Export limit exceeded: 342055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10046 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24994 | 1 Libass Project | 1 Libass | 2024-11-21 | 8.8 High |
| Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file. | ||||
| CVE-2020-24987 | 1 Tendacn | 2 Ac18, Ac18 Firmware | 2024-11-21 | 9.8 Critical |
| Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a remote code execution due to incorrect authentication handling of vulnerable logincheck() function in /usr/lib/lua/ngx_authserver/ngx_wdas.lua file if the administrator UI Interface is set to "radius". | ||||
| CVE-2020-24899 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 8.8 High |
| Nagios XI 5.7.2 is affected by a remote code execution (RCE) vulnerability. An authenticated user can inject additional commands into normal webapp query. | ||||
| CVE-2020-24849 | 1 Fruitywifi Project | 1 Fruitywifi | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability is identified in FruityWifi through 2.4. Due to improperly escaped shell metacharacters obtained from the POST request at the page_config_adv.php page, it is possible to perform remote code execution by an authenticated attacker. This is similar to CVE-2018-17317. | ||||
| CVE-2020-24652 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.8 Critical |
| A addvsiinterfaceinfo expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24651 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.8 Critical |
| A syslogtempletselectwin expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24650 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.8 Critical |
| A legend expression language injection remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24648 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.8 Critical |
| A accessmgrservlet classname deserialization of untrusted data remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24646 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.8 Critical |
| A tftpserver stack-based buffer overflow remote code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24633 | 1 Arubanetworks | 15 7005, 7008, 7010 and 12 more | 2024-11-21 | 9.8 Critical |
| There are multiple buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending especially crafted packets destined to the PAPI (Aruba Networks AP management protocol) UDP port (8211) of access-points or controllers in Aruba 9000 Gateway; Aruba 7000 Series Mobility Controllers; Aruba 7200 Series Mobility Controllers version(s): 2.1.0.1, 2.2.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below; 6.4.4.23, 6.5.4.17, 8.2.2.9, 8.3.0.13, 8.5.0.10, 8.6.0.5, 8.7.0.0 and below. | ||||
| CVE-2020-24626 | 1 Hpe | 1 Utility Computing Service Meter | 2024-11-21 | 9.8 Critical |
| Unathenticated directory traversal in the ReceiverServlet class doPost() method can lead to arbitrary remote code execution in HPE Pay Per Use (PPU) Utility Computing Service (UCS) Meter version 1.9. | ||||
| CVE-2020-24621 | 1 Openmrs | 1 Htmlformentry | 2024-11-21 | 8.8 High |
| A remote code execution (RCE) vulnerability was discovered in the htmlformentry (aka HTML Form Entry) module before 3.11.0 for OpenMRS. By leveraging path traversal, a malicious Velocity Template Language file could be written to a directory. This file could then be accessed and executed. | ||||
| CVE-2020-24397 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.2 High |
| An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. | ||||
| CVE-2020-24384 | 1 A10networks | 2 Advanced Core Operating System, Agalaxy | 2024-11-21 | 9.8 Critical |
| A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2), 4.x, and 5.1.x are affected. aGalaxy versions 3.0.x, 3.2.x, and 5.0.x are affected. | ||||
| CVE-2020-24338 | 1 Altran | 1 Picotcp | 2024-11-21 | 9.8 Critical |
| An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writes that lead to Denial-of-Service and Remote Code Execution. | ||||
| CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 9.8 Critical |
| Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | ||||
| CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2024-11-21 | 9.8 Critical |
| Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | ||||
| CVE-2020-24196 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 7.2 High |
| An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution. | ||||
| CVE-2020-24195 | 1 Online Bike Rental Project | 1 Online Bike Rental | 2024-11-21 | 9.1 Critical |
| An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution. | ||||
| CVE-2020-24186 | 1 Gvectors | 1 Wpdiscuz | 2024-11-21 | 10 Critical |
| A Remote Code Execution vulnerability exists in the gVectors wpDiscuz plugin 7.0 through 7.0.4 for WordPress, which allows unauthenticated users to upload any type of file, including PHP files via the wmuUploadFiles AJAX action. | ||||