Export limit exceeded: 75482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75482 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-0025 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In deletePackageVersionedInternal of PackageManagerService.java, there is a possible way to exit Screen Pinning due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-135604684 | ||||
| CVE-2020-0024 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreate of SettingsBaseActivity.java, there is a possible unauthorized setting modification due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.1 Android-9 Android-10 Android-8.0Android ID: A-137015265 | ||||
| CVE-2020-0022 | 2 Google, Huawei | 43 Android, Honor 8a, Honor 8a Firmware and 40 more | 2024-11-21 | 8.8 High |
| In reassemble_and_dispatch of packet_fragmenter.cc, there is possible out of bounds write due to an incorrect bounds calculation. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-143894715 | ||||
| CVE-2020-0016 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-171413483 | ||||
| CVE-2020-0015 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In onCreate of CertInstaller.java, there is a possible way to overlay the Certificate Installation dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139017101 | ||||
| CVE-2020-0002 | 1 Google | 1 Android | 2024-11-21 | 8.8 High |
| In ih264d_init_decoder of ih264d_api.c, there is a possible out of bounds write due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-142602711 | ||||
| CVE-2020-0001 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In getProcessRecordLocked of ActivityManagerService.java isolated apps are not handled correctly. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-140055304 | ||||
| CVE-2019-9972 | 2 3cx, Debian | 3 Phone System, Phone System Firmware, Debian Linux | 2024-11-21 | 8.8 High |
| PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an authenticated attacker to run arbitrary commands with the phonesystem user privileges because of "<space><space> followed by <shift><enter>" mishandling. | ||||
| CVE-2019-9971 | 2 3cx, Debian | 3 Phone System, Phone System Firmware, Debian Linux | 2024-11-21 | 8.8 High |
| PhoneSystem Terminal in 3CX Phone System (Debian based installation) 16.0.0.1570 allows an attacker to gain root privileges by using sudo with the tcpdump command, without a password. This occurs because the -z (aka postrotate-command) option to tcpdump can be unsafe when used in conjunction with sudo. | ||||
| CVE-2019-9944 | 1 Openmicroscopy | 1 Omero.server | 2024-11-21 | 7.5 High |
| In Open Microscopy Environment OMERO.server 5.0.0 through 5.6.0, the reading of files from imported image filesets may circumvent OMERO permissions restrictions. This occurs because the Bio-Formats feature allows an image file to have embedded pathnames. | ||||
| CVE-2019-9943 | 1 Openmicroscopy | 1 Omero.server | 2024-11-21 | 7.5 High |
| In ome.services.graphs.GraphTraversal.findObjectDetails in Open Microscopy Environment OMERO.server 5.1.0 through 5.6.0, permissions on OMERO model objects may be circumvented during certain operations such as move and delete, because group permissions are mishandled. | ||||
| CVE-2019-9926 | 1 Labkey | 1 Labkey Server | 2024-11-21 | 8.8 High |
| An issue was discovered in LabKey Server 19.1.0. It is possible to force a logged-in administrator to execute code through a /reports-viewScriptReport.view CSRF vulnerability. | ||||
| CVE-2019-9924 | 6 Canonical, Debian, Gnu and 3 more | 12 Ubuntu Linux, Debian Linux, Bash and 9 more | 2024-11-21 | 7.8 High |
| rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus allowing the user to execute any command with the permissions of the shell. | ||||
| CVE-2019-9922 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 7.5 High |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. Directory Traversal allows read access to arbitrary files. | ||||
| CVE-2019-9920 | 1 Harmistechnology | 1 Je Messenger | 2024-11-21 | 8.8 High |
| An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to perform an action within the context of the account of another user. | ||||
| CVE-2019-9900 | 2 Envoyproxy, Redhat | 3 Envoy, Openshift Service Mesh, Service Mesh | 2024-11-21 | 8.3 High |
| When parsing HTTP/1.x header values, Envoy 1.9.0 and before does not reject embedded zero characters (NUL, ASCII 0x0). This allows remote attackers crafting header values containing embedded NUL characters to potentially bypass header matching rules, gaining access to unauthorized resources. | ||||
| CVE-2019-9896 | 3 Microsoft, Opensuse, Putty | 4 Windows, Backports Sle, Leap and 1 more | 2024-11-21 | 7.8 High |
| In PuTTY versions before 0.71 on Windows, local attackers could hijack the application by putting a malicious help file in the same directory as the executable. | ||||
| CVE-2019-9886 | 1 Eclass | 1 Eclass Ip | 2024-11-21 | 7.5 High |
| Any URLs with download_attachment.php under templates or home folders can allow arbitrary files downloaded without login in BroadLearning eClass before version ip.2.5.10.2.1. | ||||
| CVE-2019-9859 | 1 Vestacp | 1 Vesta Control Panel | 2024-11-21 | 8.8 High |
| Vesta Control Panel (VestaCP) 0.9.7 through 0.9.8-23 is vulnerable to an authenticated command execution that can result in remote root access on the server. The platform works with PHP as the frontend language and uses shell scripts to execute system actions. PHP executes shell script through the dangerous command exec. This function can be dangerous if arguments passed to it are not filtered. Every user input in VestaCP that is used as an argument is filtered with the escapeshellarg function. This function comes from the PHP library directly and its description is as follows: "escapeshellarg() adds single quotes around a string and quotes/escapes any existing single quotes allowing you to pass a string directly to a shell function and having it be treated as a single safe argument." It means that if you give Username, it will have 'Username' as a replacement. This works well and protects users from exploiting this potentially dangerous exec function. Unfortunately, VestaCP uses this escapeshellarg function incorrectly in several places. | ||||
| CVE-2019-9858 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 8.8 High |
| Remote code execution was discovered in Horde Groupware Webmail 5.2.22 and 5.2.17. Horde/Form/Type.php contains a vulnerable class that handles image upload in forms. When the Horde_Form_Type_image method onSubmit() is called on uploads, it invokes the functions getImage() and _getUpload(), which uses unsanitized user input as a path to save the image. The unsanitized POST parameter object[photo][img][file] is saved in the $upload[img][file] PHP variable, allowing an attacker to manipulate the $tmp_file passed to move_uploaded_file() to save the uploaded file. By setting the parameter to (for example) ../usr/share/horde/static/bd.php, one can write a PHP backdoor inside the web root. The static/ destination folder is a good candidate to drop the backdoor because it is always writable in Horde installations. (The unsanitized POST parameter went probably unnoticed because it's never submitted by the forms, which default to securely using a random path.) | ||||