Export limit exceeded: 364861 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364861 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15477 | 1 Raspberrytorte | 1 Raspberrytortoise | 2024-11-21 | 9.8 Critical |
| The WebControl in RaspberryTortoise through 2012-10-28 is vulnerable to remote code execution via shell metacharacters in a URI. The file nodejs/raspberryTortoise.js has no validation on the parameter incomingString before passing it to the child_process.exec function. | ||||
| CVE-2020-15476 | 3 Debian, Linux, Ntop | 3 Debian Linux, Linux Kernel, Ndpi | 2024-11-21 | 7.5 High |
| In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. | ||||
| CVE-2020-15475 | 1 Ntop | 1 Ndpi | 2024-11-21 | 9.8 Critical |
| In nDPI through 3.2, ndpi_reset_packet_line_info in lib/ndpi_main.c omits certain reinitialization, leading to a use-after-free. | ||||
| CVE-2020-15474 | 1 Ntop | 1 Ndpi | 2024-11-21 | 9.8 Critical |
| In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c. | ||||
| CVE-2020-15472 | 2 Debian, Ntop | 2 Debian Linux, Ndpi | 2024-11-21 | 9.1 Critical |
| In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short. | ||||
| CVE-2020-15470 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 5.5 Medium |
| ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. | ||||
| CVE-2020-15469 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 2.3 Low |
| In QEMU 4.2.0, a MemoryRegionOps object may lack read/write callback methods, leading to a NULL pointer dereference. | ||||
| CVE-2020-15468 | 1 Persian Vip Download Script Project | 1 Persian Vip Download Script | 2024-11-21 | 9.8 Critical |
| Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter. | ||||
| CVE-2020-15467 | 1 Cohesive | 1 Vns3 | 2024-11-21 | 8.8 High |
| The administrative interface of Cohesive Networks vns3:vpn appliances before version 4.11.1 is vulnerable to authenticated remote code execution leading to server compromise. | ||||
| CVE-2020-15466 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.4, the GVCP dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-gvcp.c by ensuring that an offset increases in all situations. | ||||
| CVE-2020-15437 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 4.4 Medium |
| The Linux kernel before version 5.8 is vulnerable to a NULL pointer dereference in drivers/tty/serial/8250/8250_core.c:serial8250_isa_init_ports() that allows local users to cause a denial of service by using the p->serial_in pointer which uninitialized. | ||||
| CVE-2020-15436 | 4 Broadcom, Linux, Netapp and 1 more | 37 Brocade Fabric Operating System Firmware, Linux Kernel, A250 and 34 more | 2024-11-21 | 6.7 Medium |
| Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field. | ||||
| CVE-2020-15435 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_dashboard.php. When parsing the service_start parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9719. | ||||
| CVE-2020-15434 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the canal parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9745. | ||||
| CVE-2020-15433 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_php_pecl.php. When parsing the phpversion parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9715. | ||||
| CVE-2020-15432 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_migration_cpanel.php. When parsing the filespace parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9743. | ||||
| CVE-2020-15431 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9740. | ||||
| CVE-2020-15430 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_list_accounts.php. When parsing the username parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9736. | ||||
| CVE-2020-15429 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the user parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9716. | ||||
| CVE-2020-15428 | 1 Control-webpanel | 1 Webpanel | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajax_crons.php. When parsing the line parameter, the process does not properly validate a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9714. | ||||