Export limit exceeded: 10707 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 21195 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (21195 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-13556 1 Opener Project 1 Opener 2024-11-21 9.8 Critical
An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
CVE-2020-13547 1 Foxitsoftware 1 Foxit Reader 2024-11-21 8.8 High
A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
CVE-2020-13546 1 Softmaker 1 Office Textmaker 2021 2024-11-21 7.8 High
In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.
CVE-2020-13545 1 Softmaker 1 Softmaker Office 2024-11-21 7.8 High
An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.
CVE-2020-13524 2 Apple, Pixar 3 Mac Os X, Macos, Openusd 2024-11-21 5.5 Medium
An out-of-bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 uses SPECS data from binary USD files. A specially crafted malformed file can trigger an out-of-bounds memory access and modification which results in memory corruption. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
CVE-2020-13520 2 Apple, Pixar 2 Macos, Openusd 2024-11-21 7.8 High
An out of bounds memory corruption vulnerability exists in the way Pixar OpenUSD 20.05 reconstructs paths from binary USD files. A specially crafted malformed file can trigger an out of bounds memory modification which can result in remote code execution. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
CVE-2020-13494 2 Apple, Pixar 2 Macos, Openusd 2024-11-21 5.5 Medium
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
CVE-2020-13493 2 Apple, Pixar 2 Macos, Openusd 2024-11-21 7.8 High
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.
CVE-2020-13448 1 Quickbox 1 Quickbox 2024-11-21 8.8 High
QuickBox Community Edition through 2.5.5 and Pro Edition through 2.1.8 allows an authenticated remote attacker to execute code on the server via command injection in the servicestart parameter.
CVE-2020-13440 1 Rockcarry 1 Ffjpeg 2024-11-21 6.5 Medium
ffjpeg through 2020-02-24 has an invalid write in bmp_load in bmp.c.
CVE-2020-13428 2 Debian, Videolan 2 Debian Linux, Vlc Media Player 2024-11-21 7.8 High
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file.
CVE-2020-13404 1 Quadra-informatique 1 Atos\/sips 2024-11-21 8.8 High
The ATOS/Sips (aka Atos-Magento) community module 3.0.0 to 3.0.5 for Magento allows command injection.
CVE-2020-13398 5 Canonical, Debian, Freerdp and 2 more 7 Ubuntu Linux, Debian Linux, Freerdp and 4 more 2024-11-21 8.3 High
An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.
CVE-2020-13388 1 Python 1 Jw.util 2024-11-21 9.8 Critical
An exploitable vulnerability exists in the configuration-loading functionality of the jw.util package before 2.3 for Python. When loading a configuration with FromString or FromStream with YAML, one can execute arbitrary Python code, resulting in OS command execution, because safe_load is not used.
CVE-2020-13361 4 Canonical, Debian, Opensuse and 1 more 4 Ubuntu Linux, Debian Linux, Leap and 1 more 2024-11-21 3.9 Low
In QEMU 5.0.0 and earlier, es1370_transfer_audio in hw/audio/es1370.c does not properly validate the frame count, which allows guest OS users to trigger an out-of-bounds access during an es1370_write() operation.
CVE-2020-13252 1 Centreon 1 Centreon 2024-11-21 8.8 High
Centreon before 19.04.15 allows remote attackers to execute arbitrary OS commands by placing shell metacharacters in RRDdatabase_status_path (via a main.get.php request) and then visiting the include/views/graphs/graphStatus/displayServiceStatus.php page.
CVE-2020-13167 1 Netsweeper 1 Netsweeper 2024-11-21 9.8 Critical
Netsweeper through 6.4.3 allows unauthenticated remote code execution because webadmin/tools/unixlogin.php (with certain Referer headers) launches a command line with client-supplied parameters, and allows injection of shell metacharacters.
CVE-2020-13159 1 Articatech 1 Artica Proxy 2024-11-21 9.8 Critical
Artica Proxy before 4.30.000000 Community Edition allows OS command injection via the Netbios name, Server domain name, dhclient_mac, Hostname, or Alias field. NOTE: this may overlap CVE-2020-10818.
CVE-2020-13151 1 Aerospike 1 Aerospike Server 2024-11-21 9.8 Critical
Aerospike Community Edition 4.9.0.5 allows for unauthenticated submission and execution of user-defined functions (UDFs), written in Lua, as part of a database query. It attempts to restrict code execution by disabling os.execute() calls, but this is insufficient. Anyone with network access can use a crafted UDF to execute arbitrary OS commands on all nodes of the cluster at the permission level of the user running the Aerospike service.
CVE-2020-13124 1 Sabnzbd 1 Sabnzbd 2024-11-21 8.8 High
SABnzbd 2.3.9 and 3.0.0Alpha2 has a command injection vulnerability in the web configuration interface that permits an authenticated user to execute arbitrary Python commands on the underlying operating system.