Search

Search Results (362966 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-29596 1 Miniweb Http Server Project 1 Miniweb Http Server 2024-11-21 7.5 High
MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.
CVE-2020-29595 1 Acdsee 1 Photo Studio 2021 2024-11-21 9.8 Critical
PlugIns\IDE_ACDStd.apl in ACDSee Photo Studio Studio Professional 2021 14.0 Build 1705 has a User Mode Write AV starting at IDE_ACDStd!JPEGTransW+0x00000000000031aa.
CVE-2020-29594 1 Rocket.chat 1 Rocket.chat 2024-11-21 9.8 Critical
Rocket.Chat before 0.74.4, 1.x before 1.3.4, 2.x before 2.4.13, 3.x before 3.7.3, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 mishandles SAML login.
CVE-2020-29593 1 Orchardproject 1 Orchard 2024-11-21 5.4 Medium
An issue was discovered in Orchard before 1.10. The Media Settings Allowed File Types list field allows an attacker to add a XSS payload that will execute when users attempt to upload a disallowed file type, causing the error to display.
CVE-2020-29592 1 Orchardproject 1 Orchard 2024-11-21 9.8 Critical
An issue was discovered in Orchard before 1.10. A broken access control issue in Orchard components that use the TinyMCE HTML editor's file upload allows an attacker to upload dangerous executables that bypass the file types allowed (regardless of the file types allowed list in Media settings).
CVE-2020-29591 1 Docker 1 Registry 2024-11-21 9.8 Critical
Versions of the Official registry Docker images through 2.7.0 contain a blank password for the root user. Systems deployed using affected versions of the registry container may allow a remote attacker to achieve root access with a blank password.
CVE-2020-29587 1 Simplcommerce 1 Simplcommerce 2024-11-21 5.4 Medium
SimplCommerce 1.0.0-rc uses the Bootbox.js library, which allows creation of programmatic dialog boxes using Bootstrap modals. The Bootbox.js library intentionally does not perform any sanitization of user input, which results in a DOM XSS, because it uses the jQuery .html() function to directly append the payload to a dialog.
CVE-2020-29581 1 Docker 1 Spiped Alpine Docker Image 2024-11-21 9.8 Critical
The official spiped docker images before 1.5-alpine contain a blank password for a root user. Systems using the spiped docker container deployed by affected versions of the docker image may allow an remote attacker to achieve root access with a blank password.
CVE-2020-29580 1 Docker 1 Storm Docker Image 2024-11-21 9.8 Critical
The official storm Docker images before 1.2.1 contain a blank password for a root user. Systems using the Storm Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
CVE-2020-29579 1 Express-gateway 1 Express-gateway Docker Image 2024-11-21 9.8 Critical
The official Express Gateway Docker images before 1.14.0 contain a blank password for a root user. Systems using the Express Gateway Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
CVE-2020-29578 1 Matomo 1 Piwik Fpm-alpine Docker Image 2024-11-21 9.8 Critical
The official piwik Docker images before fpm-alpine (Alpine specific) contain a blank password for a root user. Systems using the Piwik Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access.
CVE-2020-29577 1 Znc 1 Znc Docker Image 2024-11-21 9.8 Critical
The official znc docker images before 1.7.1-slim contain a blank password for a root user. Systems using the znc docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
CVE-2020-29576 1 Eggheads 1 Eggdrop Docker Image 2024-11-21 9.8 Critical
The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password.
CVE-2020-29575 1 Docker 1 Elixir Alpine Docker Image 2024-11-21 9.8 Critical
The official elixir Docker images before 1.8.0-alpine (Alpine specific) contain a blank password for a root user. Systems using the elixir Linux Docker container deployed by affected versions of the Docker image may allow a remote attacker to achieve root access with a blank password.
CVE-2020-29573 3 Gnu, Netapp, Redhat 9 Glibc, Cloud Backup, Solidfire Baseboard Management Controller and 6 more 2024-11-21 7.5 High
sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of "Fixed for glibc 2.33" in the 26649 reference.
CVE-2020-29572 1 Misp 1 Misp 2024-11-21 6.1 Medium
app/View/Elements/genericElements/SingleViews/Fields/genericField.ctp in MISP 2.4.135 has XSS via the authkey comment field.
CVE-2020-29571 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 6.2 Medium
An issue was discovered in Xen through 4.14.x. A bounds check common to most operation time functions specific to FIFO event channels depends on the CPU observing consistent state. While the producer side uses appropriately ordered writes, the consumer side isn't protected against re-ordered reads, and may hence end up de-referencing a NULL pointer. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system. Only Arm systems may be vulnerable. Whether a system is vulnerable depends on the specific CPU. x86 systems are not vulnerable.
CVE-2020-29570 3 Debian, Fedoraproject, Xen 3 Debian Linux, Fedora, Xen 2024-11-21 6.2 Medium
An issue was discovered in Xen through 4.14.x. Recording of the per-vCPU control block mapping maintained by Xen and that of pointers into the control block is reversed. The consumer assumes, seeing the former initialized, that the latter are also ready for use. Malicious or buggy guest kernels can mount a Denial of Service (DoS) attack affecting the entire system.
CVE-2020-29569 4 Debian, Linux, Netapp and 1 more 7 Debian Linux, Linux Kernel, Hci Compute Node and 4 more 2024-11-21 8.8 High
An issue was discovered in the Linux kernel through 5.10.1, as used with Xen through 4.14.x. The Linux kernel PV block backend expects the kernel thread handler to reset ring->xenblkd to NULL when stopped. However, the handler may not have time to run if the frontend quickly toggles between the states connect and disconnect. As a consequence, the block backend may re-use a pointer after it was freed. A misbehaving guest can trigger a dom0 crash by continuously connecting / disconnecting a block frontend. Privilege escalation and information leaks cannot be ruled out. This only affects systems with a Linux blkback.
CVE-2020-29568 2 Debian, Xen 2 Debian Linux, Xen 2024-11-21 6.5 Medium
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.