Export limit exceeded: 80246 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80246 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10089 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother, | ||||
| CVE-2020-10088 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.1 High |
| GitLab 12.5 through 12.8.1 has Insecure Permissions. Depending on particular group settings, it was possible for invited groups to be given the incorrect permission level. | ||||
| CVE-2020-10087 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab before 12.8.2 allows Information Disclosure. Badge images were not being proxied, causing mixed content warnings as well as leaking the IP address of the user. | ||||
| CVE-2020-10073 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.5 High |
| GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a potential denial of service involving permissions checks could impact a project home page. | ||||
| CVE-2020-10067 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.5 High |
| A malicious userspace application can cause a integer overflow and bypass security checks performed by system call handlers. The impact would depend on the underlying system call and can range from denial of service to information leak to memory corruption resulting in code execution within the kernel. See NCC-ZEP-005 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. | ||||
| CVE-2020-10064 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.3 High |
| Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 | ||||
| CVE-2020-10061 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.1 High |
| Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | ||||
| CVE-2020-10060 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8 High |
| In updatehub_probe, right after JSON parsing is complete, objects\[1] is accessed from the output structure in two different places. If the JSON contained less than two elements, this access would reference unitialized stack memory. This could result in a crash, denial of service, or possibly an information leak. Provided the fix in CVE-2020-10059 is applied, the attack requires compromise of the server. See NCC-ZEP-030 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. version 2.2.0 and later versions. | ||||
| CVE-2020-10058 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.8 High |
| Multiple syscalls in the Kscan subsystem perform insufficient argument validation, allowing code executing in userspace to potentially gain elevated privileges. See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 2.1.0 and later versions. | ||||
| CVE-2020-10057 | 1 Metalgenix | 1 Genixcms | 2024-11-21 | 8.8 High |
| GeniXCMS 1.1.7 is vulnerable to user privilege escalation due to broken access control. This issue exists because of an incomplete fix for CVE-2015-2680, in which "token" is used as a CSRF protection mechanism, but without validation that "token" is associated with an administrative user. | ||||
| CVE-2020-10056 | 1 Siemens | 1 License Management Utility | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in License Management Utility (LMU) (All versions < V2.4). The lmgrd service of the affected application is executed with local SYSTEM privileges on the server while its configuration can be modified by local users. The vulnerability could allow a local authenticated attacker to execute arbitrary commands on the server with local SYSTEM privileges. | ||||
| CVE-2020-10051 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). Multiple services of the affected application are executed with SYSTEM privileges while the call path is not quoted. This could allow a local attacker to inject arbitrary commands that are execeuted instead of the legitimate service. | ||||
| CVE-2020-10050 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The directory of service executables of the affected application could allow a local attacker to include arbitrary commands that are executed with SYSTEM privileges when the system restarts. | ||||
| CVE-2020-10049 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2024-11-21 | 7.3 High |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (All versions < V2.10.2). The start-stop scripts for the services of the affected application could allow a local attacker to include arbitrary commands that are executed when services are started or stopped interactively by system administrators. | ||||
| CVE-2020-10045 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An error in the challenge-response procedure could allow an attacker to replay authentication traffic and gain access to protected areas of the web application. | ||||
| CVE-2020-10044 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker with access to the network could be able to install specially crafted firmware to the device. | ||||
| CVE-2020-10039 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2024-11-21 | 8.1 High |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). An attacker in a privileged network position between a legitimate user and the web server might be able to conduct a Man-in-the-middle attack and gain read and write access to the transmitted data. | ||||
| CVE-2020-10037 | 1 Siemens | 6 Sicam Mmu, Sicam Mmu Firmware, Sicam Sgu and 3 more | 2024-11-21 | 7.5 High |
| A vulnerability has been identified in SICAM MMU (All versions < V2.05), SICAM SGU (All versions), SICAM T (All versions < V2.18). By performing a flooding attack against the web server, an attacker might be able to gain read access to the device's memory, possibly revealing confidential information. | ||||
| CVE-2020-10030 | 1 Powerdns | 1 Recursor | 2024-11-21 | 8.8 High |
| An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker (with enough privileges to change the system's hostname) to cause disclosure of uninitialized memory content via a stack-based out-of-bounds read. It only occurs on systems where gethostname() does not have '\0' termination of the returned string if the hostname is larger than the supplied buffer. (Linux systems are not affected because the buffer is always large enough. OpenBSD systems are not affected because the returned hostname always has '\0' termination.) Under some conditions, this issue can lead to the writing of one '\0' byte out-of-bounds on the stack, causing a denial of service or possibly arbitrary code execution. | ||||
| CVE-2020-10028 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.8 High |
| Multiple syscalls with insufficient argument validation See NCC-ZEP-006 This issue affects: zephyrproject-rtos zephyr version 1.14.0 and later versions. version 2.1.0 and later versions. | ||||