Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23478 | 1 Leoeditor | 1 Leo | 2022-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| Leo Editor v6.2.1 was discovered to contain a regular expression denial of service (ReDoS) vulnerability in the component plugins/importers/dart.py. | |||||
| CVE-2020-23469 | 1 Gmate Project | 1 Gmate | 2022-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| gmate v0.12+bionic contains a regular expression denial of service (ReDoS) vulnerability in the gedit3 plugin. | |||||
| CVE-2020-21602 | 1 Libde265 | 1 Libde265 | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_bipred_16_fallback function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21600 | 1 Libde265 | 1 Libde265 | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| libde265 v1.0.4 contains a heap buffer overflow in the put_weighted_pred_avg_16_fallback function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21598 | 1 Libde265 | 1 Libde265 | 2022-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| libde265 v1.0.4 contains a heap buffer overflow in the ff_hevc_put_unweighted_pred_8_sse function, which can be exploited via a crafted a file. | |||||
| CVE-2020-21535 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2022-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. | |||||
| CVE-2020-19155 | 1 Jflyfox | 1 Jfinal Cms | 2022-07-10 | 6.5 MEDIUM | 8.8 HIGH |
| Improper Access Control in Jfinal CMS v4.7.1 and earlier allows remote attackers to obtain sensitive information and/or execute arbitrary code via the 'FileManager.rename()' function in the component 'modules/filemanager/FileManagerController.java'. | |||||
| CVE-2020-21050 | 1 Libsixel Project | 1 Libsixel | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Libsixel prior to v1.8.3 contains a stack buffer overflow in the function gif_process_raster at fromgif.c. | |||||
| CVE-2020-19751 | 1 Gpac | 1 Gpac | 2022-07-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in gpac 0.8.0. The gf_odf_del_ipmp_tool function in odf_code.c has a heap-based buffer over-read. | |||||
| CVE-2020-19750 | 1 Gpac | 1 Gpac | 2022-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in gpac 0.8.0. The strdup function in box_code_base.c has a heap-based buffer over-read. | |||||
| CVE-2020-18048 | 1 Bertanddip | 1 Craigms | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| An issue in craigms/main.php of CraigMS 1.0 allows attackers to execute arbitrary commands via a crafted input entered into the DB Name field. | |||||
| CVE-2020-19001 | 1 Simiki Project | 1 Simiki | 2022-07-10 | 10.0 HIGH | 9.8 CRITICAL |
| Command Injection in Simiki v1.6.2.1 and prior allows remote attackers to execute arbitrary system commands via line 64 of the component 'simiki/blob/master/simiki/config.py'. | |||||
| CVE-2020-19822 | 1 Zzcms | 1 Zzcms | 2022-07-10 | 6.5 MEDIUM | 7.2 HIGH |
| A remote code execution (RCE) vulnerability in template_user.php of ZZCMS version 2018 allows attackers to execute arbitrary PHP code via the "ml" and "title" parameters. | |||||
| CVE-2020-18778 | 1 Libav | 1 Libav | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_p_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | |||||
| CVE-2020-18775 | 1 Libav | 1 Libav | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| In Libav 12.3, there is a heap-based buffer over-read in vc1_decode_b_mb_intfi in vc1_block.c that allows an attacker to cause denial-of-service via a crafted file. | |||||
| CVE-2020-25359 | 1 Rconfig | 1 Rconfig | 2022-07-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This vulnerability gave attackers the ability to send a crafted request to /lib/ajaxHandlers/ajaxDeleteAllLoggingFiles.php by specifying a path in the path parameter and an extension in the ext parameter and delete all the files with that extension in that path. | |||||
| CVE-2020-18885 | 1 Phpmywind | 1 Phpmywind | 2022-07-10 | 6.5 MEDIUM | 7.2 HIGH |
| Command Injection in PHPMyWind v5.6 allows remote attackers to execute arbitrary code via the "text color" field of the component '/admin/web_config.php'. | |||||
| CVE-2020-18898 | 1 Exiv2 | 1 Exiv2 | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A stack exhaustion issue in the printIFDStructure function of Exiv2 0.27 allows remote attackers to cause a denial of service (DOS) via a crafted file. | |||||
| CVE-2020-22120 | 1 Txjia | 1 Imcat | 2022-07-10 | 6.5 MEDIUM | 8.8 HIGH |
| A remote code execution (RCE) vulnerability in /root/run/adm.php?admin-ediy&part=exdiy of imcat v5.1 allows authenticated attackers to execute arbitrary code. | |||||
| CVE-2020-18875 | 1 Dotcms | 1 Dotcms | 2022-07-10 | 6.5 MEDIUM | 8.8 HIGH |
| Incorrect Access Control in DotCMS versions before 5.1 allows remote attackers to gain privileges by injecting client configurations via vtl (velocity) files. | |||||
| CVE-2020-23332 | 1 Axiosys | 1 Bento4 | 2022-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| A heap-based buffer overflow exists in the AP4_StdcFileByteStream::ReadPartial component located in /StdC/Ap4StdCFileByteStream.cpp of Bento4 version 06c39d9. This issue can lead to a denial of service (DOS). | |||||
| CVE-2020-22937 | 1 Phome | 1 Empirecms | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution (RCE) in e/install/index.php of EmpireCMS 7.5 allows attackers to execute arbitrary PHP code via writing malicious code to the install file. | |||||
| CVE-2020-18701 | 1 Talelin | 1 Lin-cms-flask | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive information and/or gain privileges due to the application not invalidating a user's authentication token upon logout, which allows for replaying packets. | |||||
| CVE-2020-18698 | 1 Talelin | 1 Lin-cms-flask | 2022-07-10 | 5.0 MEDIUM | 9.8 CRITICAL |
| Improper Authentication in Lin-CMS-Flask v0.1.1 allows remote attackers to launch brute force login attempts without restriction via the 'login' function in the component 'app/api/cms/user.py'. | |||||
| CVE-2020-21676 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2022-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | |||||
| CVE-2020-21675 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2022-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | |||||
| CVE-2020-23151 | 1 Rconfig | 1 Rconfig | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped. | |||||
| CVE-2020-23148 | 1 Rconfig | 1 Rconfig | 2022-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request. | |||||
| CVE-2020-19301 | 1 Vaethink | 1 Vaethink | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to execute arbitrary code via a crafted payload in the condition parameter. | |||||
| CVE-2020-19464 | 1 Flowpaper | 1 Pdf2json | 2022-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow . | |||||
| CVE-2020-19463 | 1 Flowpaper | 1 Pdf2json | 2022-07-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow. | |||||
| CVE-2020-21937 | 1 Motorola | 2 Cx2, Cx2 Firmware | 2022-07-10 | 10.0 HIGH | 9.8 CRITICAL |
| An command injection vulnerability in HNAP1/SetWLanApcliSettings of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n allows attackers to execute arbitrary system commands. | |||||
| CVE-2020-20221 | 1 Mikrotik | 1 Routeros | 2022-07-10 | 6.8 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before 6.44.6 (long-term tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/cerm process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
| CVE-2020-25206 | 1 Mimosa | 6 B5, B5 Firmware, B5c and 3 more | 2022-07-10 | 9.0 HIGH | 7.2 HIGH |
| The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 allows authenticated command injection in the Throughput, WANStats, PhyStats, and QosStats API classes. An attacker with access to a web console account may execute operating system commands on affected devices by sending crafted POST requests to the affected endpoints (/core/api/calls/Throughput.php, /core/api/calls/WANStats.php, /core/api/calls/PhyStats.php, /core/api/calls/QosStats.php). This results in the complete takeover of the vulnerable device. This vulnerability does not occur in the older 1.5.x firmware versions. | |||||
| CVE-2020-20248 | 1 Mikrotik | 1 Routeros | 2022-07-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the memtest process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
| CVE-2020-20230 | 1 Mikrotik | 1 Routeros | 2022-07-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before stable 6.47 suffers from an uncontrolled resource consumption in the sshd process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
| CVE-2020-23707 | 1 Ok-file-formats Project | 1 Ok-file-formats | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer overflow vulnerability in the function ok_jpg_decode_block_progressive() at ok_jpg.c:1054 of ok-file-formats through 2020-06-26 allows attackers to cause a Denial of Service (DOS) via a crafted jpeg file. | |||||
| CVE-2020-24133 | 1 Radare | 1 Radare2-extras | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| A heap buffer overflow vulnerability in the r_asm_swf_disass function of Radare2-extras before commit e74a93c allows attackers to execute arbitrary code or carry out denial of service (DOS) attacks. | |||||
| CVE-2020-19721 | 1 Axiosys | 1 Bento4 | 2022-07-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap buffer overflow vulnerability in Ap4TrunAtom.cpp of Bento 1.5.1-628 may lead to an out-of-bounds write while running mp42aac, leading to system crashes and a denial of service (DOS). | |||||
| CVE-2020-19907 | 1 Mitre | 1 Caldera | 2022-07-10 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service. | |||||
| CVE-2020-19038 | 1 Halo | 1 Halo | 2022-07-10 | 6.4 MEDIUM | 9.1 CRITICAL |
| File Deletion vulnerability in Halo 0.4.3 via delBackup. | |||||
| CVE-2020-20217 | 1 Mikrotik | 1 Routeros | 2022-07-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs before 6.47 (stable tree) suffers from an uncontrolled resource consumption vulnerability in the /nova/bin/route process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
| CVE-2020-20213 | 1 Mikrotik | 1 Routeros | 2022-07-10 | 4.0 MEDIUM | 6.5 MEDIUM |
| Mikrotik RouterOs 6.44.5 (long-term tree) suffers from an stack exhaustion vulnerability in the /nova/bin/net process. An authenticated remote attacker can cause a Denial of Service due to overloading the systems CPU. | |||||
| CVE-2020-21784 | 1 Phpwcms | 1 Phpwcms | 2022-07-10 | 7.5 HIGH | 9.8 CRITICAL |
| phpwcms 1.9.13 is vulnerable to Code Injection via /phpwcms/setup/setup.php. | |||||
| CVE-2020-20470 | 1 White Shark Systems Project | 1 White Shark Systems | 2022-07-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| White Shark System (WSS) 1.3.2 has web site physical path leakage vulnerability. | |||||
| CVE-2020-20467 | 1 White Shark Systems Project | 1 White Shark Systems | 2022-07-10 | 6.4 MEDIUM | 6.5 MEDIUM |
| White Shark System (WSS) 1.3.2 is vulnerable to sensitive information disclosure via default_task_add.php, remote attackers can exploit the vulnerability to create a task. | |||||
| CVE-2020-22201 | 1 Phpcms | 1 Phpcms | 2022-07-10 | 6.5 MEDIUM | 8.8 HIGH |
| phpCMS 2008 sp4 allowas remote malicious users to execute arbitrary php commands via the pagesize parameter to yp/product.php. | |||||
| CVE-2020-24939 | 1 Stampit | 1 Supermixer | 2022-07-10 | 5.0 MEDIUM | 7.5 HIGH |
| Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. | |||||
| CVE-2020-20444 | 1 Openclinic Project | 1 Openclinic | 2022-07-10 | 6.5 MEDIUM | 7.2 HIGH |
| Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the admin account by an infected 'file' GET parameter in '/shared/view_source.php' which "could" lead to RCE vulnerability . | |||||
| CVE-2020-17541 | 1 Libjpeg-turbo | 1 Libjpeg-turbo | 2022-07-10 | 6.8 MEDIUM | 8.8 HIGH |
| Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. | |||||