Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24294 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 6.5 Medium |
| Buffer Overflow vulnerability in psdParser::UnpackRLE function in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to cuase a denial of service via opening of crafted psd file. | ||||
| CVE-2020-24293 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file. | ||||
| CVE-2020-24292 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file. | ||||
| CVE-2020-24285 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2024-11-21 | 7.5 High |
| INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. | ||||
| CVE-2020-24275 | 1 Swoole | 1 Swoole | 2024-11-21 | 6.5 Medium |
| A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL. | ||||
| CVE-2020-24271 | 1 Easycms | 1 Easycms | 2024-11-21 | 8.8 High |
| A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | ||||
| CVE-2020-24266 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.5 High |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. | ||||
| CVE-2020-24265 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.5 High |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. | ||||
| CVE-2020-24264 | 1 Portainer | 1 Portainer | 2024-11-21 | 9.8 Critical |
| Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover. | ||||
| CVE-2020-24263 | 1 Portainer | 1 Portainer | 2024-11-21 | 8.8 High |
| Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. | ||||
| CVE-2020-24246 | 1 Peplink | 110 Balance 1350, Balance 1350 Firmware, Balance 20 and 107 more | 2024-11-21 | 7.5 High |
| Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. | ||||
| CVE-2020-24242 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. | ||||
| CVE-2020-24241 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. | ||||
| CVE-2020-24240 | 1 Gnu | 1 Bison | 2024-11-21 | 5.5 Medium |
| GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | ||||
| CVE-2020-24231 | 1 Jumpmind | 1 Symmetricds | 2024-11-21 | 9.8 Critical |
| Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution. | ||||
| CVE-2020-24227 | 1 Playgroundsessions | 1 Playground Sessions | 2024-11-21 | 7.5 High |
| Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. | ||||
| CVE-2020-24223 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 6.1 Medium |
| Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | ||||
| CVE-2020-24222 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN. | ||||
| CVE-2020-24221 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). | ||||
| CVE-2020-24220 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 8.8 High |
| ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server. | ||||