Search Results (83867 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-28598 1 Prusa3d 1 Prusaslicer 2024-11-21 7.8 High
An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-28596 1 Prusa3d 1 Prusaslicer 2024-11-21 7.8 High
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-28595 1 Prusa3d 1 Prusaslicer 2024-11-21 7.8 High
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
CVE-2020-28592 1 Cosori 2 Cs158-af, Cs158-af Firmware 2024-11-21 9.8 Critical
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
CVE-2020-28588 1 Linux 1 Linux Kernel 2024-11-21 5.5 Medium
An information disclosure vulnerability exists in the /proc/pid/syscall functionality of Linux Kernel 5.1 Stable and 5.4.66. More specifically, this issue has been introduced in v5.1-rc4 (commit 631b7abacd02b88f4b0795c08b54ad4fc3e7c7c0) and is still present in v5.10-rc4, so it’s likely that all versions in between are affected. An attacker can read /proc/pid/syscall to trigger this vulnerability, which leads to the kernel leaking memory contents.
CVE-2020-28587 1 Softmaker 1 Planmaker 2021 2024-11-21 7.8 High
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
CVE-2020-28581 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 7.2 High
A command injection vulnerability in ModifyVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
CVE-2020-28580 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 7.2 High
A command injection vulnerability in AddVLANItem of Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send specially crafted HTTP messages and execute arbitrary OS commands with elevated privileges.
CVE-2020-28579 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 8.8 High
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
CVE-2020-28578 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 9.8 Critical
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
CVE-2020-28575 1 Trendmicro 1 Serverprotect 2024-11-21 6.7 Medium
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.
CVE-2020-28494 1 Totaljs 1 Total.js 2024-11-21 8.6 High
This affects the package total.js before 3.4.7. The issue occurs in the image.pipe and image.stream functions. The type parameter is used to build the command that is then executed using child_process.spawn. The issue occurs because child_process.spawn is called with the option shell set to true and because the type parameter is not properly sanitized.
CVE-2020-28491 4 Fasterxml, Oracle, Quarkus and 1 more 11 Jackson-dataformats-binary, Weblogic Server, Quarkus and 8 more 2024-11-21 7.5 High
This affects the package com.fasterxml.jackson.dataformat:jackson-dataformat-cbor from 0 and before 2.11.4, from 2.12.0-rc1 and before 2.12.1. Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception.
CVE-2020-28490 1 Async-git Project 1 Async-git 2024-11-21 9.1 Critical
The package async-git before 1.13.2 are vulnerable to Command Injection via shell meta-characters (back-ticks). For example: git.reset('atouch HACKEDb')
CVE-2020-28487 1 Visjs 1 Vis-timeline 2024-11-21 6.8 Medium
This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application.
CVE-2020-28482 1 Fastify 1 Fastify-csrf 2024-11-21 5.9 Medium
This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token was available in the GET query parameter
CVE-2020-28470 1 Scully 1 Scully 2024-11-21 7.3 High
This affects the package @scullyio/scully before 1.0.9. The transfer state is serialised with the JSON.stringify() function and then written into the HTML page.
CVE-2020-28468 1 Pwntools Project 1 Pwntools 2024-11-21 8.1 High
This affects the package pwntools before 4.3.1. The shellcraft generator for affected versions of this module are vulnerable to Server-Side Template Injection (SSTI), which can lead to remote code execution.
CVE-2020-28459 1 Markdown-it-decorate Project 1 Markdown-it-decorate 2024-11-21 7.3 High
This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link.
CVE-2020-28457 1 S-cart 1 S-cart 2024-11-21 7.2 High
This affects the package s-cart/core before 4.4. The search functionality of the admin dashboard in core/src/Admin/Controllers/AdminOrderController.phpindex is vulnerable to XSS.