Export limit exceeded: 347269 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79356 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24369 | 1 Lua | 1 Lua | 2024-11-21 | 7.5 High |
| ldebug.c in Lua 5.4.0 attempts to access debug information via the line hook of a stripped function, leading to a NULL pointer dereference. | ||||
| CVE-2020-24368 | 3 Debian, Icinga, Suse | 4 Debian Linux, Icinga Web 2, Linux Enterprise and 1 more | 2024-11-21 | 7.5 High |
| Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. | ||||
| CVE-2020-24367 | 2 Bluestacks, Microsoft | 2 Bluestacks, Windows | 2024-11-21 | 7.8 High |
| Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. | ||||
| CVE-2020-24365 | 1 Gemteks | 4 Wrtm-127acn, Wrtm-127acn Firmware, Wrtm-127x9 and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.) | ||||
| CVE-2020-24364 | 1 Ethz | 1 Minetime | 2024-11-21 | 8.8 High |
| MineTime through 1.8.5 allows arbitrary command execution via the notes field in a meeting. Could lead to RCE via meeting invite. | ||||
| CVE-2020-24360 | 1 Arista | 27 7280cr2ak-30, 7280cr2k-60, 7280cr3-32d4 and 24 more | 2024-11-21 | 7.4 High |
| An issue with ARP packets in Arista’s EOS affecting the 7800R3, 7500R3, and 7280R3 series of products may result in issues that cause a kernel crash, followed by a device reload. The affected Arista EOS versions are: 4.24.2.4F and below releases in the 4.24.x train; 4.23.4M and below releases in the 4.23.x train; 4.22.6M and below releases in the 4.22.x train. | ||||
| CVE-2020-24359 | 1 Hashicorp | 1 Vault-ssh-helper | 2024-11-21 | 7.5 High |
| HashiCorp vault-ssh-helper up to and including version 0.1.6 incorrectly accepted Vault-issued SSH OTPs for the subnet in which a host's network interface was located, rather than the specific IP address assigned to that interface. Fixed in 0.2.0. | ||||
| CVE-2020-24354 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2024-11-21 | 8.8 High |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. | ||||
| CVE-2020-24346 | 1 F5 | 1 Njs | 2024-11-21 | 7.8 High |
| njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c. | ||||
| CVE-2020-24345 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option | ||||
| CVE-2020-24344 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.1 High |
| JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read. | ||||
| CVE-2020-24343 | 1 Artifex | 1 Mujs | 2024-11-21 | 7.8 High |
| Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c. | ||||
| CVE-2020-24342 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2024-11-21 | 7.8 High |
| Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | ||||
| CVE-2020-24340 | 1 Altran | 2 Picotcp, Picotcp-ng | 2024-11-21 | 7.5 High |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service. | ||||
| CVE-2020-24339 | 1 Altran | 2 Picotcp, Picotcp-ng | 2024-11-21 | 7.5 High |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service. | ||||
| CVE-2020-24337 | 1 Altran | 2 Picotcp, Picotcp-ng | 2024-11-21 | 7.5 High |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c. | ||||
| CVE-2020-24335 | 3 Contiki-ng, Contiki-os, Uip Project | 3 Contiki-ng, Contiki, Uip | 2024-11-21 | 7.5 High |
| An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets. | ||||
| CVE-2020-24334 | 3 Contiki-ng, Contiki-os, Uip Project | 3 Contiki-ng, Contiki, Uip | 2024-11-21 | 8.2 High |
| The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c. | ||||
| CVE-2020-24331 | 3 Fedoraproject, Redhat, Trousers Project | 3 Fedora, Enterprise Linux, Trousers | 2024-11-21 | 7.8 High |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the tss user still has read and write access to the /etc/tcsd.conf file (which contains various settings related to this daemon). | ||||
| CVE-2020-24330 | 3 Fedoraproject, Redhat, Trousers Project | 3 Fedora, Enterprise Linux, Trousers | 2024-11-21 | 7.8 High |
| An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed. | ||||