| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-28001 | SolarWinds Serv-U before 15.2.2 allows Authenticated Stored XSS.... | E | |
| CVE-2020-28002 | In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanne... | E | |
| CVE-2020-28005 | httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated user... | E | |
| CVE-2020-28007 | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in ... | | |
| CVE-2020-28008 | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. Because Exim operates as root in ... | | |
| CVE-2020-28009 | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow because get_stdinput allows unbounde... | | |
| CVE-2020-28010 | Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies... | | |
| CVE-2020-28011 | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -... | | |
| CVE-2020-28012 | Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because rda_int... | | |
| CVE-2020-28013 | Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the comman... | | |
| CVE-2020-28014 | Exim 4 before 4.94.2 allows Execution with Unnecessary Privileges. The -oP option is available to th... | | |
| CVE-2020-28015 | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. Local users can alter the behav... | | |
| CVE-2020-28016 | Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse... | | |
| CVE-2020-28017 | Exim 4 before 4.94.2 allows Integer Overflow to Buffer Overflow in receive_add_recipient via an e-ma... | | |
| CVE-2020-28018 | Exim 4 before 4.94.2 allows Use After Free in smtp_reset in certain situations that may be common fo... | | |
| CVE-2020-28019 | Exim 4 before 4.94.2 has Improper Initialization that can lead to recursion-based stack consumption ... | | |
| CVE-2020-28020 | Exim 4 before 4.92 allows Integer Overflow to Buffer Overflow, in which an unauthenticated remote at... | S | |
| CVE-2020-28021 | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters. An authenticated remote SMTP cl... | | |
| CVE-2020-28022 | Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buff... | | |
| CVE-2020-28023 | Exim 4 before 4.94.2 allows Out-of-bounds Read. smtp_setup_msg may disclose sensitive information fr... | | |
| CVE-2020-28024 | Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers ex... | | |
| CVE-2020-28025 | Exim 4 before 4.94.2 allows Out-of-bounds Read because pdkim_finish_bodyhash does not validate the r... | | |
| CVE-2020-28026 | Exim 4 before 4.94.2 has Improper Neutralization of Line Delimiters, relevant in non-default configu... | | |
| CVE-2020-28030 | In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/... | E S | |
| CVE-2020-28031 | eramba through c2.8.1 allows HTTP Host header injection with (for example) resultant wkhtml2pdf PDF ... | | |
| CVE-2020-28032 | WordPress before 5.5.2 mishandles deserialization requests in wp-includes/Requests/Utility/FilteredI... | S | |
| CVE-2020-28033 | WordPress before 5.5.2 mishandles embeds from disabled sites on a multisite network, as demonstrated... | | |
| CVE-2020-28034 | WordPress before 5.5.2 allows XSS associated with global variables.... | | |
| CVE-2020-28035 | WordPress before 5.5.2 allows attackers to gain privileges via XML-RPC.... | | |
| CVE-2020-28036 | wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain privileges... | S | |
| CVE-2020-28037 | is_blog_installed in wp-includes/functions.php in WordPress before 5.5.2 improperly determines wheth... | S | |
| CVE-2020-28038 | WordPress before 5.5.2 allows stored XSS via post slugs.... | | |
| CVE-2020-28039 | is_protected_meta in wp-includes/meta.php in WordPress before 5.5.2 allows arbitrary file deletion b... | S | |
| CVE-2020-28040 | WordPress before 5.5.2 allows CSRF attacks that change a theme's background image.... | | |
| CVE-2020-28041 | The SIP ALG implementation on NETGEAR Nighthawk R7000 1.0.9.64_10.2.64 devices allows remote attacke... | E | |
| CVE-2020-28042 | ServiceStack before 5.9.2 mishandles JWT signature verification unless an application has a custom V... | E S | |
| CVE-2020-28043 | MISP through 2.4.133 allows SSRF in the REST client via the use_full_path parameter with an arbitrar... | S | |
| CVE-2020-28044 | An attacker with physical access to a PAX Point Of Sale device with ProlinOS through 2.4.161.8859R c... | | |
| CVE-2020-28045 | An unsigned-library issue was discovered in ProlinOS through 2.4.161.8859R. This OS requires install... | E | |
| CVE-2020-28046 | An issue was discovered in ProlinOS through 2.4.161.8859R. An attacker with local code execution pri... | E | |
| CVE-2020-28047 | AudimexEE before 14.1.1 is vulnerable to Reflected XSS (Cross-Site-Scripting). If the recommended se... | E | |
| CVE-2020-28049 | An issue was discovered in SDDM before 0.19.0. It incorrectly starts the X server in a way that - fo... | E | |
| CVE-2020-28050 | Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret from m... | | |
| CVE-2020-28052 | An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.chec... | E S | |
| CVE-2020-28053 | HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL pe... | | |
| CVE-2020-28054 | JamoDat TSMManager Collector version up to 6.5.0.21 is vulnerable to an Authorization Bypass because... | | |
| CVE-2020-28055 | A vulnerability in the TCL Android Smart TV series V8-R851T02-LF1 V295 and below and V8-T658T01-LF1 ... | E | |
| CVE-2020-28062 | An Access Control vulnerability exists in HisiPHP 2.0.11 via special packets that are constructed in... | E | |
| CVE-2020-28063 | A file upload issue exists in all versions of ArticleCMS which allows malicious users to getshell.... | E | |
| CVE-2020-28070 | SourceCodester Alumni Management System 1.0 is affected by SQL injection causing arbitrary remote co... | E | |
| CVE-2020-28071 | SourceCodester Alumni Management System 1.0 is affected by cross-site Scripting (XSS) in /admin/gall... | E | |
| CVE-2020-28072 | A Remote Code Execution vulnerability exists in DourceCodester Alumni Management System 1.0. An auth... | E | |
| CVE-2020-28073 | SourceCodester Library Management System 1.0 is affected by SQL Injection allowing an attacker to by... | E | |
| CVE-2020-28074 | SourceCodester Online Health Care System 1.0 is affected by SQL Injection which allows a potential a... | | |
| CVE-2020-28086 | pass through 1.7.3 has a possibility of using a password for an unintended resource. For exploitatio... | | |
| CVE-2020-28087 | A SQL injection vulnerability in /jeecg boot/sys/dict/loadtreedata of jeecg-boot CMS 2.3 allows atta... | E | |
| CVE-2020-28088 | An arbitrary file upload vulnerability in /jeecg-boot/sys/common/upload of jeecg-boot CMS 2.3 allows... | E | |
| CVE-2020-28091 | cxuucms v3 has a SQL injection vulnerability, which can lead to the leakage of all database data via... | E | |
| CVE-2020-28092 | PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?... | E | |
| CVE-2020-28093 | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, admin, support, user, and nobody have a passw... | E | |
| CVE-2020-28094 | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, the default settings for the router speed tes... | E | |
| CVE-2020-28095 | On Tenda AC1200 (Model AC6) 15.03.06.51_multi devices, a large HTTP POST request sent to the change ... | E | |
| CVE-2020-28096 | FOSCAM FHD X1 1.14.2.4 devices allow attackers (with physical UART access) to login via the ipc.fos~... | E | |
| CVE-2020-28097 | The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vg... | E S | |
| CVE-2020-28102 | cscms v4.1 allows for SQL injection via the "js_del" function.... | E | |
| CVE-2020-28103 | cscms v4.1 allows for SQL injection via the "page_del" function.... | E | |
| CVE-2020-28115 | SQL Injection vulnerability in "Documents component" found in AudimexEE version 14.1.0 allows an att... | | |
| CVE-2020-28119 | Cross site scripting vulnerability in 53KF < 2.0.0.2 that allows for arbitrary code to be executed v... | E | |
| CVE-2020-28124 | Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field.... | E | |
| CVE-2020-28129 | Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows u... | E | |
| CVE-2020-28130 | An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management S... | E | |
| CVE-2020-28133 | An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There... | E | |
| CVE-2020-28136 | An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the us... | E | |
| CVE-2020-28137 | Cross site request forgery (CSRF) in Genexis Platinum 4410 V2-1.28, allows attackers to cause a deni... | E | |
| CVE-2020-28138 | SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName paramete... | E | |
| CVE-2020-28139 | SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability v... | E | |
| CVE-2020-28140 | SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image uploa... | E | |
| CVE-2020-28141 | The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body.... | E | |
| CVE-2020-28144 | Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series F... | | |
| CVE-2020-28145 | Arbitrary file deletion vulnerability was discovered in wuzhicms v 4.0.1 via coreframe\app\attachmen... | E | |
| CVE-2020-28146 | Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext ... | E | |
| CVE-2020-28149 | myDBR 5.8.3/4262 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (... | E | |
| CVE-2020-28150 | I-Net Software Clear Reports 20.10.136 web application accepts a user-controlled input that specifie... | E | |
| CVE-2020-28163 | libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash... | S | |
| CVE-2020-28165 | The EasyCorp ZenTao PMS 12.4.2 application suffers from an arbitrary file upload vulnerability. An a... | | |
| CVE-2020-28168 | Axios NPM package 0.21.0 contains a Server-Side Request Forgery (SSRF) vulnerability where an attack... | E | |
| CVE-2020-28169 | The td-agent-builder plugin before 2020-12-18 for Fluentd allows attackers to gain privileges becaus... | E S | |
| CVE-2020-28172 | A SQL injection vulnerability in Simple College Website 1.0 allows remote unauthenticated attackers ... | E | |
| CVE-2020-28173 | Simple College Website 1.0 allows a user to conduct remote code execution via /alumni/admin/ajax.php... | E | |
| CVE-2020-28175 | There is a local privilege escalation vulnerability in Alfredo Milani Comparetti SpeedFan 4.52. Atta... | E | |
| CVE-2020-28183 | SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password... | E | |
| CVE-2020-28184 | Cross-site scripting (XSS) vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated us... | E | |
| CVE-2020-28185 | User Enumeration vulnerability in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers ... | E | |
| CVE-2020-28186 | Email Injection in TerraMaster TOS <= 4.2.06 allows remote unauthenticated attackers to abuse the fo... | E | |
| CVE-2020-28187 | Multiple directory traversal vulnerabilities in TerraMaster TOS <= 4.2.06 allow remote authenticated... | E | |
| CVE-2020-28188 | Remote Command Execution (RCE) vulnerability in TerraMaster TOS <= 4.2.06 allow remote unauthenticat... | E | |
| CVE-2020-28189 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2020-29189. Reason: This candidat... | R | |
| CVE-2020-28190 | TerraMaster TOS <= 4.2.06 was found to check for updates (of both system and applications) via an in... | E | |
| CVE-2020-28191 | The console in Togglz before 2.9.4 allows CSRF.... | S | |
| CVE-2020-28194 | Variable underflow exists in accel-ppp radius/packet.c when receiving a RADIUS vendor-specific attri... | S | |
| CVE-2020-28196 | MIT Kerberos 5 (aka krb5) before 1.17.2 and 1.18.x before 1.18.3 allows unbounded recursion via an A... | S | |
| CVE-2020-28198 | The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative In... | E | |
| CVE-2020-28199 | best it Amazon Pay Plugin before 9.4.2 for Shopware exposes Sensitive Information to an Unauthorized... | E | |
| CVE-2020-28200 | The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated ... | | |
| CVE-2020-28203 | An issue was discovered in Foxit Reader and PhantomPDF 10.1.0.37527 and earlier. There is a null poi... | | |
| CVE-2020-28206 | An issue was discovered in Bitrix24 Bitrix Framework (1c site management) 20.0. An "User enumeration... | E | |
| CVE-2020-28208 | An email address enumeration vulnerability exists in the password reset function of Rocket.Chat thro... | E | |
| CVE-2020-28209 | A CWE-428 Windows Unquoted Search Path vulnerability exists in EcoStruxure Building Operation Enterp... | S | |
| CVE-2020-28210 | A CWE-79 Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) vulnerab... | | |
| CVE-2020-28211 | A CWE-863: Incorrect Authorization vulnerability exists in PLC Simulator on EcoStruxureª Control Exp... | S | |
| CVE-2020-28212 | A CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists in PLC Sim... | S | |
| CVE-2020-28213 | A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on EcoStru... | S | |
| CVE-2020-28214 | A CWE-760: Use of a One-Way Hash with a Predictable Salt vulnerability exists in Modicon M221 (all r... | | |
| CVE-2020-28215 | A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older), that... | | |
| CVE-2020-28216 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 a... | | |
| CVE-2020-28217 | A CWE-311: Missing Encryption of Sensitive Data vulnerability exists in Easergy T300 (firmware 2.7 a... | | |
| CVE-2020-28218 | A CWE-1021: Improper Restriction of Rendered UI Layers or Frames vulnerability exists in Easergy T30... | | |
| CVE-2020-28219 | A CWE-522: Insufficiently Protected Credentials vulnerability exists in EcoStruxure Geo SCADA Expert... | | |
| CVE-2020-28220 | A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exi... | | |
| CVE-2020-28221 | A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert an... | S | |
| CVE-2020-28241 | libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.... | E S | |
| CVE-2020-28242 | An issue was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16.14.1, 17.x befor... | | |
| CVE-2020-28243 | An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to ... | E | |
| CVE-2020-28246 | A Server-Side Template Injection (SSTI) was discovered in Form.io 2.0.0. This leads to Remote Code E... | | |
| CVE-2020-28247 | The lettre library through 0.10.0-alpha for Rust allows arbitrary sendmail option injection via tran... | S | |
| CVE-2020-28248 | An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under... | E S | |
| CVE-2020-28249 | Joplin 1.2.6 for Desktop allows XSS via a LINK element in a note.... | E | |
| CVE-2020-28250 | Cellinx NVT Web Server 5.0.0.014b.test 2019-09-05 allows a remote user to run commands as root via S... | E | |
| CVE-2020-28251 | NETSCOUT AirMagnet Enterprise 11.1.4 build 37257 and earlier has a sensor escalated privileges vulne... | | |
| CVE-2020-28267 | Prototype pollution vulnerability in '@strikeentco/set' version 1.0.0 allows attacker to cause a den... | S | |
| CVE-2020-28268 | Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker... | E S | |
| CVE-2020-28269 | Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a... | E S | |
| CVE-2020-28270 | Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows ... | E S | |
| CVE-2020-28271 | Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause... | E S | |
| CVE-2020-28272 | Prototype pollution vulnerability in 'keyget' versions 1.0.0 through 2.2.0 allows attacker to cause ... | E S | |
| CVE-2020-28273 | Prototype pollution vulnerability in 'set-in' versions 1.0.0 through 2.0.0 allows attacker to cause ... | E S | |
| CVE-2020-28274 | Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause... | | |
| CVE-2020-28275 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-28276 | Prototype pollution vulnerability in 'deep-set' versions 1.0.0 through 1.0.1 allows attacker to caus... | E | |
| CVE-2020-28277 | Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a ... | E | |
| CVE-2020-28278 | Prototype pollution vulnerability in 'shvl' versions 1.0.0 through 2.0.1 allows an attacker to cause... | E | |
| CVE-2020-28279 | Prototype pollution vulnerability in 'flattenizer' versions 0.0.5 through 1.0.5 allows an attacker t... | E S | |
| CVE-2020-28280 | Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to ... | E | |
| CVE-2020-28281 | Prototype pollution vulnerability in 'set-object-value' versions 0.0.0 through 0.0.5 allows an attac... | E | |
| CVE-2020-28282 | Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an attacker to cause a denial ... | E | |
| CVE-2020-28283 | Prototype pollution vulnerability in 'libnested' versions 0.0.0 through 1.5.0 allows an attacker to ... | E | |
| CVE-2020-28284 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28285 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28286 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28287 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28288 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28289 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28290 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28291 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28292 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28293 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28294 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28295 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28296 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28297 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28298 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28299 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28300 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28301 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28302 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28303 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28304 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28305 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28306 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28307 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28308 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28309 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28310 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28311 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28312 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28313 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28314 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28315 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28316 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28317 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28318 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28319 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28320 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28321 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28322 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28323 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28324 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28325 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28326 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-28327 | A res_pjsip_session crash was discovered in Asterisk Open Source 13.x before 13.37.1, 16.x before 16... | E S | |
| CVE-2020-28328 | SuiteCRM before 7.11.17 is vulnerable to remote code execution via the system settings Log File Name... | E | |
| CVE-2020-28329 | Barco wePresent WiPG-1600W firmware includes a hardcoded API account and password that is discoverab... | E | |
| CVE-2020-28330 | Barco wePresent WiPG-1600W devices have Unprotected Transport of Credentials. Affected Version(s): 2... | E | |
| CVE-2020-28331 | Barco wePresent WiPG-1600W devices have Improper Access Control. Affected Version(s): 2.5.1.8. The B... | | |
| CVE-2020-28332 | Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s): 2.... | E | |
| CVE-2020-28333 | Barco wePresent WiPG-1600W devices allow Authentication Bypass. Affected Version(s): 2.5.1.8. The Ba... | | |
| CVE-2020-28334 | Barco wePresent WiPG-1600W devices use Hard-coded Credentials (issue 2 of 2). Affected Version(s): 2... | E | |
| CVE-2020-28337 | A directory traversal issue in the Utils/Unzip module in Microweber through 1.1.20 allows an authent... | E S | |
| CVE-2020-28339 | The usc-e-shop (aka Collne Welcart e-Commerce) plugin before 1.9.36 for WordPress allows Object Inje... | E | |
| CVE-2020-28340 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software... | | |
| CVE-2020-28341 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3... | | |
| CVE-2020-28342 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (China / India) software. ... | | |
| CVE-2020-28343 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 983... | | |
| CVE-2020-28344 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. System ... | | |
| CVE-2020-28345 | An issue was discovered on LG mobile devices with Android OS 10 software. The Wi-Fi subsystem may cr... | | |
| CVE-2020-28346 | ACRN through 2.2 has a devicemodel/hw/pci/virtio/virtio.c NULL Pointer Dereference.... | S | |
| CVE-2020-28347 | tdpServer on TP-Link Archer A7 AC1750 devices before 201029 allows remote attackers to execute arbit... | E S | |
| CVE-2020-28348 | HashiCorp Nomad and Nomad Enterprise 0.9.0 up to 0.12.7 client Docker file sandbox feature may be su... | | |
| CVE-2020-28349 | An inaccurate frame deduplication process in ChirpStack Network Server 3.9.0 allows a malicious gate... | E S | |
| CVE-2020-28350 | A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via... | E | |
| CVE-2020-28351 | The conferencing component on Mitel ShoreTel 19.46.1802.0 devices could allow an unauthenticated att... | E | |
| CVE-2020-28360 | Insufficient RegEx in private-ip npm package v1.0.5 and below insufficiently filters reserved IP ran... | | |
| CVE-2020-28361 | Kamailio before 5.4.0, as used in Sip Express Router (SER) in Sippy Softswitch 4.5 through 5.2 and o... | E | |
| CVE-2020-28362 | Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.... | | |
| CVE-2020-28364 | A stored cross-site scripting (XSS) vulnerability affects the Web UI in Locust before 1.3.2, if the ... | | |
| CVE-2020-28365 | Sentrifugo 3.2 allows Stored Cross-Site Scripting (XSS) vulnerability by inserting a payload within ... | S | |
| CVE-2020-28366 | Arbitrary code execution in go command with cgo in cmd/go and cmd/cgo | | |
| CVE-2020-28367 | Arbitrary code execution via the go command with cgo in cmd/go | | |
| CVE-2020-28368 | Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES keys ... | S | |
| CVE-2020-28369 | In BeyondTrust Privilege Management for Windows (aka PMfW) through 5.7, a SYSTEM installation causes... | | |
| CVE-2020-28371 | An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() met... | S | |
| CVE-2020-28373 | upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack... | | |
| CVE-2020-28374 | In drivers/target/target_core_xcopy.c in the Linux kernel before 5.10.7, insufficient identifier che... | S | |
| CVE-2020-28381 | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2... | | |
| CVE-2020-28382 | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2... | | |
| CVE-2020-28383 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Vers... | | |
| CVE-2020-28384 | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2... | | |
| CVE-2020-28385 | A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2... | S | |
| CVE-2020-28386 | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2... | | |
| CVE-2020-28387 | A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP13), Solid Edge SE2... | | |
| CVE-2020-28388 | A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE P... | | |
| CVE-2020-28390 | A vulnerability has been identified in Opcenter Execution Core (V8.2), Opcenter Execution Core (V8.3... | | |
| CVE-2020-28391 | A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All... | | |
| CVE-2020-28392 | A vulnerability has been identified in SIMARIS configuration (All versions < V4.0.1). During install... | S | |
| CVE-2020-28393 | An unauthenticated remote attacker could create a permanent denial-of-service condition by sending s... | | |
| CVE-2020-28394 | A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Teamcenter Visualization (A... | | |
| CVE-2020-28395 | A vulnerability has been identified in SCALANCE X-200RNA switch family (All versions < V3.2.7), SCAL... | | |
| CVE-2020-28396 | A vulnerability has been identified in SICAM A8000 CP-8000 (All versions < V16), SICAM A8000 CP-8021... | | |
| CVE-2020-28397 | A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMA... | S | |
| CVE-2020-28398 | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX ... | | |
| CVE-2020-28400 | Affected devices contain a vulnerability that allows an unauthenticated attacker to trigger a denial... | S | |
| CVE-2020-28401 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, a... | | |
| CVE-2020-28402 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, a... | | |
| CVE-2020-28403 | A Cross-Site Request Forgery (CSRF) vulnerability exists in Star Practice Management Web version 201... | | |
| CVE-2020-28404 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, a... | | |
| CVE-2020-28405 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, a... | | |
| CVE-2020-28406 | An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, a... | | |
| CVE-2020-28407 | In swtpm before 0.4.2 and 0.5.x before 0.5.1, a local attacker may be able to overwrite arbitrary fi... | S | |
| CVE-2020-28408 | The server in Dundas BI through 8.0.0.1001 allows XSS via an HTML label when creating or editing a d... | E | |
| CVE-2020-28409 | The server in Dundas BI through 8.0.0.1001 allows XSS via addition of a Component (e.g., a button) w... | E | |
| CVE-2020-28413 | In MantisBT 2.24.3, SQL Injection can occur in the parameter "access" of the mc_project_get_users fu... | E | |
| CVE-2020-28414 | A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.... | | |
| CVE-2020-28415 | A reflected cross-site scripting (XSS) vulnerability exists in the TranzWare Payment Gateway 3.1.12.... | | |
| CVE-2020-28416 | HP has identified a security vulnerability with the I.R.I.S. OCR (Optical Character Recognition) sof... | | |
| CVE-2020-28419 | During installation with certain driver software or application packages an arbitrary code execution... | | |
| CVE-2020-28421 | CA Unified Infrastructure Management 20.1 and earlier contains a vulnerability in the robot (control... | | |
| CVE-2020-28422 | Command Injection | | |
| CVE-2020-28423 | Command Injection | E | |
| CVE-2020-28424 | Command Injection | E | |
| CVE-2020-28425 | Command Injection | E | |
| CVE-2020-28426 | Command Injection | E | |
| CVE-2020-28429 | Command Injection | E | |
| CVE-2020-28430 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-28431 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-28432 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-28433 | Command Injection | E | |
| CVE-2020-28434 | Command Injection | E | |
| CVE-2020-28435 | Command Injection | E | |
| CVE-2020-28436 | Command Injection | E | |
| CVE-2020-28437 | Command Injection | E | |
| CVE-2020-28438 | Command Injection | E | |
| CVE-2020-28439 | Command Injection | | |
| CVE-2020-28440 | Command Injection | | |
| CVE-2020-28441 | Prototype Pollution | E S | |
| CVE-2020-28442 | Prototype Pollution | E | |
| CVE-2020-28443 | Command Injection | E | |
| CVE-2020-28445 | Command Injection | E | |
| CVE-2020-28446 | Command Injection | E S | |
| CVE-2020-28447 | Command Injection | E | |
| CVE-2020-28448 | Prototype Pollution | E | |
| CVE-2020-28449 | Prototype Pollution | E | |
| CVE-2020-28450 | Prototype Pollution | E | |
| CVE-2020-28451 | Command Injection | E S | |
| CVE-2020-28452 | Cross-site Request Forgery (CSRF) | S | |
| CVE-2020-28453 | Command Injection | E | |
| CVE-2020-28455 | Cross-site Scripting (XSS) | E | |
| CVE-2020-28456 | Cross-site Scripting (XSS) | E S | |
| CVE-2020-28457 | Cross-site Scripting (XSS) | E S | |
| CVE-2020-28458 | Prototype Pollution | E S | |
| CVE-2020-28459 | Cross-site Scripting (XSS) | E | |
| CVE-2020-28460 | Prototype Pollution | E S | |
| CVE-2020-28461 | Prototype Pollution | E S | |
| CVE-2020-28462 | Prototype Pollution | E | |
| CVE-2020-28463 | Server-side Request Forgery (SSRF) | E | |
| CVE-2020-28464 | Remote Code Execution (RCE) | E S | |
| CVE-2020-28466 | Denial of Service (DoS) | S | |
| CVE-2020-28468 | Improper Control of Generation of Code ('Code Injection') | E S | |
| CVE-2020-28469 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2020-28470 | Cross-site Scripting (XSS) | S | |
| CVE-2020-28471 | Prototype Pollution | E S | |
| CVE-2020-28472 | Prototype Pollution | E S | |
| CVE-2020-28473 | Web Cache Poisoning | E | |
| CVE-2020-28476 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2021-23336. Reason: This candidat... | R | |
| CVE-2020-28477 | Prototype Pollution | E | |
| CVE-2020-28478 | Prototype Pollution | E | |
| CVE-2020-28479 | Denial of Service (DoS) | | |
| CVE-2020-28480 | Prototype Pollution | | |
| CVE-2020-28481 | Insecure Defaults | E | |
| CVE-2020-28482 | Cross-site Request Forgery (CSRF) | | |
| CVE-2020-28483 | HTTP Response Splitting | S | |
| CVE-2020-28487 | Cross-site Scripting (XSS) | E S | |
| CVE-2020-28488 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-28490 | Command Injection | S | |
| CVE-2020-28491 | Denial of Service (DoS) | S | |
| CVE-2020-28492 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-28493 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2020-28494 | Command Injection | E S | |
| CVE-2020-28495 | Prototype Pollution | E S | |
| CVE-2020-28496 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2020-28498 | Cryptographic Issues | S | |
| CVE-2020-28499 | Prototype Pollution | | |
| CVE-2020-28500 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2020-28501 | Regular Expression Denial of Service (ReDoS) | E S | |
| CVE-2020-28502 | Arbitrary Code Injection | E | |
| CVE-2020-28503 | Prototype Pollution | E S | |
| CVE-2020-28572 | A vulnerability in Trend Micro Apex One could allow an unprivileged user to abuse the product instal... | | |
| CVE-2020-28573 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc... | | |
| CVE-2020-28574 | A unauthenticated path traversal arbitrary remote file deletion vulnerability in Trend Micro Worry-F... | E | |
| CVE-2020-28575 | A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Lin... | | |
| CVE-2020-28576 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc... | | |
| CVE-2020-28577 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc... | | |
| CVE-2020-28578 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unaut... | E | |
| CVE-2020-28579 | A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authe... | E | |
| CVE-2020-28580 | A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appli... | E | |
| CVE-2020-28581 | A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Ap... | E | |
| CVE-2020-28582 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc... | | |
| CVE-2020-28583 | An improper access control information disclosure vulnerability in Trend Micro Apex One and OfficeSc... | | |
| CVE-2020-28587 | A specially crafted document can cause the document parser to copy data from a particular record typ... | E | |
| CVE-2020-28588 | An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kerne... | E | |
| CVE-2020-28589 | An improper array index validation vulnerability exists in the LoadObj functionality of tinyobjloade... | E | |
| CVE-2020-28590 | An out-of-bounds read vulnerability exists in the Obj File TriangleMesh::TriangleMesh() functionalit... | E | |
| CVE-2020-28591 | An out-of-bounds read vulnerability exists in the AMF File AMFParserContext::endElement() functional... | E | |
| CVE-2020-28592 | A heap-based buffer overflow vulnerability exists in the configuration server functionality of the C... | E | |
| CVE-2020-28593 | A unauthenticated backdoor exists in the configuration server functionality of Cosori Smart 5.8-Quar... | E | |
| CVE-2020-28594 | A use-after-free vulnerability exists in the _3MF_Importer::_handle_end_model() functionality of Pru... | E | |
| CVE-2020-28595 | An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Researc... | E | |
| CVE-2020-28596 | A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Pru... | E | |
| CVE-2020-28597 | A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5... | | |
| CVE-2020-28598 | An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality ... | E | |
| CVE-2020-28599 | A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality o... | E | |
| CVE-2020-28600 | An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Opens... | E | |
| CVE-2020-28601 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-... | | |
| CVE-2020-28602 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28603 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28604 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28605 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28606 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28607 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28608 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28609 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28610 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28611 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28612 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28613 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28614 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28615 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28616 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28617 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28618 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28619 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28620 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28621 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28622 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28623 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28624 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28625 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28626 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28627 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28628 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28629 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28630 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28631 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28632 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28633 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28634 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28635 | Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libc... | E | |
| CVE-2020-28636 | A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-... | | |
| CVE-2020-28638 | ask_password in Tomb 2.0 through 2.7 returns a warning when pinentry-curses is used and $DISPLAY is ... | E | |
| CVE-2020-28641 | In Malwarebytes Free 4.1.0.56, a symbolic link may be used delete an arbitrary file on the system by... | | |
| CVE-2020-28642 | In InfiniteWP Admin Panel before 3.1.12.3, resetPasswordSendMail generates a weak password-reset cod... | | |
| CVE-2020-28644 | The CSRF (Cross Site Request Forgery) token check was improperly implemented on cookie authenticated... | | |
| CVE-2020-28645 | Deleting users with certain names caused system files to be deleted. Risk is higher for systems whic... | | |
| CVE-2020-28646 | ownCloud owncloud/client before 2.7 allows DLL Injection. The desktop client loaded development plug... | | |
| CVE-2020-28647 | In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within t... | E | |
| CVE-2020-28648 | Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authen... | E | |
| CVE-2020-28649 | The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_them... | E | |
| CVE-2020-28650 | The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to di... | E | |
| CVE-2020-28653 | Zoho ManageEngine OpManager Stable build before 125203 (and Released build before 125233) allows Rem... | E | |
| CVE-2020-28656 | The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles ... | E | |
| CVE-2020-28657 | In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authenti... | | |
| CVE-2020-28672 | MonoCMS Blog 1.0 is affected by incorrect access control that can lead to remote arbitrary code exec... | E | |
| CVE-2020-28679 | A vulnerability in the showReports module of Zoho ManageEngine Applications Manager before build 145... | | |
| CVE-2020-28687 | The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows rem... | E | |
| CVE-2020-28688 | The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remo... | E | |
| CVE-2020-28692 | In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the lo... | E | |
| CVE-2020-28693 | An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker ... | E | |
| CVE-2020-28695 | Askey Fiber Router RTF3505VW-N1 BR_SV_g000_R3505VWN1001_s32_7 devices allow Remote Code Execution an... | E | |
| CVE-2020-28702 | A SQL injection vulnerability in TopicMapper.xml of PybbsCMS v5.2.1 allows attackers to access sensi... | E | |
| CVE-2020-28705 | FUEL CMS 1.4.13 contains a cross-site request forgery (CSRF) vulnerability that can delete a page vi... | E S | |
| CVE-2020-28707 | The Stockdio Historical Chart plugin before 2.8.1 for WordPress is affected by Cross Site Scripting ... | E | |
| CVE-2020-28713 | Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 2019050... | E S | |
| CVE-2020-28715 | An issue was discovered in kdmserver service in LeEco LeTV X43 version V2401RCN02C080080B04121S, all... | | |
| CVE-2020-28717 | Cross Site Scripting (XSS) vulnerability in content1 parameter in demo.jsp in kindsoft kindeditor ve... | E | |
| CVE-2020-28722 | Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting... | E | |
| CVE-2020-28723 | Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1.... | E | |
| CVE-2020-28724 | Open redirect vulnerability in werkzeug before 0.11.6 via a double slash in the URL.... | E S | |
| CVE-2020-28726 | Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.... | S | |
| CVE-2020-28727 | Cross-site scripting (XSS) exists in SeedDMS 6.0.13 via the folderid parameter to views/bootstrap/cl... | S | |
| CVE-2020-28734 | Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager... | S | |
| CVE-2020-28735 | Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager rol... | S | |
| CVE-2020-28736 | Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of ... | S | |
| CVE-2020-28759 | The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another perso... | E | |
| CVE-2020-28838 | Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attack... | E | |
| CVE-2020-28840 | Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attac... | E S | |
| CVE-2020-28841 | MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioct... | E | |
| CVE-2020-28845 | A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user t... | E | |
| CVE-2020-28846 | Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which co... | E | |
| CVE-2020-28847 | Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/C... | | |
| CVE-2020-28848 | CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary... | E | |
| CVE-2020-28849 | Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execu... | E | |
| CVE-2020-28851 | In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while p... | E | |
| CVE-2020-28852 | In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLan... | E | |
| CVE-2020-28856 | OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP reque... | | |
| CVE-2020-28857 | OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied ... | E | |
| CVE-2020-28858 | OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request... | E | |
| CVE-2020-28859 | OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied i... | | |
| CVE-2020-28860 | OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied in... | E | |
| CVE-2020-28861 | OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on ... | E | |
| CVE-2020-28864 | Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possi... | | |
| CVE-2020-28865 | An issue was discovered in PowerJob through 3.2.2, allows attackers to change arbitrary user passwor... | S | |
| CVE-2020-28870 | In InoERP 0.7.2, an unauthorized attacker can execute arbitrary code on the server side due to lack ... | E | |
| CVE-2020-28871 | Remote code execution in Monitorr v1.7.6m in upload.php allows an unauthorized person to execute arb... | E | |
| CVE-2020-28872 | An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation/_r... | E | |
| CVE-2020-28873 | Fluxbb 1.5.11 is affected by a denial of service (DoS) vulnerability by sending an extremely long pa... | | |
| CVE-2020-28874 | reset-password.php in ProjectSend before r1295 allows remote attackers to reset a password because o... | E S | |
| CVE-2020-28877 | Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link ... | | |
| CVE-2020-28884 | Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An adminis... | | |
| CVE-2020-28885 | Liferay Portal Server tested on 7.3.5 GA6, 7.2.0 GA1 is affected by OS Command Injection. An adminis... | | |
| CVE-2020-28895 | integer overflow in calloc | S | |
| CVE-2020-28896 | Mutt before 2.0.2 and NeoMutt before 2020-11-20 did not ensure that $ssl_force_tls was processed if ... | S | |
| CVE-2020-28898 | In QED ResourceXpress through 4.9k, a large numeric or alphanumeric value submitted in specific URL ... | | |
| CVE-2020-28899 | The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, wh... | | |
| CVE-2020-28900 | Insufficient Verification of Data Authenticity in Nagios Fusion 4.1.8 and earlier and Nagios XI 5.7.... | E | |
| CVE-2020-28901 | Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation or Code Executi... | E | |
| CVE-2020-28902 | Command Injection in Nagios Fusion 4.1.8 and earlier allows Privilege Escalation from apache to root... | E | |
| CVE-2020-28903 | Improper input validation in Nagios Fusion 4.1.8 and earlier allows a remote attacker with control o... | E | |
| CVE-2020-28904 | Execution with Unnecessary Privileges in Nagios Fusion 4.1.8 and earlier allows for Privilege Escala... | E | |
| CVE-2020-28905 | Improper Input Validation in Nagios Fusion 4.1.8 and earlier allows an authenticated attacker to exe... | E | |
| CVE-2020-28906 | Incorrect File Permissions in Nagios XI 5.7.5 and earlier and Nagios Fusion 4.1.8 and earlier allows... | | |
| CVE-2020-28907 | Incorrect SSL certificate validation in Nagios Fusion 4.1.8 and earlier allows for Escalation of Pri... | E | |
| CVE-2020-28908 | Command Injection in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to nagios.... | E | |
| CVE-2020-28909 | Incorrect File Permissions in Nagios Fusion 4.1.8 and earlier allows for Privilege Escalation to roo... | E | |
| CVE-2020-28910 | Creation of a Temporary Directory with Insecure Permissions in Nagios XI 5.7.5 and earlier allows fo... | E | |
| CVE-2020-28911 | Incorrect Access Control in Nagios Fusion 4.1.8 and earlier allows low-privileged authenticated user... | E | |
| CVE-2020-28912 | With MariaDB running on Windows, when local clients connect to the server over named pipes, it's pos... | | |
| CVE-2020-28914 | An improper file permissions vulnerability affects Kata Containers prior to 1.11.5. When using a Kub... | | |
| CVE-2020-28915 | A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 co... | S | |
| CVE-2020-28916 | hw/net/e1000e_core.c in QEMU 5.0.0 has an infinite loop via an RX descriptor with a NULL buffer addr... | E S | |
| CVE-2020-28917 | An issue was discovered in the view_statistics (aka View frontend statistics) extension before 2.0.1... | | |
| CVE-2020-28918 | DualShield 5.9.8.0821 allows username enumeration on its login form. A valid username results in pro... | | |
| CVE-2020-28919 | A stored cross site scripting (XSS) vulnerability in Checkmk 1.6.0x prior to 1.6.0p19 allows an auth... | E S | |
| CVE-2020-28921 | An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driv... | E | |
| CVE-2020-28922 | An issue was discovered in Devid Espenschied PC Analyser through 4.10. The PCADRVX64.SYS kernel driv... | E | |
| CVE-2020-28923 | An issue was discovered in Play Framework 2.8.0 through 2.8.4. Carefully crafted JSON payloads sent ... | | |
| CVE-2020-28924 | An issue was discovered in Rclone before 1.53.3. Due to the use of a weak random number generator, t... | E S | |
| CVE-2020-28925 | Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefor... | S | |
| CVE-2020-28926 | ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UP... | E | |
| CVE-2020-28927 | There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits t... | E | |
| CVE-2020-28928 | In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size... | S | |
| CVE-2020-28929 | Unrestricted access to the log downloader functionality in EPSON EPS TSE Server 8 (21.0.11) allows a... | E | |
| CVE-2020-28930 | A Cross-Site Scripting (XSS) issue in the 'update user' and 'delete user' functionalities in setting... | E | |
| CVE-2020-28931 | Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 (21.0.11... | E | |
| CVE-2020-28935 | Local symlink attack in Unbound and NSD | | |
| CVE-2020-28937 | OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthent... | E | |
| CVE-2020-28938 | OpenClinic version 0.8.2 is affected by a stored XSS vulnerability in lib/Check.php that allows user... | E | |
| CVE-2020-28939 | OpenClinic version 0.8.2 is affected by a medical/test_new.php insecure file upload vulnerability. T... | E | |
| CVE-2020-28940 | On Western Digital My Cloud OS 5 devices before 5.06.115, the NAS Admin dashboard has an authenticat... | S | |
| CVE-2020-28941 | An issue was discovered in drivers/accessibility/speakup/spk_ttyio.c in the Linux kernel through 5.9... | S | |
| CVE-2020-28942 | An issue exists in PrimeKey EJBCA before 7.4.3 when enrolling with EST while proxied through an RA o... | | |
| CVE-2020-28943 | OX App Suite 7.10.4 and earlier allows SSRF via a snippet.... | E | |
| CVE-2020-28944 | OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with... | | |
| CVE-2020-28945 | OX App Suite 7.10.4 and earlier allows XSS via crafted content to reach an undocumented feature, suc... | E | |
| CVE-2020-28946 | An improper webserver configuration on Plum IK-401 devices with firmware before 1.02 allows an attac... | E | |
| CVE-2020-28947 | In MISP 2.4.134, XSS exists in the template element index view because the id parameter is mishandle... | S | |
| CVE-2020-28948 | Archive_Tar through 1.4.10 allows an unserialization attack because phar: is blocked but PHAR: is no... | E | |
| CVE-2020-28949 | Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any ... | KEV E | |
| CVE-2020-28950 | The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a... | | |
| CVE-2020-28951 | libuci in OpenWrt before 18.06.9 and 19.x before 19.07.5 may encounter a use after free when using m... | | |
| CVE-2020-28952 | An issue was discovered on Athom Homey and Homey Pro devices before 5.0.0. ZigBee hub devices should... | | |
| CVE-2020-28953 | In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.... | S | |
| CVE-2020-28954 | web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitiza... | S | |
| CVE-2020-28955 | SugarCRM v6.5.18 was discovered to contain a cross-site scripting (XSS) vulnerability in the Create ... | E | |
| CVE-2020-28956 | Multiple cross-site scripting (XSS) vulnerabilities in the Sales module of SugarCRM v6.5.18 allows a... | E | |
| CVE-2020-28957 | Multiple cross-site scripting (XSS) vulnerabilities in the Customer Add module of Foxlor v0.10.16 al... | E | |
| CVE-2020-28960 | Chichen Tech CMS v1.0 was discovered to contain multiple SQL injection vulnerabilities in the file p... | E | |
| CVE-2020-28961 | Perfex CRM v2.4.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the... | E | |
| CVE-2020-28963 | Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via ... | E | |
| CVE-2020-28964 | Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search ... | E | |
| CVE-2020-28967 | FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function... | E | |
| CVE-2020-28968 | Draytek VigorAP 1000C contains a stored cross-site scripting (XSS) vulnerability in the RADIUS Setti... | E | |
| CVE-2020-28969 | Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial... | | |
| CVE-2020-28970 | An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authen... | S | |
| CVE-2020-28971 | An issue was discovered on Western Digital My Cloud OS 5 devices before 5.06.115. A NAS Admin authen... | S | |
| CVE-2020-28972 | In SaltStack Salt before 3002.5, authentication to VMware vcenter, vsphere, and esxi servers (in the... | | |
| CVE-2020-28973 | The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requ... | | |
| CVE-2020-28974 | A slab-out-of-bounds read in fbcon in the Linux kernel before 5.9.7 could be used by local attackers... | E S | |
| CVE-2020-28975 | svm_predict_values in svm.cpp in Libsvm v324, as used in scikit-learn 0.23.2 and other products, all... | E S | |
| CVE-2020-28976 | The Canto plugin 1.3.0 for WordPress contains a blind SSRF vulnerability. It allows an unauthenticat... | | |
| CVE-2020-28977 | The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated... | | |
| CVE-2020-28978 | The Canto plugin 1.3.0 for WordPress contains blind SSRF vulnerability. It allows an unauthenticated... | | |
| CVE-2020-28984 | prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the cou... | S | |
| CVE-2020-28991 | Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP ... | S | |
| CVE-2020-28993 | A Directory Traversal vulnerability exists in ATX miniCMTS200a Broadband Gateway through 2.0 and Pic... | E | |
| CVE-2020-28994 | A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting ver... | E | |
| CVE-2020-28998 | An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the Tel... | | |
| CVE-2020-28999 | An issue was discovered in Apexis Streaming Video Web Application on Geeni GNC-CW013 doorbell 1.8.1 ... | |