Show filters
414 topics marked with the following tags:
Displaying 11-20 of 414
Sort by:
Attacker Value
Moderate

CVE-2020-10245

Disclosure Date: March 26, 2020 (last updated June 05, 2020)
CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow.
Attacker Value
Moderate

CVE-2020-12004

Disclosure Date: June 09, 2020 (last updated July 30, 2020)
The affected product lacks proper authentication required to query the server on the Ignition 8 Gateway (versions prior to 8.0.10) and Ignition 7 Gateway (versions prior to 7.9.14), allowing an attacker to obtain sensitive information.
Attacker Value
Low

CVE-2023-0297

Last updated January 14, 2023
Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31.
1
Attacker Value
Moderate

CVE-2020-8091

Disclosure Date: January 27, 2020 (last updated June 05, 2020)
svg.swf in TYPO3 6.2.0 to 6.2.38 ELTS and 7.0.0 to 7.1.0 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on a targeted system. This may be at a contrib/websvg/svg.swf pathname.
Attacker Value
Very High

CVE-2020-15506

Disclosure Date: July 07, 2020 (last updated September 18, 2020)
An authentication bypass vulnerability in MobileIron Core & Connector versions 10.3.0.3 and earlier, 10.4.0.0, 10.4.0.1, 10.4.0.2, 10.4.0.3, 10.5.1.0, 10.5.2.0 and 10.6.0.0 that allows remote attackers to bypass authentication mechanisms via unspecified vectors.
Attacker Value
High

CVE-2021-26295

Disclosure Date: March 22, 2021 (last updated March 26, 2021)
Apache OFBiz has unsafe deserialization prior to 17.12.06. An unauthenticated attacker can use this vulnerability to successfully take over Apache OFBiz.
Attacker Value
Very High

CVE-2020-8010 Nimbus protocol allows unauth read/write/execute

Disclosure Date: February 18, 2020 (last updated September 27, 2021)
CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute commands, read from, or write to the target system.
Attacker Value
Very High

CVE-2020-3259

Disclosure Date: May 06, 2020 (last updated September 18, 2021)
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to retrieve memory contents on an affected device, which could lead to the disclosure of confidential information. The vulnerability is due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. An attacker could exploit this vulnerability by sending a crafted GET request to the web services interface. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information. Note: This vulnerability affects only specific AnyConnect and WebVPN configurations. For more information, see the Vulnerable Products section.
Attacker Value
High

CVE-2020-7373

Disclosure Date: October 30, 2020 (last updated November 13, 2020)
vBulletin 5.5.4 through 5.6.2 allows remote command execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. NOTE: this issue exists because of an incomplete fix for CVE-2019-16759. ALSO NOTE: CVE-2020-7373 is a duplicate of CVE-2020-17496. CVE-2020-17496 is the preferred CVE ID to track this vulnerability.
Attacker Value
Low

CVE-2019-19908

Disclosure Date: June 19, 2019 (last updated June 05, 2020)
phpMyChat-Plus 1.98 is vulnerable to reflected XSS via JavaScript injection into the password reset URL. In the URL, the pmc_username parameter to pass_reset.php is vulnerable.