| ID | Summary | Flags | Max Score |
|---|---|---|---|
| CVE-2020-29000 | An issue was discovered on Geeni GNC-CW013 doorbell 1.8.1 devices. A vulnerability exists in the RTS... | | |
| CVE-2020-29001 | An issue was discovered on Geeni GNC-CW028 Camera 2.7.2, Geeni GNC-CW025 Doorbell 2.9.5, Merkury MI-... | E | |
| CVE-2020-29002 | includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a... | E S | |
| CVE-2020-29003 | The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question,... | E | |
| CVE-2020-29004 | The API in the Push extension for MediaWiki through 1.35 did not require an edit token in ApiPushBas... | S | |
| CVE-2020-29005 | The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, all... | S | |
| CVE-2020-29006 | MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and a... | S | |
| CVE-2020-29007 | The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to imp... | E M | |
| CVE-2020-29010 | An exposure of sensitive information to an unauthorized actor vulnerability in FortiOS version 6.2.4... | S | |
| CVE-2020-29011 | Instances of SQL Injection vulnerabilities in the checksum search and MTA-quarantine modules of Fort... | | |
| CVE-2020-29012 | An insufficient session expiration vulnerability in FortiSandbox versions 3.2.1 and below may allow ... | | |
| CVE-2020-29013 | An improper input validation vulnerability in the sniffer interface of FortiSandbox before 3.2.2 may... | S | |
| CVE-2020-29014 | A concurrent execution using shared resource with improper synchronization ('race condition') in the... | | |
| CVE-2020-29015 | A blind SQL injection in the user interface of FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4... | | |
| CVE-2020-29016 | A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4... | | |
| CVE-2020-29017 | An OS command injection vulnerability in FortiDeceptor 3.1.0, 3.0.1, 3.0.0 may allow a remote authen... | | |
| CVE-2020-29018 | A format string vulnerability in FortiWeb 6.3.0 through 6.3.5 may allow an authenticated, remote att... | | |
| CVE-2020-29019 | A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4... | | |
| CVE-2020-29020 | Reject Remote Management via Cellular UPLINK2 | M | |
| CVE-2020-29021 | Scripting tag chars < > not filtered in input fields could cause Cross-Site Scripting (XSS) | | |
| CVE-2020-29022 | Host Header Injection allowing web cache poisoning attacks | | |
| CVE-2020-29023 | CSV Formula Injection possible due to improper fields escaping in GateManager | | |
| CVE-2020-29024 | Missing HtppOnly and Secure flags | | |
| CVE-2020-29025 | DOM-based Javascript injection | | |
| CVE-2020-29026 | A directory traversal vulnerability exists in the file upload function of the GateManager that allow... | | |
| CVE-2020-29027 | Reflected Cross Site Scripting | | |
| CVE-2020-29028 | Reflected XSS issues | | |
| CVE-2020-29029 | XSS issue due to insufficient sanitization of input field | | |
| CVE-2020-29030 | Insufficient CSRF guards | | |
| CVE-2020-29031 | Insecure Direct Object Reference in GateManager WebUI can cause privilege escalation | | |
| CVE-2020-29032 | Add integrity check of GateManager firmware | | |
| CVE-2020-29040 | An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of s... | | |
| CVE-2020-29041 | A misconfiguration in Web-Sesame 2020.1.1.3375 allows an unauthenticated attacker to download the so... | E | |
| CVE-2020-29042 | An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an u... | E | |
| CVE-2020-29043 | An issue was discovered in BigBlueButton through 2.2.29. When at attacker is able to view an account... | E | |
| CVE-2020-29045 | The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitr... | E | |
| CVE-2020-29047 | The wp-hotel-booking plugin through 1.10.2 for WordPress allows remote attackers to execute arbitrar... | E | |
| CVE-2020-29050 | SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in conjunction ... | E | |
| CVE-2020-29053 | HRSALE 2.0.0 allows XSS via the admin/project/projects_calendar set_date parameter.... | E | |
| CVE-2020-29054 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29055 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29056 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29057 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29058 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29059 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29060 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29061 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29062 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29063 | An issue was discovered on CDATA 72408A, 9008A, 9016A, 92408A, 92416A, 9288, 97016, 97024P, 97028P, ... | E | |
| CVE-2020-29065 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual w... | R | |
| CVE-2020-29069 | _get_flag_ip_localdb in server/mhn/ui/utils.py in Modern Honey Network (MHN) through 2020-11-23 allo... | E | |
| CVE-2020-29070 | osCommerce 2.3.4.1 has XSS vulnerability via the authenticated user entering the XSS payload into th... | E S | |
| CVE-2020-29071 | An XSS issue was found in the Shares feature of LiquidFiles before 3.3.19. The issue arises from the... | E | |
| CVE-2020-29072 | A Cross-Site Script Inclusion vulnerability was found on LiquidFiles before 3.3.19. This client-side... | E | |
| CVE-2020-29074 | scan.c in x11vnc 0.9.16 uses IPC_CREAT|0777 in shmget calls, which allows access by actors other tha... | S | |
| CVE-2020-29075 | PDF Injection BlackHat Talk | | |
| CVE-2020-29127 | An issue was discovered on Fujitsu Eternus Storage DX200 S4 devices through 2020-11-25. After loggin... | E | |
| CVE-2020-29128 | petl before 1.68, in some configurations, allows resolution of entities in an XML document.... | S | |
| CVE-2020-29129 | ncsi.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount of... | | |
| CVE-2020-29130 | slirp.c in libslirp through 4.3.1 has a buffer over-read because it tries to read a certain amount o... | E | |
| CVE-2020-29133 | jsp/upload.jsp in Coremail XT 5.0 allows XSS via an uploaded personal signature, as demonstrated by ... | | |
| CVE-2020-29134 | The TOTVS Fluig platform allows path traversal through the parameter "file = .. /" encoded in base64... | E | |
| CVE-2020-29135 | cPanel before 90.0.17 has multiple instances of URL parameter injection (SEC-567).... | | |
| CVE-2020-29136 | In cPanel before 90.0.17, 2FA can be bypassed via a brute-force approach (SEC-575).... | | |
| CVE-2020-29137 | cPanel before 90.0.17 allows self-XSS via the WHM Transfer Tool interface (SEC-577).... | | |
| CVE-2020-29138 | Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0, softw... | | |
| CVE-2020-29139 | A SQL injection vulnerability in interface/main/finder/patient_select.php from library/patient.inc i... | E | |
| CVE-2020-29140 | A SQL injection vulnerability in interface/reports/immunization_report.php in OpenEMR before 5.0.2.5... | E S | |
| CVE-2020-29142 | A SQL injection vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.5 a... | E S | |
| CVE-2020-29143 | A SQL injection vulnerability in interface/reports/non_reported.php in OpenEMR before 5.0.2.5 allows... | E | |
| CVE-2020-29144 | In Ericsson BSCS iX R18 Billing & Rating iX R18, MX is a web base module in BSCS iX that is vulnerab... | E | |
| CVE-2020-29145 | In Ericsson BSCS iX R18 Billing & Rating iX R18, ADMX is a web base module in BSCS iX that is vulner... | E | |
| CVE-2020-29146 | A cross site scripting (XSS) vulnerability in index.php of Wayang-CMS v1.0 allows attackers to execu... | E | |
| CVE-2020-29147 | A SQL injection vulnerability in wy_controlls/wy_side_visitor.php of Wayang-CMS v1.0 allows attacker... | E | |
| CVE-2020-29156 | The WooCommerce plugin before 4.7.0 for WordPress allows remote attackers to view the status of arbi... | E | |
| CVE-2020-29157 | An issue in RAONWIZ K Editor v2018.0.0.10 allows attackers to perform a DLL hijacking attack when th... | E | |
| CVE-2020-29158 | An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can by... | S | |
| CVE-2020-29159 | An issue was discovered in Zammad before 3.5.1. The default signup Role (for newly created Users) ca... | S | |
| CVE-2020-29160 | An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket ... | S | |
| CVE-2020-29163 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by SQL injection.... | E | |
| CVE-2020-29164 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by cross-site scripting (XSS).... | E | |
| CVE-2020-29165 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control, which c... | E | |
| CVE-2020-29166 | PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by file read/manipulation, which can... | E | |
| CVE-2020-29168 | SQL Injection vulnerability in Projectworlds Online Doctor Appointment Booking System, allows attack... | E | |
| CVE-2020-29171 | Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tri... | S | |
| CVE-2020-29172 | A cross-site scripting (XSS) vulnerability in the LiteSpeed Cache plugin before 3.6.1 for WordPress ... | | |
| CVE-2020-29176 | An arbitrary file upload vulnerability in Z-BlogPHP v1.6.1.2100 allows attackers to execute arbitrar... | | |
| CVE-2020-29177 | Z-BlogPHP v1.6.1.2100 was discovered to contain an arbitrary file deletion vulnerability via \app_de... | | |
| CVE-2020-29189 | Incorrect Access Control vulnerability in TerraMaster TOS <= 4.2.06 allows remote authenticated atta... | E | |
| CVE-2020-29193 | Panasonic Security System WV-S2231L 4.25 has an insecure hard-coded password of lkjhgfdsa (which is ... | | |
| CVE-2020-29194 | Panasonic Security System WV-S2231L 4.25 allows a denial of service of the admin control panel (whic... | E | |
| CVE-2020-29203 | struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT... | E | |
| CVE-2020-29204 | XXL-JOB 2.2.0 allows Stored XSS (in Add User) to bypass the 20-character limit via xxl-job-admin/src... | E | |
| CVE-2020-29205 | XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject ... | E | |
| CVE-2020-29214 | SQL injection vulnerability in SourceCodester Alumni Management System 1.0 allows the user to inject... | E | |
| CVE-2020-29215 | A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute a... | E | |
| CVE-2020-29227 | An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a f... | E | |
| CVE-2020-29228 | EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by SQL injection i... | E | |
| CVE-2020-29230 | EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scri... | E | |
| CVE-2020-29231 | EGavilanMedia User Registration and Login System With Admin Panel 1.0 is affected by cross-site scri... | E | |
| CVE-2020-29233 | WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Page description component. This vu... | E | |
| CVE-2020-29238 | An integer buffer overflow in the Nginx webserver of ExpressVPN Router version 1 allows remote attac... | | |
| CVE-2020-29239 | Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulner... | | |
| CVE-2020-29240 | Lepton-CMS 4.7.0 is affected by cross-site scripting (XSS). An attacker can inject the XSS payload i... | E | |
| CVE-2020-29241 | Online News Portal using PHP/MySQLi 1.0 is affected by cross-site scripting (XSS) which allows remot... | | |
| CVE-2020-29242 | dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readPICFrame.... | E S | |
| CVE-2020-29243 | dhowden tag before 2020-11-19 allows "panic: runtime error: index out of range" via readAPICFrame.... | E S | |
| CVE-2020-29244 | dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readTextW... | E S | |
| CVE-2020-29245 | dhowden tag before 2020-11-19 allows "panic: runtime error: slice bounds out of range" via readAtomD... | E S | |
| CVE-2020-29247 | WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Admin Panel. An attacker can inject... | E | |
| CVE-2020-29249 | CXUUCMS V3 allows class="layui-input" XSS.... | E | |
| CVE-2020-29250 | CXUUCMS V3 allows XSS via the first and third input fields to /public/admin.php.... | E | |
| CVE-2020-29254 | TikiWiki 21.2 allows templates to be edited without CSRF protection. This could allow an unauthentic... | E | |
| CVE-2020-29257 | Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the q parameter to fee... | E | |
| CVE-2020-29258 | Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the w parameter to ind... | E | |
| CVE-2020-29259 | Cross-site scripting (XSS) vulnerability in Online Examination System 1.0 via the subject or feedbac... | E | |
| CVE-2020-29260 | libvncclient v0.9.13 was discovered to contain a memory leak via the function rfbClientCleanup().... | S | |
| CVE-2020-29279 | PHP remote file inclusion in the assign_resume_tpl method in Application/Common/Controller/BaseContr... | E | |
| CVE-2020-29280 | The Victor CMS v1.0 application is vulnerable to SQL injection via the 'search' parameter on the sea... | | |
| CVE-2020-29282 | SQL injection vulnerability in BloodX 1.0 allows attackers to bypass authentication.... | E | |
| CVE-2020-29283 | An SQL injection vulnerability was discovered in Online Doctor Appointment Booking System PHP and My... | E | |
| CVE-2020-29284 | The file view-chair-list.php in Multi Restaurant Table Reservation System 1.0 does not perform input... | E | |
| CVE-2020-29285 | SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited ... | E | |
| CVE-2020-29287 | An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited ... | E | |
| CVE-2020-29288 | An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET ... | E | |
| CVE-2020-29292 | iBall WRD12EN 1.0.0 devices allow cross-site request forgery (CSRF) attacks as demonstrated by enabl... | | |
| CVE-2020-29297 | Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.... | E | |
| CVE-2020-29299 | Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during... | | |
| CVE-2020-29303 | A cross-site scripting (XSS) vulnerability in the SabaiApp Directories Pro plugin 1.3.45 for WordPre... | E | |
| CVE-2020-29304 | A cross-site scripting (XSS) vulnerability exists in the SabaiApps WordPress Directories Pro plugin ... | E | |
| CVE-2020-29311 | Ubilling v1.0.9 allows Remote Command Execution as Root user by executing a malicious command that i... | E | |
| CVE-2020-29312 | An issue found in Zend Framework v.3.1.3 and before allow a remote attacker to execute arbitrary cod... | | |
| CVE-2020-29315 | ThinkAdmin version v1 v6 has a stored XSS vulnerability which allows remote attackers to inject an a... | E | |
| CVE-2020-29321 | The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through de... | E | |
| CVE-2020-29322 | The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through de... | E | |
| CVE-2020-29323 | The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet s... | E | |
| CVE-2020-29324 | The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service thr... | E | |
| CVE-2020-29361 | An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been disc... | | |
| CVE-2020-29362 | An issue was discovered in p11-kit 0.21.1 through 0.23.21. A heap-based buffer over-read has been di... | | |
| CVE-2020-29363 | An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been dis... | S | |
| CVE-2020-29364 | In NetArt News Lister 1.0.0, the news headlines vulnerable to stored xss attacks. Attackers can inje... | E | |
| CVE-2020-29367 | blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lac... | S | |
| CVE-2020-29368 | An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. Th... | E S | |
| CVE-2020-29369 | An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition be... | E S | |
| CVE-2020-29370 | An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The... | E S | |
| CVE-2020-29371 | An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Un... | E S | |
| CVE-2020-29372 | An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a r... | E S | |
| CVE-2020-29373 | An issue was discovered in fs/io_uring.c in the Linux kernel before 5.6. It unsafely handles the roo... | E S | |
| CVE-2020-29374 | An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. ... | E S | |
| CVE-2020-29375 | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.... | | |
| CVE-2020-29376 | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.... | E | |
| CVE-2020-29377 | An issue was discovered on V-SOL V1600D V2.03.69 OLT devices. The string K0LTdi@gnos312$ is compared... | E | |
| CVE-2020-29378 | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.... | | |
| CVE-2020-29379 | An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. During the ... | E | |
| CVE-2020-29380 | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.... | | |
| CVE-2020-29381 | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.... | | |
| CVE-2020-29382 | An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G... | E | |
| CVE-2020-29383 | An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded... | | |
| CVE-2020-29384 | An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an ... | E | |
| CVE-2020-29385 | GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c i... | S | |
| CVE-2020-29389 | The official Crux Linux Docker images 3.0 through 3.4 contain a blank password for a root user. Syst... | | |
| CVE-2020-29390 | Zeroshell 3.9.3 contains a command injection vulnerability in the /cgi-bin/kerbynet StartSessionSubm... | E | |
| CVE-2020-29392 | The Estil Hill Lock Password Manager Safe app 2.3 for iOS has a *#06#* backdoor password. An attacke... | E | |
| CVE-2020-29394 | A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GE... | E S | |
| CVE-2020-29395 | The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.... | E | |
| CVE-2020-29396 | A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when r... | S | |
| CVE-2020-29397 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29398 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29399 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29400 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29401 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29402 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29403 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29404 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29405 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29406 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29407 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29408 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29410 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unuse... | R | |
| CVE-2020-29436 | Sonatype Nexus Repository Manager 3.x before 3.29.0 allows a user with admin privileges to configure... | | |
| CVE-2020-29437 | SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to e... | E S | |
| CVE-2020-29438 | Tesla Model X vehicles before 2020-11-23 have key fobs that accept firmware updates without signatur... | E | |
| CVE-2020-29439 | Tesla Model X vehicles before 2020-11-23 have key fobs that rely on five VIN digits for the authenti... | E | |
| CVE-2020-29440 | Tesla Model X vehicles before 2020-11-23 do not perform certificate validation during an attempt to ... | E | |
| CVE-2020-29441 | An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauth... | | |
| CVE-2020-29443 | ide_atapi_cmd_reply_end in hw/ide/atapi.c in QEMU 5.1.0 allows out-of-bounds read access because a b... | S | |
| CVE-2020-29444 | Affected versions of Team Calendar in Confluence Server before 7.11.0 allow attackers to inject arbi... | | |
| CVE-2020-29445 | Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow att... | | |
| CVE-2020-29446 | Affected versions of Atlassian Fisheye & Crucible allow remote attackers to browse local files via a... | | |
| CVE-2020-29447 | Affected versions of Atlassian Crucible allow remote attackers to impact the application's availabil... | | |
| CVE-2020-29448 | The ConfluenceResourceDownloadRewriteRule class in Confluence Server and Confluence Data Center befo... | S | |
| CVE-2020-29450 | Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to impact th... | | |
| CVE-2020-29451 | Affected versions of Atlassian Jira Server and Data Center allow remote attackers to enumerate Jira ... | | |
| CVE-2020-29453 | The CachingResourceDownloadRewriteRule class in Jira Server and Jira Data Center before version 8.5.... | | |
| CVE-2020-29454 | Editors/LogViewerController.cs in Umbraco through 8.9.1 allows a user to visit a logviewer endpoint ... | | |
| CVE-2020-29455 | A cross-Site Scripting (XSS) vulnerability in this.showInvalid and this.showInvalidCountry in Smarty... | E | |
| CVE-2020-29456 | Multiple cross-site scripting (XSS) vulnerabilities in Papermerge before 1.5.2 allow remote attacker... | | |
| CVE-2020-29457 | A Privilege Elevation vulnerability in OPC UA .NET Standard Stack 1.4.363.107 could allow a rogue ap... | S | |
| CVE-2020-29458 | Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.... | E | |
| CVE-2020-29469 | WonderCMS 3.1.3 is affected by cross-site scripting (XSS) in the Menu component. This vulnerability ... | E | |
| CVE-2020-29470 | OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Subject field of mail. This vulner... | E | |
| CVE-2020-29471 | OpenCart 3.0.3.6 is affected by cross-site scripting (XSS) in the Profile Image. An admin can upload... | E | |
| CVE-2020-29472 | EGavilan Media Under Construction page with cPanel 1.0 contains a SQL injection vulnerability. An at... | E | |
| CVE-2020-29474 | EGavilan Media EGM Address Book 1.0 contains a SQL injection vulnerability. An attacker can gain Adm... | E | |
| CVE-2020-29475 | nopCommerce Store 4.30 is affected by cross-site scripting (XSS) in the Schedule tasks name field. T... | E | |
| CVE-2020-29477 | Invision Community 4.5.4 is affected by cross-site scripting (XSS) in the Field Name field. This vul... | E | |
| CVE-2020-29478 | CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup U... | | |
| CVE-2020-29479 | An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal r... | S | |
| CVE-2020-29480 | An issue was discovered in Xen through 4.14.x. Neither xenstore implementation does any permission c... | S | |
| CVE-2020-29481 | An issue was discovered in Xen through 4.14.x. Access rights of Xenstore nodes are per domid. Unfort... | S | |
| CVE-2020-29482 | An issue was discovered in Xen through 4.14.x. A guest may access xenstore paths via absolute paths ... | S | |
| CVE-2020-29483 | An issue was discovered in Xen through 4.14.x. Xenstored and guests communicate via a shared memory ... | S | |
| CVE-2020-29484 | An issue was discovered in Xen through 4.14.x. When a Xenstore watch fires, the xenstore client that... | S | |
| CVE-2020-29485 | An issue was discovered in Xen 4.6 through 4.14.x. When acting upon a guest XS_RESET_WATCHES request... | S | |
| CVE-2020-29486 | An issue was discovered in Xen through 4.14.x. Nodes in xenstore have an ownership. In oxenstored, a... | S | |
| CVE-2020-29487 | An issue was discovered in Xen XAPI before 2020-12-15. Certain xenstore keys provide feedback from t... | S | |
| CVE-2020-29489 | Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contains a plain-text passwor... | | |
| CVE-2020-29490 | Dell EMC Unity, Unity XT, and UnityVSA versions prior to 5.0.4.0.5.012 contain a Denial of Service v... | | |
| CVE-2020-29491 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A r... | | |
| CVE-2020-29492 | Dell Wyse ThinOS 8.6 and prior versions contain an insecure default configuration vulnerability. A r... | | |
| CVE-2020-29493 | DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a SQL Injection Vulnerability in Fitness ... | S | |
| CVE-2020-29494 | Dell EMC Avamar Server, versions 19.1, 19.2, 19.3, contain a Path Traversal Vulnerability in PDM. A ... | S | |
| CVE-2020-29495 | DELL EMC Avamar Server, versions 19.1, 19.2, 19.3, contain an OS Command Injection Vulnerability in ... | S | |
| CVE-2020-29496 | Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability... | | |
| CVE-2020-29497 | Dell Wyse Management Suite versions prior to 3.1 contain a stored cross-site scripting vulnerability... | | |
| CVE-2020-29498 | Dell Wyse Management Suite versions prior to 3.1 contain an open redirect vulnerability. A remote un... | | |
| CVE-2020-29499 | Dell EMC PowerStore versions prior to 1.0.3.0.5.006 contain an OS Command Injection vulnerability in... | S | |
| CVE-2020-29500 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerabil... | | |
| CVE-2020-29501 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerabil... | | |
| CVE-2020-29502 | Dell EMC PowerStore versions prior to 1.0.3.0.5.007 contain a Plain-Text Password Storage Vulnerabil... | | |
| CVE-2020-29503 | Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A local... | S | |
| CVE-2020-29504 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versi... | | |
| CVE-2020-29505 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | S | |
| CVE-2020-29506 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | S | |
| CVE-2020-29507 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.4, and Dell BSAFE Micro Edition Suite, versio... | S | |
| CVE-2020-29508 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versio... | S | |
| CVE-2020-29509 | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute... | M | |
| CVE-2020-29510 | The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics o... | M | |
| CVE-2020-29511 | The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element n... | M | |
| CVE-2020-29529 | HashiCorp go-slug up to 0.4.3 did not fully protect against directory traversal while unpacking tar ... | E S | |
| CVE-2020-29534 | An issue was discovered in the Linux kernel before 5.9.3. io_uring takes a non-refcounted reference ... | E S | |
| CVE-2020-29535 | Archer before 6.8 P4 (6.8.0.4) contains a stored XSS vulnerability. A remote authenticated malicious... | | |
| CVE-2020-29536 | Archer before 6.8 P2 (6.8.0.2) is affected by a path exposure vulnerability. A remote authenticated ... | | |
| CVE-2020-29537 | Archer before 6.8 P2 (6.8.0.2) is affected by an open redirect vulnerability. A remote privileged at... | | |
| CVE-2020-29538 | Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A remote... | | |
| CVE-2020-29539 | A Cross-Site Scripting (XSS) issue in WebUI Translation in Systran Pure Neural Server before 9.7.0 a... | E | |
| CVE-2020-29540 | API calls in the Translation API feature in Systran Pure Neural Server before 9.7.0 allow a threat a... | E | |
| CVE-2020-29547 | An issue was discovered in Citadel through webcit-926. Meddler-in-the-middle attackers can pipeline ... | | |
| CVE-2020-29548 | An issue was discovered in SmarterTools SmarterMail through 100.0.7537. Meddler-in-the-middle attack... | | |
| CVE-2020-29550 | An issue was discovered in URVE Build 24.03.2020. The password of an integration user account (used ... | E | |
| CVE-2020-29551 | An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is po... | E | |
| CVE-2020-29552 | An issue was discovered in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&oper... | E | |
| CVE-2020-29553 | The Scheduler in Grav CMS through 1.7.0-rc.17 allows an attacker to execute a system command by tric... | E | |
| CVE-2020-29555 | The BackupDelete functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to d... | E S | |
| CVE-2020-29556 | The Backup functionality in Grav CMS through 1.7.0-rc.17 allows an authenticated attacker to read ar... | E S | |
| CVE-2020-29557 | An issue was discovered on D-Link DIR-825 R1 devices through 3.0.1 before 2020-11-20. A buffer overf... | KEV E | |
| CVE-2020-29561 | An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a reserva... | | |
| CVE-2020-29562 | The iconv function in the GNU C Library (aka glibc or libc6) 2.30 to 2.32, when converting UCS4 text... | E S | |
| CVE-2020-29563 | An issue was discovered on Western Digital My Cloud OS 5 devices before 5.07.118. A NAS Admin authen... | | |
| CVE-2020-29564 | The official Consul Docker images 0.7.1 through 1.4.2 contain a blank password for a root user. Syst... | | |
| CVE-2020-29565 | An issue was discovered in OpenStack Horizon before 15.3.2, 16.x before 16.2.1, 17.x and 18.x before... | E S | |
| CVE-2020-29566 | An issue was discovered in Xen through 4.14.x. When they require assistance from the device model, x... | S | |
| CVE-2020-29567 | An issue was discovered in Xen 4.14.x. When moving IRQs between CPUs to distribute the load of IRQ h... | S | |
| CVE-2020-29568 | An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are pr... | S | |
| CVE-2020-29569 | An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Lin... | S | |
| CVE-2020-29570 | An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maint... | S | |
| CVE-2020-29571 | An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time function... | S | |
| CVE-2020-29572 | app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via th... | S | |
| CVE-2020-29573 | sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a s... | S | |
| CVE-2020-29574 | An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthentica... | KEV | |
| CVE-2020-29575 | The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for... | | |
| CVE-2020-29576 | The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems... | | |
| CVE-2020-29577 | The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems u... | | |
| CVE-2020-29578 | The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a ... | | |
| CVE-2020-29579 | The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. S... | | |
| CVE-2020-29580 | The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems usin... | | |
| CVE-2020-29581 | The official spiped docker images before 1.5-alpine contain a blank password for a root user. System... | | |
| CVE-2020-29582 | In JetBrains Kotlin before 1.4.21, a vulnerable Java API was used for temporary file and folder crea... | S | |
| CVE-2020-29583 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchange... | KEV E | |
| CVE-2020-29587 | SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog box... | E | |
| CVE-2020-29589 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-5021. Reason: This candidate... | R | |
| CVE-2020-29590 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-5021. Reason: This candidate... | R | |
| CVE-2020-29591 | Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root ... | | |
| CVE-2020-29592 | An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components ... | E | |
| CVE-2020-29593 | An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field all... | E | |
| CVE-2020-29594 | Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3... | S | |
| CVE-2020-29595 | PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mo... | E | |
| CVE-2020-29596 | MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a... | E | |
| CVE-2020-29597 | IncomCMS 2.0 has a modules/uploader/showcase/script.php insecure file upload vulnerability. This vul... | E | |
| CVE-2020-29598 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-29599 | ImageMagick before 6.9.11-40 and 7.x before 7.0.10-40 mishandles the -authenticate option, which all... | E | |
| CVE-2020-29600 | In AWStats through 7.7, cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was ... | E | |
| CVE-2020-29601 | The official notary docker images before signer-0.6.1-1 contain a blank password for a root user. Sy... | | |
| CVE-2020-29602 | The official irssi docker images before 1.1-alpine (Alpine specific) contain a blank password for a ... | | |
| CVE-2020-29603 | In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve... | E S | |
| CVE-2020-29604 | An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php all... | E S | |
| CVE-2020-29605 | An issue was discovered in MantisBT before 2.24.4. Due to insufficient access-level checks, any logg... | E S | |
| CVE-2020-29606 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with... | R | |
| CVE-2020-29607 | A file upload restriction bypass vulnerability in Pluck CMS before 4.7.13 allows an admin privileged... | E | |
| CVE-2020-29608 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big ... | | |
| CVE-2020-29610 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7... | | |
| CVE-2020-29611 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvO... | | |
| CVE-2020-29612 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in mac... | | |
| CVE-2020-29613 | A logic issue was addressed with improved state management. This issue is fixed in iOS 14.3 and iPad... | | |
| CVE-2020-29614 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security U... | | |
| CVE-2020-29615 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7... | | |
| CVE-2020-29616 | A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS... | | |
| CVE-2020-29617 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3... | | |
| CVE-2020-29618 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3... | | |
| CVE-2020-29619 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3... | | |
| CVE-2020-29620 | This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Secu... | | |
| CVE-2020-29621 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security U... | | |
| CVE-2020-29622 | A race condition was addressed with additional validation. This issue is fixed in Security Update 20... | | |
| CVE-2020-29623 | "Clear History and Website Data" did not clear the history. The issue was addressed with improved da... | | |
| CVE-2020-29624 | A memory corruption issue existed in the processing of font files. This issue was addressed with imp... | | |
| CVE-2020-29625 | This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security U... | | |
| CVE-2020-29629 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big... | | |
| CVE-2020-29633 | An authentication issue was addressed with improved state management. This issue is fixed in macOS B... | | |
| CVE-2020-29639 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.0 ... | | |
| CVE-2020-29651 | A denial of service via regular expression in the py.path.svnwc component of py (aka python-py) thro... | S | |
| CVE-2020-29652 | A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be4... | | |
| CVE-2020-29653 | Froxlor through 0.10.22 does not perform validation on user input passed in the customermail GET par... | E S | |
| CVE-2020-29654 | Western Digital Dashboard before 3.2.2.9 allows DLL Hijacking that leads to compromise of the SYSTEM... | | |
| CVE-2020-29655 | An injection vulnerability exists in RT-AC88U Download Master before 3.1.0.108. Accessing Main_Login... | | |
| CVE-2020-29656 | An information disclosure vulnerability exists in RT-AC88U Download Master before 3.1.0.108. A direc... | | |
| CVE-2020-29657 | In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-u... | | |
| CVE-2020-29658 | Zoho ManageEngine Application Control Plus before 100523 has an insecure SSL configuration setting f... | S | |
| CVE-2020-29659 | A buffer overflow in the web server of Flexense DupScout Enterprise 10.0.18 allows a remote anonymou... | E | |
| CVE-2020-29660 | A locking inconsistency issue was discovered in the tty subsystem of the Linux kernel through 5.9.13... | E S | |
| CVE-2020-29661 | A locking issue was discovered in the tty subsystem of the Linux kernel through 5.9.13. drivers/tty/... | S | |
| CVE-2020-29662 | In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog’s registry API is exposed on an unauth... | | |
| CVE-2020-29663 | Icinga 2 v2.8.0 through v2.11.7 and v2.12.2 has an issue where revoked certificates due for renewal ... | S | |
| CVE-2020-29664 | A command injection issue in dji_sys in DJI Mavic 2 Remote Controller before firmware version 01.00.... | E | |
| CVE-2020-29666 | In Lan ATMService M3 ATM Monitoring System 6.1.0, due to a directory-listing vulnerability, a remote... | | |
| CVE-2020-29667 | In Lan ATMService M3 ATM Monitoring System 6.1.0, a remote attacker able to use a default cookie val... | | |
| CVE-2020-29668 | Sympa before 6.2.59b.2 allows remote attackers to obtain full SOAP API access by sending any arbitra... | E S | |
| CVE-2020-29669 | In the Macally WIFISD2-2A82 Media and Travel Router 2.000.010, the Guest user is able to reset its o... | E |