Export limit exceeded: 85954 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85954 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-6652 1 Eaton 1 Intelligent Power Manager 2024-11-21 7.8 High
Incorrect Privilege Assignment vulnerability in Eaton's Intelligent Power Manager (IPM) v1.67 & prior allow non-admin users to upload the system configuration files by sending specially crafted requests. This can result in non-admin users manipulating the system configurations via uploading the configurations with incorrect parameters.
CVE-2020-6651 1 Eaton 1 Intelligent Power Manager 2024-11-21 8.8 High
Improper Input Validation in Eaton's Intelligent Power Manager (IPM) v 1.67 & prior on file name during configuration file import functionality allows attackers to perform command injection or code execution via specially crafted file names while uploading the configuration file in the application.
CVE-2020-6650 1 Eaton 1 Ups Companion 2024-11-21 8.3 High
UPS companion software v1.05 & Prior is affected by ‘Eval Injection’ vulnerability. The software does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call e.g.”eval” in “Update Manager” class when software attempts to see if there are updates available. This results in arbitrary code execution on the machine where software is installed.
CVE-2020-6644 1 Fortinet 1 Fortideceptor 2024-11-21 8.1 High
An insufficient session expiration vulnerability in FortiDeceptor 3.0.0 and below allows an attacker to reuse the unexpired admin user session IDs to gain admin privileges, should the attacker be able to obtain that session ID via other, hypothetical attacks.
CVE-2020-6638 1 Grin 1 Grin 2024-11-21 7.5 High
Grin through 2.1.1 has Insufficient Validation.
CVE-2020-6628 1 Libming 1 Libming 2024-11-21 8.8 High
Ming (aka libming) 0.4.8 has a heap-based buffer over-read in the function decompile_SWITCH() in decompile.c.
CVE-2020-6625 1 Jhead Project 1 Jhead 2024-11-21 7.1 High
jhead through 3.04 has a heap-based buffer over-read in Get32s when called from ProcessGpsInfo in gpsinfo.c.
CVE-2020-6624 1 Jhead Project 1 Jhead 2024-11-21 7.1 High
jhead through 3.04 has a heap-based buffer over-read in process_DQT in jpgqguess.c.
CVE-2020-6623 1 Nothings 1 Stb Truetype.h 2024-11-21 8.8 High
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_get_index.
CVE-2020-6622 1 Nothings 1 Stb Truetype.h 2024-11-21 8.8 High
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_peek8.
CVE-2020-6621 1 Nothings 1 Stb Truetype.h 2024-11-21 8.8 High
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in ttUSHORT.
CVE-2020-6620 1 Nothings 1 Stb Truetype.h 2024-11-21 8.8 High
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__buf_get8.
CVE-2020-6619 1 Nothings 1 Stb Truetype.h 2024-11-21 8.8 High
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__buf_seek.
CVE-2020-6618 1 Nothings 1 Stb Truetype.h 2024-11-21 8.8 High
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.
CVE-2020-6617 1 Nothings 1 Stb Truetype.h 2024-11-21 8.8 High
stb stb_truetype.h through 1.22 has an assertion failure in stbtt__cff_int.
CVE-2020-6614 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 8.1 High
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
CVE-2020-6613 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 8.1 High
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
CVE-2020-6612 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 8.1 High
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
CVE-2020-6609 2 Gnu, Opensuse 3 Libredwg, Backports Sle, Leap 2024-11-21 8.8 High
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
CVE-2020-6590 1 Forcepoint 3 Data Loss Prevention, Email Security, Web Security Content Gateway 2024-11-21 7.5 High
Forcepoint Web Security Content Gateway versions prior to 8.5.4 improperly process XML input, leading to information disclosure.