Core - Ultimate Booking System Booking Core 1.7.... | | |
| CVE-2020-25445 | The “Subscribe” feature in Ultimate Booking System Booking Core 1.7.0 is vulnerable to CSV formula i... | | |
| CVE-2020-25449 | Cross Site Scripting (XSS) vulnerability in Arachnys Cabot 0.11.12 can be exploited via the Address ... | E | |
| CVE-2020-25453 | An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token... | E | |
| CVE-2020-25454 | Cross-site Scripting (XSS) vulnerability in grocy 2.7.1 via the add recipe module, which gets execut... | E | |
| CVE-2020-25459 | An issue was discovered in function sync_tree in hetero_decision_tree_guest.py in WeBank FATE (Feder... | S | |
| CVE-2020-25461 | Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK... | E | |
| CVE-2020-25462 | Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562... | E | |
| CVE-2020-25463 | Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before O... | E | |
| CVE-2020-25464 | Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The to... | E | |
| CVE-2020-25465 | Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419... | E | |
| CVE-2020-25466 | A SSRF vulnerability exists in the downloadimage interface of CRMEB 3.0, which can remotely download... | E | |
| CVE-2020-25467 | A null pointer dereference was discovered lzo_decompress_buf in stream.c in Irzip 0.621 which allows... | E S | |
| CVE-2020-25470 | AntSword 2.1.8.1 contains a cross-site scripting (XSS) vulnerability in the View Site funtion. When ... | E | |
| CVE-2020-25472 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Request Forgery (CSRF) vulnerab... | | |
| CVE-2020-25473 | SimplePHPscripts News Script PHP Pro 2.3 does not properly set the HttpOnly Flag from Session Cookie... | | |
| CVE-2020-25474 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a Cross Site Scripting (XSS) vulnerability v... | | |
| CVE-2020-25475 | SimplePHPscripts News Script PHP Pro 2.3 is affected by a SQL Injection via the id parameter in an e... | | |
| CVE-2020-25476 | Liferay CMS Portal version 7.1.3 and 7.2.1 have a blind persistent cross-site scripting (XSS) vulner... | S | |
| CVE-2020-25483 | An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v... | E | |
| CVE-2020-25487 | PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via z... | E | |
| CVE-2020-25489 | A heap overflow in Sqreen PyMiniRacer (aka Python Mini Racer) before 0.3.0 allows remote attackers t... | E S | |
| CVE-2020-25490 | Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it e... | E | |
| CVE-2020-25491 | 6Kare Emakin 5.0.341.0 is affected by Cross Site Scripting (XSS) via the /rpc/membership/setProfile ... | E | |
| CVE-2020-25493 | Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible t... | E | |
| CVE-2020-25494 | Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell ... | E | |
| CVE-2020-25495 | A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 an... | E | |
| CVE-2020-25498 | Cross Site Scripting (XSS) vulnerability in Beetel router 777VR1 can be exploited via the NTP server... | E | |
| CVE-2020-25499 | TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run... | E S | |
| CVE-2020-25502 | Cybereason EDR version 19.1.282 and above, 19.2.182 and above, 20.1.343 and above, and 20.2.X and ab... | | |
| CVE-2020-25506 | D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi compon... | KEV E | |
| CVE-2020-25507 | An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 al... | E | |
| CVE-2020-25514 | Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the ... | | |
| CVE-2020-25515 | Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > ... | | |
| CVE-2020-25516 | WSO2 Enterprise Integrator 6.6.0 or earlier contains a stored cross-site scripting (XSS) vulnerabili... | E | |
| CVE-2020-25533 | An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to per... | E S | |
| CVE-2020-25537 | File upload vulnerability exists in UCMS 1.5.0, and the attacker can take advantage of this vulnerab... | E | |
| CVE-2020-25538 | An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file i... | E | |
| CVE-2020-25540 | ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read ... | E | |
| CVE-2020-25557 | In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her us... | E | |
| CVE-2020-25559 | gnuplot 5.5 is affected by double free when executing print_set_output. This may result in context-d... | E S | |
| CVE-2020-25560 | In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, p... | E | |
| CVE-2020-25561 | SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This creden... | E | |
| CVE-2020-25562 | In SapphireIMS 5.0, there is no CSRF token present in the entire application. This can lead to CSRF ... | E | |
| CVE-2020-25563 | In SapphireIMS 5.0, it is possible to create local administrator on any client without requiring any... | E | |
| CVE-2020-25564 | In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a... | E | |
| CVE-2020-25565 | In SapphireIMS 5.0, it is possible to use the hardcoded credential in clients (username: sapphire, p... | E | |
| CVE-2020-25566 | In SapphireIMS 5.0, it is possible to take over an account by sending a request to the Save_Password... | E | |
| CVE-2020-25573 | An issue was discovered in the linked-hash-map crate before 0.5.3 for Rust. It creates an uninitiali... | E | |
| CVE-2020-25574 | An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::... | E S | |
| CVE-2020-25575 | An issue was discovered in the failure crate through 0.1.5 for Rust. It may introduce "compatibility... | E S | |
| CVE-2020-25576 | An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to inte... | | |
| CVE-2020-25577 | In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELE... | | |
| CVE-2020-25578 | In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELE... | | |
| CVE-2020-25579 | In FreeBSD 12.2-STABLE before r368969, 11.4-STABLE before r369047, 12.2-RELEASE before p3, 12.1-RELE... | | |
| CVE-2020-25580 | In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11.4-R... | | |
| CVE-2020-25581 | In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-R... | | |
| CVE-2020-25582 | In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-R... | | |
| CVE-2020-25583 | In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELE... | | |
| CVE-2020-25584 | In FreeBSD 13.0-STABLE before n245118, 12.2-STABLE before r369552, 11.4-STABLE before r369560, 13.0-... | | |
| CVE-2020-25585 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-25586 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-25587 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-25588 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-25589 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-25590 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-25591 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a... | R | |
| CVE-2020-25592 | In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A use... | | |
| CVE-2020-25593 | Acronis True Image through 2021 on macOS allows local privilege escalation from admin to root due to... | | |
| CVE-2020-25594 | HashiCorp Vault and Vault Enterprise allowed for enumeration of Secrets Engine mount paths via unaut... | | |
| CVE-2020-25595 | An issue was discovered in Xen through 4.14.x. The PCI passthrough code improperly uses register dat... | S | |
| CVE-2020-25596 | An issue was discovered in Xen through 4.14.x. x86 PV guest kernels can experience denial of service... | S | |
| CVE-2020-25597 | An issue was discovered in Xen through 4.14.x. There is mishandling of the constraint that once-vali... | S | |
| CVE-2020-25598 | An issue was discovered in Xen 4.14.x. There is a missing unlock in the XENMEM_acquire_resource erro... | | |
| CVE-2020-25599 | An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVT... | S | |
| CVE-2020-25600 | An issue was discovered in Xen through 4.14.x. Out of bounds event channels are available to 32-bit ... | | |
| CVE-2020-25601 | An issue was discovered in Xen through 4.14.x. There is a lack of preemption in evtchn_reset() / evt... | | |
| CVE-2020-25602 | An issue was discovered in Xen through 4.14.x. An x86 PV guest can trigger a host OS crash when hand... | S | |
| CVE-2020-25603 | An issue was discovered in Xen through 4.14.x. There are missing memory barriers when accessing/allo... | S | |
| CVE-2020-25604 | An issue was discovered in Xen through 4.14.x. There is a race condition when migrating timers betwe... | S | |
| CVE-2020-25605 | Cleartext transmission of sensitive information in Agora Video SDK prior to 3.1 allows a remote atta... | E | |
| CVE-2020-25606 | The AWV component of Mitel MiCollab before 9.2 could allow an attacker to view system information by... | | |
| CVE-2020-25608 | The SAS portal of Mitel MiCollab before 9.2 could allow an attacker to access user credentials due t... | | |
| CVE-2020-25609 | The NuPoint Messenger Portal of Mitel MiCollab before 9.2 could allow an authenticated attacker to e... | | |
| CVE-2020-25610 | The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web confe... | | |
| CVE-2020-25611 | The AWV portal of Mitel MiCollab before 9.2 could allow an attacker to gain access to conference inf... | | |
| CVE-2020-25612 | The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated privilege ... | | |
| CVE-2020-25613 | An issue was discovered in Ruby through 2.5.8, 2.6.x through 2.6.6, and 2.7.x through 2.7.1. WEBrick... | S | |
| CVE-2020-25614 | xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allow... | E S | |
| CVE-2020-25617 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows... | | |
| CVE-2020-25618 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The sudo configuration has incorrect acc... | | |
| CVE-2020-25619 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The SSH component does not restrict the ... | | |
| CVE-2020-25620 | An issue was discovered in SolarWinds N-Central 12.3.0.670. Hard-coded Credentials exist by default ... | | |
| CVE-2020-25621 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The local database does not require auth... | | |
| CVE-2020-25622 | An issue was discovered in SolarWinds N-Central 12.3.0.670. The AdvancedScripts HTTP endpoint allows... | | |
| CVE-2020-25623 | Erlang/OTP 22.3.x before 22.3.4.6 and 23.x before 23.1 allows Directory Traversal. An attacker can s... | | |
| CVE-2020-25624 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has a stack-based buffer over-read via values obtained from the host... | E S | |
| CVE-2020-25625 | hw/usb/hcd-ohci.c in QEMU 5.0.0 has an infinite loop when a TD list has a loop.... | S | |
| CVE-2020-25626 | A flaw was found in Django REST Framework versions before 3.12.0 and before 3.11.2. When using the b... | | |
| CVE-2020-25627 | The moodlenetprofile user profile field required extra sanitizing to prevent a stored XSS risk. This... | S | |
| CVE-2020-25628 | The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affect... | S | |
| CVE-2020-25629 | A vulnerability was found in Moodle where users with "Log in as" capability in a course context (typ... | S | |
| CVE-2020-25630 | A vulnerability was found in Moodle where the decompressed size of zip files was not checked against... | S | |
| CVE-2020-25631 | A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possibl... | S | |
| CVE-2020-25632 | A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading o... | S | |
| CVE-2020-25633 | A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow clie... | | |
| CVE-2020-25634 | A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials. This ... | | |
| CVE-2020-25635 | A flaw was found in Ansible Base when using the aws_ssm connection plugin as garbage collector is no... | | |
| CVE-2020-25636 | A flaw was found in Ansible Base when using the aws_ssm connection plugin as there is no namespace s... | | |
| CVE-2020-25637 | A double free memory issue was found to occur in the libvirt API, in versions before 6.8.0, responsi... | S | |
| CVE-2020-25638 | A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection ... | S | |
| CVE-2020-25639 | A NULL pointer dereference flaw was found in the Linux kernel's GPU Nouveau driver functionality in ... | E | |
| CVE-2020-25640 | A flaw was discovered in WildFly before 21.0.0.Final where, Resource adapter logs plain text JMS pas... | | |
| CVE-2020-25641 | A flaw was found in the Linux kernel's implementation of biovecs in versions before 5.9-rc7. A zero-... | S | |
| CVE-2020-25643 | A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corru... | S | |
| CVE-2020-25644 | A memory leak flaw was found in WildFly OpenSSL in versions prior to 1.1.3.Final, where it removes a... | S | |
| CVE-2020-25645 | A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoint... | E S | |
| CVE-2020-25646 | A flaw was found in Ansible Collection community.crypto. openssl_privatekey_info exposes private key... | S | |
| CVE-2020-25647 | A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors a... | S | |
| CVE-2020-25648 | A flaw was found in the way NSS handled CCS (ChangeCipherSpec) messages in TLS 1.3. This flaw allows... | S | |
| CVE-2020-25649 | A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured prope... | S | |
| CVE-2020-25650 | A flaw was found in the way the spice-vdagentd daemon handled file transfers from the host system to... | E S | |
| CVE-2020-25651 | A flaw was found in the SPICE file transfer protocol. File data from the host system can end up in f... | E S | |
| CVE-2020-25652 | A flaw was found in the spice-vdagentd daemon, where it did not properly handle client connections t... | E S | |
| CVE-2020-25653 | A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client con... | E S | |
| CVE-2020-25654 | An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in ... | | |
| CVE-2020-25655 | An issue was discovered in ManagedClusterView API, that could allow secrets to be disclosed to users... | | |
| CVE-2020-25656 | A flaw was found in the Linux kernel. A use-after-free was found in the way the console subsystem wa... | E S | |
| CVE-2020-25657 | A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher t... | | |
| CVE-2020-25658 | It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use thi... | E | |
| CVE-2020-25659 | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, vi... | S | |
| CVE-2020-25660 | A flaw was found in the Cephx authentication protocol in versions before 15.2.6 and before 14.2.14, ... | | |
| CVE-2020-25661 | A Red Hat only CVE-2020-12351 regression issue was found in the way the Linux kernel's Bluetooth imp... | M | |
| CVE-2020-25662 | A Red Hat only CVE-2020-12352 regression issue was found in the way the Linux kernel's Bluetooth sta... | M | |
| CVE-2020-25663 | A call to ConformPixelInfo() in the SetImageAlphaChannel() routine of /MagickCore/channel.c caused a... | E S | |
| CVE-2020-25664 | In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() a... | E S | |
| CVE-2020-25665 | The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine Wr... | E S | |
| CVE-2020-25666 | There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is poss... | E S | |
| CVE-2020-25667 | TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it s... | E S | |
| CVE-2020-25668 | A flaw was found in Linux Kernel because access to the global variable fg_console is not properly sy... | E S | |
| CVE-2020-25669 | A vulnerability was found in the Linux Kernel where the function sunkbd_reinit having been scheduled... | E S | |
| CVE-2020-25670 | A vulnerability was found in Linux Kernel where refcount leak in llcp_sock_bind() causing use-after-... | E S | |
| CVE-2020-25671 | A vulnerability was found in Linux Kernel, where a refcount leak in llcp_sock_connect() causing use-... | E S | |
| CVE-2020-25672 | A memory leak vulnerability was found in Linux kernel in llcp_sock_connect... | S | |
| CVE-2020-25673 | A vulnerability was found in Linux kernel where non-blocking socket in llcp_sock_connect() leads to ... | E S | |
| CVE-2020-25674 | WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition ... | E S | |
| CVE-2020-25675 | In the CropImage() and CropImageToTiles() routines of MagickCore/transform.c, rounding calculations ... | E S | |
| CVE-2020-25676 | In CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and In... | E S | |
| CVE-2020-25677 | A flaw was found in Ceph-ansible v4.0.41 where it creates an /etc/ceph/iscsi-gateway.conf with insec... | S | |
| CVE-2020-25678 | A flaw was found in ceph in versions prior to 16.y.z where ceph stores mgr module passwords in clear... | S | |
| CVE-2020-25679 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-25680 | A flaw was found in JBCS httpd in version 2.4.37 SP3, where it uses a back-end worker SSL certificat... | | |
| CVE-2020-25681 | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the ... | S | |
| CVE-2020-25682 | A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way d... | S | |
| CVE-2020-25683 | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsm... | S | |
| CVE-2020-25684 | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmas... | S | |
| CVE-2020-25685 | A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmas... | S | |
| CVE-2020-25686 | A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for ... | S | |
| CVE-2020-25687 | A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsm... | S | |
| CVE-2020-25688 | A flaw was found in rhacm versions before 2.0.5 and before 2.1.0. Two internal service APIs were inc... | | |
| CVE-2020-25689 | A memory leak flaw was found in WildFly in all versions up to 21.0.0.Final, where host-controller tr... | E S | |
| CVE-2020-25690 | An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD fil... | S | |
| CVE-2020-25691 | A flaw was found in darkhttpd. Invalid error handling allows remote attackers to cause denial-of-ser... | | |
| CVE-2020-25692 | A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a r... | S | |
| CVE-2020-25693 | A flaw was found in CImg in versions prior to 2.9.3. Integer overflows leading to heap buffer overfl... | E S | |
| CVE-2020-25694 | A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before... | S | |
| CVE-2020-25695 | A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before... | | |
| CVE-2020-25696 | A flaw was found in the psql interactive terminal of PostgreSQL in versions before 13.1, before 12.5... | S | |
| CVE-2020-25697 | A privilege escalation flaw was found in the Xorg-x11-server due to a lack of authentication for X11... | | |
| CVE-2020-25698 | Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored ... | | |
| CVE-2020-25699 | In moodle, insufficient capability checks could lead to users with the ability to course restore add... | | |
| CVE-2020-25700 | In moodle, some database module web services allowed students to add entries within groups they did ... | | |
| CVE-2020-25701 | If the upload course tool in Moodle was used to delete an enrollment method which did not exist or w... | | |
| CVE-2020-25702 | In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affecte... | | |
| CVE-2020-25703 | The participants table download in Moodle always included user emails, but should have only done so ... | S | |
| CVE-2020-25704 | A flaw memory leak in the Linux kernel performance monitoring subsystem was found in the way if usin... | S | |
| CVE-2020-25705 | A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. Thi... | | |
| CVE-2020-25706 | A cross-site scripting (XSS) vulnerability exists in templates_import.php (Cacti 1.2.13) due to Impr... | E S | |
| CVE-2020-25707 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate is a duplicate of CVE-2020... | R | |
| CVE-2020-25708 | A divide by zero issue was found to occur in libvncserver-0.9.12. A malicious client could use this ... | E S | |
| CVE-2020-25709 | A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be pro... | S | |
| CVE-2020-25710 | A flaw was found in OpenLDAP in versions before 2.4.56. This flaw allows an attacker who sends a mal... | S | |
| CVE-2020-25711 | A flaw was found in infinispan 10 REST API, where authorization permissions are not checked while pe... | | |
| CVE-2020-25712 | A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may l... | S | |
| CVE-2020-25713 | A malformed input file can lead to a segfault due to an out of bounds array access in raptor_xml_wri... | S | |
| CVE-2020-25714 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-25715 | A flaw was found in pki-core 10.9.0. A specially crafted POST request can be used to reflect a DOM-b... | E S | |
| CVE-2020-25716 | A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of ad... | | |
| CVE-2020-25717 | A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could ... | S | |
| CVE-2020-25718 | A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an R... | | |
| CVE-2020-25719 | A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos na... | S | |
| CVE-2020-25720 | Samba: check attribute access rights for ldap adds of computers | M | |
| CVE-2020-25721 | Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now p... | | |
| CVE-2020-25722 | Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stor... | S | |
| CVE-2020-25723 | A reachable assertion issue was found in the USB EHCI emulation code of QEMU. It could occur while p... | S | |
| CVE-2020-25724 | A flaw was found in RESTEasy, where an incorrect response to an HTTP request is provided. This flaw ... | | |
| CVE-2020-25725 | In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to us... | E | |
| CVE-2020-25726 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-25727 | The Reset Password add-on before 1.2.0 for Alfresco suffers from CMIS-SQL Injection, which allows a ... | E | |
| CVE-2020-25728 | The Reset Password add-on before 1.2.0 for Alfresco has a broken algorithm (involving an increment) ... | E | |
| CVE-2020-25729 | ZoneMinder before 1.34.21 has XSS via the connkey parameter to download.php or export.php.... | S | |
| CVE-2020-25730 | Cross Site Scripting (XSS) vulnerability in ZoneMinder before version 1.34.21, allows remote attacke... | S | |
| CVE-2020-25733 | webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types.... | | |
| CVE-2020-25734 | webTareas through 2.1 allows files/Default/ Directory Listing.... | | |
| CVE-2020-25735 | webTareas through 2.1 allows XSS in clients/editclient.php, extensions/addextension.php, administrat... | | |
| CVE-2020-25736 | Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation du... | | |
| CVE-2020-25737 | An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an i... | | |
| CVE-2020-25738 | CyberArk Endpoint Privilege Manager (EPM) 11.1.0.173 allows attackers to bypass a Credential Theft p... | E | |
| CVE-2020-25739 | An issue was discovered in the gon gem before gon-6.4.0 for Ruby. MultiJson does not honor the escap... | S | |
| CVE-2020-25741 | fdctrl_write_data in hw/block/fdc.c in QEMU 5.0.0 has a NULL pointer dereference via a NULL block po... | S | |
| CVE-2020-25742 | pci_change_irq_level in hw/pci/pci.c in QEMU before 5.1.1 has a NULL pointer dereference because pci... | S | |
| CVE-2020-25743 | hw/ide/pci.c in QEMU before 5.1.1 can trigger a NULL pointer dereference because it lacks a pointer ... | S | |
| CVE-2020-25744 | SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary... | E | |
| CVE-2020-25746 | QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to... | | |
| CVE-2020-25747 | The Telnet service of Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339) c... | | |
| CVE-2020-25748 | A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firm... | | |
| CVE-2020-25749 | The Telnet service of Rubetek cameras RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342,... | | |
| CVE-2020-25750 | An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPa... | E S | |
| CVE-2020-25751 | The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?op... | E | |
| CVE-2020-25752 | An issue was discovered on Enphase Envoy R3.x and D4.x devices. There are hardcoded web-panel login ... | E | |
| CVE-2020-25753 | An issue was discovered on Enphase Envoy R3.x and D4.x devices with v3 software. The default admin p... | E | |
| CVE-2020-25754 | An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for use... | E | |
| CVE-2020-25755 | An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_star... | E | |
| CVE-2020-25756 | A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 d... | S | |
| CVE-2020-25757 | A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in a... | | |
| CVE-2020-25758 | An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration fil... | | |
| CVE-2020-25759 | An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Service... | | |
| CVE-2020-25760 | Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not... | E | |
| CVE-2020-25761 | Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform ... | E | |
| CVE-2020-25762 | An issue was discovered in SourceCodester Seat Reservation System 1.0. The file admin_class.php does... | E | |
| CVE-2020-25763 | Seat Reservation System version 1.0 suffers from an Unauthenticated File Upload Vulnerability allowi... | E | |
| CVE-2020-25765 | Addressed remote code execution vulnerability in reg_device.php due to insufficient validation of us... | E | |
| CVE-2020-25766 | An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST ... | S | |
| CVE-2020-25767 | An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS... | M | |
| CVE-2020-25768 | Contao before 4.4.52, 4.9.x before 4.9.6, and 4.10.x before 4.10.1 have Improper Input Validation. I... | | |
| CVE-2020-25770 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc... | | |
| CVE-2020-25771 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc... | | |
| CVE-2020-25772 | An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a loc... | | |
| CVE-2020-25773 | A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to... | | |
| CVE-2020-25774 | A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to... | | |
| CVE-2020-25775 | The Trend Micro Security 2020 (v16) consumer family of products is vulnerable to a security race con... | | |
| CVE-2020-25776 | Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation ... | | |
| CVE-2020-25777 | Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a specific kernel extension request a... | S | |
| CVE-2020-25778 | Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in a specific kernel extension whe... | S | |
| CVE-2020-25779 | Trend Micro Antivirus for Mac 2020 (Consumer) has a vulnerability in which a Internationalized Domai... | S | |
| CVE-2020-25780 | In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and ... | | |
| CVE-2020-25781 | An issue was discovered in file_download.php in MantisBT before 2.24.3. Users without access to view... | E S | |
| CVE-2020-25782 | An issue was discovered on Accfly Wireless Security IR Camera 720P System with software versions v3.... | E | |
| CVE-2020-25783 | An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.... | E | |
| CVE-2020-25784 | An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.... | E | |
| CVE-2020-25785 | An issue was discovered on Accfly Wireless Security IR Camera System 720P with software versions v3.... | | |
| CVE-2020-25786 | webinc/js/info.php on D-Link DIR-816L 2.06.B09_BETA and DIR-803 1.04.B02 devices allows XSS via the ... | E | |
| CVE-2020-25787 | An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. It does not validate all UR... | E S | |
| CVE-2020-25788 | An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. imgproxy in plugins/af_prox... | S | |
| CVE-2020-25789 | An issue was discovered in Tiny Tiny RSS (aka tt-rss) before 2020-09-16. The cached_url feature mish... | S | |
| CVE-2020-25790 | Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php fil... | E | |
| CVE-2020-25791 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementatio... | E S | |
| CVE-2020-25792 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementatio... | E S | |
| CVE-2020-25793 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementatio... | E S | |
| CVE-2020-25794 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementatio... | E S | |
| CVE-2020-25795 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementatio... | E S | |
| CVE-2020-25796 | An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray impleme... | E S | |
| CVE-2020-25797 | LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Add Participants Function (First ... | E S | |
| CVE-2020-25798 | A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows a... | E S | |
| CVE-2020-25799 | LimeSurvey 3.21.1 is affected by cross-site scripting (XSS) in the Quota component of the Survey pag... | E S | |
| CVE-2020-25802 | Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via Groovy scripting. | | |
| CVE-2020-25803 | Authenticated attackers with developer privileges in Crafter Studio may execute OS commands via deep inspection of FreeMarker template exposed objects. | | |
| CVE-2020-25812 | An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter u... | | |
| CVE-2020-25813 | In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the ... | | |
| CVE-2020-25814 | In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur... | | |
| CVE-2020-25815 | An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDe... | S | |
| CVE-2020-25816 | HashiCorp Vault and Vault Enterprise versions 1.0 and newer allowed leases created with a batch toke... | | |
| CVE-2020-25817 | SilverStripe through 4.6.0-rc1 has an XXE Vulnerability in CSSContentParser. A developer utility mea... | | |
| CVE-2020-25820 | BigBlueButton before 2.2.7 allows remote authenticated users to read local files and conduct SSRF at... | E S | |
| CVE-2020-25821 | peg-markdown 0.4.14 has a NULL pointer dereference in process_raw_blocks in markdown_lib.c. NOTE: Th... | E | |
| CVE-2020-25824 | Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within th... | | |
| CVE-2020-25825 | In Octopus Deploy 3.1.0 to 2020.4.0, certain scripts can reveal sensitive information to the user in... | | |
| CVE-2020-25826 | PingID Integration for Windows Login before 2.4.2 allows local users to gain privileges by modifying... | E | |
| CVE-2020-25827 | An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.3... | E | |
| CVE-2020-25828 | An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non... | | |
| CVE-2020-25829 | An issue has been found in PowerDNS Recursor before 4.1.18, 4.2.x before 4.2.5, and 4.3.x before 4.3... | | |
| CVE-2020-25830 | An issue was discovered in MantisBT before 2.24.3. Improper escaping of a custom field's name allows... | E S | |
| CVE-2020-25832 | Reflected Cross Site scripting vulnerability on Micro Focus Filr product, affecting version 4.2.1. T... | | |
| CVE-2020-25833 | Persistent cross-Site Scripting vulnerability on Micro Focus IDOL product, affecting all version pri... | | |
| CVE-2020-25834 | Cross-Site Scripting vulnerability on Micro Focus ArcSight Logger product, affecting version 7.1. Th... | | |
| CVE-2020-25835 | Micro Focus ArcSight Management Center Remote Vulnerability | | |
| CVE-2020-25836 | Potential information leakage resulting in unauthorized access | | |
| CVE-2020-25837 | Sensitive information disclosure vulnerability in Micro Focus Self Service Password Reset (SSPR) pro... | | |
| CVE-2020-25838 | Unauthorized disclosure of sensitive information vulnerability in Micro Focus Filr product. Affectin... | | |
| CVE-2020-25839 | NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. ... | | |
| CVE-2020-25840 | Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior ... | | |
| CVE-2020-25842 | CHANGING Inc. NHIServiSignAdapter Windows Versions - Arbitrary File Access | S | |
| CVE-2020-25843 | CHANGING Inc. NHIServiSignAdapter Windows Versions - Heap Overflow | S | |
| CVE-2020-25844 | CHANGING Inc. NHIServiSignAdapter Windows Versions - Stack Overflow | S | |
| CVE-2020-25845 | CHANGING Inc. NHIServiSignAdapter Windows Versions - Information Leakage -1 | S | |
| CVE-2020-25846 | CHANGING Inc. NHIServiSignAdapter Windows Versions - Information Leakage -2 | S | |
| CVE-2020-25847 | Command Injection Vulnerability in QTS and QuTS hero | S | |
| CVE-2020-25848 | HGiga MailSherlock - Broken Authentication | S | |
| CVE-2020-25849 | Openfind MailGates/MailAudit - Command Injection | S | |
| CVE-2020-25850 | HGiga MailSherlock - Arbitrary File Download | S | |
| CVE-2020-25853 | The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 202... | E | |
| CVE-2020-25854 | The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in Apr... | E | |
| CVE-2020-25855 | The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2... | E | |
| CVE-2020-25856 | The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in Apr... | E | |
| CVE-2020-25857 | The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released i... | E | |
| CVE-2020-25858 | The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in Octob... | E | |
| CVE-2020-25859 | The QCMAP_CLI utility in the Qualcomm QCMAP software suite prior to versions released in October 202... | E | |
| CVE-2020-25860 | The install.c module in the Pengutronix RAUC update client prior to version 1.5 has a Time-of-Check ... | E | |
| CVE-2020-25862 | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the TCP dissector could crash. Th... | E S | |
| CVE-2020-25863 | In Wireshark 3.2.0 to 3.2.6, 3.0.0 to 3.0.13, and 2.6.0 to 2.6.20, the MIME Multipart dissector coul... | E S | |
| CVE-2020-25864 | HashiCorp Consul and Consul Enterprise up to version 1.9.4 key-value (KV) raw mode was vulnerable to... | | |
| CVE-2020-25866 | In Wireshark 3.2.0 to 3.2.6 and 3.0.0 to 3.0.13, the BLIP protocol dissector has a NULL pointer dere... | E S | |
| CVE-2020-25867 | SoPlanning before 1.47 doesn't correctly check the security key used to publicly share plannings. It... | E S | |
| CVE-2020-25868 | Pexip Infinity 22.x through 24.x before 24.2 has Improper Input Validation for call setup. An unauth... | M | |
| CVE-2020-25869 | An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34... | | |
| CVE-2020-25870 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-25872 | A vulnerability exists within the FileManagerController.php function in FrogCMS 0.9.5 which allows a... | E | |
| CVE-2020-25873 | A directory traversal vulnerability in the component system/manager/class/web/database.php was disco... | E | |
| CVE-2020-25875 | A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allow... | E | |
| CVE-2020-25876 | A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows ... | E | |
| CVE-2020-25877 | A stored cross site scripting (XSS) vulnerability in the 'Add Page' feature of BlackCat CMS 1.3.6 al... | E | |
| CVE-2020-25878 | A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6... | E | |
| CVE-2020-25879 | A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 ... | E | |
| CVE-2020-25881 | A vulnerability was discovered in the filename parameter in pathindex.php?r=cms-backend/attachment/d... | E | |
| CVE-2020-25887 | Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts fi... | E | |
| CVE-2020-25889 | Online Bus Booking System Project Using PHP/MySQL version 1.0 has SQL injection via the login page. ... | E | |
| CVE-2020-25890 | The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, di... | E | |
| CVE-2020-25901 | Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that poi... | E | |
| CVE-2020-25902 | Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XS... | | |
| CVE-2020-25905 | An SQL Injection vulnerabilty exists in Sourcecodester Mobile Shop System in PHP MySQL 1.0 via the e... | E | |
| CVE-2020-25911 | A XML External Entity (XXE) vulnerability was discovered in the modRestServiceRequest component in M... | E S | |
| CVE-2020-25912 | A XML External Entity (XXE) vulnerability was discovered in symphony\lib\toolkit\class.xmlelement.ph... | E | |
| CVE-2020-25915 | Cross Site Scripting (XSS) vulnerability in UserController.php in ThinkCMF version 5.1.5, allows att... | | |
| CVE-2020-25917 | Stratodesk NoTouch Center before 4.4.68 is affected by: Incorrect Access Control. A low privileged u... | E | |
| CVE-2020-25925 | Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers t... | E | |
| CVE-2020-25926 | The DNS client in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Insufficient entropy in the DNS... | M | |
| CVE-2020-25927 | The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact... | M | |
| CVE-2020-25928 | The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is... | M | |
| CVE-2020-25950 | Advanced Webhost Billing System 3.7.0 is affected by Cross Site Request Forgery (CSRF) attacks that ... | E | |
| CVE-2020-25952 | SQL injection vulnerability in PHPGurukul User Registration & Login and User Management System With ... | E | |
| CVE-2020-25955 | SourceCodester Student Management System Project in PHP version 1.0 is vulnerable to stored a cross-... | E | |
| CVE-2020-25966 | Sectona Spectra before 3.4.0 has a vulnerable SOAP API endpoint that leaks sensitive information abo... | E | |
| CVE-2020-25967 | The member center function in fastadmin V1.0.0.20200506_beta is vulnerable to a Server-Side Template... | E | |
| CVE-2020-25969 | gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest().... | E | |
| CVE-2020-25985 | MonoCMS Blog 1.0 is affected by: Arbitrary File Deletion. Any authenticated user can delete files on... | E | |
| CVE-2020-25986 | A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the... | E | |
| CVE-2020-25987 | MonoCMS Blog 1.0 stores hard-coded admin hashes in the log.xml file in the source files for MonoCMS ... | E | |
| CVE-2020-25988 | UPNP Service listening on port 5555 in Genexis Platinum 4410 Router V2.1 (P4410-V2–1.34H) has an act... | E | |
| CVE-2020-25989 | Privilege escalation via arbitrary file write in pritunl electron client 1.0.1116.6 through v1.2.255... | E S | |
| CVE-2020-25990 | WebsiteBaker 2.12.2 allows SQL Injection via parameter 'display_name' in /websitebaker/admin/prefere... | E |