Export limit exceeded: 20093 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20093 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25226 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore. | ||||
| CVE-2020-25212 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 7.0 High |
| A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. | ||||
| CVE-2020-25206 | 1 Mimosa | 6 B5, B5 Firmware, B5c and 3 more | 2024-11-21 | 7.2 High |
| The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions. | ||||
| CVE-2020-25199 | 1 We-con | 1 Levistudiou | 2024-11-21 | 7.8 High |
| A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | ||||
| CVE-2020-25177 | 1 We-con | 1 Plc Editor | 2024-11-21 | 8.8 High |
| WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution. | ||||
| CVE-2020-25171 | 1 Fujielectric | 1 V-server | 2024-11-21 | 7.8 High |
| The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-25159 | 1 Rtautomation | 2 499es Ethernet\/ip Adaptor, 499es Ethernet\/ip Adaptor Firmware | 2024-11-21 | 9.8 Critical |
| 499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution. | ||||
| CVE-2020-25112 | 1 Contiki-os | 1 Contiki-os | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet. | ||||
| CVE-2020-25111 | 1 Contiki-os | 1 Contiki-os | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet. | ||||
| CVE-2020-25108 | 1 Ethernut | 1 Nut\/os | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | ||||
| CVE-2020-25094 | 1 Logrhythm | 1 Platform Manager | 2024-11-21 | 9.8 Critical |
| LogRhythm Platform Manager 7.4.9 allows Command Injection. To exploit this, an attacker can inject arbitrary program names and arguments into a WebSocket. These are forwarded to any remote server with a LogRhythm Smart Response agent installed. By default, the commands are run with LocalSystem privileges. | ||||
| CVE-2020-25085 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 5.0 Medium |
| QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | ||||
| CVE-2020-25066 | 1 Treck | 1 Tcp\/ip | 2024-11-21 | 10 Critical |
| A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code. | ||||
| CVE-2020-25052 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020). | ||||
| CVE-2020-25036 | 1 Ucopia | 1 Ucopia Wireless Appliance | 2024-11-21 | 8.8 High |
| UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command. | ||||
| CVE-2020-25023 | 1 Noise-java Project | 1 Noise-java | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access. | ||||
| CVE-2020-25022 | 1 Noise-java Project | 1 Noise-java | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access. | ||||
| CVE-2020-25021 | 1 Noise-java Project | 1 Noise-java | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access. | ||||
| CVE-2020-24999 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 7.8 High |
| There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2020-24916 | 3 Canonical, Debian, Yaws | 3 Ubuntu Linux, Debian Linux, Yaws | 2024-11-21 | 9.8 Critical |
| CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection. | ||||