The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
ID | Description | Priority | Modified date |
---|---|---|---|
CVE-2020-19551 | Blacklist bypass issue exists in WUZHI CMS up to and including 4.1.0 in common.func.php, which when uploaded can cause remote code executiong. | MEDIUM | Sep 22, 2021 |
CVE-2020-19547 | Directory Traversal vulnerability exists in PopojiCMS 2.0.1 via the id parameter in admin.php. | MEDIUM | Aug 25, 2021 |
CVE-2020-19527 | iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. | HIGH | Dec 11, 2020 |
CVE-2020-19515 | qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\\install\\modules\\database_config.php. | MEDIUM | Sep 9, 2021 |
CVE-2020-19513 | Buffer overflow in FinalWire Ltd AIDA64 Engineer 6.00.5100 allows attackers to execute arbitrary code by creating a crafted input that will overwrite the SEH handler. | MEDIUM | Feb 19, 2021 |
CVE-2020-19511 | Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes, | MEDIUM | Jun 24, 2021 |
CVE-2020-19510 | Textpattern 4.7.3 contains an aribtrary file load via the file_insert function in include/txp_file.php. | HIGH | Jun 24, 2021 |
CVE-2020-19500 | Rejected reason: DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | -- | Nov 7, 2023 |
CVE-2020-19499 | An issue was discovered in heif::Box_iref::get_references in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impact due to an invalid memory read. | MEDIUM | Jul 21, 2021 |
CVE-2020-19498 | Floating point exception in function Fraction in libheif 1.4.0, allows attackers to cause a Denial of Service or possibly other unspecified impacts. | MEDIUM | Jul 21, 2021 |
CVE-2020-19497 | Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio (aka MAT File I/O Library) 1.5.17, allows attackers to cause a Denial of Service or possibly other unspecified impacts. | MEDIUM | Jul 21, 2021 |
CVE-2020-19492 | There is a floating point exception in ReadImage that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | MEDIUM | Jul 21, 2021 |
CVE-2020-19491 | There is an invalid memory access bug in cgif.c that leads to a Segmentation fault in sam2p 0.49.4. A crafted input will lead to a denial of service or possibly unspecified other impact. | MEDIUM | Jul 21, 2021 |
CVE-2020-19490 | tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. | MEDIUM | Jul 21, 2021 |
CVE-2020-19488 | An issue was discovered in box_code_apple.c:119 in Gpac MP4Box 0.8.0, allows attackers to cause a Denial of Service due to an invalid read on function ilst_item_Read. | MEDIUM | Jul 21, 2021 |
CVE-2020-19481 | An issue was discovered in GPAC before 0.8.0, as demonstrated by MP4Box. It contains an invalid memory read in gf_m2ts_process_pmt in media_tools/mpegts.c that can cause a denial of service via a crafted MP4 file. | MEDIUM | Jul 21, 2021 |
CVE-2020-19475 | An issue has been found in function CCITTFaxStream::lookChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 2 . | MEDIUM | Jul 21, 2021 |
CVE-2020-19474 | An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Use After Free . | MEDIUM | Jul 21, 2021 |
CVE-2020-19473 | An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an uncaught floating point exception. | MEDIUM | Jul 21, 2021 |
CVE-2020-19472 | An issue has been found in function DCTStream::readHuffSym in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 2 . | MEDIUM | Jul 21, 2021 |
CVE-2020-19471 | An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4 . | MEDIUM | Jul 21, 2021 |
CVE-2020-19470 | An issue has been found in function DCTStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a NULL pointer dereference (invalid read of size 1) . | MEDIUM | Jul 21, 2021 |
CVE-2020-19469 | An issue has been found in function DCTStream::reset in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 8 . | MEDIUM | Jul 21, 2021 |
CVE-2020-19468 | An issue has been found in function EmbedStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a null pointer derefenrece (invalid read of size 8) . | MEDIUM | Jul 21, 2021 |
CVE-2020-19467 | An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Illegal Use After Free . | MEDIUM | Jul 21, 2021 |
CVE-2020-19466 | An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 1 . | MEDIUM | Jul 21, 2021 |
CVE-2020-19465 | An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4 . | MEDIUM | Jul 21, 2021 |
CVE-2020-19464 | An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow . | MEDIUM | Jul 21, 2021 |
CVE-2020-19463 | An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow. | MEDIUM | Jul 21, 2021 |
CVE-2020-19455 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via components/com_jdownloads/helpers/categories.php, order function via the filter_order parameter. | MEDIUM | Sep 25, 2020 |
CVE-2020-19451 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, updateLog function via the X-forwarded-for Header parameter. | MEDIUM | Sep 25, 2020 |
CVE-2020-19450 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! via com_jdownloads/helpers/jdownloadshelper.php, getUserLimits function in the list parameter. | MEDIUM | Sep 25, 2020 |
CVE-2020-19447 | SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter. | MEDIUM | Sep 24, 2020 |
CVE-2020-19419 | Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication. | MEDIUM | Mar 10, 2021 |
CVE-2020-19417 | Emerson Smart Wireless Gateway 1420 4.6.59 allows non-privileged users (such as the default account \'maint\') to perform administrative tasks by sending specially crafted HTTP requests to the application. | HIGH | Mar 10, 2021 |
CVE-2020-19364 | OpenEMR 5.0.1 allows an authenticated attacker to upload and execute malicious PHP scripts through /controller.php. | MEDIUM | Jan 22, 2021 |
CVE-2020-19363 | Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. | MEDIUM | Jan 22, 2021 |
CVE-2020-19362 | Reflected XSS in Vtiger CRM v7.2.0 in vtigercrm/index.php? through the view parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. | MEDIUM | Jan 22, 2021 |
CVE-2020-19361 | Reflected XSS in Medintux v2.16.000 CCAM.php by manipulating the mot1 parameter can result in an attacker performing malicious actions to users who open a maliciously crafted link or third-party web page. | MEDIUM | Jan 22, 2021 |
CVE-2020-19360 | Local file inclusion in FHEM 6.0 allows in fhem/FileLog_logWrapper file parameter can allow an attacker to include a file, which can lead to sensitive information disclosure. | MEDIUM | Jan 22, 2021 |
CVE-2020-19323 | An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required | -- | Sep 12, 2023 |
CVE-2020-19320 | Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login. | -- | Sep 12, 2023 |
CVE-2020-19319 | Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login. | -- | Sep 12, 2023 |
CVE-2020-19318 | Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program. | -- | Sep 11, 2023 |
CVE-2020-19316 | OS Command injection vulnerability in function link in Filesystem.php in Laravel Framework before 5.8.17. | MEDIUM | Dec 22, 2021 |
CVE-2020-19305 | An issue in /app/system/column/admin/index.class.php of Metinfo v7.0.0 causes the indeximg parameter to be deleted when the column is deleted, allowing attackers to escalate privileges. | HIGH | Aug 4, 2021 |
CVE-2020-19304 | An issue in /admin/index.php?n=system&c=filept&a=doGetFileList of Metinfo v7.0.0 allows attackers to perform a directory traversal and access sensitive information. | MEDIUM | Aug 4, 2021 |
CVE-2020-19303 | An arbitrary file upload vulnerability in /fileupload.php of hdcms 5.7 allows attackers to execute arbitrary code via a crafted file. | MEDIUM | Aug 4, 2021 |
CVE-2020-19302 | An arbitrary file upload vulnerability in the avatar upload function of vaeThink v1.0.1 allows attackers to open a webshell via changing uploaded file suffixes to .php. | HIGH | Aug 4, 2021 |
CVE-2020-19301 | A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter. | HIGH | Aug 4, 2021 |