Export limit exceeded: 347343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79370 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24838 | 1 Issuer Project | 1 Issuer | 2024-11-21 | 7.5 High |
| An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain 'amount', and the issuedCount can be zero if there is an overflow. | ||||
| CVE-2020-24837 | 1 Zcfees Project | 1 Zcfees | 2024-11-21 | 7.5 High |
| An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function. | ||||
| CVE-2020-24807 | 1 Socket.io-file Project | 1 Socket.io-file | 2024-11-21 | 7.8 High |
| The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-24772 | 1 Clash Project | 1 Clash | 2024-11-21 | 8.8 High |
| In Dreamacro Clash for Windows v0.11.4, an attacker could embed a malicious iframe in a website with a crafted URL that would launch the Clash Windows client and force it to open a remote SMB share. Windows will perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking). | ||||
| CVE-2020-24771 | 1 Nexusphp | 1 Nexusphp | 2024-11-21 | 7.5 High |
| Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access published content. | ||||
| CVE-2020-24765 | 1 Mind | 1 Imind Server | 2024-11-21 | 7.5 High |
| InterMind iMind Server through 3.13.65 allows remote unauthenticated attackers to read the self-diagnostic archive via a direct api/rs/monitoring/rs/api/system/dump-diagnostic-info?server=127.0.0.1 request. | ||||
| CVE-2020-24755 | 1 Ui | 1 Unifi Video | 2024-11-21 | 7.8 High |
| In Ubiquiti UniFi Video v3.10.13, when the executable starts, its first library validation is in the current directory. This allows the impersonation and modification of the library to execute code on the system. This was tested in (Windows 7 x64/Windows 10 x64). | ||||
| CVE-2020-24750 | 4 Debian, Fasterxml, Oracle and 1 more | 29 Debian Linux, Jackson-databind, Agile Plm and 26 more | 2024-11-21 | 8.1 High |
| FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration. | ||||
| CVE-2020-24742 | 1 Qt | 1 Qt | 2024-11-21 | 7.8 High |
| An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files. | ||||
| CVE-2020-24718 | 4 Freebsd, Netapp, Omniosce and 1 more | 4 Freebsd, Clustered Data Ontap, Omnios and 1 more | 2024-11-21 | 8.2 High |
| bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP. | ||||
| CVE-2020-24717 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-11-21 | 7.8 High |
| OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777. | ||||
| CVE-2020-24716 | 2 Freebsd, Openzfs | 2 Freebsd, Openzfs | 2024-11-21 | 7.8 High |
| OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories. | ||||
| CVE-2020-24713 | 1 Getgophish | 1 Gophish | 2024-11-21 | 7.5 High |
| Gophish through 0.10.1 does not invalidate the gophish cookie upon logout. | ||||
| CVE-2020-24707 | 1 Getgophish | 1 Gophish | 2024-11-21 | 7.8 High |
| Gophish before 0.11.0 allows the creation of CSV sheets that contain malicious content. | ||||
| CVE-2020-24705 | 1 Wso2 | 6 Api Manager, Api Manager Analytics, Identity Server and 3 more | 2024-11-21 | 8.8 High |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager through 3.1.0, API Manager Analytics 2.5.0, IS as Key Manager through 5.10.0, Identity Server through 5.10.0, Identity Server Analytics through 5.6.0, and IoT Server 3.1.0. | ||||
| CVE-2020-24703 | 1 Wso2 | 9 Api Manager, Api Manager Analytics, Api Microgateway and 6 more | 2024-11-21 | 8.8 High |
| An issue was discovered in certain WSO2 products. A valid Carbon Management Console session cookie may be sent to an attacker-controlled server if the victim submits a crafted Try It request, aka Session Hijacking. This affects API Manager 2.2.0, API Manager Analytics 2.2.0, API Microgateway 2.2.0, Data Analytics Server 3.2.0, Enterprise Integrator through 6.6.0, IS as Key Manager 5.5.0, Identity Server 5.5.0 and 5.8.0, Identity Server Analytics 5.5.0, and IoT Server 3.3.0 and 3.3.1. | ||||
| CVE-2020-24697 | 1 Powerdns | 1 Authoritative | 2024-11-21 | 7.5 High |
| An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can cause a denial of service by sending crafted queries with a GSS-TSIG signature. | ||||
| CVE-2020-24696 | 1 Powerdns | 1 Authoritative | 2024-11-21 | 8.1 High |
| An issue was discovered in PowerDNS Authoritative through 4.3.0 when --enable-experimental-gss-tsig is used. A remote, unauthenticated attacker can trigger a race condition leading to a crash, or possibly arbitrary code execution, by sending crafted queries with a GSS-TSIG signature. | ||||
| CVE-2020-24692 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 7.1 High |
| The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | ||||
| CVE-2020-24686 | 1 Abb | 12 Pm554, Pm554 Firmware, Pm556 and 9 more | 2024-11-21 | 7.5 High |
| The vulnerabilities can be exploited to cause the web visualization component of the PLC to stop and not respond, leading to genuine users losing remote visibility of the PLC state. If a user attempts to login to the PLC while this vulnerability is exploited, the PLC will show an error state and refuse connections to Automation Builder. The execution of the PLC application is not affected by this vulnerability. This issue affects ABB AC500 V2 products with onboard Ethernet. | ||||