Export limit exceeded: 21759 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20206 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13361 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 3.9 Low |
| In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation. | ||||
| CVE-2020-13252 | 1 Centreon | 1 Centreon | 2024-11-21 | 8.8 High |
| Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page. | ||||
| CVE-2020-13167 | 1 Netsweeper | 1 Netsweeper | 2024-11-21 | 9.8 Critical |
| Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters. | ||||
| CVE-2020-13159 | 1 Articatech | 1 Artica Proxy | 2024-11-21 | 9.8 Critical |
| Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818. | ||||
| CVE-2020-13151 | 1 Aerospike | 1 Aerospike Server | 2024-11-21 | 9.8 Critical |
| Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service. | ||||
| CVE-2020-13124 | 1 Sabnzbd | 1 Sabnzbd | 2024-11-21 | 8.8 High |
| SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system. | ||||
| CVE-2020-13122 | 1 Noviflow | 1 Noviware | 2024-11-21 | 8.8 High |
| The novish command-line interface, included in NoviFlow NoviWare before NW500.2.12 and deployed on NoviSwitch devices, is vulnerable to command injection in the "show status destination ipaddr" command. This could be used by a read-only user (monitoring group) or admin to execute commands on the operating system. | ||||
| CVE-2020-13111 | 1 Naviserver Project | 1 Naviserver | 2024-11-21 | 7.5 High |
| NaviServer 4.99.4 to 4.99.19 allows denial of service due to the nsd/driver.c ChunkedDecode function not properly validating the length of a chunk. A remote attacker can craft a chunked-transfer request that will result in a negative value being passed to memmove via the size parameter, causing the process to crash. | ||||
| CVE-2020-13109 | 2 Nintendo, Seta | 2 Nintendo 64, Morita Shogi 64 | 2024-11-21 | 9.8 Critical |
| Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 (aka the IF subcommand to top-level command 7) has a stack-based buffer overflow. | ||||
| CVE-2020-12983 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| An out of bounds write vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privileges or denial of service. | ||||
| CVE-2020-12981 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| An insufficient input validation in the AMD Graphics Driver for Windows 10 may allow unprivileged users to unload the driver, potentially causing memory corruptions in high privileged processes, which can lead to escalation of privileges or denial of service. | ||||
| CVE-2020-12980 | 2 Amd, Microsoft | 3 Radeon Pro Software, Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| An out of bounds write and read vulnerability in the AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | ||||
| CVE-2020-12903 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| Out of Bounds Write and Read in AMD Graphics Driver for Windows 10 in Escape 0x6002d03 may lead to escalation of privilege or denial of service. | ||||
| CVE-2020-12898 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| Stack Buffer Overflow in AMD Graphics Driver for Windows 10 may lead to escalation of privilege or denial of service. | ||||
| CVE-2020-12895 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| Pool/Heap Overflow in AMD Graphics Driver for Windows 10 in Escape 0x110037 may lead to escalation of privilege, information disclosure or denial of service. | ||||
| CVE-2020-12894 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.1 High |
| Arbitrary Write in AMD Graphics Driver for Windows 10 in Escape 0x40010d may lead to arbitrary write to kernel memory or denial of service. | ||||
| CVE-2020-12893 | 2 Amd, Microsoft | 2 Radeon Software, Windows 10 | 2024-11-21 | 7.8 High |
| Stack Buffer Overflow in AMD Graphics Driver for Windows 10 in Escape 0x15002a may lead to escalation of privilege or denial of service. | ||||
| CVE-2020-12865 | 5 Canonical, Debian, Opensuse and 2 more | 7 Ubuntu Linux, Debian Linux, Leap and 4 more | 2024-11-21 | 8.0 High |
| A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | ||||
| CVE-2020-12861 | 4 Canonical, Opensuse, Redhat and 1 more | 6 Ubuntu Linux, Leap, Enterprise Linux and 3 more | 2024-11-21 | 8.8 High |
| A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | ||||
| CVE-2020-12830 | 1 Westerndigital | 6 My Cloud Ex4100, My Cloud Expert Series Ex2, My Cloud Firmware and 3 more | 2024-11-21 | 9.8 Critical |
| Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.04.114. | ||||