Export limit exceeded: 15635 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 20396 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20396 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36376 | 1 Aaptjs Project | 1 Aaptjs | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the list function in shenzhim aaptjs 1.3.1, allows attackers to execute arbitrary code via the filePath parameters. | ||||
| CVE-2020-36328 | 5 Apple, Debian, Netapp and 2 more | 8 Ipados, Iphone Os, Debian Linux and 5 more | 2024-11-21 | 9.8 Critical |
| A flaw was found in libwebp in versions before 1.0.1. A heap-based buffer overflow in function WebPDecodeRGBInto is possible due to an invalid check for buffer size. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | ||||
| CVE-2020-36317 | 2 Redhat, Rust-lang | 3 Devtools, Enterprise Linux, Rust | 2024-11-21 | 7.5 High |
| In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the same string. | ||||
| CVE-2020-36246 | 1 Amaze File Manager Project | 1 Amaze File Manager | 2024-11-21 | 7.8 High |
| Amaze File Manager before 3.5.1 allows attackers to obtain root privileges via shell metacharacters in a symbolic link. | ||||
| CVE-2020-36244 | 2 Debian, Genivi | 2 Debian Linux, Diagnostic Log And Trace | 2024-11-21 | 9.8 Critical |
| The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6). | ||||
| CVE-2020-36243 | 1 Open-emr | 1 Openemr | 2024-11-21 | 8.8 High |
| The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters. | ||||
| CVE-2020-36242 | 4 Cryptography.io, Fedoraproject, Oracle and 1 more | 6 Cryptography, Fedora, Communications Cloud Native Core Network Function Cloud Native Environment and 3 more | 2024-11-21 | 9.1 Critical |
| In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | ||||
| CVE-2020-36220 | 1 Va-ts Project | 1 Va-ts | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer<T> omits a required T: Send bound, a data race and memory corruption can occur. | ||||
| CVE-2020-36217 | 1 May Queue Project | 1 May Queue | 2024-11-21 | 5.9 Medium |
| An issue was discovered in the may_queue crate through 2020-11-10 for Rust. Because Queue does not have bounds on its Send trait or Sync trait, memory corruption can occur. | ||||
| CVE-2020-36216 | 1 Petabi | 1 Eventio | 2024-11-21 | 5.9 Medium |
| An issue was discovered in Input<R> in the eventio crate before 0.5.1 for Rust. Because a non-Send type can be sent to a different thread, a data race and memory corruption can occur. | ||||
| CVE-2020-36215 | 1 Hashconsing Project | 1 Hashconsing | 2024-11-21 | 7.5 High |
| An issue was discovered in the hashconsing crate before 1.1.0 for Rust. Because HConsed does not have bounds on its Send trait or Sync trait, memory corruption can occur. | ||||
| CVE-2020-36211 | 1 Devolutions | 1 Gfwx | 2024-11-21 | 7.0 High |
| An issue was discovered in the gfwx crate before 0.3.0 for Rust. Because ImageChunkMut does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | ||||
| CVE-2020-36210 | 1 Autorand Project | 1 Autorand | 2024-11-21 | 7.8 High |
| An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. | ||||
| CVE-2020-36208 | 1 Conquer-once Project | 1 Conquer-once | 2024-11-21 | 7.8 High |
| An issue was discovered in the conquer-once crate before 0.3.2 for Rust. Thread crossing can occur for a non-Send but Sync type, leading to memory corruption. | ||||
| CVE-2020-36207 | 1 Aovec Project | 1 Aovec | 2024-11-21 | 7.0 High |
| An issue was discovered in the aovec crate through 2020-12-10 for Rust. Because Aovec<T> does not have bounds on its Send trait or Sync trait, a data race and memory corruption can occur. | ||||
| CVE-2020-36206 | 1 Rusb Project | 1 Rusb | 2024-11-21 | 7.0 High |
| An issue was discovered in the rusb crate before 0.7.0 for Rust. Because of a lack of Send and Sync bounds, a data race and memory corruption can occur. | ||||
| CVE-2020-36203 | 1 Reffers Project | 1 Reffers | 2024-11-21 | 4.7 Medium |
| An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption. | ||||
| CVE-2020-36199 | 1 Kaspersky | 1 Tinycheck | 2024-11-21 | 9.8 Critical |
| TinyCheck before commits 9fd360d and ea53de8 was vulnerable to command injection due to insufficient checks of input parameters in several places. | ||||
| CVE-2020-36198 | 1 Qnap | 1 Malware Remover | 2024-11-21 | 6.7 Medium |
| A command injection vulnerability has been reported to affect certain versions of Malware Remover. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Malware Remover versions prior to 4.6.1.0. This issue does not affect: QNAP Systems Inc. Malware Remover 3.x. | ||||
| CVE-2020-36178 | 1 Tp-link | 2 Tl-wr840n, Tl-wr840n Firmware | 2024-11-21 | 9.8 Critical |
| oal_ipt_addBridgeIsolationRules on TP-Link TL-WR840N 6_EU_0.9.1_4.16 devices allows OS command injection because a raw string entered from the web interface (an IP address field) is used directly for a call to the system library function (for iptables). NOTE: oal_ipt_addBridgeIsolationRules is not the only function that calls util_execSystem. | ||||