Export limit exceeded: 363821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363821 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27540 | 1 Company | 2 Cs-c2shw, Cs-c2shw Firmware | 2024-11-21 | 9.8 Critical |
| Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run automatically if there is special file on the inserted SD card. | ||||
| CVE-2020-27539 | 1 Company | 2 Cs-c2shw, Cs-c2shw Firmware | 2024-11-21 | 9.8 Critical |
| Heap overflow with full parsing of HTTP respose in Rostelecom CS-C2SHW 5.0.082.1. AgentUpdater service has a self-written HTTP parser and builder. HTTP parser has a heap buffer overflow (OOB write). In default configuration camera parses responses only from HTTPS URLs from config file, so vulnerable code is unreachable and one more bug required to reach it. | ||||
| CVE-2020-27534 | 1 Docker | 1 Docker | 2024-11-21 | 5.3 Medium |
| util/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call. | ||||
| CVE-2020-27533 | 1 Dedecms | 1 Dedecms | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | ||||
| CVE-2020-27524 | 1 Audi | 2 A7, Mmi Multiplayer | 2024-11-21 | 7.1 High |
| On Audi A7 MMI 2014 vehicles, the Bluetooth stack in Audi A7 MMI Multiplayer with version (N+R_CN_AU_P0395) mishandles %x and %s format string specifiers in a device name. This may lead to memory content leaks and potentially crash the services. | ||||
| CVE-2020-27523 | 1 Mersive | 2 Solstice Pod, Solstice Pod Firmware | 2024-11-21 | 7.5 High |
| Solstice-Pod up to 5.0.2 WEBRTC server mishandles the format-string specifiers %x; %p; %c and %s in the screen_key, display_name, browser_name, and operation_system parameter during the authentication process. This may crash the server and force Solstice-Pod to reboot, which leads to a denial of service. | ||||
| CVE-2020-27519 | 1 Pritunl | 1 Pritunl-client-electron | 2024-11-21 | 7.8 High |
| Pritunl Client v1.2.2550.20 contains a local privilege escalation vulnerability in the pritunl-service component. The attack vector is: malicious openvpn config. A local attacker could leverage the log and log-append along with log injection to create or append to privileged script files and execute code as root/SYSTEM. | ||||
| CVE-2020-27518 | 1 Windscribe | 1 Windscribe | 2024-11-21 | 7.8 High |
| All versions of Windscribe VPN for Mac and Windows <= v2.02.10 contain a local privilege escalation vulnerability in the WindscribeService component. A low privilege user could leverage several openvpn options to execute code as root/SYSTEM. | ||||
| CVE-2020-27515 | 1 Techkshetrainfo | 1 Savsoft Quiz | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field. | ||||
| CVE-2020-27514 | 1 Zrlog | 1 Zrlog | 2024-11-21 | 9.1 Critical |
| Directory Traversal vulnerability in delete function in admin.api.TemplateController in ZrLog version 2.1.15, allows remote attackers to delete arbitrary files and cause a denial of service (DoS). | ||||
| CVE-2020-27511 | 1 Prototypejs | 1 Prototype | 2024-11-21 | 7.5 High |
| An issue was discovered in the stripTags and unescapeHTML components in Prototype 1.7.3 where an attacker can cause a Regular Expression Denial of Service (ReDOS) through stripping crafted HTML tags. | ||||
| CVE-2020-27508 | 1 Frappe | 1 Frappe | 2024-11-21 | 7.5 High |
| In two-factor authentication, the system also sending 2fa secret key in response, which enables an intruder to breach the 2fa security. | ||||
| CVE-2020-27488 | 1 Loxone | 2 Miniserver Gen 1, Miniserver Gen 1 Firmware | 2024-11-21 | 9.8 Critical |
| Loxone Miniserver devices with firmware before 11.1 (aka 11.1.9.3) are unable to use an authentication method that is based on the "signature of the update package." Therefore, these devices (or attackers who are spoofing these devices) can continue to use an unauthenticated cloud service for an indeterminate time period (possibly forever). Once an individual device's firmware is updated, and authentication occurs once, the cloud service recategorizes the device so that authentication is subsequently always required, and spoofing cannot occur. | ||||
| CVE-2020-27486 | 1 Garmin | 2 Forerunner 235, Forerunner 235 Firmware | 2024-11-21 | 9.9 Critical |
| Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. | ||||
| CVE-2020-27485 | 1 Garmin | 2 Forerunner 235, Forerunner 235 Firmware | 2024-11-21 | 9.9 Critical |
| Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check the index provided when accessing the local variable in the LGETV and LPUTV instructions. This provides the ability to both read and write memory outside the bounds of the TVM context allocation. It can be leveraged to construct a use-after-free scenario, leading to a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. | ||||
| CVE-2020-27484 | 1 Garmin | 2 Forerunner 235, Forerunner 235 Firmware | 2024-11-21 | 9.9 Critical |
| Garmin Forerunner 235 before 8.20 is affected by: Integer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter fails to check for overflow when allocating the array for the NEWA instruction. This a constrained read/write primitive across the entire MAX32630 address space. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. | ||||
| CVE-2020-27483 | 1 Garmin | 2 Forerunner 235, Forerunner 235 Firmware | 2024-11-21 | 9.9 Critical |
| Garmin Forerunner 235 before 8.20 is affected by: Array index error. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the offset provided for the stack value duplication instruction, DUP. The offset is unchecked and memory prior to the start of the execution stack can be read and treated as a TVM object. A successful exploit could use the vulnerability to leak runtime information such as the heap handle or pointer for a number of TVM context variables. Some reachable values may be controlled enough to forge a TVM object on the stack, leading to possible remote code execution. | ||||
| CVE-2020-27481 | 1 Goodlayers | 1 Good Learning Management System | 2024-11-21 | 9.8 Critical |
| An unauthenticated SQL Injection vulnerability in Good Layers LMS Plugin <= 2.1.4 exists due to the usage of "wp_ajax_nopriv" call in WordPress, which allows any unauthenticated user to get access to the function "gdlr_lms_cancel_booking" where POST Parameter "id" was sent straight into SQL query without sanitization. | ||||
| CVE-2020-27467 | 1 Processwire | 1 Processwire | 2024-11-21 | 7.5 High |
| A Directory Traversal vulnerability exits in Processwire CMS before 2.7.1 via the download parameter to index.php. | ||||
| CVE-2020-27466 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 7.8 High |
| An arbitrary file write vulnerability in lib/AjaxHandlers/ajaxEditTemplate.php of rConfig 3.9.6 allows attackers to execute arbitrary code via a crafted file. | ||||