Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36486 | 4 Apple, Blackberry, Google and 1 more | 4 Iphone Os, Blackberry Os, Android and 1 more | 2024-11-21 | 6.1 Medium |
| Swift File Transfer Mobile v1.1.2 and below was discovered to contain a cross-site scripting (XSS) vulnerability via the 'path' parameter of the 'list' and 'download' exception-handling. | ||||
| CVE-2020-36485 | 1 Madeportable | 1 Playable | 2024-11-21 | 7.8 High |
| Portable Ltd Playable v9.18 was discovered to contain an arbitrary file upload vulnerability in the filename parameter of the upload module. This vulnerability allows attackers to execute arbitrary code via a crafted JPEG file. | ||||
| CVE-2020-36478 | 3 Arm, Debian, Siemens | 14 Mbed Tls, Debian Linux, Logo\! Cmr2020 and 11 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid. | ||||
| CVE-2020-36477 | 1 Arm | 1 Mbed Tls | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though). | ||||
| CVE-2020-36476 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-11-21 | 7.5 High |
| An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory. | ||||
| CVE-2020-36475 | 3 Arm, Debian, Siemens | 14 Mbed Tls, Debian Linux, Logo\! Cmr2020 and 11 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs. | ||||
| CVE-2020-36474 | 1 Safecurl Project | 1 Safecurl | 2024-11-21 | 9.8 Critical |
| SafeCurl before 0.9.2 has a DNS rebinding vulnerability. | ||||
| CVE-2020-36473 | 1 Ucweb | 1 Ucweb Uc | 2024-11-21 | 3.7 Low |
| UCWeb UC 12.12.3.1219 through 12.12.3.1226 uses cleartext HTTP, and thus man-in-the-middle attackers can discover visited URLs. | ||||
| CVE-2020-36472 | 1 Max7301 Project | 1 Max7301 | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander<EI> types that they contain. | ||||
| CVE-2020-36471 | 1 Generator Project | 1 Generator | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds. | ||||
| CVE-2020-36470 | 1 Disrustor Project | 1 Disrustor | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references. | ||||
| CVE-2020-36469 | 1 Appendix Project | 1 Appendix | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally. | ||||
| CVE-2020-36468 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::write performs non-atomic write operations on an underlying pointer. | ||||
| CVE-2020-36467 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr::get returns more than one mutable reference to the same object. | ||||
| CVE-2020-36466 | 1 Cgc Project | 1 Cgc | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types. | ||||
| CVE-2020-36465 | 1 Generic-array Project | 1 Generic-array | 2024-11-21 | 7.5 High |
| An issue was discovered in the generic-array crate before 0.13.3 for Rust. It violates soundness by using the arr! macro to extend lifetimes. | ||||
| CVE-2020-36464 | 1 Heapless Project | 1 Heapless | 2024-11-21 | 7.5 High |
| An issue was discovered in the heapless crate before 0.6.1 for Rust. The IntoIter Clone implementation clones an entire underlying Vec without considering whether it has already been partially consumed. | ||||
| CVE-2020-36463 | 1 Multiqueue Project | 1 Multiqueue | 2024-11-21 | 8.1 High |
| An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>. | ||||
| CVE-2020-36462 | 1 Syncpool Project | 1 Syncpool | 2024-11-21 | 8.1 High |
| An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2. | ||||
| CVE-2020-36461 | 1 Noise Search Project | 1 Noise Search | 2024-11-21 | 8.1 High |
| An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock. | ||||