Export limit exceeded: 341102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (5710 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-28491 | 4 Fasterxml, Oracle, Quarkus and 1 more | 11 Jackson-dataformats-binary, Weblogic Server, Quarkus and 8 more | 2024-11-21 | 7.5 High |
| This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception. | ||||
| CVE-2020-28453 | 1 Npos-tesseract Project | 1 Npos-tesseract | 2024-11-21 | 9.4 Critical |
| This affects all versions of package npos-tesseract. The injection point is located in line 55 in lib/ocr.js. | ||||
| CVE-2020-28451 | 1 Image-tiler Project | 1 Image-tiler | 2024-11-21 | 9.8 Critical |
| This affects the package image-tiler before 2.0.2. | ||||
| CVE-2020-28447 | 1 Xopen Project | 1 Xopen | 2024-11-21 | 9.8 Critical |
| This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) | ||||
| CVE-2020-28446 | 1 Ntesseract Project | 1 Ntesseract | 2024-11-21 | 9.8 Critical |
| The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. | ||||
| CVE-2020-28445 | 1 Npm-help Project | 1 Npm-help | 2024-11-21 | 9.8 Critical |
| This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function. | ||||
| CVE-2020-28443 | 1 Sonar-wrapper Project | 1 Sonar-wrapper | 2024-11-21 | 9.8 Critical |
| This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. | ||||
| CVE-2020-28438 | 1 Deferred-exec Project | 1 Deferred-exec | 2024-11-21 | 9.8 Critical |
| This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js | ||||
| CVE-2020-28437 | 1 Heroku-env Project | 1 Heroku-env | 2024-11-21 | 9.4 Critical |
| This affects all versions of package heroku-env. The injection point is located in lib/get.js which is required by index.js. | ||||
| CVE-2020-28436 | 1 Google-cloudstorage-commands Project | 1 Google-cloudstorage-commands | 2024-11-21 | 7.3 High |
| This affects all versions of package google-cloudstorage-commands. | ||||
| CVE-2020-28435 | 1 Ffmpeg-sdk Project | 1 Ffmpeg-sdk | 2024-11-21 | 9.4 Critical |
| This affects all versions of package ffmpeg-sdk. The injection point is located in line 9 in index.js. | ||||
| CVE-2020-28434 | 1 Gitblame Project | 1 Gitblame | 2024-11-21 | 9.4 Critical |
| This affects all versions of package gitblame. The injection point is located in line 15 in lib/gitblame.js. | ||||
| CVE-2020-28433 | 1 Node-latex-pdf Project | 1 Node-latex-pdf | 2024-11-21 | 7.3 High |
| This affects all versions of package node-latex-pdf. | ||||
| CVE-2020-28425 | 1 Curljs Project | 1 Curljs | 2024-11-21 | 7.3 High |
| This affects all versions of package curljs. | ||||
| CVE-2020-28423 | 1 Monorepo-build Project | 1 Monorepo-build | 2024-11-21 | 9.8 Critical |
| This affects all versions of package monorepo-build. | ||||
| CVE-2020-28422 | 1 Git-archive Project | 1 Git-archive | 2024-11-21 | 6.4 Medium |
| All versions of package git-archive are vulnerable to Command Injection via the exports function. | ||||
| CVE-2020-28243 | 3 Debian, Fedoraproject, Saltstack | 3 Debian Linux, Fedora, Salt | 2024-11-21 | 7.8 High |
| An issue was discovered in SaltStack Salt before 3002.5. The minion's restartcheck is vulnerable to command injection via a crafted process name. This allows for a local privilege escalation by any user able to create a files on the minion in a non-blacklisted directory. | ||||
| CVE-2020-28200 | 2 Dovecot, Fedoraproject | 2 Dovecot, Fedora | 2024-11-21 | 4.3 Medium |
| The Sieve engine in Dovecot before 2.3.15 allows Uncontrolled Resource Consumption, as demonstrated by a situation with a complex regular expression for the regex extension. | ||||
| CVE-2020-28030 | 3 Debian, Fedoraproject, Wireshark | 3 Debian Linux, Fedora, Wireshark | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.7, the GQUIC dissector could crash. This was addressed in epan/dissectors/packet-gquic.c by correcting the implementation of offset advancement. | ||||
| CVE-2020-27978 | 1 Shibboleth | 1 Identity Provider | 2024-11-21 | 7.5 High |
| Shibboleth Identify Provider 3.x before 3.4.6 has a denial of service flaw. A remote unauthenticated attacker can cause a login flow to trigger Java heap exhaustion due to the creation of objects in the Java Servlet container session. | ||||