Export limit exceeded: 79399 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79399 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25582 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 8.7 High |
| In FreeBSD 12.2-STABLE before r369334, 11.4-STABLE before r369335, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 when a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed. | ||||
| CVE-2020-25581 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.5 High |
| In FreeBSD 12.2-STABLE before r369312, 11.4-STABLE before r369313, 12.2-RELEASE before p4 and 11.4-RELEASE before p8 due to a race condition in the jail_remove(2) implementation, it may fail to kill some of the processes. | ||||
| CVE-2020-25574 | 1 Hyper | 1 Http | 2024-11-21 | 7.5 High |
| An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). | ||||
| CVE-2020-25564 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 8.8 High |
| In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials of a non-privileged user by directly accessing RemoteMgmtTaskSave (Automation Tasks) feature. | ||||
| CVE-2020-25561 | 1 Sapphireims | 1 Sapphireims | 2024-11-21 | 7.8 High |
| SapphireIMS 5 utilized default sapphire:ims credentials to connect the client to server. This credential is saved in ServerConf.config file in the client. | ||||
| CVE-2020-25557 | 1 Cmsuno Project | 1 Cmsuno | 2024-11-21 | 8.8 High |
| In CMSuno 1.6.2, an attacker can inject malicious PHP code as a "username" while changing his/her username & password. After that, when attacker logs in to the application, attacker's code will be run. As a result of this vulnerability, authenticated user can run command on the server. | ||||
| CVE-2020-25540 | 1 Thinkadmin | 1 Thinkadmin | 2024-11-21 | 7.5 High |
| ThinkAdmin v6 is affected by a directory traversal vulnerability. An unauthorized attacker can read arbitrarily file on a remote server via GET request encode parameter. | ||||
| CVE-2020-25538 | 1 Cmsuno Project | 1 Cmsuno | 2024-11-21 | 8.8 High |
| An authenticated attacker can inject malicious code into "lang" parameter in /uno/central.php file in CMSuno 1.6.2 and run this PHP code in the web page. In this way, attacker can takeover the control of the server. | ||||
| CVE-2020-25533 | 1 Malwarebytes | 1 Malwarebytes | 2024-11-21 | 7.0 High |
| An issue was discovered in Malwarebytes before 4.0 on macOS. A malicious application was able to perform a privileged action within the Malwarebytes launch daemon. The privileged service improperly validated XPC connections by relying on the PID instead of the audit token. An attacker can construct a situation where the same PID is used for running two different programs at different times, by leveraging a race condition during crafted use of posix_spawn. | ||||
| CVE-2020-25515 | 1 Simple Library Management System Project | 1 Simple Library Management System | 2024-11-21 | 7.8 High |
| Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books. | ||||
| CVE-2020-25514 | 1 Simple Library Management System Project | 1 Simple Library Management System | 2024-11-21 | 8.4 High |
| Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php. | ||||
| CVE-2020-25507 | 1 3ds | 1 Teamwork Cloud | 2024-11-21 | 7.8 High |
| An incorrect permission assignment during the installation script of TeamworkCloud 18.0 thru 19.0 allows a local unprivileged attacker to execute arbitrary code as root. During installation, the user is instructed to set the system enviroment file with world writable permissions (0777 /etc/environment). Any local unprivileged user can execute arbitrary code simply by writing to /etc/environment, which will force all users, including root, to execute arbitrary code during the next login or reboot. In addition, the entire home directory of the twcloud user at /home/twcloud is recursively given world writable permissions. This allows any local unprivileged attacker to execute arbitrary code, as twcloud. This product was previous named Cameo Enterprise Data Warehouse (CEDW). | ||||
| CVE-2020-25499 | 1 Totolink | 26 A3002r, A3002r Firmware, A3002ru-v1 and 23 more | 2024-11-21 | 8.8 High |
| TOTOLINK A3002RU-V2.0.0 B20190814.1034 allows authenticated remote users to modify the system's 'Run Command'. An attacker can use this functionality to execute arbitrary OS commands on the router. | ||||
| CVE-2020-25493 | 1 Oclean | 1 Oclean | 2024-11-21 | 7.5 High |
| Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic. | ||||
| CVE-2020-25490 | 1 Sqreen | 1 Php Microagent | 2024-11-21 | 7.3 High |
| Lack of cryptographic signature verification in the Sqreen PHP agent daemon before 1.16.0 makes it easier for remote attackers to inject rules for execution inside the virtual machine. | ||||
| CVE-2020-25487 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 7.8 High |
| PHPGURUKUL Zoo Management System Using PHP and MySQL version 1.0 is affected by: SQL Injection via zms/animal-detail.php. | ||||
| CVE-2020-25465 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Null Pointer Dereference. in xObjectBindingFromExpression at moddable/xs/sources/xsSyntaxical.c:3419 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25464 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger. | ||||
| CVE-2020-25463 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in fxUTF8Decode at moddable/xs/sources/xsCommon.c:916 in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||
| CVE-2020-25461 | 1 Moddable | 1 Moddable | 2024-11-21 | 7.5 High |
| Invalid Memory Access in the fxProxyGetter function in moddable/xs/sources/xsProxy.c in Moddable SDK before OS200908 causes a denial of service (SEGV). | ||||