Export limit exceeded: 76430 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76430 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13790 | 3 Libjpeg-turbo, Mozilla, Redhat | 3 Libjpeg-turbo, Mozjpeg, Enterprise Linux | 2024-11-21 | 8.1 High |
| libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | ||||
| CVE-2020-13787 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Transmission of Sensitive Information. | ||||
| CVE-2020-13786 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices allow CSRF. | ||||
| CVE-2020-13785 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Inadequate Encryption Strength. | ||||
| CVE-2020-13784 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator. | ||||
| CVE-2020-13783 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 7.5 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information. | ||||
| CVE-2020-13782 | 1 Dlink | 2 Dir-865l, Dir-865l Firmware | 2024-11-21 | 8.8 High |
| D-Link DIR-865L Ax 1.20B01 Beta devices allow Command Injection. | ||||
| CVE-2020-13778 | 1 Rconfig | 1 Rconfig | 2024-11-21 | 8.8 High |
| rConfig 3.9.4 and earlier allows authenticated code execution (of system commands) by sending a forged GET request to lib/ajaxHandlers/ajaxAddTemplate.php or lib/ajaxHandlers/ajaxEditTemplate.php. | ||||
| CVE-2020-13777 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 7.4 High |
| GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket (a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3). The earliest affected version is 3.6.4 (2018-09-24) because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS server always uses wrong data in place of an encryption key derived from an application. | ||||
| CVE-2020-13771 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 7.8 High |
| Various components in Ivanti Endpoint Manager through 2020.1.1 rely on Windows search order when loading a (nonexistent) library file, allowing (under certain conditions) one to gain code execution (and elevation of privileges to the level of privilege held by the vulnerable component such as NT AUTHORITY\SYSTEM) via DLL hijacking. This affects ldiscn32.exe, IpmiRedirectionService.exe, LDAPWhoAmI.exe, and ldprofile.exe. | ||||
| CVE-2020-13770 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 7.8 High |
| Several services are accessing named pipes in Ivanti Endpoint Manager through 2020.1.1 with default or overly permissive security attributes; as these services run as user ‘NT AUTHORITY\SYSTEM’, the issue can be used to escalate privileges from a local standard or service account having SeImpersonatePrivilege (eg. user ‘NT AUTHORITY\NETWORK SERVICE’). | ||||
| CVE-2020-13769 | 1 Ivanti | 1 Endpoint Manager | 2024-11-21 | 8.8 High |
| LDMS/alert_log.aspx in Ivanti Endpoint Manager through 2020.1 allows SQL Injection via a /remotecontrolauth/api/device request. | ||||
| CVE-2020-13764 | 1 Rocketgenius | 1 Gravityforms | 2024-11-21 | 7.5 High |
| common.php in the Gravity Forms plugin before 2.4.9 for WordPress can leak hashed passwords because user_pass is not considered a special case for a $current_user->get($property) call. | ||||
| CVE-2020-13763 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 7.5 High |
| In Joomla! before 3.9.19, the default settings of the global textfilter configuration do not block HTML inputs for Guest users. | ||||
| CVE-2020-13760 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 8.8 High |
| In Joomla! before 3.9.19, missing token checks in com_postinstall lead to CSRF. | ||||
| CVE-2020-13759 | 1 Vm-memory Project | 1 Vm-memory | 2024-11-21 | 7.5 High |
| rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl). | ||||
| CVE-2020-13757 | 4 Canonical, Fedoraproject, Python-rsa Project and 1 more | 4 Ubuntu Linux, Fedora, Python-rsa and 1 more | 2024-11-21 | 7.5 High |
| Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). | ||||
| CVE-2020-13700 | 1 Acf To Rest Api Project | 1 Acf To Rest Api | 2024-11-21 | 7.5 High |
| An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. | ||||
| CVE-2020-13699 | 2 Microsoft, Teamviewer | 2 Windows, Teamviewer | 2024-11-21 | 8.8 High |
| TeamViewer Desktop for Windows before 15.8.3 does not properly quote its custom URI handlers. A malicious website could launch TeamViewer with arbitrary parameters, as demonstrated by a teamviewer10: --play URL. An attacker could force a victim to send an NTLM authentication request and either relay the request or capture the hash for offline password cracking. This affects teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1. The issue is fixed in 8.0.258861, 9.0.258860, 10.0.258873, 11.0.258870, 12.0.258869, 13.2.36220, 14.2.56676, 14.7.48350, and 15.8.3. | ||||
| CVE-2020-13695 | 1 Quickbox | 1 Quickbox | 2024-11-21 | 7.2 High |
| In QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8, the local www-data user has sudo privileges to execute grep as root without a password, which allows an attacker to obtain sensitive information via a grep of a /root/*.db or /etc/shadow file. | ||||