Export limit exceeded: 20237 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20237 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36380 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the crunch function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||||
| CVE-2020-36379 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the remove function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||||
| CVE-2020-36378 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the packageCmd function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||||
| CVE-2020-36377 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the dump function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||||
| CVE-2020-36376 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||||
| CVE-2020-36328 | 5 Apple, Debian, Netapp and 2 more | 8 Ipados, Iphone Os, Debian Linux and 5 more | 2024-11-21 | 9.8 Critical |
| A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-36317 | 2 Redhat, Rust-lang | 3 Devtools, Enterprise Linux, Rust | 2024-11-21 | 7.5 High |
| In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string. | ||||
| CVE-2020-36246 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2024-11-21 | 7.8 High |
| Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | ||||
| CVE-2020-36244 | 2 Debian, Genivi | 2 Debian Linux, Diagnostic Log And Trace | 2024-11-21 | 9.8 Critical |
| The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). | ||||
| CVE-2020-36243 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters. | ||||
| CVE-2020-36242 | 4 Cryptography.io, Fedoraproject, Oracle and 1 more | 6 Cryptography, Fedora, Communications Cloud Native Core Network Function Cloud Native Environment and 3 more | 2024-11-21 | 9.1 Critical |
| In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | ||||
| CVE-2020-36220 | 1 Va-ts Project | 1 Va-ts | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur. | ||||
| CVE-2020-36217 | 1 May Queue Project | 1 May Queue | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur. | ||||
| CVE-2020-36216 | 1 Petabi | 1 Eventio | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur. | ||||
| CVE-2020-36215 | 1 Hashconsing Project | 1 Hashconsing | 2024-11-21 | 7.5 High |
| An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur. | ||||
| CVE-2020-36211 | 1 Devolutions | 1 Gfwx | 2024-11-21 | 7.0 High |
| An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | ||||
| CVE-2020-36210 | 1 Autorand Project | 1 Autorand | 2024-11-21 | 7.8 High |
| An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. | ||||
| CVE-2020-36208 | 1 Conquer-once Project | 1 Conquer-once | 2024-11-21 | 7.8 High |
| An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption. | ||||
| CVE-2020-36207 | 1 Aovec Project | 1 Aovec | 2024-11-21 | 7.0 High |
| An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | ||||
| CVE-2020-36206 | 1 Rusb Project | 1 Rusb | 2024-11-21 | 7.0 High |
| An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur. | ||||