Export limit exceeded: 76982 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76982 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24922 | 1 Xuxueli | 1 Xxl-job | 2024-11-21 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in xxl-job-admin/user/add in xuxueli xxl-job version 2.2.0, allows remote attackers to execute arbitrary code and esclate privileges via crafted .html file. | ||||
| CVE-2020-24908 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 7.8 High |
| Checkmk before 1.6.0p17 allows local users to obtain SYSTEM privileges via a Trojan horse shell script in the %PROGRAMDATA%\checkmk\agent\local directory. | ||||
| CVE-2020-24899 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. | ||||
| CVE-2020-24898 | 1 Stiltsoft | 1 Table Filter And Charts For Confluence Server | 2024-11-21 | 7.6 High |
| The Table Filter and Charts for Confluence Server app before 5.3.26 (for Atlassian Confluence) allows SSRF via the "Table from CSV" macro (URL parameter). | ||||
| CVE-2020-24897 | 1 Stiltsoft | 1 Table Filter And Charts For Confluence Server | 2024-11-21 | 8.9 High |
| The Table Filter and Charts for Confluence Server app before 5.3.25 (for Atlassian Confluence) allow remote attackers to inject arbitrary HTML or JavaScript via cross site scripting (XSS) through the provided Markdown markup to the "Table from CSV" macro. | ||||
| CVE-2020-24889 | 1 Libraw | 1 Libraw | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. | ||||
| CVE-2020-24870 | 2 Libraw, Redhat | 2 Libraw, Enterprise Linux | 2024-11-21 | 8.8 High |
| Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. | ||||
| CVE-2020-24862 | 1 Pharmacy Medical Store And Sale Point Project | 1 Pharmacy Medical Store And Sale Point | 2024-11-21 | 7.5 High |
| The catID parameter in Pharmacy Medical Store and Sale Point v1.0 has been found to be vulnerable to a Time-Based blind SQL injection via the /medical/inventories.php path which allows attackers to retrieve all databases. | ||||
| CVE-2020-24849 | 1 Fruitywifi Project | 1 Fruitywifi | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317. | ||||
| CVE-2020-24848 | 1 Fruitywifi Project | 1 Fruitywifi | 2024-11-21 | 7.8 High |
| FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system. | ||||
| CVE-2020-24838 | 1 Issuer Project | 1 Issuer | 2024-11-21 | 7.5 High |
| An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain 'amount', and the issuedCount can be zero if there is an overflow. | ||||
| CVE-2020-24837 | 1 Zcfees Project | 1 Zcfees | 2024-11-21 | 7.5 High |
| An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function. | ||||
| CVE-2020-24807 | 1 Socket.io-file Project | 1 Socket.io-file | 2024-11-21 | 7.8 High |
| The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-24772 | 1 Clash Project | 1 Clash | 2024-11-21 | 8.8 High |
| In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking). | ||||
| CVE-2020-24771 | 1 Nexusphp | 1 Nexusphp | 2024-11-21 | 7.5 High |
| Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. | ||||
| CVE-2020-24765 | 1 Mind | 1 Imind Server | 2024-11-21 | 7.5 High |
| InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | ||||
| CVE-2020-24755 | 1 Ui | 1 Unifi Video | 2024-11-21 | 7.8 High |
| In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64). | ||||
| CVE-2020-24750 | 4 Debian, Fasterxml, Oracle and 1 more | 29 Debian Linux, Jackson-databind, Agile Plm and 26 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | ||||
| CVE-2020-24742 | 1 Qt | 1 Qt | 2024-11-21 | 7.8 High |
| An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. | ||||
| CVE-2020-24718 | 4 Freebsd, Netapp, Omniosce and 1 more | 4 Freebsd, Clustered Data Ontap, Omnios and 1 more | 2024-11-21 | 8.2 High |
| bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. | ||||