Export limit exceeded: 363422 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363422 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 85568 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85568 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-29479 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 8.8 High
An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root node. Unprivileged guests can get and modify permissions, list, and delete the root node. (Deleting the whole xenstore tree is a host-wide denial of service.) Achieving xenstore write access is also possible. All systems using oxenstored are vulnerable. Building and using oxenstored is the default in the upstream Xen distribution, if the Ocaml compiler is available. Systems using C xenstored are not vulnerable.
CVE-2020-29478 2 Broadcom, Microsoft 2 Ca Service Catalog, Windows 2024-11-21 7.5 High
CA Service Catalog 17.2 and 17.3 contain a vulnerability in the default configuration of the Setup Utility that may allow a remote attacker to cause a denial of service condition.
CVE-2020-29458 1 Textpattern 1 Textpattern 2024-11-21 8.8 High
Textpattern CMS 4.6.2 allows CSRF via the prefs subsystem.
CVE-2020-29441 1 Outsystems 1 Outsystems 2024-11-21 7.2 High
An issue was discovered in the Upload Widget in OutSystems Platform 10 before 10.0.1019.0. An unauthenticated attacker can upload arbitrary files. In some cases, this attack may consume the available database space (Denial of Service), corrupt legitimate data if files are being processed asynchronously, or deny access to legitimate uploaded files.
CVE-2020-29437 1 Orangehrm 1 Orangehrm 2024-11-21 8.1 High
SQL injection in the Buzz module of OrangeHRM through 4.6 allows remote authenticated attackers to execute arbitrary SQL commands via the orangehrmBuzzPlugin/lib/dao/BuzzDao.php loadMorePostsForm[profileUserId] parameter to the buzz/loadMoreProfile endpoint.
CVE-2020-29396 2 Odoo, Python 2 Odoo, Python 2024-11-21 8.8 High
A sandboxing issue in Odoo Community 11.0 through 13.0 and Odoo Enterprise 11.0 through 13.0, when running with Python 3.6 or later, allows remote authenticated users to execute arbitrary code, leading to privilege escalation.
CVE-2020-29394 2 Debian, Genivi 2 Debian Linux, Diagnostic Log And Trace 2024-11-21 7.8 High
A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument).
CVE-2020-29383 1 Vsolcn 4 V1600d-mini, V1600d-mini Firmware, V1600d4l and 1 more 2024-11-21 7.8 High
An issue was discovered on V-SOL V1600D4L V1.01.49 and V1600D-MINI V1.01.48 OLT devices. A hardcoded RSA private key (specific to V1600D4L and V1600D-MINI) is contained in the firmware images.
CVE-2020-29382 1 Vsolcn 6 V1600d, V1600d Firmware, V1600g1 and 3 more 2024-11-21 7.8 High
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. A hardcoded RSA private key (specific to V1600D, V1600G1, and V1600G2) is contained in the firmware images.
CVE-2020-29378 1 Vsolcn 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more 2024-11-21 8.8 High
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. It is possible to elevate the privilege of a CLI user (to full administrative access) by using the password !j@l#y$z%x6x7q8c9z) for the enable command.
CVE-2020-29375 1 Vsolcn 10 V1600d, V1600d-mini, V1600d-mini Firmware and 7 more 2024-11-21 8.8 High
An issue was discovered on V-SOL V1600D V2.03.69 and V2.03.57, V1600D4L V1.01.49, V1600D-MINI V1.01.48, V1600G1 V2.0.7 and V1.9.7, and V1600G2 V1.1.4 OLT devices. An low-privileged (non-admin) attacker can use a hardcoded password (4ef9cea10b2362f15ba4558b1d5c081f) to create an admin user.
CVE-2020-29370 2 Linux, Netapp 10 Linux Kernel, Cloud Backup, H410c and 7 more 2024-11-21 7.0 High
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29369 2 Linux, Netapp 5 Linux Kernel, Hci Compute Node, Hci Management Node and 2 more 2024-11-21 7.0 High
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29368 3 Linux, Netapp, Redhat 11 Linux Kernel, Cloud Backup, Element Software and 8 more 2024-11-21 7.0 High
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29363 4 Debian, Oracle, P11-kit Project and 1 more 4 Debian Linux, Communications Cloud Native Core Policy, P11-kit and 1 more 2024-11-21 7.5 High
An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value.
CVE-2020-29361 3 Debian, P11-kit Project, Redhat 3 Debian Linux, P11-kit, Enterprise Linux 2024-11-21 7.5 High
An issue was discovered in p11-kit 0.21.1 through 0.23.21. Multiple integer overflows have been discovered in the array allocations in the p11-kit library and the p11-kit list command, where overflow checks are missing before calling realloc or calloc.
CVE-2020-29324 1 Dlink 2 Dir-895l Mfc, Dir-895l Mfc Firmware 2024-11-21 7.5 High
The DLink Router DIR-895L MFC v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
CVE-2020-29323 1 Dlink 2 Dir-885l-mfc, Dir-885l-mfc Firmware 2024-11-21 7.5 High
The D-link router DIR-885L-MFC 1.15b02, v1.21b05 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
CVE-2020-29322 1 Dlink 2 Dir-880l, Dir-880l Firmware 2024-11-21 7.5 High
The D-Link router DIR-880L 1.07 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.
CVE-2020-29321 1 Dlink 2 Dir-868l, Dir-868l Firmware 2024-11-21 7.5 High
The D-Link router DIR-868L 3.01 is vulnerable to credentials disclosure in telnet service through decompilation of firmware, that allows an unauthenticated attacker to gain access to the firmware and to extract sensitive data.