Export limit exceeded: 341835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24836 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25179 | 1 Gehealthcare | 224 1.5t Brivo Mr355, 1.5t Brivo Mr355 Firmware, 3.0t Signa Hd 16 and 221 more | 2024-11-21 | 9.8 Critical |
| GE Healthcare Imaging and Ultrasound Products may allow specific credentials to be exposed during transport over the network. | ||||
| CVE-2020-25151 | 1 Nexcom | 2 Nio 50, Nio 50 Firmware | 2024-11-21 | 7.5 High |
| The affected product does not properly validate input, which may allow an attacker to execute a denial-of-service attack on the NIO 50 (all versions). | ||||
| CVE-2020-25097 | 5 Debian, Fedoraproject, Netapp and 2 more | 6 Debian Linux, Fedora, Cloud Manager and 3 more | 2024-11-21 | 8.6 High |
| An issue was discovered in Squid through 4.13 and 5.x through 5.0.4. Due to improper input validation, it allows a trusted client to perform HTTP Request Smuggling and access services otherwise forbidden by the security controls. This occurs for certain uri_whitespace configuration settings. | ||||
| CVE-2020-25082 | 1 Nuvoton | 2 Npct75x, Npct75x Firmware | 2024-11-21 | 3.8 Low |
| An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy. | ||||
| CVE-2020-25065 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on LG mobile devices with Android OS 4.4, 5.0, 5.1, 6.0, 7.0, 7.1, 8.0, 8.1, 9.0, and 10 software. Key logging may occur because of an obsolete API. The LG ID is LVE-SMP-170010 (August 2020). | ||||
| CVE-2020-25063 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020). | ||||
| CVE-2020-25059 | 1 Google | 1 Android | 2024-11-21 | 7.5 High |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A service crash may occur because of incorrect input validation. The LG ID is LVE-SMP-200013 (July 2020). | ||||
| CVE-2020-24977 | 7 Debian, Fedoraproject, Netapp and 4 more | 20 Debian Linux, Fedora, Active Iq Unified Manager and 17 more | 2024-11-21 | 6.5 Medium |
| GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | ||||
| CVE-2020-24940 | 1 Laravel | 1 Laravel | 2024-11-21 | 7.5 High |
| An issue was discovered in Laravel before 6.18.34 and 7.x before 7.23.2. Unvalidated values are saved to the database in some situations in which table names are stripped during a mass assignment. | ||||
| CVE-2020-24925 | 1 Elkarbackup | 1 Elkarbackup | 2024-11-21 | 7.5 High |
| A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php | ||||
| CVE-2020-24807 | 1 Socket.io-file Project | 1 Socket.io-file | 2024-11-21 | 7.8 High |
| The socket.io-file package through 2.0.31 for Node.js relies on client-side validation of file types, which allows remote attackers to execute arbitrary code by uploading an executable file via a modified JSON name field. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-24692 | 1 Mitel | 1 Micontact Center Business | 2024-11-21 | 7.1 High |
| The Ignite portal in Mitel MiContact Center Business before 9.3.0.0 could allow an attacker to execute arbitrary scripts due to insufficient input validation, aka XSS. A successful exploit could allow an attacker to gain access to a user session. | ||||
| CVE-2020-24679 | 1 Abb | 2 Symphony \+ Historian, Symphony \+ Operations | 2024-11-21 | 7.5 High |
| A S+ Operations and S+ Historian service is subject to a DoS by special crafted messages. An attacker might use this flaw to make it crash or even execute arbitrary code on the machine where the service is hosted. | ||||
| CVE-2020-24672 | 1 Abb | 1 Base Software | 2024-11-21 | 9.8 Critical |
| A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: . | ||||
| CVE-2020-24659 | 5 Canonical, Fedoraproject, Gnu and 2 more | 5 Ubuntu Linux, Fedora, Gnutls and 2 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. | ||||
| CVE-2020-24649 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.8 Critical |
| A remote bytemessageresource transformentity" input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24647 | 1 Hp | 1 Intelligent Management Center | 2024-11-21 | 9.8 Critical |
| A remote accessmgrservlet classname input validation code execution vulnerability was discovered in HPE Intelligent Management Center (iMC) version(s): Prior to iMC PLAT 7.3 (E0705P07). | ||||
| CVE-2020-24615 | 1 Pexip | 1 Pexip Infinity | 2024-11-21 | 5.3 Medium |
| Pexip Infinity before 24.1 has Improper Input Validation, leading to temporary denial of service via SIP. | ||||
| CVE-2020-24606 | 6 Canonical, Debian, Fedoraproject and 3 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2024-11-21 | 8.6 High |
| Squid before 4.13 and 5.x before 5.0.4 allows a trusted peer to perform Denial of Service by consuming all available CPU cycles during handling of a crafted Cache Digest response message. This only occurs when cache_peer is used with the cache digests feature. The problem exists because peerDigestHandleReply() livelocking in peer_digest.cc mishandles EOF. | ||||
| CVE-2020-24593 | 1 Mitel | 1 Micloud Management Portal | 2024-11-21 | 7.2 High |
| Mitel MiCloud Management Portal before 6.1 SP5 could allow a remote attacker to conduct a SQL Injection attack and access user credentials due to improper input validation. | ||||