Search

Search Results (365250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-5572 1 Cybozu 1 Mailwise 2024-11-21 4.6 Medium
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
CVE-2020-5571 1 Sharp 20 Aquos Compact Sh-m06, Aquos Compact Sh-m06 Firmware, Aquos L2 and 17 more 2024-11-21 7.5 High
SHARP AQUOS series (AQUOS SH-M02 build number 01.00.05 and earlier, AQUOS SH-RM02 build number 01.00.04 and earlier, AQUOS mini SH-M03 build number 01.00.04 and earlier, AQUOS Keitai SH-N01 build number 01.00.01 and earlier, AQUOS L2 (UQ mobile/J:COM) build number 01.00.05 and earlier, AQUOS sense lite SH-M05 build number 03.00.04 and earlier, AQUOS sense (UQ mobile) build number 03.00.03 and earlier, AQUOS compact SH-M06 build number 02.00.02 and earlier, AQUOS sense plus SH-M07 build number 02.00.02 and earlier, AQUOS sense2 SH-M08 build number 02.00.05 and earlier, and AQUOS sense2 (UQ mobile) build number 02.00.06 and earlier) allow an attacker to obtain the sensitive information of the device via malicious applications installed on the device.
CVE-2020-5570 1 Ni-consul 1 Sales Force Assistant 2024-11-21 5.4 Medium
Cross-site scripting vulnerability in Sales Force Assistant version 11.2.48 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5569 1 Toshiba 19 Hd-ma10ts, Hd-ma10ty, Hd-ma20ts and 16 more 2024-11-21 8.4 High
An unquoted search path vulnerability exists in HDD Password tool (for Windows) version 1.20.6620 and earlier which is stored in CANVIO PREMIUM 3TB(HD-MB30TY, HD-MA30TY, HD-MB30TS, HD-MA30TS), CANVIO PREMIUM 2TB(HD-MB20TY, HD-MA20TY, HD-MB20TS, HD-MA20TS), CANVIO PREMIUM 1TB(HD-MB10TY, HD-MA10TY, HD-MB10TS, HD-MA10TS), CANVIO SLIM 1TB(HD-SB10TK, HD-SB10TS), and CANVIO SLIM 500GB(HD-SB50GK, HD-SA50GK, HD-SB50GS, HD-SA50GS), and which was downloaded before 2020 May 10. Since it registers Windows services with unquoted file paths, when a registered path contains spaces, and a malicious executable is placed on a certain path, it may be executed with the privilege of the Windows service.
CVE-2020-5568 1 Cybozu 1 Garoon 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 5.0.0 allows remote attackers to inject arbitrary web script or HTML via the applications 'Messages' and 'Bulletin Board'.
CVE-2020-5567 1 Cybozu 1 Garoon 2024-11-21 7.5 High
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in Application Menu.
CVE-2020-5566 1 Cybozu 1 Garoon 2024-11-21 4.3 Medium
Improper authorization vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote authenticated attackers to alter the application's data via the applications 'E-mail' and 'Messages'.
CVE-2020-5565 1 Cybozu 1 Garoon 2024-11-21 4.3 Medium
Improper input validation vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows a remote authenticated attacker to alter the application's data via the applications 'Workflow' and 'MultiReport'.
CVE-2020-5564 1 Cybozu 1 Garoon 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the application 'E-mail'.
CVE-2020-5563 1 Cybozu 1 Garoon 2024-11-21 5.3 Medium
Improper authentication vulnerability in Cybozu Garoon 4.0.0 to 4.10.3 allows remote attackers to obtain data in the affected product via the API.
CVE-2020-5562 1 Cybozu 1 Garoon 2024-11-21 4.9 Medium
Server-side request forgery (SSRF) vulnerability in Cybozu Garoon 4.6.0 to 4.6.3 allows a remote attacker with an administrative privilege to issue arbitrary HTTP requests to other web servers via V-CUBE Meeting function.
CVE-2020-5561 1 Keijiban Tsumiki Project 1 Keijiban Tsumiki 2024-11-21 9.8 Critical
Keijiban Tsumiki v1.15 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2020-5560 1 Wl-enq Project 1 Wl-enq 2024-11-21 9.8 Critical
WL-Enq 1.11 and 1.12 allows remote attackers to execute arbitrary OS commands with the administrative privilege via unspecified vectors.
CVE-2020-5559 1 Wl-enq Project 1 Wl-enq 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in WL-Enq 1.11 and 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5558 1 Cutephp 1 Cutenews 2024-11-21 8.8 High
CuteNews 2.0.1 allows remote authenticated attackers to execute arbitrary PHP code via unspecified vectors.
CVE-2020-5557 1 Cutephp 1 Cutenews 2024-11-21 6.1 Medium
Cross-site scripting vulnerability in CuteNews 2.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2020-5556 1 Shihonkanri Plus Goout Project 1 Shihonkanri Plus Goout 2024-11-21 9.8 Critical
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to execute arbitrary OS commands via unspecified vectors.
CVE-2020-5555 1 Shihonkanri Plus Goout Project 1 Shihonkanri Plus Goout 2024-11-21 9.1 Critical
Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write data of the files placed in the same directory where it is placed via unspecified vector due to the improper input validation issue.
CVE-2020-5554 1 Shihonkanri Plus Goout Project 1 Shihonkanri Plus Goout 2024-11-21 9.1 Critical
Directory traversal vulnerability in Shihonkanri Plus GOOUT Ver1.5.8 and Ver2.2.10 allows remote attackers to read and write arbitrary files via unspecified vectors.
CVE-2020-5553 1 Mailform 1 Mailform 2024-11-21 9.8 Critical
mailform version 1.04 allows remote attackers to execute arbitrary PHP code via unspecified vectors.