Export limit exceeded: 20261 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20261 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9276 | 1 Dlink | 2 Dsl-2640b, Dsl-2640b Firmware | 2024-11-21 | 8.8 High |
| An issue was discovered on D-Link DSL-2640B B2 EU_4.01B devices. The function do_cgi(), which processes cgi requests supplied to the device's web servers, is vulnerable to a remotely exploitable stack-based buffer overflow. Unauthenticated exploitation is possible by combining this vulnerability with CVE-2020-9277. | ||||
| CVE-2020-9145 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 9.1 Critical |
| There is an Out-of-bounds Write vulnerability in some Huawei smartphone. Successful exploitation of this vulnerability may cause out-of-bounds access to the physical memory. | ||||
| CVE-2020-9144 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 9.8 Critical |
| There is a heap overflow vulnerability in some Huawei smartphone, attackers can exploit this vulnerability to cause heap overflows due to improper restriction of operations within the bounds of a memory buffer. | ||||
| CVE-2020-9142 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 9.1 Critical |
| There is a heap base buffer overflow vulnerability in some Huawei smartphone.Successful exploitation of this vulnerability can cause heap overflow and memory overwriting when the system incorrectly processes the update file. | ||||
| CVE-2020-9138 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | 5.3 Medium |
| There is a heap-based buffer overflow vulnerability in some Huawei Smartphone, Successful exploit of this vulnerability can cause process exceptions during updating. | ||||
| CVE-2020-9129 | 1 Huawei | 2 Mate 30, Mate 30 Firmware | 2024-11-21 | 6.7 Medium |
| HUAWEI Mate 30 versions earlier than 10.1.0.159(C00E159R7P2) have a vulnerability of improper buffer operation. Due to improper restrictions, local attackers with high privileges can exploit the vulnerability to cause system heap overflow. | ||||
| CVE-2020-9123 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 7.8 High |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) and versions earlier than 10.1.0.160(C01E160R2P8) have a buffer overflow vulnerability. An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution. | ||||
| CVE-2020-9117 | 1 Huawei | 4 Nova 4, Nova 4 Firmware, Sydneym-al00 and 1 more | 2024-11-21 | 7.8 High |
| HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. | ||||
| CVE-2020-9108 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 5.5 Medium |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. | ||||
| CVE-2020-9107 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 5.5 Medium |
| HUAWEI P30 Pro versions earlier than 10.1.0.160(C00E160R2P8) have an out-of-bounds read and write vulnerability. An unauthenticated attacker crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause the process reboot. | ||||
| CVE-2020-9101 | 1 Huawei | 12 Ips Module, Ips Module Firmware, Ngfw Module and 9 more | 2024-11-21 | 6.5 Medium |
| There is an out-of-bounds write vulnerability in some products. An unauthenticated attacker crafts malformed packets with specific parameter and sends the packets to the affected products. Due to insufficient validation of packets, which may be exploited to cause the process reboot. Affected product versions include: IPS Module versions V500R005C00, V500R005C10; NGFW Module versions V500R005C00, V500R005C10; Secospace USG6300 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; Secospace USG6600 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10; USG9500 versions V500R001C30, V500R001C60, V500R005C00, V500R005C10 | ||||
| CVE-2020-9091 | 1 Huawei | 2 Taurus-an00b, Taurus-an00b Firmware | 2024-11-21 | 5.5 Medium |
| Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have an out-of-bounds read and write vulnerability. Some functions do not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device. | ||||
| CVE-2020-9027 | 1 Eltex-co | 4 Ntp-2, Ntp-2 Firmware, Ntp-rg-1402g and 1 more | 2024-11-21 | 9.8 Critical |
| ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the TRACE field of the resource ping.cmd. The NTP-2 device is also affected. | ||||
| CVE-2020-9026 | 1 Eltex-co | 4 Ntp-2, Ntp-2 Firmware, Ntp-rg-1402g and 1 more | 2024-11-21 | 9.8 Critical |
| ELTEX NTP-RG-1402G 1v10 3.25.3.32 devices allow OS command injection via the PING field of the resource ping.cmd. The NTP-2 device is also affected. | ||||
| CVE-2020-9021 | 1 Postoaktraffic | 2 Awam Bluetooth Field Device, Awam Bluetooth Field Device Firmware | 2024-11-21 | 9.8 Critical |
| Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.py via shell metacharacters in the htmlNtpServer parameter. | ||||
| CVE-2020-9020 | 1 Iteris | 2 Vantage Velocity, Vantage Velocity Firmware | 2024-11-21 | 9.8 Critical |
| Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. | ||||
| CVE-2020-9005 | 1 Valvesoftware | 1 Dota 2 | 2024-11-21 | 7.8 High |
| meshsystem.dll in Valve Dota 2 through 2020-02-17 allows remote attackers to achieve code execution or denial of service by creating a gaming server with a crafted map, and inviting a victim to this server. A GetValue call is mishandled. | ||||
| CVE-2020-8997 | 1 Abbott | 2 Freestyle Libre, Freestyle Libre Firmware | 2024-11-21 | 8.8 High |
| Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not present in the FreeStyle Libre 14-day in the U.S (announced in August 2018) and FreeStyle Libre 2 outside the U.S (announced in October 2018). | ||||
| CVE-2020-8963 | 1 Timetoolsltd | 20 Sc7105, Sc7105 Firmware, Sc9205 and 17 more | 2024-11-21 | 9.8 Critical |
| TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to execute arbitrary OS commands via shell metacharacters in the t3.cgi srmodel or srtime parameter. | ||||
| CVE-2020-8962 | 1 Dlink | 2 Dir-842, Dir-842 Firmware | 2024-11-21 | 9.8 Critical |
| A stack-based buffer overflow was found on the D-Link DIR-842 REVC with firmware v3.13B09 HOTFIX due to the use of strcpy for LOGINPASSWORD when handling a POST request to the /MTFWU endpoint. | ||||