Export limit exceeded: 76982 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76982 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24999 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 7.8 High |
| There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2020-24996 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 7.8 High |
| There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2020-24995 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.8 High |
| Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). | ||||
| CVE-2020-24994 | 1 Libass Project | 1 Libass | 2024-11-21 | 8.8 High |
| Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. | ||||
| CVE-2020-24990 | 1 Qsc | 1 Q-sys Core Manager | 2024-11-21 | 7.5 High |
| An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version. | ||||
| CVE-2020-24986 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 7.2 High |
| Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands. | ||||
| CVE-2020-24985 | 1 Quadbase | 1 Espressdashboard | 2024-11-21 | 8.1 High |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads. | ||||
| CVE-2020-24984 | 1 Quadbase | 1 Espressreports Es | 2024-11-21 | 8.8 High |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server. | ||||
| CVE-2020-24983 | 1 Quadbase | 1 Espressreports Es | 2024-11-21 | 8.8 High |
| An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticated request (to change the Dashboard name) as if the victim had done so themselves, aka CSRF. | ||||
| CVE-2020-24972 | 3 Fedoraproject, Kleopatra Project, Opensuse | 4 Fedora, Kleopatra, Backports Sle and 1 more | 2024-11-21 | 8.8 High |
| The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. | ||||
| CVE-2020-24955 | 1 Superantispyware | 1 Professional X | 2024-11-21 | 7.8 High |
| SUPERAntiSyware Professional X Trial 10.0.1206 is vulnerable to local privilege escalation because it allows unprivileged users to restore a malicious DLL from quarantine into the system32 folder via an NTFS directory junction, as demonstrated by a crafted ualapi.dll file that is detected as malware. | ||||
| CVE-2020-24950 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 8.8 High |
| SQL Injection vulnerability in file Base_module_model.php in Daylight Studio FUEL-CMS version 1.4.9, allows remote attackers to execute arbitrary code via the col parameter to function list_items. | ||||
| CVE-2020-24949 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 8.8 High |
| Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). | ||||
| CVE-2020-24948 | 1 Autoptimize | 1 Autoptimize | 2024-11-21 | 7.2 High |
| The ao_ccss_import AJAX call in Autoptimize Wordpress Plugin 2.7.6 does not ensure that the file provided is a legitimate Zip file, allowing high privilege users to upload arbitrary files, such as PHP, leading to remote command execution. | ||||
| CVE-2020-24944 | 1 Privateoctopus | 1 Picoquic | 2024-11-21 | 7.5 High |
| picoquic (before 3rd of July 2020) allows attackers to cause a denial of service (infinite loop) via a crafted QUIC frame, related to the picoquic_decode_frames and picoquic_decode_stream_frame functions and epoch==3. | ||||
| CVE-2020-24941 | 1 Laravel | 1 Laravel | 2024-11-21 | 7.5 High |
| An issue was discovered in Laravel before 6.18.35 and 7.x before 7.24.0. The $guarded property is mishandled in some situations involving requests with JSON column nesting expressions. | ||||
| CVE-2020-24940 | 1 Laravel | 1 Laravel | 2024-11-21 | 7.5 High |
| An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. | ||||
| CVE-2020-24939 | 1 Stampit | 1 Supermixer | 2024-11-21 | 7.5 High |
| Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. | ||||
| CVE-2020-24930 | 1 Wuzhicms | 1 Wuzhicms | 2024-11-21 | 8.1 High |
| Beijing Wuzhi Internet Technology Co., Ltd. Wuzhi CMS 4.0.1 is an open source content management system. The five fingers CMS backend in***.php file has arbitrary file deletion vulnerability. Attackers can use vulnerabilities to delete arbitrary files. | ||||
| CVE-2020-24925 | 1 Elkarbackup | 1 Elkarbackup | 2024-11-21 | 7.5 High |
| A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php | ||||