Search Results (85445 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-25050 1 Google 1 Android 2024-11-21 7.5 High
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The CMC service allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (August 2020).
CVE-2020-25045 1 Kaspersky 2 Security Center, Security Center Web Console 2024-11-21 7.8 High
Installers of Kaspersky Security Center and Kaspersky Security Center Web Console prior to 12 & prior to 12 Patch A were vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges in the system.
CVE-2020-25044 1 Kaspersky 1 Virus Removal Tool 2024-11-21 7.1 High
Kaspersky Virus Removal Tool (KVRT) prior to 15.0.23.0 was vulnerable to arbitrary file corruption that could provide an attacker with the opportunity to eliminate content of any file in the system.
CVE-2020-25043 1 Kaspersky 1 Vpn Secure Connection 2024-11-21 7.1 High
The installer of Kaspersky VPN Secure Connection prior to 5.0 was vulnerable to arbitrary file deletion that could allow an attacker to delete any file in the system.
CVE-2020-25042 1 Maracms 1 Maracms 2024-11-21 7.2 High
An arbitrary file upload issue exists in Mara CMS 7.5. In order to exploit this, an attacker must have a valid authenticated (admin/manager) session and make a codebase/dir.php?type=filenew request to upload PHP code to codebase/handler.php.
CVE-2020-25040 2 Opensuse, Sylabs 2 Leap, Singularity 2024-11-21 8.8 High
Sylabs Singularity through 3.6.2 has Insecure Permissions on temporary directories used in explicit and implicit container build operations, a different vulnerability than CVE-2020-25039.
CVE-2020-25039 2 Opensuse, Sylabs 2 Leap, Singularity 2024-11-21 8.1 High
Sylabs Singularity 3.2.0 through 3.6.2 has Insecure Permissions on temporary directories used in fakeroot or user namespace container execution.
CVE-2020-25037 1 Ucopia 1 Ucopia Wireless Appliance 2024-11-21 8.2 High
UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command.
CVE-2020-25036 1 Ucopia 1 Ucopia Wireless Appliance 2024-11-21 8.8 High
UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command.
CVE-2020-25032 3 Debian, Flask-cors Project, Opensuse 4 Debian Linux, Flask-cors, Backports Sle and 1 more 2024-11-21 7.5 High
An issue was discovered in Flask-CORS (aka CORS Middleware for Flask) before 3.0.9. It allows ../ directory traversal to access private resources because resource matching does not ensure that pathnames are in a canonical format.
CVE-2020-25031 1 Canonical 1 Checkinstall 2024-11-21 7.8 High
checkinstall 1.6.2, when used to create a package that contains a symlink, may trigger the creation of a mode 0777 executable file.
CVE-2020-25018 1 Envoyproxy 1 Envoy 2024-11-21 7.5 High
Envoy master between 2d69e30 and 3b5acb2 may fail to parse request URL that requires host canonicalization.
CVE-2020-25017 2 Envoyproxy, Redhat 2 Envoy, Service Mesh 2024-11-21 8.3 High
Envoy through 1.15.0 only considers the first value when multiple header values are present for some HTTP headers. Envoy’s setCopy() header map API does not replace all existing occurences of a non-inline header.
CVE-2020-25013 1 Jetbrains 1 Toolbox 2024-11-21 7.5 High
JetBrains ToolBox before version 1.18 is vulnerable to a Denial of Service attack via a browser protocol handler.
CVE-2020-24999 1 Xpdfreader 1 Xpdf 2024-11-21 7.8 High
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2020-24996 1 Xpdfreader 1 Xpdf 2024-11-21 7.8 High
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2020-24995 1 Ffmpeg 1 Ffmpeg 2024-11-21 7.8 High
Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local).
CVE-2020-24994 1 Libass Project 1 Libass 2024-11-21 8.8 High
Stack overflow in the parse_tag function in libass/ass_parse.c in libass before 0.15.0 allows remote attackers to cause a denial of service or remote code execution via a crafted file.
CVE-2020-24990 1 Qsc 1 Q-sys Core Manager 2024-11-21 7.5 High
An issue was discovered in QSC Q-SYS Core Manager 8.2.1. By utilizing the TFTP service running on UDP port 69, a remote attacker can perform a directory traversal and obtain operating system files via a TFTP GET request, as demonstrated by reading /etc/passwd or /proc/version.
CVE-2020-24986 1 Concretecms 1 Concrete Cms 2024-11-21 7.2 High
Concrete5 up to and including 8.5.2 allows Unrestricted Upload of File with Dangerous Type such as a .php file via File Manager. It is possible to modify site configuration to upload the PHP file and execute arbitrary commands.