Export limit exceeded: 74787 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74787 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24330 | 3 Fedoraproject, Redhat, Trousers Project | 3 Fedora, Enterprise Linux, Trousers | 2024-11-21 | 7.8 High |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. | ||||
| CVE-2020-24315 | 1 Wordpress Poll Project | 1 Wordpress Poll | 2024-11-21 | 7.5 High |
| Vinoj Cardoza WordPress Poll Plugin v36 and lower executes SQL statement passed in via the pollid POST parameter due to a lack of user input escaping. This allows users who craft specific SQL statements to dump the entire targets database. | ||||
| CVE-2020-24307 | 1 Mremoteng | 1 Mremoteng | 2024-11-21 | 7.8 High |
| An issue in mRemoteNG v1.76.20 allows attackers to escalate privileges via a crafted executable file. NOTE: third parties were unable to reproduce any scenario in which the claimed access of BUILTIN\Users:(M) is present. | ||||
| CVE-2020-24297 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-11-21 | 8.8 High |
| httpd on TP-Link TL-WPA4220 devices (versions 2 through 4) allows remote authenticated users to execute arbitrary OS commands by sending crafted POST requests to the endpoint /admin/powerline. Fixed version: TL-WPA4220(EU)_V4_201023 | ||||
| CVE-2020-24295 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file. | ||||
| CVE-2020-24293 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file. | ||||
| CVE-2020-24292 | 1 Freeimage Project | 1 Freeimage | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file. | ||||
| CVE-2020-24285 | 1 Intelbras | 4 Tip200, Tip200 Firmware, Tip200lite and 1 more | 2024-11-21 | 7.5 High |
| INTELBRAS TELEFONE IP TIP200 version 60.61.75.22 allows an attacker to obtain sensitive information through /cgi-bin/cgiServer.exx. | ||||
| CVE-2020-24271 | 1 Easycms | 1 Easycms | 2024-11-21 | 8.8 High |
| A CSRF vulnerability was discovered in EasyCMS v1.6 that can add an admin account through index.php?s=/admin/rbacuser/insert/navTabId/rbacuser/callbackType/closeCurrent, then post username=***&password=***. | ||||
| CVE-2020-24266 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.5 High |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in get_l2len() that can make tcpprep crash and cause a denial of service. | ||||
| CVE-2020-24265 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 7.5 High |
| An issue was discovered in tcpreplay tcpprep v4.3.3. There is a heap buffer overflow vulnerability in MemcmpInterceptorCommon() that can make tcpprep crash and cause a denial of service. | ||||
| CVE-2020-24263 | 1 Portainer | 1 Portainer | 2024-11-21 | 8.8 High |
| Portainer 1.24.1 and earlier is affected by an insecure permissions vulnerability that may lead to remote arbitrary code execution. A non-admin user is allowed to spawn new containers with critical capabilities such as SYS_MODULE, which can be used to take over the Docker host. | ||||
| CVE-2020-24246 | 1 Peplink | 110 Balance 1350, Balance 1350 Firmware, Balance 20 and 107 more | 2024-11-21 | 7.5 High |
| Peplink Balance before 8.1.0rc1 allows an unauthenticated attacker to download PHP configuration files (/filemanager/php/connector.php) from Web Admin. | ||||
| CVE-2020-24227 | 1 Playgroundsessions | 1 Playground Sessions | 2024-11-21 | 7.5 High |
| Playground Sessions v2.5.582 (and earlier) for Windows, stores the user credentials in plain text allowing anyone with access to UserProfiles.sol to extract the email and password. | ||||
| CVE-2020-24222 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 7.8 High |
| Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN. | ||||
| CVE-2020-24220 | 1 Shopxo | 1 Shopxo | 2024-11-21 | 8.8 High |
| ShopXO v1.8.1 has a command execution vulnerability. Attackers can use this vulnerability to execute arbitrary commands and gain control of the server. | ||||
| CVE-2020-24219 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2024-11-21 | 7.5 High |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password. | ||||
| CVE-2020-24216 | 3 Jtechdigital, Provideoinstruments, Szuray | 105 H.264 Iptv Encoder 1080p\@60hz, H.264 Iptv Encoder 1080p\@60hz Firmware, Vecaster-4k-hevc and 102 more | 2024-11-21 | 7.5 High |
| An issue was discovered in the box application on HiSilicon based IPTV/H.264/H.265 video encoders. When the administrator configures a secret URL for RTSP streaming, the stream is still available via its default name such as /0. Unauthenticated attackers can view video streams that are meant to be private. | ||||
| CVE-2020-24213 | 1 Ygopro | 1 Ygocore | 2024-11-21 | 7.5 High |
| An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory. | ||||
| CVE-2020-24196 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 7.2 High |
| An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. | ||||