Export limit exceeded: 350384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80537 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80537 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-12248 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 8.8 High |
| In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. | ||||
| CVE-2020-12247 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 7.1 High |
| In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. | ||||
| CVE-2020-12246 | 1 Beeline | 2 Smart Box, Smart Box Firmware | 2024-11-21 | 8.8 High |
| Beeline Smart Box 2.0.38 routers allow "Advanced settings > Other > Diagnostics" OS command injection via the Ping ping_ipaddr parameter, the Nslookup nslookup_ipaddr parameter, or the Traceroute traceroute_ipaddr parameter. | ||||
| CVE-2020-12244 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports Sle and 2 more | 2024-11-21 | 7.5 High |
| An issue has been found in PowerDNS Recursor 4.1.0 through 4.3.0 where records in the answer section of a NXDOMAIN response lacking an SOA were not properly validated in SyncRes::processAnswer, allowing an attacker to bypass DNSSEC validation. | ||||
| CVE-2020-12243 | 9 Apple, Broadcom, Canonical and 6 more | 28 Mac Os X, Brocade Fabric Operating System, Ubuntu Linux and 25 more | 2024-11-21 | 7.5 High |
| In filter.c in slapd in OpenLDAP before 2.4.50, LDAP search filters with nested boolean expressions can result in denial of service (daemon crash). | ||||
| CVE-2020-12242 | 1 Valvesoftware | 1 Source | 2024-11-21 | 7.8 High |
| Valve Source allows local users to gain privileges by writing to the /tmp/hl2_relaunch file, which is later executed in the context of a different user account. | ||||
| CVE-2020-12140 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | 8.8 High |
| A buffer overflow in os/net/mac/ble/ble-l2cap.c in the BLE stack in Contiki-NG 4.4 and earlier allows an attacker to execute arbitrary code via malicious L2CAP frames. | ||||
| CVE-2020-12138 | 1 Amd | 1 Atillk64 | 2024-11-21 | 8.8 High |
| AMD ATI atillk64.sys 5.11.9.0 allows low-privileged users to interact directly with physical memory by calling one of several driver routines that map physical memory into the virtual address space of the calling process. This could enable low-privileged users to achieve NT AUTHORITY\SYSTEM privileges via a DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages. | ||||
| CVE-2020-12128 | 1 File Transfer Ifamily Project | 1 File Transfer Ifamily | 2024-11-21 | 7.5 High |
| DONG JOO CHO File Transfer iFamily 2.1 allows directory traversal related to the ./etc/ path. | ||||
| CVE-2020-12127 | 1 Wavlink | 2 Wn530h4, Wn530h4 Firmware | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint of the WAVLINK WN530H4 M30H4.V5030.190403 allows an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without authentication. | ||||
| CVE-2020-12123 | 1 Wavlink | 2 Wn530h4, Wn530h4 Firmware | 2024-11-21 | 8.1 High |
| CSRF vulnerabilities in the /cgi-bin/ directory of the WAVLINK WN530H4 M30H4.V5030.190403 allow an attacker to remotely access router endpoints, because these endpoints do not contain CSRF tokens. If a user is authenticated in the router portal, then this attack will work. | ||||
| CVE-2020-12122 | 1 Maxpcsecure | 1 Max Spyware Detector | 2024-11-21 | 7.8 High |
| In Max Secure Max Spyware Detector 1.0.0.044, the driver file (MaxProc64.sys) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of not validating input values from IOCtl 0x2200019. (This also extends to the various other products from Max Secure that include MaxProc64.sys.) | ||||
| CVE-2020-12120 | 1 Prestashop | 1 Correos Express | 2024-11-21 | 7.5 High |
| The Correos Express addon for PrestaShop 1.6 through 1.7 allows remote attackers to obtain sensitive information, such as a service's owner password that can be used to modify orders via SOAP. Attackers can also retrieve information about orders or buyers. | ||||
| CVE-2020-12119 | 1 Ledger | 1 Ledger Live | 2024-11-21 | 8.1 High |
| Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). It increases the user's balance with the value of an unconfirmed transaction as soon as it is received (before the transaction is confirmed) and does not decrease the balance when it is canceled. As a result, users are exposed to basic double spending attacks, amplified double spending attacks, and DoS attacks without user consent. | ||||
| CVE-2020-12118 | 1 Binance | 1 Tss-lib | 2024-11-21 | 8.2 High |
| The keygen protocol implementation in Binance tss-lib before 1.2.0 allows attackers to generate crafted h1 and h2 parameters in order to compromise a signing round or obtain sensitive information from other parties. | ||||
| CVE-2020-12116 | 1 Zohocorp | 1 Manageengine Opmanager | 2024-11-21 | 7.5 High |
| Zoho ManageEngine OpManager Stable build before 124196 and Released build before 125125 allows an unauthenticated attacker to read arbitrary files on the server by sending a crafted request. | ||||
| CVE-2020-12112 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 7.5 High |
| BigBlueButton before 2.2.5 allows remote attackers to obtain sensitive files via Local File Inclusion. | ||||
| CVE-2020-12111 | 1 Tp-link | 4 Nc260, Nc260 Firmware, Nc450 and 1 more | 2024-11-21 | 8.8 High |
| Certain TP-Link devices allow Command Injection. This affects NC260 1.5.2 build 200304 and NC450 1.5.3 build 200304. | ||||
| CVE-2020-12109 | 1 Tp-link | 14 Nc200, Nc200 Firmware, Nc210 and 11 more | 2024-11-21 | 8.8 High |
| Certain TP-Link devices allow Command Injection. This affects NC200 2.1.9 build 200225, NC210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, NC260 1.5.2 build 200304, and NC450 1.5.3 build 200304. | ||||
| CVE-2020-12104 | 1 Internet-formation | 1 Wp-advanced-search | 2024-11-21 | 8.8 High |
| The Import feature in the wp-advanced-search plugin 3.3.6 for WordPress is vulnerable to authenticated SQL injection via an uploaded .sql file. An attacker can use this to execute SQL commands without any validation. | ||||