Export limit exceeded: 35013 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35013 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-23680 | 1 Text2pdf Project | 1 Text2pdf | 2024-11-21 | 7.8 High |
| An issue was discovered in function StartPage in text2pdf.c in pdfcorner text2pdf 1.1, allows attackers to cause denial of service or possibly other undisclosed impacts. | ||||
| CVE-2020-23580 | 1 Pbootcms | 1 Pbootcms | 2024-11-21 | 9.8 Critical |
| Remote Code Execution vulnerability in PbootCMS 2.0.8 in the message board. | ||||
| CVE-2020-23565 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| Irfanview v4.53 allows attackers to execute arbitrary code via a crafted JPEG 2000 file. Related to a "Data from Faulting Address controls Branch Selection starting at JPEG2000!ShowPlugInSaveOptions_W+0x0000000000032850". | ||||
| CVE-2020-23562 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 5.5 Medium |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x000000000000aefe. | ||||
| CVE-2020-23561 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 5.5 Medium |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000005722. | ||||
| CVE-2020-23549 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted .cr2 file, related to a "Data from Faulting Address controls Branch Selection starting at FORMATS!GetPlugInInfo+0x00000000000047f6". | ||||
| CVE-2020-23546 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows attackers to cause a denial of service or possibly other unspecified impacts via a crafted XBM file, related to a "Data from Faulting Address is used as one or more arguments in a subsequent Function Call starting at FORMATS!ReadMosaic+0x0000000000000981. | ||||
| CVE-2020-23545 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ReadXPM_W+0x0000000000000531. | ||||
| CVE-2020-23490 | 1 Wwbn | 1 Avideo | 2024-11-21 | 7.5 High |
| There was a local file disclosure vulnerability in AVideo < 8.9 via the proxy streaming. An unauthenticated attacker can exploit this issue to read an arbitrary file on the server. Which could leak database credentials or other sensitive information such as /etc/passwd file. | ||||
| CVE-2020-23469 | 1 Gmate Project | 1 Gmate | 2024-11-21 | 7.5 High |
| gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. | ||||
| CVE-2020-23361 | 1 Phplist | 1 Phplist | 2024-11-21 | 9.8 Critical |
| phpList 3.5.3 allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-23356 | 1 Nibbleblog | 1 Nibbleblog | 2024-11-21 | 7.5 High |
| dmin/kernel/api/login.class.phpin in nibbleblog v3.7.1c allows type juggling for login bypass because == is used instead of === for password hashes, which mishandles hashes that begin with 0e followed by exclusively numerical characters. | ||||
| CVE-2020-23355 | 1 Codiad | 1 Codiad | 2024-11-21 | 7.5 High |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** Codiad 2.8.4 /componetns/user/class.user.php:Authenticate() is vulnerable in magic hash authentication bypass. If encrypted or hash value for the passwords form certain formats of magic hash, e.g, 0e123, another hash value 0e234 something can successfully authenticate. | ||||
| CVE-2020-23315 | 1 Microsoft | 1 Chakracore | 2024-11-21 | 7.5 High |
| There is an ASSERTION (pFuncBody->GetYieldRegister() == oldYieldRegister) failed in Js::DebugContext::RundownSourcesAndReparse in ChakraCore version 1.12.0.0-beta. | ||||
| CVE-2020-23160 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2024-11-21 | 8.8 High |
| Remote code execution in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to arbitrary commands as root on the devices. | ||||
| CVE-2020-22916 | 1 Tukaani | 1 Xz | 2024-11-21 | 5.5 Medium |
| An issue discovered in XZ 5.2.5 allows attackers to cause a denial of service via decompression of a crafted file. NOTE: the vendor disputes the claims of "endless output" and "denial of service" because decompression of the 17,486 bytes always results in 114,881,179 bytes, which is often a reasonable size increase. | ||||
| CVE-2020-22848 | 1 Chshcms | 1 Cscms | 2024-11-21 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in the \Playsong.php component of cscms v4.1 allows attackers to execute arbitrary commands. | ||||
| CVE-2020-22782 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 7.5 High |
| Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance. | ||||
| CVE-2020-22612 | 1 Mybb | 1 Mybb | 2024-11-21 | 9.8 Critical |
| Installer RCE on settings file write in MyBB before 1.8.22. | ||||
| CVE-2020-22552 | 1 Snap7 Project | 1 Snap7 | 2024-11-21 | 7.5 High |
| The Snap7 server component in version 1.4.1, when an attacker sends a crafted packet with COTP protocol the last-data-unit flag set to No and S7 writes a var function, the Snap7 server will be crashed. | ||||