Export limit exceeded: 348644 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348644 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25275 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25275 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-1043 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2024-11-21 | 9.0 Critical |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042. | ||||
| CVE-2020-1042 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2024-11-21 | 9.0 Critical |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1043. | ||||
| CVE-2020-1041 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2024-11-21 | 9.0 Critical |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1036, CVE-2020-1040, CVE-2020-1042, CVE-2020-1043. | ||||
| CVE-2020-1036 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2024-11-21 | 9.0 Critical |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1032, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | ||||
| CVE-2020-1032 | 1 Microsoft | 3 Windows Server 2008, Windows Server 2012, Windows Server 2016 | 2024-11-21 | 9.0 Critical |
| A remote code execution vulnerability exists when Hyper-V RemoteFX vGPU on a host server fails to properly validate input from an authenticated user on a guest operating system, aka 'Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1036, CVE-2020-1040, CVE-2020-1041, CVE-2020-1042, CVE-2020-1043. | ||||
| CVE-2020-1026 | 1 Microsoft | 1 Research Javascript Cryptography Library | 2024-11-21 | 9.8 Critical |
| A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a server’s private ECC key (a key leakage attack) or craft an invalid ECDSA signature that nevertheless passes as valid.The security update addresses the vulnerability by fixing the bugs disclosed in the ECC implementation, aka 'MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability'. | ||||
| CVE-2020-1018 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2024-11-21 | 7.5 High |
| An information disclosure vulnerability exists when Microsoft Dynamics Business Central/NAV on-premise does not properly hide the value of a masked field when showing the records as a chart page.The attacker who successfully exploited the vulnerability could see the information that are in a masked field.The security update addresses the vulnerability by updating the rendering engine the Windows client to properly detect masked fields and render the content as masked., aka 'Microsoft Dynamics Business Central/NAV Information Disclosure'. | ||||
| CVE-2020-19363 | 1 Vtiger | 1 Vtiger Crm | 2024-11-21 | 6.5 Medium |
| Vtiger CRM v7.2.0 allows an attacker to display hidden files, list directories by using /libraries and /layout directories. | ||||
| CVE-2020-19275 | 1 Dhcms Project | 1 Dhcms | 2024-11-21 | 5.3 Medium |
| An Information Disclosure vulnerability exists in dhcms 2017-09-18 when entering invalid characters after the normal interface, which causes an error that will leak the physical path. | ||||
| CVE-2020-18685 | 1 Atlassian | 1 Floodlight | 2024-11-21 | 9.8 Critical |
| Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of unchecked prerequisites related to TCP or UDP ports, or group or table IDs. | ||||
| CVE-2020-18683 | 1 Atlassian | 1 Floodlight | 2024-11-21 | 9.8 Critical |
| Floodlight through 1.2 has poor input validation in checkFlow in StaticFlowEntryPusherResource.java because of undefined fields mishandling. | ||||
| CVE-2020-17521 | 4 Apache, Netapp, Oracle and 1 more | 24 Atlas, Groovy, Snapcenter and 21 more | 2024-11-21 | 5.5 Medium |
| Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2. | ||||
| CVE-2020-17516 | 1 Apache | 1 Cassandra | 2024-11-21 | 7.5 High |
| Apache Cassandra versions 2.1.0 to 2.1.22, 2.2.0 to 2.2.19, 3.0.0 to 3.0.23, and 3.11.0 to 3.11.9, when using 'dc' or 'rack' internode_encryption setting, allows both encrypted and unencrypted internode connections. A misconfigured node or a malicious user can use the unencrypted connection despite not being in the same rack or dc, and bypass mutual TLS requirement. | ||||
| CVE-2020-17507 | 4 Debian, Fedoraproject, Qt and 1 more | 4 Debian Linux, Fedora, Qt and 1 more | 2024-11-21 | 5.3 Medium |
| An issue was discovered in Qt through 5.12.9, and 5.13.x through 5.15.x before 5.15.1. read_xbm_body in gui/image/qxbmhandler.cpp has a buffer over-read. | ||||
| CVE-2020-17489 | 5 Canonical, Debian, Gnome and 2 more | 5 Ubuntu Linux, Debian Linux, Gnome-shell and 2 more | 2024-11-21 | 4.3 Medium |
| An issue was discovered in certain configurations of GNOME gnome-shell through 3.36.4. When logging out of an account, the password box from the login dialog reappears with the password still visible. If the user had decided to have the password shown in cleartext at login time, it is then visible for a brief moment upon a logout. (If the password were never shown in cleartext, only the password length is revealed.) | ||||
| CVE-2020-17479 | 1 Json Pattern Validator Project | 1 Json Pattern Validator | 2024-11-21 | 9.8 Critical |
| jpv (aka Json Pattern Validator) before 2.2.2 does not properly validate input, as demonstrated by a corrupted array. | ||||
| CVE-2020-17478 | 1 P5-crypt-perl Project | 1 P5-crypt-perl | 2024-11-21 | 7.5 High |
| ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm. | ||||
| CVE-2020-17444 | 1 Altran | 1 Picotcp | 2024-11-21 | 7.5 High |
| An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn't check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension headers will not increment the current data pointer. This leads to an infinite loop and Denial-of-Service in pico_ipv6_check_headers_sequence() in pico_ipv6.c. | ||||
| CVE-2020-17439 | 2 Contiki-os, Uip Project | 2 Contiki, Uip | 2024-11-21 | 8.3 High |
| An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that parses incoming DNS packets does not validate that the incoming DNS replies match outgoing DNS queries in newdata() in resolv.c. Also, arbitrary DNS replies are parsed if there was any outgoing DNS query with a transaction ID that matches the transaction ID of an incoming reply. Provided that the default DNS cache is quite small (only four records) and that the transaction ID has a very limited set of values that is quite easy to guess, this can lead to DNS cache poisoning. | ||||
| CVE-2020-17393 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 6.5 Medium |
| This vulnerability allows local attackers to disclose information on affected installations of Parallels Desktop 15.1.3-47255. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the prl_hypervisor kext. The issue results from the lack of proper validation of user-supplied data, which can result a pointer to be leaked after the handler is done. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the kernel. Was ZDI-CAN-10520. | ||||