Export limit exceeded: 342293 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 74787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74787 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24373 | 1 Free | 10 Freebox Delta, Freebox Delta Firmware, Freebox Mini and 7 more | 2024-11-21 | 8.8 High |
| A CSRF vulnerability in the UPnP MediaServer implementation in Freebox Server before 4.2.3. | ||||
| CVE-2020-24369 | 1 Lua | 1 Lua | 2024-11-21 | 7.5 High |
| ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. | ||||
| CVE-2020-24368 | 3 Debian, Icinga, Suse | 4 Debian Linux, Icinga Web 2, Linux Enterprise and 1 more | 2024-11-21 | 7.5 High |
| Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. | ||||
| CVE-2020-24367 | 2 Bluestacks, Microsoft | 2 Bluestacks, Windows | 2024-11-21 | 7.8 High |
| Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | ||||
| CVE-2020-24365 | 1 Gemteks | 4 Wrtm-127acn, Wrtm-127acn Firmware, Wrtm-127x9 and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.) | ||||
| CVE-2020-24364 | 1 Ethz | 1 Minetime | 2024-11-21 | 8.8 High |
| MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. | ||||
| CVE-2020-24360 | 1 Arista | 27 7280cr2ak-30, 7280cr2k-60, 7280cr3-32d4 and 24 more | 2024-11-21 | 7.4 High |
| An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train. | ||||
| CVE-2020-24359 | 1 Hashicorp | 1 Vault-ssh-helper | 2024-11-21 | 7.5 High |
| HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0. | ||||
| CVE-2020-24354 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2024-11-21 | 8.8 High |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. | ||||
| CVE-2020-24346 | 1 F5 | 1 Njs | 2024-11-21 | 7.8 High |
| njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. | ||||
| CVE-2020-24345 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option | ||||
| CVE-2020-24344 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.1 High |
| JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read. | ||||
| CVE-2020-24343 | 1 Artifex | 1 Mujs | 2024-11-21 | 7.8 High |
| Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. | ||||
| CVE-2020-24342 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2024-11-21 | 7.8 High |
| Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | ||||
| CVE-2020-24340 | 1 Altran | 2 Picotcp, Picotcp-ng | 2024-11-21 | 7.5 High |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service. | ||||
| CVE-2020-24339 | 1 Altran | 2 Picotcp, Picotcp-ng | 2024-11-21 | 7.5 High |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service. | ||||
| CVE-2020-24337 | 1 Altran | 2 Picotcp, Picotcp-ng | 2024-11-21 | 7.5 High |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c. | ||||
| CVE-2020-24335 | 3 Contiki-ng, Contiki-os, Uip Project | 3 Contiki-ng, Contiki, Uip | 2024-11-21 | 7.5 High |
| An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets. | ||||
| CVE-2020-24334 | 3 Contiki-ng, Contiki-os, Uip Project | 3 Contiki-ng, Contiki, Uip | 2024-11-21 | 8.2 High |
| The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c. | ||||
| CVE-2020-24331 | 3 Fedoraproject, Redhat, Trousers Project | 3 Fedora, Enterprise Linux, Trousers | 2024-11-21 | 7.8 High |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). | ||||