Export limit exceeded: 335615 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 15150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (15150 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35877 | 1 Ozone Project | 1 Ozone | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access. | ||||
| CVE-2020-35527 | 3 Netapp, Redhat, Sqlite | 3 Ontap Select Deploy Administration Utility, Enterprise Linux, Sqlite | 2024-11-21 | 9.8 Critical |
| In SQLite 3.31.1, there is an out of bounds access problem through ALTER TABLE for views that have a nested FROM clause. | ||||
| CVE-2020-35522 | 4 Fedoraproject, Libtiff, Netapp and 1 more | 4 Fedora, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 5.5 Medium |
| In LibTIFF, there is a memory malloc failure in tif_pixarlog.c. A crafted TIFF document can lead to an abort, resulting in a remote denial of service attack. | ||||
| CVE-2020-35521 | 4 Fedoraproject, Libtiff, Netapp and 1 more | 4 Fedora, Libtiff, Ontap Select Deploy Administration Utility and 1 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in libtiff. Due to a memory allocation failure in tif_read.c, a crafted TIFF file can lead to an abort, resulting in denial of service. | ||||
| CVE-2020-35511 | 2 Debian, Libpng | 2 Debian Linux, Pngcheck | 2024-11-21 | 7.8 High |
| A global buffer overflow was discovered in pngcheck function in pngcheck-2.4.0(5 patches applied) via a crafted png file. | ||||
| CVE-2020-35452 | 5 Apache, Debian, Fedoraproject and 2 more | 8 Http Server, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.3 High |
| Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow | ||||
| CVE-2020-35448 | 3 Gnu, Netapp, Redhat | 3 Binutils, Ontap Select Deploy Administration Utility, Enterprise Linux | 2024-11-21 | 3.3 Low |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. | ||||
| CVE-2020-2803 | 7 Canonical, Debian, Fedoraproject and 4 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2024-11-21 | 8.3 High |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Libraries). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, Java SE Embedded, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE, Java SE Embedded. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.0 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| CVE-2020-2800 | 7 Canonical, Debian, Fedoraproject and 4 more | 23 Ubuntu Linux, Debian Linux, Fedora and 20 more | 2024-11-21 | 4.8 Medium |
| Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Lightweight HTTP Server). Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Java SE Embedded. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Java SE Embedded accessible data as well as unauthorized read access to a subset of Java SE, Java SE Embedded accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.0 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N). | ||||
| CVE-2020-29511 | 2 Golang, Netapp | 2 Go, Trident | 2024-11-21 | 9.8 Critical |
| The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||
| CVE-2020-29510 | 2 Golang, Netapp | 2 Go, Trident | 2024-11-21 | 9.8 Critical |
| The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||
| CVE-2020-29509 | 2 Golang, Netapp | 2 Go, Trident | 2024-11-21 | 9.8 Critical |
| The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications. | ||||
| CVE-2020-29372 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2024-11-21 | 4.7 Medium |
| An issue was discovered in do_madvise in mm/madvise.c in the Linux kernel before 5.6.8. There is a race condition between coredump operations and the IORING_OP_MADVISE implementation, aka CID-bc0c4d1e176e. | ||||
| CVE-2020-29023 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 3.5 Low |
| Improper Encoding or Escaping of Output from CSV Report Generator of Secomea GateManager allows an authenticated administrator to generate a CSV file that may run arbitrary commands on a victim's computer when opened in a spreadsheet program (like Excel). This issue affects: Secomea GateManager all versions prior to 9.3. | ||||
| CVE-2020-28954 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 5.3 Medium |
| web/controllers/ApiController.groovy in BigBlueButton before 2.2.29 lacks certain parameter sanitization, as demonstrated by accepting control characters in a user name. | ||||
| CVE-2020-28600 | 1 Openscad | 1 Openscad | 2024-11-21 | 7.8 High |
| An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-28220 | 1 Schneider-electric | 4 Modicon M258, Modicon M258 Firmware, Somachine and 1 more | 2024-11-21 | 6.8 Medium |
| A CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists in Modicon M258 Firmware (All versions prior to V5.0.4.11) and SoMachine/SoMachine Motion software (All versions), that could cause a buffer overflow when the length of a file transferred to the webserver is not verified. | ||||
| CVE-2020-28144 | 1 Moxa | 16 Edr-810-2gsfp, Edr-810-2gsfp-t, Edr-810-2gsfp-t Firmware and 13 more | 2024-11-21 | 9.8 Critical |
| Certain Moxa Inc products are affected by an improper restriction of operations in EDR-G903 Series Firmware Version 5.5 or lower, EDR-G902 Series Firmware Version 5.5 or lower, and EDR-810 Series Firmware Version 5.6 or lower. Crafted requests sent to the device may allow remote arbitrary code execution. | ||||
| CVE-2020-27958 | 1 Osu | 1 Ohio Supercomputer Center Open Ondemand | 2024-11-21 | 4.3 Medium |
| The Job Composer app in Ohio Supercomputer Center Open OnDemand before 1.7.19 and 1.8.x before 1.8.18 allows remote authenticated users to provide crafted input in a job template. | ||||
| CVE-2020-27874 | 1 Tencent | 1 Wechat | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent WeChat 7.0.18. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WXAM Decoder. The issue results from the lack of proper validation of user-supplied data, which can result in a memory access past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11580. | ||||