Export limit exceeded: 85521 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85521 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-27209 1 Micro-ecc Project 1 Micro-ecc 2024-11-21 7.5 High
The ECDSA operation of the micro-ecc library 1.0 is vulnerable to simple power analysis attacks which allows an adversary to extract the private ECC key.
CVE-2020-27207 1 Zetetic 1 Sqlcipher 2024-11-21 7.5 High
Zetetic SQLCipher 4.x before 4.4.1 has a use-after-free, related to sqlcipher_codec_pragma and sqlite3Strlen30 in sqlite3.c. A remote denial of service attack can be performed. For example, a SQL injection can be used to execute the crafted SQL command sequence. After that, some unexpected RAM data is read.
CVE-2020-27199 1 Magic Home Pro Project 1 Magic Home Pro 2024-11-21 7.5 High
The Magic Home Pro application 1.5.1 for Android allows Authentication Bypass. The security control that the application currently has in place is a simple Username and Password authentication function. Using enumeration, an attacker is able to forge a User specific token without the need for correct password to gain access to the mobile application as that victim user.
CVE-2020-27196 1 Lightbend 1 Play Framework 2024-11-21 7.5 High
An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service.
CVE-2020-27192 1 Binarynights 1 Forklift 2024-11-21 7.8 High
BinaryNights ForkLift 3.4 was compiled with the com.apple.security.cs.disable-library-validation flag enabled which allowed a local attacker to inject code into ForkLift. This would allow the attacker to run malicious code with escalated privileges through ForkLift's helper tool.
CVE-2020-27191 1 Lionwiki 1 Lionwiki 2024-11-21 7.5 High
LionWiki before 3.2.12 allows an unauthenticated user to read files as the web server user via crafted string in the index.php f1 variable, aka Local File Inclusion. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2020-27187 1 Kde 1 Partition Manager 2024-11-21 7.8 High
An issue was discovered in KDE Partition Manager 4.1.0 before 4.2.0. The kpmcore_externalcommand helper contains a logic flaw in which the service invoking D-Bus is not properly checked. An attacker on the local machine can replace /etc/fstab, and execute mount and other partitioning related commands, while KDE Partition Manager is running. the mount command can then be used to gain full root privileges.
CVE-2020-27185 1 Moxa 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more 2024-11-21 7.5 High
Cleartext transmission of sensitive information via Moxa Service in NPort IA5000A series serial devices. Successfully exploiting the vulnerability could enable attackers to read authentication data, device configuration, and other sensitive data transmitted over Moxa Service.
CVE-2020-27180 1 Konzept-ix 1 Publixone 2024-11-21 7.5 High
konzept-ix publiXone before 2020.015 allows attackers to download files by iterating over the IXCopy fileID parameter.
CVE-2020-27178 1 Apereo 1 Central Authentication Service 2024-11-21 7.5 High
Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication.
CVE-2020-27176 1 Marktext 1 Marktext 2024-11-21 8.3 High
Mutation XSS exists in Mark Text through 0.16.2 that leads to Remote Code Execution. NOTE: this might be considered a duplicate of CVE-2020-26870; however, it can also be considered an issue in the design of the "source code mode" feature, which parses HTML even though HTML support is not one of the primary advertised roles of the product.
CVE-2020-27174 1 Amazon 1 Firecracker 2024-11-21 7.5 High
In Amazon AWS Firecracker before 0.21.3, and 0.22.x before 0.22.1, the serial console buffer can grow its memory usage without limit when data is sent to the standard input. This can result in a memory leak on the microVM emulation thread, possibly occupying more memory than intended on the host.
CVE-2020-27173 1 Vm-superio Project 1 Vm-superio 2024-11-21 7.5 High
In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host.
CVE-2020-27157 1 Veritas 1 Aptare 2024-11-21 8.1 High
Veritas APTARE versions prior to 10.5 included code that bypassed the normal login process when specific authentication credentials were provided to the server. An unauthenticated user could login to the application and gain access to the data and functionality accessible to the targeted user account.
CVE-2020-27155 1 Octopus 1 Octopus Deploy 2024-11-21 7.5 High
An issue was discovered in Octopus Deploy through 2020.4.4. If enabled, the websocket endpoint may allow an untrusted tentacle host to present itself as a trusted one.
CVE-2020-27154 1 Mitel 1 Businesscti Enterprise 2024-11-21 8.8 High
The chat window of Mitel BusinessCTI Enterprise (MBC-E) Client for Windows before 6.4.11 and 7.x before 7.0.3 could allow an attacker to gain access to user information by sending arbitrary code, due to improper input validation. A successful exploit could allow an attacker to view the user information and application data.
CVE-2020-27151 1 Katacontainers 1 Kata Containers 2024-11-21 8.8 High
An issue was discovered in Kata Containers through 1.11.3 and 2.x through 2.0-rc1. The runtime will execute binaries given using annotations without any kind of validation. Someone who is granted access rights to a cluster will be able to have kata-runtime execute arbitrary binaries as root on the worker nodes.
CVE-2020-27150 1 Moxa 6 Nport Ia5150a, Nport Ia5150a Firmware, Nport Ia5250a and 3 more 2024-11-21 7.5 High
In multiple versions of NPort IA5000A Series, the result of exporting a device’s configuration contains the passwords of all users on the system and other sensitive data in the original form if “Pre-shared key” doesn’t set.
CVE-2020-27148 1 Tibco 1 Ebx Add-ons 2024-11-21 7.1 High
The TIBCO EBX Add-on for Oracle Hyperion EPM, TIBCO EBX Data Exchange Add-on, and TIBCO EBX Insight Add-on components of TIBCO Software Inc.'s TIBCO EBX Add-ons contain a vulnerability that theoretically allows a low privileged attacker with network access to execute an XML External Entity (XXE) attack. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.4.2 and below.
CVE-2020-27131 1 Cisco 1 Security Manager 2024-11-21 8.1 High
Multiple vulnerabilities in the Java deserialization function that is used by Cisco Security Manager could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. These vulnerabilities are due to insecure deserialization of user-supplied content by the affected software. An attacker could exploit these vulnerabilities by sending a malicious serialized Java object to a specific listener on an affected system. A successful exploit could allow the attacker to execute arbitrary commands on the device with the privileges of NT AUTHORITY\SYSTEM on the Windows target host. Cisco has not released software updates that address these vulnerabilities.