Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Total 210374 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-12626 2 Debian, Roundcube 2 Debian Linux, Webmail 2022-09-02 4.3 MEDIUM 6.5 MEDIUM
An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.
CVE-2020-12625 3 Debian, Opensuse, Roundcube 4 Debian Linux, Backports Sle, Leap and 1 more 2022-09-02 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.
CVE-2020-13786 1 Dlink 2 Dir-865l, Dir-865l Firmware 2022-09-02 6.8 MEDIUM 8.8 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF.
CVE-2020-13782 1 Dlink 2 Dir-865l, Dir-865l Firmware 2022-09-02 6.5 MEDIUM 8.8 HIGH
D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection.
CVE-2020-10497 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 6.5 MEDIUM
CSRF in admin/manage-categories.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a category via a crafted request.
CVE-2020-10490 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.
CVE-2020-10489 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request.
CVE-2020-10488 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/manage-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a news article via a crafted request.
CVE-2020-10487 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/manage-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a glossary term via a crafted request.
CVE-2020-10501 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 6.5 MEDIUM
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a department, given the id, via a crafted request.
CVE-2020-10500 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.
CVE-2020-10499 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to close any ticket, given the id, via a crafted request.
CVE-2020-10498 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 6.5 MEDIUM
CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request.
CVE-2020-10496 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/edit-article.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article, given the id, via a crafted request.
CVE-2020-10495 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.
CVE-2020-10494 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/edit-news.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a news article, given the id, via a crafted request.
CVE-2020-10493 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/edit-glossary.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a glossary term, given the id, via a crafted request.
CVE-2020-10491 1 Chadhaajay 1 Phpkb 2022-09-02 4.3 MEDIUM 4.3 MEDIUM
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to add a department via a crafted request.
CVE-2020-10725 4 Dpdk, Fedoraproject, Opensuse and 1 more 4 Data Plane Development Kit, Fedora, Leap and 1 more 2022-09-02 4.0 MEDIUM 7.7 HIGH
A flaw was found in DPDK version 19.11 and above that allows a malicious guest to cause a segmentation fault of the vhost-user backend application running on the host, which could result in a loss of connectivity for the other guests running on that host. This is caused by a missing validity check of the descriptor address in the function `virtio_dev_rx_batch_packed()`.
CVE-2020-10723 5 Canonical, Dpdk, Fedoraproject and 2 more 6 Ubuntu Linux, Data Plane Development Kit, Fedora and 3 more 2022-09-02 4.6 MEDIUM 6.7 MEDIUM
A memory corruption issue was found in DPDK versions 17.05 and above. This flaw is caused by an integer truncation on the index of a payload. Under certain circumstances, the index (a UInt) is copied and truncated into a uint16, which can lead to out of bound indexing and possible memory corruption.