Total
1969 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27255 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR).
|
|||||
| CVE-2020-27251 | 1 Rockwellautomation | 1 Factorytalk Linx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution.
|
|||||
| CVE-2020-27250 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow at Version/Instance 0x0005 and 0x0016. An attacker can entice the victim to open a document to trigger this vulnerability.
|
|||||
| CVE-2020-27249 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0004 and 0x0015, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
|
|||||
| CVE-2020-27248 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0003 and 0x0014, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
|
|||||
| CVE-2020-27247 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
|
|||||
| CVE-2020-26994 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of PCX files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
|
|||||
| CVE-2020-26987 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017)
|
|||||
| CVE-2020-26986 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014)
|
|||||
| CVE-2020-26985 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994)
|
|||||
| CVE-2020-25843 | 1 Panorama | 1 Nhiservisignadapter | 2024-11-21 | 7.5 HIGH | 8.1 HIGH |
|
NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege.
|
|||||
| CVE-2020-25712 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
|||||
| CVE-2020-25674 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
WriteOnePNGImage() from coders/png.c (the PNG coder) has a for loop with an improper exit condition that can allow an out-of-bounds READ via heap-buffer-overflow. This occurs because it is possible for the colormap to have less than 256 valid values but the loop condition will loop 256 times, attempting to pass invalid colormap data to the event logger. The patch replaces the hardcoded 256 value with a call to MagickMin() to ensure the proper value is used. This could impact application availabi ...
Show More |
|||||
| CVE-2020-25667 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
TIFFGetProfiles() in /coders/tiff.c calls strstr() which causes a large out-of-bounds read when it searches for `"dc:format=\"image/dng\"` within `profile` due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to remedy this. This could cause an impact to availability of the application. This flaw affects ImageMagick versions prior to 7.0.9-0.
|
|||||
| CVE-2020-25665 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The PALM image coder at coders/palm.c makes an improper call to AcquireQuantumMemory() in routine WritePALMImage() because it needs to be offset by 256. This can cause a out-of-bounds read later on in the routine. The patch adds 256 to bytes_per_row in the call to AcquireQuantumMemory(). This could cause impact to reliability. This flaw affects ImageMagick versions prior to 7.0.8-68.
|
|||||
| CVE-2020-25664 | 2 Fedoraproject, Imagemagick | 2 Fedora, Imagemagick | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
|
In WriteOnePNGImage() of the PNG coder at coders/png.c, an improper call to AcquireVirtualMemory() and memset() allows for an out-of-bounds write later when PopShortPixel() from MagickCore/quantum-private.h is called. The patch fixes the calls by adding 256 to rowbytes. An attacker who is able to supply a specially crafted image could affect availability with a low impact to data integrity. This flaw affects ImageMagick versions prior to 6.9.10-68 and 7.0.8-68.
|
|||||
| CVE-2020-25226 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore.
|
|||||
| CVE-2020-25199 | 1 We-con | 1 Levistudiou | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application.
|
|||||
| CVE-2020-25181 | 1 We-con | 1 Plc Editor | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution.
|
|||||
| CVE-2020-24435 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017.011.30175 (and earlier) are affected by a heap-based buffer overflow vulnerability in the submitForm function, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted .pdf file in Acrobat Reader.
|
|||||
| CVE-2020-1917 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
xbuf_format_converter, used as part of exif_read_data, was appending a terminating null character to the generated string, but was not using its standard append char function. As a result, if the buffer was full, it would result in an out-of-bounds write. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0.
|
|||||
| CVE-2020-1916 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An incorrect size calculation in ldap_escape may lead to an integer overflow when overly long input is passed in, resulting in an out-of-bounds write. This issue affects HHVM prior to 4.56.2, all versions between 4.57.0 and 4.78.0, 4.79.0, 4.80.0, 4.81.0, 4.82.0, 4.83.0.
|
|||||
| CVE-2020-1906 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams.
|
|||||
| CVE-2020-1711 | 4 Debian, Opensuse, Qemu and 1 more | 5 Debian Linux, Leap, Qemu and 2 more | 2024-11-21 | 6.0 MEDIUM | 7.7 HIGH |
|
An out-of-bounds heap buffer access flaw was found in the way the iSCSI Block driver in QEMU versions 2.12.0 before 4.2.1 handled a response coming from an iSCSI server while checking the status of a Logical Address Block (LBA) in an iscsi_co_block_status() routine. A remote user could use this flaw to crash the QEMU process, resulting in a denial of service or potential execution of arbitrary code with privileges of the QEMU process on the host.
|
|||||
| CVE-2020-17423 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ARW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to e ...
Show More |
|||||
| CVE-2020-16223 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Electronics TPEditor Versions 1.97 and prior. A heap-based buffer overflow may be exploited by processing a specially crafted project file. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application.
|
|||||
| CVE-2020-16207 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. Multiple heap-based buffer overflow vulnerabilities may be exploited by opening specially crafted project files that may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
|
|||||
| CVE-2020-15800 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2024-11-21 | 9.3 HIGH | 9.8 CRITICAL |
|
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. T ...
Show More |
|||||
| CVE-2020-15205 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-11-21 | 7.5 HIGH | 9.0 CRITICAL |
|
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `data_splits` argument of `tf.raw_ops.StringNGrams` lacks validation. This allows a user to pass values that can cause heap overflow errors and even leak contents of memory In the linked code snippet, all the binary strings after `ee ff` are contents from the memory stack. Since these can contain return addresses, this data leak can be used to defeat ASLR. The issue is patched in commit 0462de5b544ed4731aa2fb23946ac22c01856 ...
Show More |
|||||
| CVE-2020-15201 | 1 Google | 1 Tensorflow | 2024-11-21 | 6.8 MEDIUM | 4.8 MEDIUM |
|
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Hence, the code is prone to heap buffer overflow. If `split_values` does not end with a value at least `num_values` then the `while` loop condition will trigger a read outside of the bounds of `split_values` once `bat ...
Show More |
|||||
| CVE-2020-15200 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
In Tensorflow before version 2.3.1, the `RaggedCountSparseOutput` implementation does not validate that the input arguments form a valid ragged tensor. In particular, there is no validation that the values in the `splits` tensor generate a valid partitioning of the `values` tensor. Thus, the code sets up conditions to cause a heap buffer overflow. A `BatchedMap` is equivalent to a vector where each element is a hashmap. However, if the first element of `splits_values` is not 0, `batch_idx` will ...
Show More |
|||||
| CVE-2020-15198 | 1 Google | 1 Tensorflow | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
|
In Tensorflow before version 2.3.1, the `SparseCountSparseOutput` implementation does not validate that the input arguments form a valid sparse tensor. In particular, there is no validation that the `indices` tensor has the same shape as the `values` one. The values in these tensors are always accessed in parallel. Thus, a shape mismatch can result in accesses outside the bounds of heap allocated buffers. The issue is patched in commit 3cbb917b4714766030b28eba9fb41bb97ce9ee02 and is released in ...
Show More |
|||||
| CVE-2020-15196 | 1 Google | 1 Tensorflow | 2024-11-21 | 6.5 MEDIUM | 8.5 HIGH |
|
In Tensorflow version 2.3.0, the `SparseCountSparseOutput` and `RaggedCountSparseOutput` implementations don't validate that the `weights` tensor has the same shape as the data. The check exists for `DenseCountSparseOutput`, where both tensors are fully specified. In the sparse and ragged count weights are still accessed in parallel with the data. But, since there is no validation, a user passing fewer weights than the values for the tensors can generate a read from outside the bounds of the hea ...
Show More |
|||||
| CVE-2020-15195 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-11-21 | 6.5 MEDIUM | 8.5 HIGH |
|
In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the implementation of `SparseFillEmptyRowsGrad` uses a double indexing pattern. It is possible for `reverse_index_map(i)` to be an index outside of bounds of `grad_values`, thus resulting in a heap buffer overflow. The issue is patched in commit 390611e0d45c5793c7066110af37c8514e6a6c54, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1.
|
|||||
| CVE-2020-15158 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 7.5 HIGH | 7.7 HIGH |
|
In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit 033ab5b. Users of version 1.4.x should upgrade to version 1.4.3 when av ...
Show More |
|||||
| CVE-2020-14524 | 1 Softing | 1 Opc | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Softing Industrial Automation all versions prior to the latest build of version 4.47.0, The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.
|
|||||
| CVE-2020-14482 | 1 Deltaww | 1 Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash.
|
|||||
| CVE-2020-14311 | 4 Canonical, Gnu, Opensuse and 1 more | 7 Ubuntu Linux, Grub2, Leap and 4 more | 2024-11-21 | 3.6 LOW | 5.7 MEDIUM |
|
There is an issue with grub2 before version 2.06 while handling symlink on ext filesystems. A filesystem containing a symbolic link with an inode size of UINT32_MAX causes an arithmetic overflow leading to a zero-sized memory allocation with subsequent heap-based buffer overflow.
|
|||||
| CVE-2020-14310 | 4 Canonical, Gnu, Opensuse and 1 more | 7 Ubuntu Linux, Grub2, Leap and 4 more | 2024-11-21 | 3.6 LOW | 5.7 MEDIUM |
|
There is an issue on grub2 before version 2.06 at function read_section_as_string(). It expects a font name to be at max UINT32_MAX - 1 length in bytes but it doesn't verify it before proceed with buffer allocation to read the value from the font value. An attacker may leverage that by crafting a malicious font file which has a name with UINT32_MAX, leading to read_section_as_string() to an arithmetic overflow, zero-sized allocation and further heap-based buffer overflow.
|
|||||
| CVE-2020-13600 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.2 HIGH | 7.0 HIGH |
|
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
|
|||||