Export limit exceeded: 363167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363167 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19861 | 1 Nlnetlabs | 1 Ldns | 2024-11-21 | 7.5 High |
| When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage. | ||||
| CVE-2020-19860 | 1 Nlnetlabs | 1 Ldns | 2024-11-21 | 6.5 Medium |
| When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload. | ||||
| CVE-2020-19858 | 1 Plutinosoft | 1 Platinum | 2024-11-21 | 7.5 High |
| Platinum Upnp SDK through 1.2.0 has a directory traversal vulnerability. The attack could remote attack victim by sending http://ip:port/../privacy.avi URL to compromise a victim's privacy. | ||||
| CVE-2020-19855 | 1 Phpwcms | 1 Phpwcms | 2024-11-21 | 6.1 Medium |
| phpwcms v1.9 contains a cross-site scripting (XSS) vulnerability in /image_zoom.php. | ||||
| CVE-2020-19853 | 1 Bluecms Project | 1 Bluecms | 2024-11-21 | 9.8 Critical |
| BlueCMS v1.6 contains a SQL injection vulnerability via /ad_js.php. | ||||
| CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 7.2 High |
| A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | ||||
| CVE-2020-19821 | 1 Wdoyo | 1 Doyocms | 2024-11-21 | 8.8 High |
| A SQL injection vulnerability in admin.php of DOYOCMS 2.3 allows attackers to execute arbitrary SQL commands via the orders[] parameter. | ||||
| CVE-2020-19778 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 9.8 Critical |
| Incorrect Access Control in Shopxo v1.4.0 and v1.5.0 allows remote attackers to gain privileges in "/index.php" by manipulating the parameter "user_id" in the HTML request. | ||||
| CVE-2020-19769 | 1 Rtb1 Project | 1 Rtb1 | 2024-11-21 | 7.5 High |
| A lack of target address verification in the BurnMe() function of Rob The Bank 1.0 allows attackers to steal tokens from victim users via a crafted script. | ||||
| CVE-2020-19768 | 1 Tokensale Project | 1 Tokensale | 2024-11-21 | 7.5 High |
| A lack of target address verification in the selfdestructs() function of ICOVO 1.0 allows attackers to steal tokens from victim users via a crafted script. | ||||
| CVE-2020-19767 | 1 Zeroxracer Project | 1 Zeroxracer | 2024-11-21 | 7.5 High |
| A lack of target address verification in the destroycontract() function of 0xRACER 1.0 allows attackers to steal tokens from victim users via a crafted script. | ||||
| CVE-2020-19766 | 1 Tokenerc20 Project | 1 Tokenerc20 | 2024-11-21 | 7.5 High |
| The time check operation of PepeAuctionSale 1.0 can be rendered ineffective by assigning a large number to the _duration variable, compromising access control to the application. | ||||
| CVE-2020-19765 | 1 Proofofdiligencetoken Project | 1 Proofofdiligencetoken | 2024-11-21 | 7.5 High |
| An issue in the noReentrance() modifier of the Ethereum-based contract Accounting 1.0 allows attackers to carry out a reentrancy attack. | ||||
| CVE-2020-19762 | 1 Carrier | 1 Webctrl System | 2024-11-21 | 6.1 Medium |
| Automated Logic Corporation (ALC) WebCTRL System 6.5 and prior allows remote attackers to execute any JavaScript code via a XSS payload for the first parameter in a GET request. | ||||
| CVE-2020-19752 | 2 Fedoraproject, Lcdf | 2 Fedora, Gifsicle | 2024-11-21 | 7.5 High |
| The find_color_or_error function in gifsicle 1.92 contains a NULL pointer dereference. | ||||
| CVE-2020-19751 | 1 Gpac | 1 Gpac | 2024-11-21 | 9.1 Critical |
| An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. | ||||
| CVE-2020-19750 | 1 Gpac | 1 Gpac | 2024-11-21 | 7.5 High |
| An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. | ||||
| CVE-2020-19726 | 1 Gnu | 1 Binutils | 2024-11-21 | 8.8 High |
| An issue was discovered in binutils libbfd.c 2.36 relating to the auxiliary symbol data allows attackers to read or write to system memory or cause a denial of service. | ||||
| CVE-2020-19725 | 1 Microsoft | 1 Z3 | 2024-11-21 | 7.8 High |
| There is a use-after-free vulnerability in file pdd_simplifier.cpp in Z3 before 4.8.8. It occurs when the solver attempt to simplify the constraints and causes unexpected memory access. It can cause segmentation faults or arbitrary code execution. | ||||
| CVE-2020-19724 | 1 Gnu | 1 Binutils | 2024-11-21 | 5.5 Medium |
| A memory consumption issue in get_data function in binutils/nm.c in GNU nm before 2.34 allows attackers to cause a denial of service via crafted command. | ||||