Search

Search Results (363429 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-26941 1 Eset 8 Endpoint Antivirus, Endpoint Security, File Security and 5 more 2024-11-21 5.5 Medium
A local (authenticated) low-privileged user can exploit a behavior in an ESET installer to achieve arbitrary file overwrite (deletion) of any file via a symlink, due to insecure permissions. The possibility of exploiting this vulnerability is limited and can only take place during the installation phase of ESET products. Furthermore, exploitation can only succeed when Self-Defense is disabled. Affected products are: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security, ESET Smart Security Premium versions 13.2 and lower; ESET Endpoint Antivirus, ESET Endpoint Security, ESET NOD32 Antivirus Business Edition, ESET Smart Security Business Edition versions 7.3 and lower; ESET File Security for Microsoft Windows Server, ESET Mail Security for Microsoft Exchange Server, ESET Mail Security for IBM Domino, ESET Security for Kerio, ESET Security for Microsoft SharePoint Server versions 7.2 and lower.
CVE-2020-26938 1 Oauth2-server Project 1 Oauth2-server 2024-11-21 7.2 High
In oauth2-server (aka node-oauth2-server) through 3.1.1, the value of the redirect_uri parameter received during the authorization and token request is checked against an incorrect URI pattern ("[a-zA-Z][a-zA-Z0-9+.-]+:") before making a redirection. This allows a malicious client to pass an XSS payload through the redirect_uri parameter while making an authorization request. NOTE: this vulnerability is similar to CVE-2020-7741.
CVE-2020-26936 1 Cloudera 1 Data Engineering 2024-11-21 8.8 High
Cloudera Data Engineering (CDE) before 1.1 was vulnerable to a CSRF attack.
CVE-2020-26935 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Backports Sle and 2 more 2024-11-21 9.8 Critical
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.
CVE-2020-26934 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Backports Sle and 2 more 2024-11-21 6.1 Medium
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
CVE-2020-26933 1 Trustedcomputinggroup 1 Trusted Platform Module 2024-11-21 7.2 High
Trusted Computing Group (TCG) Trusted Platform Module Library Family 2.0 Library Specification Revisions 1.38 through 1.59 has Incorrect Access Control during a non-orderly TPM shut-down that uses USE_DA_USED. Improper initialization of this shut-down may result in susceptibility to a dictionary attack.
CVE-2020-26932 2 Debian, Sympa 2 Debian Linux, Sympa 2024-11-21 4.3 Medium
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
CVE-2020-26931 1 Netgear 6 Wc7500, Wc7500 Firmware, Wc7600 and 3 more 2024-11-21 5.9 Medium
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.
CVE-2020-26930 1 Netgear 2 Ex7700, Ex7700 Firmware 2024-11-21 3.3 Low
NETGEAR EX7700 devices before 1.0.0.210 are affected by incorrect configuration of security settings.
CVE-2020-26929 1 Netgear 4 R6220, R6220 Firmware, R6230 and 1 more 2024-11-21 7.3 High
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.
CVE-2020-26928 1 Netgear 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
CVE-2020-26927 1 Netgear 34 Ac2100, Ac2100 Firmware, Ac2400 and 31 more 2024-11-21 9.4 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.42, R6080 before 1.0.0.42, R6050 before 1.0.1.26, JR6150 before 1.0.1.26, R6120 before 1.0.0.66, R6220 before 1.1.0.100, R6260 before 1.1.0.66, R6700v2 before 1.2.0.62, R6800 before 1.2.0.62, R6900v2 before 1.2.0.62, AC2100 before 1.2.0.62, AC2400 before 1.2.0.62, AC2600 before 1.2.0.62, R7450 before 1.2.0.62, and WNR2020 before 1.1.0.62.
CVE-2020-26926 1 Netgear 14 Cbr40, Cbr40 Firmware, Rbk752 and 11 more 2024-11-21 9.6 Critical
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.10, RBK752 before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK852 before 3.2.10.11, RBR850 before 3.2.10.11, and RBS850 before 3.2.10.11.
CVE-2020-26925 1 Netgear 2 Gs808e, Gs808e Firmware 2024-11-21 3.2 Low
NETGEAR GS808E devices before 1.7.1.0 are affected by denial of service.
CVE-2020-26924 1 Netgear 4 Wac720, Wac720 Firmware, Wac730 and 1 more 2024-11-21 3.1 Low
Certain NETGEAR devices are affected by disclosure of sensitive information. This affects WAC720 before 3.9.1.13 and WAC730 before 3.9.1.13.
CVE-2020-26923 1 Netgear 8 Wc7500, Wc7500 Firmware, Wc7600 and 5 more 2024-11-21 4.3 Medium
Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.
CVE-2020-26922 1 Netgear 8 Wc7500, Wc7500 Firmware, Wc7600 and 5 more 2024-11-21 6.4 Medium
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.
CVE-2020-26921 1 Netgear 8 Gs110emx, Gs110emx Firmware, Gs810emx and 5 more 2024-11-21 8.3 High
Certain NETGEAR devices are affected by authentication bypass. This affects GS110EMX before 1.0.1.7, GS810EMX before 1.7.1.3, XS512EM before 1.0.1.3, and XS724EM before 1.0.1.3.
CVE-2020-26920 1 Netgear 6 Srk60, Srk60 Firmware, Srr60 and 3 more 2024-11-21 8.8 High
Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects SRK60 before 2.5.3.110, SRR60 before 2.5.3.110, and SRS60 before 2.5.3.110.
CVE-2020-26918 1 Netgear 20 Ex7000, Ex7000 Firmware, R6250 and 17 more 2024-11-21 4.1 Medium
Certain NETGEAR devices are affected by stored XSS. This affects EX7000 before 1.0.1.78, R6250 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.66, R6700v3 before 1.0.2.66, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7900 before 1.0.3.8, R8300 before 1.0.2.128, and R8500 before 1.0.2.128.