Export limit exceeded: 348281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20215 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-24635 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 7.2 High |
| A remote execution of arbitrary commands vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.5 and below; Aruba Instant 8.7.x: 8.7.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | ||||
| CVE-2020-24581 | 1 Dlink | 2 Dsl2888a, Dsl2888a Firmware | 2024-11-21 | 8.0 High |
| An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55. It contains an execute_cmd.cgi feature (that is not reachable via the web user interface) that lets an authenticated user execute Operating System commands. | ||||
| CVE-2020-24572 | 1 Raspap | 1 Raspap | 2024-11-21 | 8.8 High |
| An issue was discovered in includes/webconsole.php in RaspAP 2.5. With authenticated access, an attacker can use a misconfigured (and virtually unrestricted) web console to attack the underlying OS (Raspberry Pi) running this software, and execute commands on the system (including ones for uploading of files and execution of code). | ||||
| CVE-2020-24552 | 1 Atoptechnology | 14 Se5901, Se5901 Firmware, Se5901b and 11 more | 2024-11-21 | 5.5 Medium |
| Atop Technology industrial 3G/4G gateway contains Command Injection vulnerability. Due to insufficient input validation, the device's web management interface allows attackers to inject specific code and execute system commands without privilege. | ||||
| CVE-2020-24480 | 1 Intel | 1 Extreme Tuning Utility | 2024-11-21 | 4.4 Medium |
| Out-of-bounds write in the Intel(R) XTU before version 6.5.3.25 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2020-24473 | 1 Intel | 46 Baseboard Management Controller Firmware, Compute Module Hns2600bpb24r, Compute Module Hns2600bpbr and 43 more | 2024-11-21 | 7.8 High |
| Out of bounds write in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.48.ce3e3bd2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-24462 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 7.8 High |
| Out of bounds write in the Intel(R) Graphics Driver before version 15.33.53.5161, 15.36.40.5162, 15.40.47.5166, 15.45.33.5164 and 27.20.100.8336 may allow an authenticated user to potentially enable an escalation of privilege via local access. | ||||
| CVE-2020-24436 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 7.8 High |
| Acrobat Pro DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by an out-of-bounds write vulnerability that could result in writing past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. This vulnerability requires user interaction to exploit in that the victim must open a malicious document. | ||||
| CVE-2020-24415 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 7.8 High |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | ||||
| CVE-2020-24414 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 7.8 High |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | ||||
| CVE-2020-24413 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 7.8 High |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | ||||
| CVE-2020-24412 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 7.8 High |
| Adobe Illustrator version 24.1.2 (and earlier) is affected by a memory corruption vulnerability that occurs when parsing a specially crafted .svg file. This could result in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | ||||
| CVE-2020-24411 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2024-11-21 | 7.8 High |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | ||||
| CVE-2020-24397 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.2 High |
| An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. | ||||
| CVE-2020-24388 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-11-21 | 7.5 High |
| An issue was discovered in the _send_secure_msg() function of yubihsm-shell through 2.0.2. The function does not validate the embedded length field of a message received from the device. This could lead to an oversized memcpy() call that will crash the running process. This could be used by an attacker to cause a denial of service. | ||||
| CVE-2020-24387 | 2 Fedoraproject, Yubico | 2 Fedora, Yubihsm-shell | 2024-11-21 | 7.5 High |
| An issue was discovered in the yh_create_session() function of yubihsm-shell through 2.0.2. The function does not explicitly check the returned session id from the device. An invalid session id would lead to out-of-bounds read and write operations in the session array. This could be used by an attacker to cause a denial of service attack. | ||||
| CVE-2020-24365 | 1 Gemteks | 4 Wrtm-127acn, Wrtm-127acn Firmware, Wrtm-127x9 and 1 more | 2024-11-21 | 8.8 High |
| An issue was discovered on Gemtek WRTM-127ACN 01.01.02.141 and WRTM-127x9 01.01.02.127 devices. The Monitor Diagnostic network page allows an authenticated attacker to execute a command directly on the target machine. Commands are executed as the root user (uid 0). (Even if a login is required, most routers are left with default credentials.) | ||||
| CVE-2020-24354 | 1 Zyxel | 2 Vmg5313-b30b, Vmg5313-b30b Firmware | 2024-11-21 | 8.8 High |
| Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection. | ||||
| CVE-2020-24352 | 1 Qemu | 1 Qemu | 2024-11-21 | 5.5 Medium |
| An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service. | ||||
| CVE-2020-24345 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.8 High |
| JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option | ||||