Export limit exceeded: 341651 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (77145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35517 | 2 Qemu, Redhat | 3 Qemu, Advanced Virtualization, Enterprise Linux | 2024-11-21 | 8.2 High |
| A flaw was found in qemu. A host privilege escalation issue was found in the virtio-fs shared file system daemon where a privileged guest user is able to create a device special file in the shared directory and use it to r/w access host devices. | ||||
| CVE-2020-35514 | 1 Redhat | 1 Openshift | 2024-11-21 | 7.0 High |
| An insecure modification flaw in the /etc/kubernetes/kubeconfig file was found in OpenShift. This flaw allows an attacker with access to a running container which mounts /etc/kubernetes or has local access to the node, to copy this kubeconfig file and attempt to add their own node to the OpenShift cluster. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. This flaw affects versions before openshift4/ose-machine-config-operator v4.7.0-202105111858.p0. | ||||
| CVE-2020-35512 | 2 Freedesktop, Linux | 2 Dbus, Linux Kernel | 2024-11-21 | 7.8 High |
| A use-after-free flaw was found in D-Bus Development branch <= 1.13.16, dbus-1.12.x stable branch <= 1.12.18, and dbus-1.10.x and older branches <= 1.10.30 when a system has multiple usernames sharing the same UID. When a set of policy rules references these usernames, D-Bus may free some memory in the heap, which is still used by data structures necessary for the other usernames sharing the UID, possibly leading to a crash or other undefined behaviors | ||||
| CVE-2020-35511 | 2 Debian, Libpng | 2 Debian Linux, Pngcheck | 2024-11-21 | 7.8 High |
| A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. | ||||
| CVE-2020-35502 | 1 Privoxy | 1 Privoxy | 2024-11-21 | 7.5 High |
| A flaw was found in Privoxy in versions before 3.0.29. Memory leaks when a response is buffered and the buffer limit is reached or Privoxy is running out of memory can lead to a system crash. | ||||
| CVE-2020-35491 | 5 Debian, Fasterxml, Netapp and 2 more | 28 Debian Linux, Jackson-databind, Service Level Manager and 25 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. | ||||
| CVE-2020-35490 | 5 Debian, Fasterxml, Netapp and 2 more | 27 Debian Linux, Jackson-databind, Service Level Manager and 24 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | ||||
| CVE-2020-35488 | 1 Nxlog | 1 Nxlog | 2024-11-21 | 7.5 High |
| The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.) | ||||
| CVE-2020-35483 | 1 Anydesk | 1 Anydesk | 2024-11-21 | 7.8 High |
| AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. | ||||
| CVE-2020-35475 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 7.5 High |
| In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.) | ||||
| CVE-2020-35471 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 High |
| Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. | ||||
| CVE-2020-35470 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 8.8 High |
| Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters). | ||||
| CVE-2020-35459 | 2 Clusterlabs, Debian | 2 Crmsh, Debian Linux | 2024-11-21 | 7.8 High |
| An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. | ||||
| CVE-2020-35457 | 1 Gnome | 1 Glib | 2024-11-21 | 7.8 High |
| GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented | ||||
| CVE-2020-35455 | 1 Taidii | 1 Diibear | 2024-11-21 | 7.8 High |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. | ||||
| CVE-2020-35452 | 5 Apache, Debian, Fedoraproject and 2 more | 8 Http Server, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.3 High |
| Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow | ||||
| CVE-2020-35450 | 1 Gobby Project | 1 Gobby | 2024-11-21 | 7.5 High |
| Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | ||||
| CVE-2020-35388 | 1 Rockoa | 1 Xinhu | 2024-11-21 | 7.5 High |
| rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. | ||||
| CVE-2020-35382 | 1 Classroombookings | 1 Classroombookings | 2024-11-21 | 7.2 High |
| SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. | ||||
| CVE-2020-35381 | 3 Fedoraproject, Jsonparser Project, Redhat | 3 Fedora, Jsonparser, Acm | 2024-11-21 | 7.5 High |
| jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. | ||||