Export limit exceeded: 76360 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76360 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-16600 | 1 Artifex | 1 Mupdf | 2024-11-21 | 7.8 High |
| A Use After Free vulnerability exists in Artifex Software, Inc. MuPDF library 1.17.0-rc1 and earlier when a valid page was followed by a page with invalid pixmap dimensions, causing bander - a static - to point to previously freed memory instead of a newband_writer. | ||||
| CVE-2020-16303 | 4 Artifex, Canonical, Debian and 1 more | 4 Ghostscript, Ubuntu Linux, Debian Linux and 1 more | 2024-11-21 | 7.8 High |
| A use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c of Artifex Software GhostScript v9.50 allows a remote attacker to escalate privileges via a crafted PDF file. This is fixed in v9.51. | ||||
| CVE-2020-16282 | 1 Rangee | 1 Rangeeos | 2024-11-21 | 8.8 High |
| In the default configuration of Rangee GmbH RangeeOS 8.0.4, all components are executed in the context of the privileged root user. This may allow a local attacker to break out of the restricted environment or inject malicious code into the application and fully compromise the operating system. | ||||
| CVE-2020-16281 | 1 Rangee | 1 Rangeeos | 2024-11-21 | 7.8 High |
| The Kommbox component in Rangee GmbH RangeeOS 8.0.4 could allow a local authenticated attacker to escape from the restricted environment and execute arbitrary code due to unrestricted context menus being accessible. | ||||
| CVE-2020-16277 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability in the Analytics component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | ||||
| CVE-2020-16276 | 1 Carson-saint | 1 Saint Security Suite | 2024-11-21 | 8.8 High |
| An SQL injection vulnerability in the Assets component of SAINT Security Suite 8.0 through 9.8.20 allows a remote, authenticated attacker to gain unauthorized access to the database. | ||||
| CVE-2020-16273 | 1 Arm | 2 Armv8-m, Armv8-m Firmware | 2024-11-21 | 7.8 High |
| In Arm software implementing the Armv8-M processors (all versions), the stack selection mechanism could be influenced by a stack-underflow attack in v8-M TrustZone based processors. An attacker can cause a change to the stack pointer used by the Secure World from a non-secure application if the stack is not initialized. This vulnerability affects only the software that is based on Armv8-M processors with the Security Extension. | ||||
| CVE-2020-16268 | 1 1e | 1 Client | 2024-11-21 | 8.8 High |
| The MSI installer in 1E Client 4.1.0.267 and 5.0.0.745 allows remote authenticated users and local users to gain elevated privileges via the repair option. This applies to installations that have a TRANSFORM (MST) with the option to disable the installation of the Nomad module. An attacker may craft a .reg file in a specific location that will be able to write to any registry key as an elevated user. | ||||
| CVE-2020-16267 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 8.8 High |
| Zoho ManageEngine Applications Manager version 14740 and prior allows an authenticated SQL Injection via a crafted jsp request in the RCA module. | ||||
| CVE-2020-16262 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.8 High |
| Winston 1.5.4 devices have a local www-data user that is overly permissioned, resulting in root privilege escalation. | ||||
| CVE-2020-16260 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.5 High |
| Winston 1.5.4 devices do not enforce authorization. This is exploitable from the intranet, and can be combined with other vulnerabilities for remote exploitation. | ||||
| CVE-2020-16258 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 7.1 High |
| Winston 1.5.4 devices make use of a Monit service (not managed during the normal user process) which is configured with default credentials. | ||||
| CVE-2020-16256 | 1 Winstonprivacy | 2 Winston, Winston Firmware | 2024-11-21 | 8.8 High |
| The API on Winston 1.5.4 devices is vulnerable to CSRF. | ||||
| CVE-2020-16253 | 1 Pghero Project | 1 Pghero | 2024-11-21 | 8.1 High |
| The PgHero gem through 2.6.0 for Ruby allows CSRF. | ||||
| CVE-2020-16251 | 2 Hashicorp, Redhat | 3 Vault, Openshift, Openshift Data Foundation | 2024-11-21 | 8.2 High |
| HashiCorp Vault and Vault Enterprise versions 0.8.3 and newer, when configured with the GCP GCE auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1. | ||||
| CVE-2020-16250 | 2 Hashicorp, Redhat | 3 Vault, Openshift, Openshift Data Foundation | 2024-11-21 | 8.2 High |
| HashiCorp Vault and Vault Enterprise versions 0.7.1 and newer, when configured with the AWS IAM auth method, may be vulnerable to authentication bypass. Fixed in 1.2.5, 1.3.8, 1.4.4, and 1.5.1.. | ||||
| CVE-2020-16244 | 1 Ge | 1 Asset Performance Management Classic | 2024-11-21 | 7.2 High |
| GE Digital APM Classic, Versions 4.4 and prior. Salt is not used for hash calculation of passwords, making it possible to decrypt passwords. This design flaw, along with the IDOR vulnerability, puts the entire platform at high risk because an authenticated user can retrieve all user account data and then retrieve the actual passwords. | ||||
| CVE-2020-16243 | 1 We-con | 1 Levistudiou | 2024-11-21 | 7.8 High |
| Multiple buffer overflow vulnerabilities exist when LeviStudioU (Version 2019-09-21 and prior) processes project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | ||||
| CVE-2020-16236 | 1 Panasonic | 1 Fpwin Pro | 2024-11-21 | 7.8 High |
| FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-16234 | 1 Fatek | 1 Winproladder | 2024-11-21 | 7.8 High |
| In PLC WinProladder Version 3.28 and prior, a stack-based buffer overflow vulnerability can be exploited when a valid user opens a specially crafted file, which may allow an attacker to remotely execute arbitrary code. | ||||