Export limit exceeded: 45519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14664 | 2 Netapp, Oracle | 15 7-mode Transition Tool, Active Iq Unified Manager, Cloud Backup and 12 more | 2024-11-21 | 8.3 High |
| Vulnerability in the Java SE product of Oracle Java SE (component: JavaFX). The supported version that is affected is Java SE: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Java SE, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Java SE. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| CVE-2020-14524 | 1 Softing | 1 Opc | 2024-11-21 | 9.8 Critical |
| Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-14511 | 1 Moxa | 8 Edr-g902, Edr-g902-t, Edr-g902-t Firmware and 5 more | 2024-11-21 | 9.8 Critical |
| Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). | ||||
| CVE-2020-14510 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-11-21 | 9.8 Critical |
| GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root. | ||||
| CVE-2020-14508 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-11-21 | 8.1 High |
| GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition. | ||||
| CVE-2020-14500 | 1 Secomea | 2 Gatemanager 8250, Gatemanager 8250 Firmware | 2024-11-21 | 10 Critical |
| Secomea GateManager all versions prior to 9.2c, An attacker can send a negative value and overwrite arbitrary data. | ||||
| CVE-2020-14483 | 1 Tridium | 2 Niagara, Niagara Enterprise Security | 2024-11-21 | 4.3 Medium |
| A timeout during a TLS handshake can result in the connection failing to terminate. This can result in a Niagara thread hanging and requires a manual restart of Niagara (Versions 4.6.96.28, 4.7.109.20, 4.7.110.32, 4.8.0.110) and Niagara Enterprise Security (Versions 2.4.31, 2.4.45, 4.8.0.35) to correct. | ||||
| CVE-2020-14482 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 7.8 High |
| Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | ||||
| CVE-2020-14409 | 4 Debian, Fedoraproject, Libsdl and 1 more | 4 Debian Linux, Fedora, Simple Directmedia Layer and 1 more | 2024-11-21 | 7.8 High |
| SDL (Simple DirectMedia Layer) through 2.0.12 has an Integer Overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c via a crafted .BMP file. | ||||
| CVE-2020-14404 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 5.4 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rre.c allows out-of-bounds access via encodings. | ||||
| CVE-2020-14403 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 5.4 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/hextile.c allows out-of-bounds access via encodings. | ||||
| CVE-2020-14402 | 4 Canonical, Debian, Libvnc Project and 1 more | 15 Ubuntu Linux, Debian Linux, Libvncserver and 12 more | 2024-11-21 | 5.4 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/corre.c allows out-of-bounds access via encodings. | ||||
| CVE-2020-14401 | 4 Debian, Libvncserver Project, Opensuse and 1 more | 15 Debian Linux, Libvncserver, Leap and 12 more | 2024-11-21 | 6.5 Medium |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/scale.c has a pixel_value integer overflow. | ||||
| CVE-2020-14397 | 6 Canonical, Debian, Libvnc Project and 3 more | 17 Ubuntu Linux, Debian Linux, Libvncserver and 14 more | 2024-11-21 | 7.5 High |
| An issue was discovered in LibVNCServer before 0.9.13. libvncserver/rfbregion.c has a NULL pointer dereference. | ||||
| CVE-2020-14393 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.1 High |
| A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | ||||
| CVE-2020-14392 | 5 Canonical, Debian, Fedoraproject and 2 more | 5 Ubuntu Linux, Debian Linux, Fedora and 2 more | 2024-11-21 | 5.5 Medium |
| An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. | ||||
| CVE-2020-14385 | 4 Canonical, Debian, Linux and 1 more | 7 Ubuntu Linux, Debian Linux, Linux Kernel and 4 more | 2024-11-21 | 5.5 Medium |
| A flaw was found in the Linux kernel before 5.9-rc4. A failure of the file system metadata validator in XFS can cause an inode with a valid, user-creatable extended attribute to be flagged as corrupt. This can lead to the filesystem being shutdown, or otherwise rendered inaccessible until it is remounted, leading to a denial of service. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-14378 | 3 Canonical, Dpdk, Opensuse | 3 Ubuntu Linux, Data Plane Development Kit, Leap | 2024-11-21 | 3.3 Low |
| An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period. | ||||
| CVE-2020-14377 | 3 Canonical, Dpdk, Opensuse | 3 Ubuntu Linux, Data Plane Development Kit, Leap | 2024-11-21 | 7.1 High |
| A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability. | ||||
| CVE-2020-14376 | 3 Canonical, Dpdk, Opensuse | 3 Ubuntu Linux, Data Plane Development Kit, Leap | 2024-11-21 | 7.8 High |
| A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A lack of bounds checking when copying iv_data from the VM guest memory into host memory can lead to a large buffer overflow. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||