The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-24028 | ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. | MEDIUM | Sep 2, 2020 | n/a |
| CVE-2020-24027 | In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP PLAY command, when the command specifies seeking by absolute time. | HIGH | Jan 13, 2021 | n/a |
| CVE-2020-24026 | TinyShop, a free and open source mall based on RageFrame2, has a stored XSS vulnerability that affects version 1.2.0. TinyShop allows XSS via the explain_first and again_explain parameters of the /evaluate/index.php page. The vulnerability may be exploited remotely, resulting in cross-site scripting (XSS) or information disclosure. | MEDIUM | May 18, 2021 | n/a |
| CVE-2020-24025 | Certificate validation in node-sass 2.0.0 to 4.14.1 is disabled when requesting binaries even if the user is not specifying an alternative download path. | MEDIUM | Jan 15, 2021 | n/a |
| CVE-2020-24020 | Buffer Overflow vulnerability in FFMpeg 4.2.3 in dnn_execute_layer_pad in libavfilter/dnn/dnn_backend_native_layer_pad.c due to a call to memcpy without length checks, which could let a remote malicious user execute arbitrary code. | MEDIUM | May 28, 2021 | n/a |
| CVE-2020-24008 | Umanni RH 1.0 has a user enumeration vulnerability. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | MEDIUM | Aug 26, 2020 | n/a |
| CVE-2020-24007 | Umanni RH 1.0 does not limit the number of authentication attempts. An unauthenticated user may exploit this vulnerability to launch a brute-force authentication attack against the Login page. | HIGH | Aug 26, 2020 | n/a |
| CVE-2020-24003 | Microsoft Skype through 8.59.0.77 on macOS has the disable-library-validation entitlement, which allows a local process (with the user\'s privileges) to obtain unprompted microphone and camera access by loading a crafted library and thereby inheriting Skype Client\'s microphone and camera access. | LOW | Jan 14, 2021 | n/a |
| CVE-2020-24000 | SQL Injection vulnerability in eyoucms cms v1.4.7, allows attackers to execute arbitrary code and disclose sensitive information, via the tid parameter to index.php. | HIGH | Nov 4, 2021 | n/a |
| CVE-2020-23996 | A local file inclusion vulnerability in ILIAS before 5.3.19, 5.4.10 and 6.0 allows remote authenticated attackers to execute arbitrary code via the import of personal data. | MEDIUM | May 13, 2021 | n/a |
| CVE-2020-23995 | An information disclosure vulnerability in ILIAS before 5.3.19, 5.4.12 and 6.0 allows remote authenticated attackers to get the upload data path via a workspace upload. | MEDIUM | May 13, 2021 | n/a |
| CVE-2020-23992 | Cross Site Scripting (XSS) in Nagios XI 5.7.1 allows remote attackers to run arbitrary code via returnUrl parameter in a crafted GET request. | -- | Aug 22, 2023 | n/a |
| CVE-2020-23989 | NeDi 1.9C allows pwsec.php oid XSS. | LOW | Nov 3, 2020 | n/a |
| CVE-2020-23986 | Github Read Me Stats commit 3c7220e4f7144f6cb068fd433c774f6db47ccb95 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the function renderError. | MEDIUM | Jan 8, 2022 | n/a |
| CVE-2020-23984 | Online Hotel Booking System Pro PHP Version 1.3 has Persistent Cross-site Scripting in Customer registration-form all-tags. | LOW | Aug 27, 2020 | n/a |
| CVE-2020-23983 | Michael-design iChat Realtime PHP Live Support System 1.6 has persistent Cross-site Scripting via chat,text-filed tags. | LOW | Aug 27, 2020 | n/a |
| CVE-2020-23982 | DesignMasterEvents Conference management 1.0.0 has cross site scripting via the \'certificate.php\' | MEDIUM | Aug 27, 2020 | n/a |
| CVE-2020-23981 | 13enforme CMS 1.0 has Cross Site Scripting via the content.php id parameter. | MEDIUM | Aug 28, 2020 | n/a |
| CVE-2020-23980 | DesignMasterEvents Conference management 1.0.0 allows SQL Injection via the username field on the administrator login page. | HIGH | Aug 27, 2020 | n/a |
| CVE-2020-23979 | 13enforme CMS 1.0 has SQL Injection via the \'content.php\' id parameter. | HIGH | Aug 28, 2020 | n/a |
| CVE-2020-23978 | SQL injection can occur in Soluzione Globale Ecommerce CMS v1 via the parameter offerta.php | HIGH | Aug 28, 2020 | n/a |
| CVE-2020-23977 | KandNconcepts Club CMS 1.1 and 1.2 has cross site scripting via the \'team.php,player.php,club.php\' id parameter. | MEDIUM | Aug 27, 2020 | n/a |
| CVE-2020-23976 | Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has SQL Injection via the \'content.php\' id parameter. | HIGH | Aug 27, 2020 | n/a |
| CVE-2020-23975 | Webexcels Ecommerce CMS 2.x, 2017, 2018, 2019, 2020 has cross site scripting via the \'search.php\' id parameter. | MEDIUM | Aug 27, 2020 | n/a |
| CVE-2020-23974 | Create-Project Manager 1.07 has Multi Persistent Cross-site Scripting and HTML injection in via Online chat, Social feed,Message(title-tag), Add new client (all-tags). | LOW | Aug 27, 2020 | n/a |
| CVE-2020-23973 | KandNconcepts Club CMS 1.1 and 1.2 has SQL Injection via the \'team.php,player.php,club.php\' id parameter. | HIGH | Aug 27, 2020 | n/a |
| CVE-2020-23972 | In Joomla Component GMapFP Version J3.5 and J3.5free, an attacker can access the upload function without authenticating to the application and can also upload files which due to issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | MEDIUM | Aug 27, 2020 | n/a |
| CVE-2020-23971 | gmapfp.org Joomla Component GMapFP J3.30pro is affected by Insecure Permissions. An attacker can access the upload function without authenticating to the application and also can upload files due the issues of unrestricted file uploads which can be bypassed by changing the content-type and name file too double extensions. | MEDIUM | Sep 1, 2020 | n/a |
| CVE-2020-23968 | Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramData\\Ilex\\S&G\\Logs\\000-sngWSService1.log. | MEDIUM | Nov 10, 2020 | n/a |
| CVE-2020-23967 | Dr.Web Security Space versions 11 and 12 allow elevation of privilege for local users without administrative privileges to NT AUTHORITY\\SYSTEM due to insufficient control during autoupdate. | HIGH | Mar 11, 2021 | n/a |
| CVE-2020-23966 | SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. | -- | May 8, 2023 | n/a |
| CVE-2020-23962 | A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the announcement_gonggao parameter. | MEDIUM | Jun 23, 2021 | n/a |
| CVE-2020-23960 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Admin Console in Fork before 5.8.3 allows remote attackers to perform unauthorized actions as administrator to (1) approve the mass of the user\'s comments, (2) restoring a deleted user, (3) installing or running modules, (4) resetting the analytics, (5) pinging the mailmotor api, (6) uploading things to the media library, (7) exporting locale. | MEDIUM | Jan 14, 2021 | n/a |
| CVE-2020-23957 | Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. | MEDIUM | Dec 17, 2020 | n/a |
| CVE-2020-23945 | A SQL injection vulnerability exists in Victor CMS V1.0 in the cat_id parameter of the category.php file. This parameter can be used by sqlmap to obtain data information in the database. | MEDIUM | Oct 27, 2020 | n/a |
| CVE-2020-23938 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. This candidate was erroneously published without a public reference containing the required information | -- | Nov 7, 2023 | n/a |
| CVE-2020-23936 | PHPGurukul Vehicle Parking Management System 1.0 is vulnerable to Authentication Bypass via Username: admin\'# && Password: (Write Something). | HIGH | Aug 20, 2020 | n/a |
| CVE-2020-23935 | Kabir Alhasan Student Management System 1.0 is vulnerable to Authentication Bypass via Username: admin\'# && Password: (Write Something). | HIGH | Aug 20, 2020 | n/a |
| CVE-2020-23934 | An issue was discovered in RiteCMS 2.2.1. An authenticated user can directly execute system commands by uploading a php web shell in the Filemanager section. | HIGH | Aug 20, 2020 | n/a |
| CVE-2020-23933 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2020-23932 | An issue was discovered in gpac before 1.0.1. A NULL pointer dereference exists in the function dump_isom_sdp located in filedump.c. It allows an attacker to cause Denial of Service. | MEDIUM | Apr 22, 2021 | n/a |
| CVE-2020-23931 | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | MEDIUM | Apr 22, 2021 | n/a |
| CVE-2020-23930 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. | MEDIUM | Apr 22, 2021 | n/a |
| CVE-2020-23928 | An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | MEDIUM | Apr 22, 2021 | n/a |
| CVE-2020-23922 | An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. | MEDIUM | Apr 21, 2021 | n/a |
| CVE-2020-23921 | An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read. | MEDIUM | Apr 21, 2021 | n/a |
| CVE-2020-23915 | An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read. | MEDIUM | Apr 21, 2021 | n/a |
| CVE-2020-23914 | An issue was discovered in cpp-peglib through v0.1.12. A NULL pointer dereference exists in the peg::AstOptimizer::optimize() located in peglib.h. It allows an attacker to cause Denial of Service. | MEDIUM | Apr 21, 2021 | n/a |
| CVE-2020-23912 | An issue was discovered in Bento4 through v1.6.0-637. A NULL pointer dereference exists in the function AP4_StszAtom::GetSampleSize() located in Ap4StszAtom.cpp. It allows an attacker to cause Denial of Service. | MEDIUM | Apr 21, 2021 | n/a |
| CVE-2020-23911 | An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service. | -- | Jul 18, 2023 | n/a |
