Export limit exceeded: 20776 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20776 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7603 | 1 Closure-compiler-stream Project | 1 Closure-compiler-stream | 2024-11-21 | 9.8 Critical |
| closure-compiler-stream through 0.1.15 allows execution of arbitrary commands. The argument "options" of the exports function in "index.js" can be controlled by users without any sanitization. | ||||
| CVE-2020-7602 | 1 Node-prompt-here Project | 1 Node-prompt-here | 2024-11-21 | 9.8 Critical |
| node-prompt-here through 1.0.1 allows execution of arbitrary commands. The "runCommand()" is called by "getDevices()" function in file "linux/manager.js", which is required by the "index. process.env.NM_CLI" in the file "linux/manager.js". This function is used to construct the argument of function "execSync()", which can be controlled by users without any sanitization. | ||||
| CVE-2020-7601 | 1 Gulp-scss-lint Project | 1 Gulp-scss-lint | 2024-11-21 | 9.8 Critical |
| gulp-scss-lint through 1.0.0 allows execution of arbitrary commands. It is possible to inject arbitrary commands to the "exec" function located in "src/command.js" via the provided options. | ||||
| CVE-2020-7597 | 1 Codecov | 1 Codecov | 2024-11-21 | 8.8 High |
| codecov-node npm module before 3.6.5 allows remote attackers to execute arbitrary commands.The value provided as part of the gcov-root argument is executed by the exec function within lib/codecov.js. This vulnerability exists due to an incomplete fix of CVE-2020-7596. | ||||
| CVE-2020-7596 | 1 Codecov | 1 Nodejs Uploader | 2024-11-21 | 8.8 High |
| Codecov npm module before 3.6.2 allows remote attackers to execute arbitrary commands via the "gcov-args" argument. | ||||
| CVE-2020-7594 | 1 Multitech | 2 Conduit Mtcdt-lvw2-246a, Conduit Mtcdt-lvw2-246a Firmware | 2024-11-21 | 7.2 High |
| MultiTech Conduit MTCDT-LVW2-24XX 1.4.17-ocea-13592 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Debug Options page and entering shell metacharacters in the interface JSON field of the ping function. | ||||
| CVE-2020-7586 | 1 Siemens | 4 Simatic Pcs 7, Simatic Process Device Manager, Simatic Step 7 and 1 more | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. | ||||
| CVE-2020-7558 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 7.8 High |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | ||||
| CVE-2020-7556 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 7.8 High |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | ||||
| CVE-2020-7555 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 7.8 High |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | ||||
| CVE-2020-7553 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 7.8 High |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | ||||
| CVE-2020-7552 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 7.8 High |
| A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | ||||
| CVE-2020-7551 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 7.8 High |
| A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | ||||
| CVE-2020-7524 | 1 Schneider-electric | 2 Modicon M218, Modicon M218 Firmware | 2024-11-21 | 7.5 High |
| Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal. | ||||
| CVE-2020-7502 | 1 Schneider-electric | 2 Modicon M218, Modicon M218 Firmware | 2024-11-21 | 7.5 High |
| A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller. | ||||
| CVE-2020-7465 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2024-11-21 | 9.8 Critical |
| The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | ||||
| CVE-2020-7461 | 2 Freebsd, Siemens | 5 Freebsd, Simatic Rf350m, Simatic Rf350m Firmware and 2 more | 2024-11-21 | 7.3 High |
| In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. | ||||
| CVE-2020-7458 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.8 Critical |
| In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution. | ||||
| CVE-2020-7454 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.8 Critical |
| In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. | ||||
| CVE-2020-7450 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.8 Critical |
| In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. | ||||