Export limit exceeded: 76233 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76233 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13572 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 8.8 High |
| A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13571 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 8.8 High |
| An out-of-bounds write vulnerability exists in the SGI RLE decompression functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13570 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 8.8 High |
| A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger the reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
| CVE-2020-13569 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| A cross-site request forgery vulnerability exists in the GACL functionality of OpenEMR 5.0.2 and development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can lead to the execution of arbitrary requests in the context of the victim. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-13568 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 8.8 High |
| SQL injection vulnerability exists in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability in admin/edit_group.php, when the POST parameter action is “Submit”, the POST parameter parent_id leads to a SQL injection. | ||||
| CVE-2020-13566 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 8.8 High |
| SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability In admin/edit_group.php, when the POST parameter action is “Delete”, the POST parameter delete_group leads to a SQL injection. | ||||
| CVE-2020-13561 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 8.8 High |
| An out-of-bounds write vulnerability exists in the TIFF parser of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13560 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 8.8 High |
| A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
| CVE-2020-13559 | 1 Freyrscada | 1 Iec-60879-5-104 Server Simulator | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2020-13558 | 2 Redhat, Webkitgtk | 3 Enterprise Linux, Rhel Els, Webkitgtk | 2024-11-21 | 8.8 High |
| A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. | ||||
| CVE-2020-13557 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 8.8 High |
| A use after free vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
| CVE-2020-13555 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In COM Server Application Privilege Escalation, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13554 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13553 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In webvrpcs Run Key Privilege Escalation in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13552 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via multiple service executables in installation folder of WebAccess, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13551 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 8.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Advantech WebAccess/SCADA 9.0.1 installation. In privilege escalation via PostgreSQL executable, an attacker can either replace binary or loaded modules to execute code with NT SYSTEM privilege. | ||||
| CVE-2020-13550 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 7.7 High |
| A local file inclusion vulnerability exists in the installation functionality of Advantech WebAccess/SCADA 9.0.1. A specially crafted application can lead to information disclosure. An attacker can send an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2020-13549 | 1 Sytech | 1 Xlreporter | 2024-11-21 | 7.8 High |
| An exploitable local privilege elevation vulnerability exists in the file system permissions of Sytech XL Reporter v14.0.1 install directory. Depending on the vector chosen, an attacker can overwrite service executables and execute arbitrary code with privileges of user set to run the service or replace other files within the installation folder, which would allow for local privilege escalation. | ||||
| CVE-2020-13548 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 8.8 High |
| In Foxit Reader 10.1.0.37527, a specially crafted PDF document can trigger reuse of previously free memory which can lead to arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
| CVE-2020-13547 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 8.8 High |
| A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||