Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364870 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364870 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15486 | 1 Drtrust | 2 Electrocardiogram Pen, Electrocardiogram Pen Firmware | 2024-11-21 | 6.5 Medium |
| An issue was discovered on Dr Trust ECG Pen 2.00.08 devices. Because the Bluetooth LE support is implemented without a requirement for pairing or security, any attacker can access the GATT server of the device and can sniff the data being broadcasted while a measurement is being done. Also, saved data can also be extracted over a Bluetooth connection. In addition, an attacker can launch a man-in-the-middle attack against data integrity. | ||||
| CVE-2020-15485 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2024-11-21 | 5.5 Medium |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The onboard Flash memory stores data in cleartext, without integrity protection against tampering. | ||||
| CVE-2020-15484 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The internal storage of the underlying Linux system stores data in cleartext, without integrity protection against tampering. | ||||
| CVE-2020-15483 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2024-11-21 | 6.8 Medium |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The physical UART debug port provides a shell, without requiring a password, with complete access. | ||||
| CVE-2020-15482 | 1 Niscomed | 2 M1000 Multipara Patient Monitor, M1000 Multipara Patient Monitor Firmware | 2024-11-21 | 7.8 High |
| An issue was discovered on Nescomed Multipara Monitor M1000 devices. The device enables an unencrypted TELNET service by default, with a blank password for the admin account. This allows an attacker to gain root access to the device over the local network. | ||||
| CVE-2020-15481 | 1 Passmark | 3 Burnintest, Osforensics, Performancetest | 2024-11-21 | 7.8 High |
| An issue was discovered in PassMark BurnInTest v9.1 Build 1008, OSForensics v7.1 Build 1012, and PerformanceTest v10.0 Build 1008. The kernel driver exposes IOCTL functionality that allows low-privilege users to map arbitrary physical memory into the address space of the calling process. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys drivers. This issue is fixed in BurnInTest v9.2, PerformanceTest v10.0 Build 1009, OSForensics v8.0. | ||||
| CVE-2020-15480 | 1 Passmark | 3 Burnintest, Osforensics, Performancetest | 2024-11-21 | 8.8 High |
| An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The kernel driver exposes IOCTL functionality that allows low-privilege users to read and write to arbitrary Model Specific Registers (MSRs). This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. | ||||
| CVE-2020-15479 | 1 Passmark | 3 Burnintest, Osforensics, Performancetest | 2024-11-21 | 8.8 High |
| An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. | ||||
| CVE-2020-15478 | 1 Journal-theme | 1 Journal | 2024-11-21 | 7.5 High |
| The Journal theme before 3.1.0 for OpenCart allows exposure of sensitive data via SQL errors. | ||||
| CVE-2020-15477 | 1 Raspberrytorte | 1 Raspberrytortoise | 2024-11-21 | 9.8 Critical |
| The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function. | ||||
| CVE-2020-15476 | 3 Debian, Linux, Ntop | 3 Debian Linux, Linux Kernel, Ndpi | 2024-11-21 | 7.5 High |
| In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. | ||||
| CVE-2020-15475 | 1 Ntop | 1 Ndpi | 2024-11-21 | 9.8 Critical |
| In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free. | ||||
| CVE-2020-15474 | 1 Ntop | 1 Ndpi | 2024-11-21 | 9.8 Critical |
| In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c. | ||||
| CVE-2020-15472 | 2 Debian, Ntop | 2 Debian Linux, Ndpi | 2024-11-21 | 9.1 Critical |
| In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short. | ||||
| CVE-2020-15470 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 5.5 Medium |
| ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. | ||||
| CVE-2020-15469 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 2.3 Low |
| In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | ||||
| CVE-2020-15468 | 1 Persian Vip Download Script Project | 1 Persian Vip Download Script | 2024-11-21 | 9.8 Critical |
| Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter. | ||||
| CVE-2020-15467 | 1 Cohesive | 1 Vns3 | 2024-11-21 | 8.8 High |
| The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. | ||||
| CVE-2020-15466 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. | ||||
| CVE-2020-15437 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 4.4 Medium |
| The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. | ||||