Export limit exceeded: 347826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79576 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79576 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-35490 | 5 Debian, Fasterxml, Netapp and 2 more | 27 Debian Linux, Jackson-databind, Service Level Manager and 24 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. | ||||
| CVE-2020-35488 | 1 Nxlog | 1 Nxlog | 2024-11-21 | 7.5 High |
| The fileop module of the NXLog service in NXLog Community Edition 2.10.2150 allows remote attackers to cause a denial of service (daemon crash) via a crafted Syslog payload to the Syslog service. This attack requires a specific configuration. Also, the name of the directory created must use a Syslog field. (For example, on Linux it is not possible to create a .. directory. On Windows, it is not possible to create a CON directory.) | ||||
| CVE-2020-35483 | 1 Anydesk | 1 Anydesk | 2024-11-21 | 7.8 High |
| AnyDesk before 6.1.0 on Windows, when run in portable mode on a system where the attacker has write access to the application directory, allows this attacker to compromise a local user account via a read-only setting for a Trojan horse gcapi.dll file. | ||||
| CVE-2020-35475 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 7.5 High |
| In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to change all userrights, and the table on the left side has unchangeable groups in it. (The right column with the changeable groups is not affected and is escaped correctly.) | ||||
| CVE-2020-35471 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 7.5 High |
| Envoy before 1.16.1 mishandles dropped and truncated datagrams, as demonstrated by a segmentation fault for a UDP packet size larger than 1500. | ||||
| CVE-2020-35470 | 1 Envoyproxy | 1 Envoy | 2024-11-21 | 8.8 High |
| Envoy before 1.16.1 logs an incorrect downstream address because it considers only the directly connected peer, not the information in the proxy protocol header. This affects situations with tcp-proxy as the network filter (not HTTP filters). | ||||
| CVE-2020-35459 | 2 Clusterlabs, Debian | 2 Crmsh, Debian Linux | 2024-11-21 | 7.8 High |
| An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges. | ||||
| CVE-2020-35457 | 1 Gnome | 1 Glib | 2024-11-21 | 7.8 High |
| GNOME GLib before 2.65.3 has an integer overflow, that might lead to an out-of-bounds write, in g_option_group_add_entries. NOTE: the vendor's position is "Realistically this is not a security issue. The standard pattern is for callers to provide a static list of option entries in a fixed number of calls to g_option_group_add_entries()." The researcher states that this pattern is undocumented | ||||
| CVE-2020-35455 | 1 Taidii | 1 Diibear | 2024-11-21 | 7.8 High |
| The Taidii Diibear Android application 2.4.0 and all its derivatives allow attackers to obtain user credentials from Shared Preferences and the SQLite database because of insecure data storage. | ||||
| CVE-2020-35452 | 5 Apache, Debian, Fedoraproject and 2 more | 8 Http Server, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.3 High |
| Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow | ||||
| CVE-2020-35450 | 1 Gobby Project | 1 Gobby | 2024-11-21 | 7.5 High |
| Gobby 0.4.11 allows a NULL pointer dereference in the D-Bus handler for certain set_language calls. | ||||
| CVE-2020-35388 | 1 Rockoa | 1 Xinhu | 2024-11-21 | 7.5 High |
| rainrocka xinhu 2.1.9 allows remote attackers to obtain sensitive information via an index.php?a=gettotal request in which the ajaxbool value is manipulated to be true. | ||||
| CVE-2020-35382 | 1 Classroombookings | 1 Classroombookings | 2024-11-21 | 7.2 High |
| SQL Injection in Classbooking before 2.4.1 via the username field of a CSV file when adding a new user. | ||||
| CVE-2020-35381 | 3 Fedoraproject, Jsonparser Project, Redhat | 3 Fedora, Jsonparser, Acm | 2024-11-21 | 7.5 High |
| jsonparser 1.0.0 allows attackers to cause a denial of service (panic: runtime error: slice bounds out of range) via a GET call. | ||||
| CVE-2020-35380 | 1 Gjson Project | 1 Gjson | 2024-11-21 | 7.5 High |
| GJSON before 1.6.4 allows attackers to cause a denial of service via crafted JSON. | ||||
| CVE-2020-35376 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2024-11-21 | 7.5 High |
| Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. | ||||
| CVE-2020-35370 | 1 Raysync | 1 Raysync | 2024-11-21 | 8.8 High |
| A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can login as "admin", then to modify specific shell file to achieve remote code execution(RCE) on the hosting server. | ||||
| CVE-2020-35362 | 1 Dext5 | 1 Dext5upload | 2024-11-21 | 7.5 High |
| DEXT5Upload 2.7.1262310 and earlier is affected by Directory Traversal in handler/dext5handler.jsp. This could allow remote files to be downloaded via a dext5CMD=downloadRequest action with traversal in the fileVirtualPath parameter (the attacker must provide the correct fileOrgName value). | ||||
| CVE-2020-35359 | 1 Pureftpd | 1 Pure-ftpd | 2024-11-21 | 7.5 High |
| Pure-FTPd 1.0.48 allows remote attackers to prevent legitimate server use by making enough connections to exceed the connection limit. | ||||
| CVE-2020-35342 | 1 Gnu | 1 Binutils | 2024-11-21 | 7.5 High |
| GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. | ||||