Search Results (83508 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-10630 1 Sae-it 2 Net-line Fw-50, Net-line Fw-50 Firmware 2024-11-21 6.1 Medium
SAE IT-systems FW-50 Remote Telemetry Unit (RTU). The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in the output used as a webpage that is served to other users.
CVE-2020-10615 1 Trianglemicroworks 1 Scada Data Gateway 2024-11-21 7.5 High
Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability.
CVE-2020-10614 1 Osisoft 1 Pi Vision 2024-11-21 4.8 Medium
In OSIsoft PI System multiple products and versions, an authenticated remote attacker with write access to PI Vision databases could inject code into a display. Unauthorized information disclosure, deletion, or modification is possible if a victim views the infected display.
CVE-2020-10607 1 Advantech 1 Webaccess 2024-11-21 8.8 High
In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.
CVE-2020-10604 1 Osisoft 1 Pi Data Archive 2024-11-21 7.5 High
In OSIsoft PI System multiple products and versions, a remote, unauthenticated attacker could crash PI Network Manager service through specially crafted requests. This can result in blocking connections and queries to PI Data Archive.
CVE-2020-10603 1 Advantech 1 Webaccess\/nms 2024-11-21 8.8 High
WebAccess/NMS (versions prior to 3.0.2) does not properly sanitize user input and may allow an attacker to inject system commands remotely.
CVE-2020-10596 1 Opencart 1 Opencart 2024-11-21 5.4 Medium
OpenCart 3.0.3.2 allows remote authenticated users to conduct XSS attacks via a crafted filename in the users' image upload section.
CVE-2020-10583 1 Invigo 1 Automatic Device Management 2024-11-21 8.8 High
The /admin/admapi.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary OS commands on the server as the user running the application.
CVE-2020-10580 1 Invigo 1 Automatic Device Management 2024-11-21 8.8 High
A command injection on the /admin/broadcast.php script of Invigo Automatic Device Management (ADM) through 5.0 allows remote authenticated attackers to execute arbitrary PHP code on the server as the user running the application.
CVE-2020-10574 1 Meetecho 1 Janus 2024-11-21 9.8 Critical
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't actually exist during a "query_logger" Admin API request, because of a typo in the JSON validation.
CVE-2020-10571 1 Psd-tools Project 1 Psd-tools 2024-11-21 9.8 Critical
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.
CVE-2020-10561 1 Mi 2 Mijia Inkjet Printer, Mijia Inkjet Printer Firmware 2024-11-21 9.8 Critical
An issue was discovered on Xiaomi Mi Jia ink-jet printer < 3.4.6_0138. Injecting parameters to ippserver through the web management background, resulting in command execution vulnerabilities.
CVE-2020-10553 1 Psyprax 1 Psyprax 2024-11-21 5.5 Medium
An issue was discovered in Psyprax before 3.2.2. The file %PROGRAMDATA%\Psyprax32\PPScreen.ini contains a hash for the lockscreen (aka screensaver) of the application. If that entry is removed, the lockscreen is no longer displayed and the app is no longer locked. All local users are able to modify that file.
CVE-2020-10551 1 Tencent 1 Qqbrowser 2024-11-21 7.8 High
QQBrowser before 10.5.3870.400 installs a Windows service TsService.exe. This file is writable by anyone belonging to the NT AUTHORITY\Authenticated Users group, which includes all local and remote users. This can be abused by local attackers to escalate privileges to NT AUTHORITY\SYSTEM by writing a malicious executable to the location of TsService.
CVE-2020-10544 1 Primetek 1 Primefaces 2024-11-21 6.1 Medium
An XSS issue was discovered in tooltip/tooltip.js in PrimeTek PrimeFaces 7.0.11. In a web application using PrimeFaces, an attacker can provide JavaScript code in an input field whose data is later used as a tooltip title without any input validation.
CVE-2020-10543 5 Fedoraproject, Opensuse, Oracle and 2 more 20 Fedora, Leap, Communications Billing And Revenue Management and 17 more 2024-11-21 8.2 High
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
CVE-2020-10531 9 Canonical, Debian, Fedoraproject and 6 more 15 Ubuntu Linux, Debian Linux, Fedora and 12 more 2024-11-21 8.8 High
An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.
CVE-2020-10519 1 Github 1 Github 2024-11-21 8.8 High
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22.7 and was fixed in 2.22.7, 2.21.15, and 2.20.24. The underlying issues contributing to this vulnerability were identified through the GitHub Security Bug Bounty program.
CVE-2020-10518 1 Github 1 Github 2024-11-21 8.8 High
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the GitHub Enterprise Server instance. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 2.22 and was fixed in 2.21.6, 2.20.15, and 2.19.21. The underlying issues contributing to this vulnerability were identified both internally and through the GitHub Security Bug Bounty program.
CVE-2020-10514 1 Icatchinc 1 Dvr Firmware 2024-11-21 8.8 High
iCatch DVR firmware before 20200103 do not validate function parameter properly, resulting attackers executing arbitrary command.