Export limit exceeded: 10089 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10089 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13759 | 1 Vm-memory Project | 1 Vm-memory | 2024-11-21 | 7.5 High |
| rust-vmm vm-memory before 0.1.1 and 0.2.x before 0.2.1 allows attackers to cause a denial of service (loss of IP networking) because read_obj and write_obj do not properly access memory. This affects aarch64 (with musl or glibc) and x86_64 (with musl). | ||||
| CVE-2020-13700 | 1 Acf To Rest Api Project | 1 Acf To Rest Api | 2024-11-21 | 7.5 High |
| An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values. | ||||
| CVE-2020-13692 | 6 Debian, Fedoraproject, Netapp and 3 more | 14 Debian Linux, Fedora, Steelstore Cloud Integrated Storage and 11 more | 2024-11-21 | 7.7 High |
| PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE. | ||||
| CVE-2020-13670 | 1 Drupal | 1 Drupal | 2024-11-21 | 7.5 High |
| Information Disclosure vulnerability in file module of Drupal Core allows an attacker to gain access to the file metadata of a permanent private file that they do not have access to by guessing the ID of the file. This issue affects: Drupal Core 8.8.x versions prior to 8.8.10; 8.9.x versions prior to 8.9.6; 9.0.x versions prior to 9.0.6. | ||||
| CVE-2020-13662 | 1 Drupal | 1 Drupal | 2024-11-21 | 6.1 Medium |
| Open Redirect vulnerability in Drupal Core allows a user to be tricked into visiting a specially crafted link which would redirect them to an arbitrary external URL. This issue affects: Drupal Drupal Core 7 version 7.70 and prior versions. | ||||
| CVE-2020-13649 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure. | ||||
| CVE-2020-13622 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| JerryScript 2.2.0 allows attackers to cause a denial of service (assertion failure) because a property key query for a Proxy object returns unintended data. | ||||
| CVE-2020-13595 | 1 Espressif | 2 Esp-idf, Esp32 | 2024-11-21 | 6.5 Medium |
| The Bluetooth Low Energy (BLE) controller implementation in Espressif ESP-IDF 4.0 through 4.2 (for ESP32 devices) returns the wrong number of completed BLE packets and triggers a reachable assertion on the host stack when receiving a packet with an MIC failure. An attacker within radio range can silently trigger the assertion (which disables the target's BLE stack) by sending a crafted sequence of BLE packets. | ||||
| CVE-2020-13582 | 1 Silabs | 1 Micrium Uc-http | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the HTTP Server functionality of Micrium uC-HTTP 3.01.00. A specially crafted HTTP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-13576 | 2 Fedoraproject, Genivia | 2 Fedora, Gsoap | 2024-11-21 | 9.8 Critical |
| A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2020-13565 | 2 Open-emr, Phpgacl Project | 2 Openemr, Phpgacl | 2024-11-21 | 6.1 Medium |
| An open redirect vulnerability exists in the return_page redirection functionality of phpGACL 3.3.7, OpenEMR 5.0.2 and OpenEMR development version 6.0.0 (commit babec93f600ff1394f91ccd512bcad85832eb6ce). A specially crafted HTTP request can redirect users to an arbitrary URL. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2020-13559 | 1 Freyrscada | 1 Iec-60879-5-104 Server Simulator | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the traffic-logging functionality of FreyrSCADA IEC-60879-5-104 Server Simulator 21.04.028. A specially crafted packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2020-13545 | 1 Softmaker | 1 Softmaker Office | 2024-11-21 | 7.8 High |
| An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||
| CVE-2020-13544 | 1 Softmaker | 1 Softmaker Office | 2024-11-21 | 7.8 High |
| An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to sign-extend a length used to terminate a loop, which can later result in the loop’s index being used to write outside the bounds of a heap buffer during the reading of file data. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||
| CVE-2020-13530 | 1 Opener Project | 1 Opener | 2024-11-21 | 7.5 High |
| A denial-of-service vulnerability exists in the Ethernet/IP server functionality of the EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A large number of network requests in a small span of time can cause the running program to stop. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2020-13486 | 1 Verbb | 1 Knock Knock | 2024-11-21 | 6.1 Medium |
| The Knock Knock plugin before 1.2.8 for Craft CMS allows malicious redirection. | ||||
| CVE-2020-13485 | 1 Verbb | 1 Knock Knock | 2024-11-21 | 9.1 Critical |
| The Knock Knock plugin before 1.2.8 for Craft CMS allows IP Whitelist bypass via an X-Forwarded-For HTTP header. | ||||
| CVE-2020-13472 | 1 Gigadevice | 2 Gd32f103, Gd32f103 Firmware | 2024-11-21 | 4.6 Medium |
| The flash memory readout protection in Gigadevice GD32F103 devices allows physical attackers to extract firmware via the debug interface by utilizing the DMA module. | ||||
| CVE-2020-13470 | 1 Gigadevice | 4 Gd32f103, Gd32f103 Firmware, Gd32f130 and 1 more | 2024-11-21 | 4.6 Medium |
| Gigadevice GD32F103 and GD32F130 devices allow physical attackers to extract data via the probing of easily accessible bonding wires and de-obfuscation of the observed data. | ||||
| CVE-2020-13469 | 1 Gigadevice | 2 Gd32vf103, Gd32vf103 Firmware | 2024-11-21 | 4.6 Medium |
| The flash memory readout protection in Gigadevice GD32VF103 devices allows physical attackers to extract firmware via the debug interface by utilizing the CPU. | ||||