Export limit exceeded: 78837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (78837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13951 | 1 Apache | 1 Openmeetings | 2024-11-21 | 7.5 High |
| Attackers can use public NetTest web service of Apache OpenMeetings 4.0.0-5.0.0 to organize denial of service attack. | ||||
| CVE-2020-13950 | 5 Apache, Debian, Fedoraproject and 2 more | 8 Http Server, Debian Linux, Fedora and 5 more | 2024-11-21 | 7.5 High |
| Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service | ||||
| CVE-2020-13949 | 3 Apache, Oracle, Redhat | 7 Hive, Thrift, Communications Cloud Native Core Network Slice Selection Function and 4 more | 2024-11-21 | 7.5 High |
| In Apache Thrift 0.9.3 to 0.13.0, malicious RPC clients could send short messages which would result in a large memory allocation, potentially leading to denial of service. | ||||
| CVE-2020-13948 | 1 Apache | 1 Superset | 2024-11-21 | 8.8 High |
| While investigating a bug report on Apache Superset, it was determined that an authenticated user could craft requests via a number of templated text fields in the product that would allow arbitrary access to Python’s `os` package in the web application process in versions < 0.37.1. It was thus possible for an authenticated user to list and access files, environment variables, and process information. Additionally it was possible to set environment variables for the current process, create and update files in folders writable by the web process, and execute arbitrary programs accessible by the web process. All other operations available to the `os` package in Python were also available, even if not explicitly enumerated in this CVE. | ||||
| CVE-2020-13941 | 1 Apache | 1 Solr | 2024-11-21 | 8.8 High |
| Reported in SOLR-14515 (private) and fixed in SOLR-14561 (public), released in Solr version 8.6.0. The Replication handler (https://lucene.apache.org/solr/guide/8_6/index-replication.html#http-api-commands-for-the-replicationhandler) allows commands backup, restore and deleteBackup. Each of these take a location parameter, which was not validated, i.e you could read/write to any location the solr user can access. | ||||
| CVE-2020-13935 | 8 Apache, Canonical, Debian and 5 more | 23 Tomcat, Ubuntu Linux, Debian Linux and 20 more | 2024-11-21 | 7.5 High |
| The payload length in a WebSocket frame was not correctly validated in Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M1 to 9.0.36, 8.5.0 to 8.5.56 and 7.0.27 to 7.0.104. Invalid payload lengths could trigger an infinite loop. Multiple requests with invalid payload lengths could lead to a denial of service. | ||||
| CVE-2020-13934 | 7 Apache, Canonical, Debian and 4 more | 17 Tomcat, Ubuntu Linux, Debian Linux and 14 more | 2024-11-21 | 7.5 High |
| An h2c direct connection to Apache Tomcat 10.0.0-M1 to 10.0.0-M6, 9.0.0.M5 to 9.0.36 and 8.5.1 to 8.5.56 did not release the HTTP/1.1 processor after the upgrade to HTTP/2. If a sufficient number of such requests were made, an OutOfMemoryException could occur leading to a denial of service. | ||||
| CVE-2020-13933 | 3 Apache, Debian, Redhat | 4 Shiro, Debian Linux, Jboss Amq and 1 more | 2024-11-21 | 7.5 High |
| Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass. | ||||
| CVE-2020-13929 | 1 Apache | 1 Zeppelin | 2024-11-21 | 7.5 High |
| Authentication bypass vulnerability in Apache Zeppelin allows an attacker to bypass Zeppelin authentication mechanism to act as another user. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | ||||
| CVE-2020-13918 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 7.5 High |
| Incorrect access control in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to leak system information (that can be used for a jailbreak) via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | ||||
| CVE-2020-13915 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 7.5 High |
| Insecure permissions in emfd/libemf in Ruckus Wireless Unleashed through 200.7.10.102.92 allow a remote attacker to overwrite admin credentials via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | ||||
| CVE-2020-13914 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 7.5 High |
| webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to cause a denial of service (Segmentation fault) to the webserver via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices. | ||||
| CVE-2020-13912 | 1 Solarwinds | 1 Advanced Monitoring Agent | 2024-11-21 | 7.3 High |
| SolarWinds Advanced Monitoring Agent before 10.8.9 allows local users to gain privileges via a Trojan horse .exe file, because everyone can write to a certain .exe file. | ||||
| CVE-2020-13906 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 7.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038eb7. | ||||
| CVE-2020-13905 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 8.8 High |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!GetPlugInInfo+0x0000000000038ed4. | ||||
| CVE-2020-13902 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.1 High |
| ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. | ||||
| CVE-2020-13900 | 1 Meetecho | 1 Janus | 2024-11-21 | 7.5 High |
| An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference. | ||||
| CVE-2020-13899 | 1 Meetecho | 1 Janus | 2024-11-21 | 7.5 High |
| An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory. | ||||
| CVE-2020-13898 | 1 Meetecho | 1 Janus | 2024-11-21 | 7.5 High |
| An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference. | ||||
| CVE-2020-13895 | 1 P5-crypt-perl Project | 1 P5-crypt-perl | 2024-11-21 | 8.8 High |
| Crypt::Perl::ECDSA in the Crypt::Perl (aka p5-Crypt-Perl) module before 0.32 for Perl fails to verify correct ECDSA signatures when r and s are small and when s = 1. This happens when using the curve secp256r1 (prime256v1). This could conceivably have a security-relevant impact if an attacker wishes to use public r and s values when guessing whether signature verification will fail. | ||||