Export limit exceeded: 363261 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363261 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24264 | 1 Portainer | 1 Portainer | 2024-11-21 | 9.8 Critical |
| Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote arbitrary code execution. The restriction checks for bind mounts are applied only on the client-side and not the server-side, which can lead to spawning a container with bind mount. Once such a container is spawned, it can be leveraged to break out of the container leading to complete Docker host machine takeover. | ||||
| CVE-2020-24263 | 1 Portainer | 1 Portainer | 2024-11-21 | 8.8 High |
| Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. | ||||
| CVE-2020-24246 | 1 Peplink | 110 Balance 1350, Balance 1350 Firmware, Balance 20 and 107 more | 2024-11-21 | 7.5 High |
| Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. | ||||
| CVE-2020-24242 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| In Netwide Assembler (NASM) 2.15rc10, SEGV can be triggered in tok_text in asm/preproc.c by accessing READ memory. | ||||
| CVE-2020-24241 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c. | ||||
| CVE-2020-24240 | 1 Gnu | 1 Bison | 2024-11-21 | 5.5 Medium |
| GNU Bison before 3.7.1 has a use-after-free in _obstack_free in lib/obstack.c (called from gram_lex) when a '\0' byte is encountered. NOTE: there is a risk only if Bison is used with untrusted input, and the observed bug happens to cause unsafe behavior with a specific compiler/architecture. The bug report was intended to show that a crash may occur in Bison itself, not that a crash may occur in code that is generated by Bison. | ||||
| CVE-2020-24231 | 1 Jumpmind | 1 Symmetricds | 2024-11-21 | 9.8 Critical |
| Symmetric DS <3.12.0 uses mx4j to provide access to JMX over HTTP. mx4j, by default, has no auth and is available on all interfaces. An attacker can interact with JMX: get system info, and invoke MBean methods. It is possible to install additional MBeans from a remote host using MLet that leads to arbitrary code execution. | ||||
| CVE-2020-24227 | 1 Playgroundsessions | 1 Playground Sessions | 2024-11-21 | 7.5 High |
| Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. | ||||
| CVE-2020-24223 | 1 Mara Cms Project | 1 Mara Cms | 2024-11-21 | 6.1 Medium |
| Mara CMS 7.5 allows cross-site scripting (XSS) in contact.php via the theme or pagetheme parameters. | ||||
| CVE-2020-24222 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN. | ||||
| CVE-2020-24221 | 1 Miniupnp Project | 1 Ngiflib | 2024-11-21 | 5.5 Medium |
| An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop). | ||||
| CVE-2020-24220 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 8.8 High |
| ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server. | ||||
| CVE-2020-24219 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2024-11-21 | 7.5 High |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password. | ||||
| CVE-2020-24218 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can log in as root via the password that is hard-coded in the executable file. | ||||
| CVE-2020-24217 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. The file-upload endpoint does not enforce authentication. Attackers can send an unauthenticated HTTP request to upload a custom firmware component, possibly in conjunction with command injection, to achieve arbitrary code execution. | ||||
| CVE-2020-24216 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private. | ||||
| CVE-2020-24215 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can use hard-coded credentials in HTTP requests to perform any administrative task on the device including retrieving the device's configuration (with the cleartext admin password), and uploading a custom firmware update, to ultimately achieve arbitrary code execution. | ||||
| CVE-2020-24214 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. Attackers can send a crafted unauthenticated RTSP request to cause a buffer overflow and application crash. The device will not be able to perform its main purpose of video encoding and streaming for up to a minute, until it automatically reboots. Attackers can send malicious requests once a minute, effectively disabling the device. | ||||
| CVE-2020-24213 | 1 Ygopro | 1 Ygocore | 2024-11-21 | 7.5 High |
| An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory. | ||||
| CVE-2020-24208 | 1 Online Shopping Alphaware Project | 1 Online Shopping Alphaware | 2024-11-21 | 9.8 Critical |
| A SQL injection vulnerability in SourceCodester Online Shopping Alphaware 1.0 allows remote unauthenticated attackers to bypass the authentication process via email and password parameters. | ||||