The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-22916 | An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of endless output and denial of service because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase. | -- | Aug 22, 2023 | n/a |
| CVE-2020-22907 | Stack overflow vulnerability in function jsi_evalcode_sub in jsish before 3.0.18, allows remote attackers to cause a Denial of Service via a crafted value to the execute parameter. | MEDIUM | Jul 15, 2021 | n/a |
| CVE-2020-22886 | Buffer overflow vulnerability in function jsG_markobject in jsgc.c in mujs before 1.0.8, allows remote attackers to cause a denial of service. | MEDIUM | Jul 15, 2021 | n/a |
| CVE-2020-22885 | Buffer overflow vulnerability in mujs before 1.0.8 due to recursion in the GC scanning phase, allows remote attackers to cause a denial of service. | MEDIUM | Jul 15, 2021 | n/a |
| CVE-2020-22884 | Buffer overflow vulnerability in function jsvGetStringChars in Espruino before RELEASE_2V09, allows remote attackers to execute arbitrary code. | HIGH | Jul 15, 2021 | n/a |
| CVE-2020-22882 | Issue was discovered in the fxParserTree function in moddable, allows attackers to cause denial of service via a crafted payload. Fixed in commit 723816ab9b52f807180c99fc69c7d08cf6c6bd61. | MEDIUM | Jul 16, 2021 | n/a |
| CVE-2020-22876 | Buffer Overflow vulnerability in quickjs.c in QuickJS, allows remote attackers to cause denial of service. This issue is resolved in the 2020-07-05 release. | MEDIUM | Jul 15, 2021 | n/a |
| CVE-2020-22875 | Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code. | HIGH | Jul 15, 2021 | n/a |
| CVE-2020-22874 | Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code. | HIGH | Jul 15, 2021 | n/a |
| CVE-2020-22873 | Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.0.7, allows remote attackers to execute arbitrary code. | HIGH | Jul 15, 2021 | n/a |
| CVE-2020-22864 | A cross site scripting (XSS) vulnerability in the Insert Video function of Froala WYSIWYG Editor 3.1.0 allows attackers to execute arbitrary web scripts or HTML. | MEDIUM | Oct 28, 2021 | n/a |
| CVE-2020-22848 | A remote code execution (RCE) vulnerability in the \\Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. | HIGH | Aug 31, 2021 | n/a |
| CVE-2020-22845 | A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted FTP requests. | HIGH | Feb 28, 2022 | n/a |
| CVE-2020-22844 | A buffer overflow in Mikrotik RouterOS 6.47 allows unauthenticated attackers to cause a denial of service (DOS) via crafted SMB requests. | MEDIUM | Feb 28, 2022 | n/a |
| CVE-2020-22842 | CMS Made Simple before 2.2.15 allows XSS via the m1_mod parameter in a ModuleManager local_uninstall action to admin/moduleinterface.php. | LOW | Oct 2, 2020 | n/a |
| CVE-2020-22841 | Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. | LOW | Feb 17, 2021 | n/a |
| CVE-2020-22840 | Open redirect vulnerability in b2evolution CMS version prior to 6.11.6 allows an attacker to perform malicious open redirects to an attacker controlled resource via redirect_to parameter in email_passthrough.php. | MEDIUM | Feb 17, 2021 | n/a |
| CVE-2020-22839 | Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | MEDIUM | Feb 12, 2021 | n/a |
| CVE-2020-22820 | MKCMS V6.2 has SQL injection via the /ucenter/repass.php name parameter. | -- | Nov 3, 2022 | n/a |
| CVE-2020-22819 | MKCMS V6.2 has SQL injection via the /ucenter/active.php verify parameter. | -- | Nov 3, 2022 | n/a |
| CVE-2020-22818 | MKCMS V6.2 has SQL injection via /ucenter/reg.php name parameter. | -- | Nov 3, 2022 | n/a |
| CVE-2020-22809 | In Windscribe v1.83 Build 20, \'WindscribeService\' has an Unquoted Service Path that facilitates privilege escalation. | MEDIUM | May 10, 2021 | n/a |
| CVE-2020-22808 | An issue was found in yii2_fecshop 2.x. There is a reflected XSS vulnerability in the check cart page. | MEDIUM | Apr 29, 2021 | n/a |
| CVE-2020-22807 | An issue was dicovered in vtiger crm 7.2. Union sql injection in the calendar exportdata feature. | HIGH | Apr 29, 2021 | n/a |
| CVE-2020-22790 | Authenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to execute codeby injecting arbitrary web script or HTML via modifying the name of the users. The XSS is executed when an administrator access the logs. | LOW | Apr 28, 2021 | n/a |
| CVE-2020-22789 | Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs. | MEDIUM | Apr 28, 2021 | n/a |
| CVE-2020-22785 | Etherpad < 1.8.3 is affected by a missing lock check which could cause a denial of service. Aggressively targeting random pad import endpoints with empty data would flatten all pads due to lack of rate limiting and missing ownership check. | MEDIUM | Apr 28, 2021 | n/a |
| CVE-2020-22784 | In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB\'s MySQL connector could allow bypassing access controls enforced on key names. | MEDIUM | Apr 28, 2021 | n/a |
| CVE-2020-22783 | Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad. | MEDIUM | Apr 28, 2021 | n/a |
| CVE-2020-22782 | Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance. | MEDIUM | Apr 28, 2021 | n/a |
| CVE-2020-22781 | In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). | MEDIUM | Apr 28, 2021 | n/a |
| CVE-2020-22765 | Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. | MEDIUM | Jul 30, 2021 | n/a |
| CVE-2020-22761 | Cross Site Request Forgery (CSRF) vulnerability in FlatPress 1.1 via the DeleteFile function in flat/admin.php. | MEDIUM | Jul 30, 2021 | n/a |
| CVE-2020-22755 | File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. | -- | May 8, 2023 | n/a |
| CVE-2020-22741 | An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users\' private key after obtaining the partial signature in multisignature. | MEDIUM | Jul 20, 2021 | n/a |
| CVE-2020-22732 | CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. | LOW | Aug 5, 2021 | n/a |
| CVE-2020-22724 | A remote command execution vulnerability exists in add_server_service of PPTP_SERVER in Mercury Router MER1200 v1.0.1 and Mercury Router MER1200G v1.0.1. | HIGH | Oct 14, 2021 | n/a |
| CVE-2020-22723 | A cross-site scripting (XSS) vulnerability in Beijing Liangjing Zhicheng Technology Co., Ltd ljcmsshop version 1.14 allows remote attackers to inject arbitrary web script or HTML via user.php by registering an account directly in the user center, and then adding the payload to the delivery address. | MEDIUM | Nov 19, 2020 | n/a |
| CVE-2020-22722 | Rapid Software LLC Rapid SCADA 5.8.0 is affected by a local privilege escalation vulnerability in the ScadaAgentSvc.exe executable file. An attacker can obtain admin privileges by placing a malicious .exe file in the application and renaming it ScadaAgentSvc.exe, which would result in executing the binary as NT AUTHORITY\\SYSTEM in a Windows operating system. For example, an attacker can plant a reverse shell from a low privileged user account and by restarting the computer, the malicious service will be started as NT AUTHORITY\\SYSTEM by giving the attacker full system access to the remote PC. | HIGH | Aug 14, 2020 | n/a |
| CVE-2020-22721 | A File Upload Vulnerability in PNotes - Andrey Gruber PNotes.NET v3.8.1.2 allows a local attacker to execute arbitrary code via the Miscellaneous External Programs by uploading the malicious .exe file to the external program. | MEDIUM | Aug 14, 2020 | n/a |
| CVE-2020-22720 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none | -- | Aug 14, 2020 | n/a |
| CVE-2020-22719 | Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field. | LOW | Nov 23, 2021 | n/a |
| CVE-2020-22679 | Memory leak in the sgpd_parse_entry function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2020-22678 | An issue was discovered in gpac 0.8.0. The gf_media_nalu_remove_emulation_bytes function in av_parsers.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2020-22677 | An issue was discovered in gpac 0.8.0. The dump_data_hex function in box_dump.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2020-22675 | An issue was discovered in gpac 0.8.0. The GetGhostNum function in stbl_read.c has a heap-based buffer overflow which can lead to a denial of service (DOS) via a crafted input. | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2020-22674 | An issue was discovered in gpac 0.8.0. An invalid memory dereference exists in the function FixTrackID located in isom_intern.c, which allows attackers to cause a denial of service (DoS) via a crafted input. | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2020-22673 | Memory leak in the senc_Parse function in MP4Box in gpac 0.8.0 allows attackers to cause a denial of service (DoS) via a crafted input. | MEDIUM | Oct 13, 2021 | n/a |
| CVE-2020-22669 | Modsecurity owasp-modsecurity-crs 3.2.0 (Paranoia level at PL1) has a SQL injection bypass vulnerability. Attackers can use the comment characters and variable assignments in the SQL syntax to bypass Modsecurity WAF protection and implement SQL injection attacks on Web applications. | -- | Sep 3, 2022 | n/a |
| CVE-2020-22662 | In Ruckus R310 10.5.1.0.199, Ruckus R500 10.5.1.0.199, Ruckus R600 10.5.1.0.199, Ruckus T300 10.5.1.0.199, Ruckus T301n 10.5.1.0.199, Ruckus T301s 10.5.1.0.199, SmartCell Gateway 200 (SCG200) before 3.6.2.0.795, SmartZone 100 (SZ-100) before 3.6.2.0.795, SmartZone 300 (SZ300) before 3.6.2.0.795, Virtual SmartZone (vSZ) before 3.6.2.0.795, ZoneDirector 1100 9.10.2.0.130, ZoneDirector 1200 10.2.1.0.218, ZoneDirector 3000 10.2.1.0.218, ZoneDirector 5000 10.0.1.0.151, a vulnerability allows attackers to change and set unauthorized illegal region code by remote code Execution command injection which leads to run illegal frequency with maxi output power. Vulnerability allows attacker to create an arbitrary amount of ssid wlans interface per radio which creates overhead over noise (the default max limit is 8 ssid only per radio in solo AP). Vulnerability allows attacker to unlock hidden regions by privilege command injection in WEB GUI. | -- | Jan 23, 2023 | n/a |
