Search

Search Results (365162 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-7993 1 Prototypejs 1 Prototype 2024-11-21 4.3 Medium
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.
CVE-2020-7991 1 Adive 1 Framework 2024-11-21 8.8 High
Adive Framework 2.0.8 has admin/config CSRF to change the Administrator password.
CVE-2020-7990 1 Adive 1 Framework 2024-11-21 6.1 Medium
Adive Framework 2.0.8 has admin/user/add userName XSS.
CVE-2020-7989 1 Adive 1 Framework 2024-11-21 6.1 Medium
Adive Framework 2.0.8 has admin/user/add userUsername XSS.
CVE-2020-7988 1 Phpipam 1 Phpipam 2024-11-21 8.8 High
An issue was discovered in tools/pass-change/result.php in phpIPAM 1.4. CSRF can be used to change the password of any user/admin, to escalate privileges, and to gain access to more data and functionality. This issue exists due to the lack of a requirement to provide the old password, and the lack of security tokens.
CVE-2020-7984 1 Solarwinds 1 N-central 2024-11-21 7.5 High
SolarWinds N-central before 12.1 SP1 HF5 and 12.2 before SP1 HF2 allows remote attackers to retrieve cleartext domain admin credentials from the Agent & Probe settings, and obtain other sensitive information. The attacker can use a customer ID to self register and read any aspects of the agent/appliance configuration.
CVE-2020-7983 1 Commscope 2 Ruckus Zoneflex R500, Ruckus Zoneflex R500 Firmware 2024-11-21 8.1 High
A CSRF issue in login.asp on Ruckus R500 3.4.2.0.384 devices allows remote attackers to access the panel or conduct SSRF attacks.
CVE-2020-7982 1 Openwrt 2 Lede, Openwrt 2024-11-21 8.1 High
An issue was discovered in OpenWrt 18.06.0 to 18.06.6 and 19.07.0, and LEDE 17.01.0 to 17.01.7. A bug in the fork of the opkg package manager before 2020-01-25 prevents correct parsing of embedded checksums in the signed repository index, allowing a man-in-the-middle attacker to inject arbitrary package payloads (which are installed without verification).
CVE-2020-7981 1 Rubygeocoder 1 Geocoder 2024-11-21 9.8 Critical
sql.rb in Geocoder before 1.6.1 allows Boolean-based SQL injection when within_bounding_box is used in conjunction with untrusted sw_lat, sw_lng, ne_lat, or ne_lng data.
CVE-2020-7980 1 Intelliantech 1 Aptus Web 2024-11-21 9.8 Critical
Intellian Aptus Web 1.24 allows remote attackers to execute arbitrary OS commands via the Q field within JSON data to the cgi-bin/libagent.cgi URI. NOTE: a valid sid cookie for a login to the intellian default account might be needed.
CVE-2020-7979 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
GitLab EE 8.9 and later through 12.7.2 has Insecure Permission
CVE-2020-7978 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.
CVE-2020-7977 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
GitLab EE 8.8 and later through 12.7.2 has Insecure Permissions.
CVE-2020-7976 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
GitLab EE 12.4 and later through 12.7.2 has Incorrect Access Control.
CVE-2020-7974 1 Gitlab 1 Gitlab 2024-11-21 5.3 Medium
GitLab EE 10.1 through 12.7.2 allows Information Disclosure.
CVE-2020-7973 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
GitLab through 12.7.2 allows XSS.
CVE-2020-7972 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
GitLab EE 12.2 has Insecure Permissions (issue 2 of 2).
CVE-2020-7971 1 Gitlab 1 Gitlab 2024-11-21 6.1 Medium
GitLab EE 11.0 and later through 12.7.2 allows XSS.
CVE-2020-7969 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
GitLab EE 8.0 and later through 12.7.2 allows Information Disclosure.
CVE-2020-7968 1 Gitlab 1 Gitlab 2024-11-21 7.5 High
GitLab EE 8.0 through 12.7.2 has Incorrect Access Control.