Export limit exceeded: 76995 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76995 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25793 | 1 Sized-chunks Project | 1 Sized-chunks | 2024-11-21 | 7.5 High |
| An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>. | ||||
| CVE-2020-25791 | 1 Sized-chunks Project | 1 Sized-chunks | 2024-11-21 | 7.5 High |
| An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit(). | ||||
| CVE-2020-25790 | 1 Typesettercms | 1 Typesetter | 2024-11-21 | 7.2 High |
| Typesetter CMS 5.x through 5.1 allows admins to upload and execute arbitrary PHP code via a .php file inside a ZIP archive. NOTE: the vendor disputes the significance of this report because "admins are considered trustworthy"; however, the behavior "contradicts our security policy" and is being fixed for 5.2 | ||||
| CVE-2020-25780 | 1 Commvault | 1 Commcell | 2024-11-21 | 7.5 High |
| In CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13, Directory Traversal can occur such that an attempt to view a log file can instead view a file outside of the log-files folder. | ||||
| CVE-2020-25776 | 1 Trendmicro | 1 Antivirus | 2024-11-21 | 7.8 High |
| Trend Micro Antivirus for Mac 2020 (Consumer) is vulnerable to a symbolic link privilege escalation attack where an attacker could exploit a critical file on the system to escalate their privileges. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | ||||
| CVE-2020-25773 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 7.8 High |
| A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to execute arbitrary code on affected products. User interaction is required to exploit this vulnerability in that the target must import a corrupted configuration file. | ||||
| CVE-2020-25767 | 1 Hcc-embedded | 1 Nichestack Ipv4 | 2024-11-21 | 7.5 High |
| An issue was discovered in HCC Embedded NicheStack IPv4 4.1. The dnc_copy_in routine for parsing DNS domain names does not check whether a domain name compression pointer is pointing within the bounds of the packet (e.g., forward compression pointer jumps are allowed), which leads to an Out-of-bounds Read, and a Denial-of-Service as a consequence. | ||||
| CVE-2020-25766 | 1 Misp | 1 Misp | 2024-11-21 | 7.5 High |
| An issue was discovered in MISP before 2.4.132. It can perform an unwanted action because of a POST operation on a form that is not linked to the login page. | ||||
| CVE-2020-25759 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DSR-250 3.17 devices. Certain functionality in the Unified Services Router web interface could allow an authenticated attacker to execute arbitrary commands, due to a lack of validation of inputs provided in multipart HTTP POST requests. | ||||
| CVE-2020-25758 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DSR-250 3.17 devices. Insufficient validation of configuration file checksums could allow a remote, authenticated attacker to inject arbitrary crontab entries into saved configurations before uploading. These entries are executed as root. | ||||
| CVE-2020-25757 | 1 Dlink | 20 Dsr-1000, Dsr-1000 Firmware, Dsr-1000ac and 17 more | 2024-11-21 | 8.8 High |
| A lack of input validation and access controls in Lua CGIs on D-Link DSR VPN routers may result in arbitrary input being passed to system command APIs, resulting in arbitrary command execution with root privileges. This affects DSR-150, DSR-250, DSR-500, and DSR-1000AC with firmware 3.14 and 3.17. | ||||
| CVE-2020-25755 | 1 Enphase | 2 Envoy, Envoy Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on Enphase Envoy R3.x and D4.x (and other current) devices. The upgrade_start function in /installer/upgrade_start allows remote authenticated users to execute arbitrary commands via the force parameter. | ||||
| CVE-2020-25754 | 1 Enphase | 2 Envoy, Envoy Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an unauthenticated user at /info.xml. Attempts to change the user password via passwd or other tools have no effect. | ||||
| CVE-2020-25751 | 1 Corephp | 1 Pago Commerce | 2024-11-21 | 8.8 High |
| The paGO Commerce plugin 2.5.9.0 for Joomla! allows SQL Injection via the administrator/index.php?option=com_pago&view=comments filter_published parameter. | ||||
| CVE-2020-25750 | 1 Dotplant | 1 Dotplant2 | 2024-11-21 | 7.5 High |
| An issue was discovered in DotPlant2 before 2020-09-14. In class Pay2PayPayment in payment/Pay2PayPayment.php, there is an XXE vulnerability in the checkResult function. The user input ($_POST['xml']) is used for simplexml_load_string without sanitization. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-25748 | 1 Rubetek | 6 Rv-3406, Rv-3406 Firmware, Rv-3409 and 3 more | 2024-11-21 | 8.1 High |
| A Cleartext Transmission issue was discovered on Rubetek RV-3406, RV-3409, and RV-3411 cameras (firmware versions v342, v339). Someone in the middle can intercept and modify the video data from the camera, which is transmitted in an unencrypted form. One can also modify responses from NTP and RTSP servers and force the camera to use the changed values. | ||||
| CVE-2020-25744 | 1 Safervpn | 1 Safervpn | 2024-11-21 | 8.1 High |
| SaferVPN before 5.0.3.3 on Windows could allow low-privileged users to create or overwrite arbitrary files, which could cause a denial of service (DoS) condition, because a symlink from %LOCALAPPDATA%\SaferVPN\Log is followed. | ||||
| CVE-2020-25737 | 2 Hackolade, Microsoft | 2 Hackolade, Windows | 2024-11-21 | 7.8 High |
| An elevation of privilege vulnerability exists in Hackolade versions prior 4.2.0 on Windows has an issue in specific deployment scenarios that could allow local users to gain elevated privileges during an uninstall of the application. | ||||
| CVE-2020-25736 | 1 Acronis | 1 True Image | 2024-11-21 | 7.8 High |
| Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration. | ||||
| CVE-2020-25733 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 7.5 High |
| webTareas through 2.1 allows upload of the dangerous .exe and .shtml file types. | ||||