Search

Search Results (363286 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-28861 1 Openasset 1 Digital Asset Management 2024-11-21 5.3 Medium
OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application.
CVE-2020-28860 1 Openasset 1 Digital Asset Management 2024-11-21 8.8 High
OpenAssetDigital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection.
CVE-2020-28859 1 Openasset 1 Digital Asset Management 2024-11-21 6.1 Medium
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks.
CVE-2020-28858 1 Openasset 1 Digital Asset Management 2024-11-21 8.8 High
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions.
CVE-2020-28857 1 Openasset 1 Digital Asset Management 2024-11-21 6.1 Medium
OpenAsset Digital Asset Management (DAM) through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks.
CVE-2020-28856 1 Openasset 1 Digital Asset Management 2024-11-21 7.5 High
OpenAsset Digital Asset Management (DAM) through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access controls.
CVE-2020-28852 2 Golang, Redhat 5 Text, Acm, Enterprise Linux and 2 more 2024-11-21 7.5 High
In x/text in Go before v0.3.5, a "slice bounds out of range" panic occurs in language.ParseAcceptLanguage while processing a BCP 47 tag. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
CVE-2020-28851 2 Golang, Redhat 5 Go, Acm, Enterprise Linux and 2 more 2024-11-21 7.5 High
In x/text in Go 1.15.4, an "index out of range" panic occurs in language.ParseAcceptLanguage while parsing the -u- extension. (x/text/language is supposed to be able to parse an HTTP Accept-Language header.)
CVE-2020-28849 1 Churchcrm 1 Churchcrm 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in ChurchCRM version 4.2.1, allows remote attckers to execute arbitrary code and gain sensitive information via crafted payload in Add New Deposit field in View All Deposit module.
CVE-2020-28848 1 Churchcrm 1 Churchcrm 2024-11-21 8.8 High
CSV Injection vulnerability in ChurchCRM version 4.2.0, allows remote attackers to execute arbitrary code via crafted CSV file.
CVE-2020-28847 1 Valine.js 1 Valine 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability in xCss Valine v1.4.14 via the nick parameter to /classes/Comment.
CVE-2020-28846 1 Seacms 1 Seacms 2024-11-21 6.5 Medium
Cross Site Request Forgery (CSRF) vulnerability exists in SeaCMS 10.7 in admin_manager.php, which could let a malicious user add an admin account.
CVE-2020-28845 1 Netskope 1 Netskope 2024-11-21 7.8 High
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.
CVE-2020-28841 1 Drivergenius 1 Drivergenius Firmware 2024-11-21 5.5 Medium
MyDrivers64.sys in DriverGenius 9.61.3708.3054 allows attackers to cause a system crash via the ioctl command 0x9c402000 to \\.\MyDrivers0_0_1.
CVE-2020-28840 1 Matthiaswandel 1 Jhead 2024-11-21 7.8 High
Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).
CVE-2020-28838 1 Opencart 1 Opencart 2024-11-21 3.5 Low
Cross Site Request Forgery (CSRF) in CART option in OpenCart Ltd. Opencart CMS 3.0.3.6 allows attacker to add cart items via Add to cart.
CVE-2020-28759 1 Tengine Project 1 Tengine 2024-11-21 5.5 Medium
The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far.
CVE-2020-28736 1 Plone 1 Plone 2024-11-21 8.8 High
Plone before 5.2.3 allows XXE attacks via a feature that is protected by an unapplied permission of plone.schemaeditor.ManageSchemata (therefore, only available to the Manager role).
CVE-2020-28735 1 Plone 1 Plone 2024-11-21 8.8 High
Plone before 5.2.3 allows SSRF attacks via the tracebacks feature (only available to the Manager role).
CVE-2020-28734 1 Plone 1 Plone 2024-11-21 8.8 High
Plone before 5.2.3 allows XXE attacks via a feature that is explicitly only available to the Manager role.