Total
8217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6618 | 1 Nothings | 1 Stb Truetype.h | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
stb stb_truetype.h through 1.22 has a heap-based buffer over-read in stbtt__find_table.
|
|||||
| CVE-2020-6614 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bfr_read in decode.c.
|
|||||
| CVE-2020-6613 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in bit_search_sentinel in bits.c.
|
|||||
| CVE-2020-6612 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
|
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in copy_compressed_bytes in decode_r2007.c.
|
|||||
| CVE-2020-6609 | 2 Gnu, Opensuse | 3 Libredwg, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
GNU LibreDWG 0.9.3.2564 has a heap-based buffer over-read in read_pages_map in decode_r2007.c.
|
|||||
| CVE-2020-6555 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.8 MEDIUM | 7.6 HIGH |
|
Out of bounds read in WebGL in Google Chrome prior to 84.0.4147.125 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
|
|||||
| CVE-2020-6458 | 2 Debian, Google | 2 Debian Linux, Chrome | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
|
|||||
| CVE-2020-6455 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Out of bounds read in WebSQL in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2020-6447 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Inappropriate implementation in developer tools in Google Chrome prior to 81.0.4044.92 allowed a remote attacker who had convinced the user to use devtools to potentially exploit heap corruption via a crafted HTML page.
|
|||||
| CVE-2020-6405 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Out of bounds read in SQLite in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
|
|||||
| CVE-2020-6395 | 1 Google | 1 Chrome | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Out of bounds read in JavaScript in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page.
|
|||||
| CVE-2020-6374 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2020-6345 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated TGA file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2020-6341 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated EPS file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2020-6330 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2020-6322 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
|
|||||
| CVE-2020-6162 | 1 Bftpd Project | 1 Bftpd | 2024-11-21 | 5.8 MEDIUM | 9.1 CRITICAL |
|
An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in dirlist.c.
|
|||||
| CVE-2020-6107 | 1 F2fs-tools Project | 1 F2fs-tools | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An exploitable information disclosure vulnerability exists in the dev_read functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-6106 | 1 F2fs-tools Project | 1 F2fs-tools | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An exploitable information disclosure vulnerability exists in the init_node_manager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-6104 | 1 F2fs-tools Project | 1 F2fs-tools | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An exploitable information disclosure vulnerability exists in the get_dnode_of_data functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-6077 | 2 Debian, Videolabs | 2 Debian Linux, Libmicrodns | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An exploitable denial-of-service vulnerability exists in the message-parsing functionality of Videolabs libmicrodns 0.1.0. When parsing mDNS messages, the implementation does not properly keep track of the available data in the message, possibly leading to an out-of-bounds read that would result in a denial of service. An attacker can send an mDNS message to trigger this vulnerability.
|
|||||
| CVE-2020-6061 | 4 Canonical, Coturn Project, Debian and 1 more | 4 Ubuntu Linux, Coturn, Debian Linux and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
|
|||||
| CVE-2020-6058 | 1 Minisnmpd Project | 1 Minisnmpd | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
An exploitable out-of-bounds read vulnerability exists in the way MiniSNMPD version 1.4 parses incoming SNMP packets. A specially crafted SNMP request can trigger an out-of-bounds memory read, which can result in the disclosure of sensitive information and denial of service. To trigger this vulnerability, an attacker needs to send a specially crafted packet to the vulnerable server.
|
|||||
| CVE-2020-5991 | 2 Microsoft, Nvidia | 2 Windows, Cuda Toolkit | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure.
|
|||||
| CVE-2020-5971 | 1 Nvidia | 1 Virtual Gpu Manager | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
NVIDIA Virtual GPU Manager contains a vulnerability in the vGPU plugin, in which the software reads from a buffer by using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer, which may lead to code execution, denial of service, escalation of privileges, or information disclosure. This affects vGPU version 8.x (prior to 8.4), version 9.x (prior to 9.4) and version 10.x (prior to 10.3).
|
|||||
| CVE-2020-5965 | 1 Nvidia | 8 Geforce, Geforce Firmware, Nvs and 5 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX 11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, leading to denial of service.
|
|||||
| CVE-2020-5833 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Symantec Endpoint Protection Manager, prior to 14.3, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
|
|||||
| CVE-2020-5831 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
|
|||||
| CVE-2020-5830 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
|
|||||
| CVE-2020-5829 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
|
|||||
| CVE-2020-5828 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
|
|||||
| CVE-2020-5827 | 1 Symantec | 1 Endpoint Protection Manager | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Symantec Endpoint Protection Manager (SEPM), prior to 14.2 RU2 MP1, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
|
|||||
| CVE-2020-5826 | 1 Symantec | 1 Endpoint Protection | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Symantec Endpoint Protection (SEP) and Symantec Endpoint Protection Small Business Edition (SEP SBE), prior to 14.2 RU2 MP1 and prior to 14.2.5569.2100 respectively, may be susceptible to an out of bounds vulnerability, which is a type of issue that results in an existing application reading memory outside of the bounds of the memory that had been allocated to the program.
|
|||||
| CVE-2020-5675 | 1 Mitsubishielectric | 20 Gs2107-wtbd, Gs2107-wtbd-n, Gs2107-wtbd-n Firmware and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Out-of-bounds read vulnerability in GT21 model of GOT2000 series (GT2107-WTBD V01.39.000 and earlier, GT2107-WTSD V01.39.000 and earlier, GT2104-RTBD V01.39.000 and earlier, GT2104-PMBD V01.39.000 and earlier, and GT2103-PMBD V01.39.000 and earlier), GS21 model of GOT series (GS2110-WTBD V01.39.000 and earlier, GS2107-WTBD V01.39.000 and earlier, GS2110-WTBD-N V01.39.000 and earlier, and GS2107-WTBD-N V01.39.000 and earlier), and Tension Controller LE7-40GU-L series (LE7-40GU-L Screen package da ...
Show More |
|||||
| CVE-2020-5360 | 2 Dell, Oracle | 5 Bsafe Micro-edition-suite, Database, Http Server and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Dell BSAFE Micro Edition Suite, versions prior to 4.5, are vulnerable to a Buffer Under-Read Vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability resulting in undefined behaviour, or a crash of the affected systems.
|
|||||
| CVE-2020-5313 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
|
|||||
| CVE-2020-5254 | 1 Nethack | 1 Nethack | 2024-11-21 | 6.8 MEDIUM | 3.9 LOW |
|
In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.
|
|||||
| CVE-2020-5235 | 1 Nanopb Project | 1 Nanopb | 2024-11-21 | 7.5 HIGH | 6.5 MEDIUM |
|
There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PB_ENABLE_MALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc() runs out of memory when expanding the array nanopb can end up calling `free()` on a pointer value that comes from uninitialized memory. Depending on platform this can result in a crash or further memory corruption, which may be exploitable in some cases. Th ...
Show More |
|||||
| CVE-2020-5140 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service by sending a malicious HTTP request that leads to memory addresses leak. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
|
|||||
| CVE-2020-5134 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
|
A vulnerability in SonicOS allows an authenticated attacker to cause out-of-bound invalid file reference leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
|
|||||