Export limit exceeded: 20243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348821 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-5496 | 2 Fontforge, Opensuse | 2 Fontforge, Leap | 2024-11-21 | 8.8 High |
| FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. | ||||
| CVE-2020-5352 | 1 Dell | 1 Emc Data Protection Advisor | 2024-11-21 | 8.8 High |
| Dell EMC Data Protection Advisor 6.4, 6.5 and 18.1 contain an OS command injection vulnerability. A remote authenticated malicious user may exploit this vulnerability to execute arbitrary commands on the affected system. | ||||
| CVE-2020-5350 | 1 Dell | 1 Emc Integrated Data Protection Appliance | 2024-11-21 | 7.9 High |
| Dell EMC Integrated Data Protection Appliance versions 2.0, 2.1, 2.2, 2.3, 2.4 contain a command injection vulnerability in the ACM component. A remote authenticated malicious user with root privileges could inject parameters in the ACM component APIs that could lead to manipulation of passwords and execution of malicious commands on ACM component. | ||||
| CVE-2020-5344 | 1 Dell | 6 Idrac7, Idrac7 Firmware, Idrac8 and 3 more | 2024-11-21 | 7 High |
| Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data. | ||||
| CVE-2020-5332 | 1 Rsa | 1 Archer | 2024-11-21 | 7.2 High |
| RSA Archer, versions prior to 6.7 P3 (6.7.0.3), contain a command injection vulnerability. AN authenticated malicious user with administrator privileges could potentially exploit this vulnerability to execute arbitrary commands on the system where the vulnerable application is deployed. | ||||
| CVE-2020-5322 | 1 Dell | 1 Emc Openmanage Enterprise-modular | 2024-11-21 | 9.1 Critical |
| Dell EMC OpenManage Enterprise-Modular (OME-M) versions prior to 1.10.00 contain a command injection vulnerability. A remote authenticated malicious user with high privileges could potentially exploit the vulnerability to execute arbitrary shell commands on the affected system. | ||||
| CVE-2020-5311 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 9.8 Critical |
| libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | ||||
| CVE-2020-5303 | 1 Tendermint | 1 Tendermint | 2024-11-21 | 3.1 Low |
| Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated (due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions. Additionally, Tendermint does not reclaim activeID of a peer after it's removed in Mempool reactor. This does not happen all the time. It only happens when a connection fails (for any reason) before the Peer is created and added to all reactors. RemovePeer is therefore called before AddPeer, which leads to always growing memory (activeIDs map). The activeIDs map has a maximum size of 65535 and the node will panic if this map reaches the maximum. An attacker can create a lot of connection attempts (exploiting above denial of service), which ultimately will lead to the node panicking. These issues are patched in Tendermint 0.33.3 and 0.32.10. | ||||
| CVE-2020-5282 | 1 Nick Chan Bot Project | 1 Nick Chan Bot | 2024-11-21 | 7.2 High |
| In Nick Chan Bot before version 1.0.0-beta there is a vulnerability in the `npm` command which is part of this software package. This allows arbitrary shell execution,which can compromise the bot This is patched in version 1.0.0-beta | ||||
| CVE-2020-5234 | 1 Messagepack | 1 Messagepack | 2024-11-21 | 4.8 Medium |
| MessagePack for C# and Unity before version 1.9.11 and 2.1.90 has a vulnerability where untrusted data can lead to DoS attack due to hash collisions and stack overflow. Review the linked GitHub Security Advisory for more information and remediation steps. | ||||
| CVE-2020-5183 | 1 Ftpgetter | 1 Ftpgetter | 2024-11-21 | 7.5 High |
| FTPGetter Professional 5.97.0.223 is vulnerable to a memory corruption bug when a user sends a specially crafted string to the application. This memory corruption bug can possibly be classified as a NULL pointer dereference. | ||||
| CVE-2020-5146 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2024-11-21 | 7.2 High |
| A vulnerability in SonicWall SMA100 appliance allow an authenticated management-user to perform OS command injection using HTTP POST parameters. This vulnerability affected SMA100 Appliance version 10.2.0.2-20sv and earlier. | ||||
| CVE-2020-5138 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 7.5 High |
| A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | ||||
| CVE-2020-4839 | 1 Ibm | 6 8335-gca, 8335-gca Firmware, 8335-gta and 3 more | 2024-11-21 | 4.9 Medium |
| IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037. | ||||
| CVE-2020-4799 | 1 Ibm | 1 Informix Dynamic Server | 2024-11-21 | 7.8 High |
| IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460. | ||||
| CVE-2020-4724 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 7.8 High |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. | ||||
| CVE-2020-4723 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 7.8 High |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187873. | ||||
| CVE-2020-4722 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 7.8 High |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187870. | ||||
| CVE-2020-4721 | 1 Ibm | 1 I2 Analysts Notebook | 2024-11-21 | 7.8 High |
| IBM i2 Analyst Notebook 9.2.0 and 9.2.1 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 187868. | ||||
| CVE-2020-4587 | 1 Ibm | 2 Connect\, Sterling Connect\ | 2024-11-21 | 7.8 High |
| IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. | ||||