Export limit exceeded: 366583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-15350 1 Riot-os 1 Riot 2024-11-21 9.8 Critical
RIOT 2020.04 has a buffer overflow in the base64 decoder. The decoding function base64_decode() uses an output buffer estimation function to compute the required buffer capacity and validate against the provided buffer size. The base64_estimate_decode_size() function calculates the expected decoded size with an arithmetic round-off error and does not take into account possible padding bytes. Due to this underestimation, it may be possible to craft base64 input that causes a buffer overflow.
CVE-2020-15349 1 Binarynights 1 Forklift 2024-11-21 7.8 High
BinaryNights ForkLift 3.x before 3.4 has a local privilege escalation vulnerability because the privileged helper tool implements an XPC interface that allows file operations to any process (copy, move, delete) as root and changing permissions.
CVE-2020-15348 1 Zyxel 1 Cloud Cnm Secumanager 2024-11-21 9.8 Critical
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows use of live/CPEManager/AXCampaignManager/delete_cpes_by_ids?cpe_ids= for eval injection of Python code.
CVE-2020-15347 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 9.8 Critical
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has the q6xV4aW8bQ4cfD-b password for the axiros account.
CVE-2020-15346 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 5.3 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a /live/GLOBALS API with the CLOUDCNM key.
CVE-2020-15345 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 5.3 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_instances_for_update API.
CVE-2020-15344 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 5.3 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_get_user_id_and_key API.
CVE-2020-15343 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 5.3 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user_key API.
CVE-2020-15342 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 5.3 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated zy_install_user API.
CVE-2020-15341 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 7.5 High
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has an unauthenticated update_all_realm_license API.
CVE-2020-15340 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 7.5 High
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded opt/axess/AXAssets/default_axess/axess/TR69/Handlers/turbolink/sshkeys/id_rsa SSH key.
CVE-2020-15339 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 6.1 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows live/CPEManager/AXCampaignManager/handle_campaign_script_link?script_name= XSS.
CVE-2020-15338 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 5.3 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests.
CVE-2020-15337 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 5.3 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /registerCpe requests.
CVE-2020-15336 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 7.5 High
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests.
CVE-2020-15335 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 7.5 High
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests.
CVE-2020-15334 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 5.3 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows escape-sequence injection into the /var/log/axxmpp.log file.
CVE-2020-15333 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 5.3 Medium
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 allows attackers to discover accounts via MySQL "select * from Administrator_users" and "select * from Users_users" requests.
CVE-2020-15332 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 9.8 Critical
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/etc/default/axess permissions.
CVE-2020-15331 1 Zyxel 1 Cloudcnm Secumanager 2024-11-21 9.8 Critical
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a hardcoded OAUTH_SECRET_KEY in /opt/axess/etc/default/axess.