Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29040 | 1 Xen | 1 Xen | 2024-11-21 | 4.6 MEDIUM | 8.8 HIGH |
|
An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671.
|
|||||
| CVE-2020-29019 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header.
|
|||||
| CVE-2020-29016 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname.
|
|||||
| CVE-2020-28964 | 1 Tonec | 1 Internet Download Manager | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
|
Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors.
|
|||||
| CVE-2020-28928 | 4 Debian, Fedoraproject, Musl-libc and 1 more | 4 Debian Linux, Fedora, Musl and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).
|
|||||
| CVE-2020-28895 | 2 Oracle, Windriver | 2 Communications Eagle, Vxworks | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
|
In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption.
|
|||||
| CVE-2020-28600 | 1 Openscad | 1 Openscad | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-28599 | 2 Fedoraproject, Openscad | 2 Fedora, Openscad | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-28598 | 1 Prusa3d | 1 Prusaslicer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-28596 | 1 Prusa3d | 1 Prusaslicer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-28595 | 1 Prusa3d | 1 Prusaslicer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-28592 | 1 Cosori | 2 Cs158-af, Cs158-af Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability.
|
|||||
| CVE-2020-28587 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
|
|||||
| CVE-2020-28579 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
|
|||||
| CVE-2020-28578 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges.
|
|||||
| CVE-2020-28575 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability.
|
|||||
| CVE-2020-28386 | 1 Siemens | 1 Solid Edge | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
|
|||||
| CVE-2020-28385 | 1 Siemens | 1 Solid Edge | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in Solid Edge SE2020 (All versions < SE2020MP13), Solid Edge SE2021 (All Versions < SE2021MP4). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12049)
|
|||||
| CVE-2020-28384 | 1 Siemens | 1 Solid Edge | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process.
|
|||||
| CVE-2020-28383 | 1 Siemens | 3 Jt2go, Solid Edge, Teamcenter Visualization | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in JT2Go (All versions < V13.1.0.1), Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2), Teamcenter Visualization (All versions < V13.1.0.1). Affected applications lack proper validation of user-supplied data when parsing PAR files. This can result in an out of bounds write past the memory location that is a read only image address. An attacker could leverage this vulnerability to execute code in the context of the curr ...
Show More |
|||||
| CVE-2020-28382 | 1 Siemens | 1 Solid Edge | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in a out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process.
|
|||||
| CVE-2020-28381 | 1 Siemens | 1 Solid Edge | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing PAR files. This could result in an out of bounds write into uninitialized memory. An attacker could leverage this vulnerability to execute code in the context of the current process.
|
|||||
| CVE-2020-28373 | 1 Netgear | 26 R6250, R6250 Firmware, R6400 and 23 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44.
|
|||||
| CVE-2020-28371 | 1 Readytalk | 1 Avian | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in ReadyTalk Avian 1.2.0 before 2020-10-27. The FileOutputStream.write() method in FileOutputStream.java has a boundary check to prevent out-of-bounds memory read/write operations. However, an integer overflow leads to bypassing this check and achieving the out-of-bounds access. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2020-28343 | 2 Google, Samsung | 4 Android, Exynos 980, Exynos 9820 and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020).
|
|||||
| CVE-2020-28248 | 1 Png-img Project | 1 Png-img | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An integer overflow in the PngImg::InitStorage_() function of png-img before 3.1.0 leads to an under-allocation of heap memory and subsequently an exploitable heap-based buffer overflow when loading a crafted PNG file.
|
|||||
| CVE-2020-28198 | 1 Ibm | 1 Tivoli Storage Manager | 2024-11-21 | 4.4 MEDIUM | 7.0 HIGH |
|
The 'id' parameter of IBM Tivoli Storage Manager Version 5 Release 2 (Command Line Administrative Interface, dsmadmc.exe) is vulnerable to an exploitable stack buffer overflow. Note: the vulnerability can be exploited when it is used in "interactive" mode while, cause of a max number characters limitation, it cannot be exploited in batch or command line usage (e.g. dsmadmc.exe -id=username -password=pwd). NOTE: This vulnerability only affects products that are no longer supported by the maintain ...
Show More |
|||||
| CVE-2020-28024 | 1 Exim | 1 Exim | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Exim 4 before 4.94.2 allows Buffer Underwrite that may result in unauthenticated remote attackers executing arbitrary commands, because smtp_ungetc was only intended to push back characters, but can actually push back non-character error codes such as EOF.
|
|||||
| CVE-2020-28022 | 1 Exim | 1 Exim | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Exim 4 before 4.94.2 has Improper Restriction of Write Operations within the Bounds of a Memory Buffer. This occurs when processing name=value pairs within MAIL FROM and RCPT TO commands.
|
|||||
| CVE-2020-28016 | 1 Exim | 1 Exim | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Exim 4 before 4.94.2 allows an off-by-two Out-of-bounds Write because "-F ''" is mishandled by parse_fix_phrase.
|
|||||
| CVE-2020-28013 | 1 Exim | 1 Exim | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow because it mishandles "-F '.('" on the command line, and thus may allow privilege escalation from any user to root. This occurs because of the interpretation of negative sizes in strncpy.
|
|||||
| CVE-2020-28011 | 1 Exim | 1 Exim | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Exim 4 before 4.94.2 allows Heap-based Buffer Overflow in queue_run via two sender options: -R and -S. This may cause privilege escalation from exim to root.
|
|||||
| CVE-2020-28010 | 1 Exim | 1 Exim | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
|
Exim 4 before 4.94.2 allows Out-of-bounds Write because the main function, while setuid root, copies the current working directory pathname into a buffer that is too small (on some common platforms).
|
|||||
| CVE-2020-27952 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution.
|
|||||
| CVE-2020-27948 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution.
|
|||||
| CVE-2020-27947 | 1 Apple | 2 Mac Os X, Macos | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges.
|
|||||
| CVE-2020-27944 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.
|
|||||
| CVE-2020-27943 | 1 Apple | 5 Ipad Os, Iphone Os, Macos and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution.
|
|||||
| CVE-2020-27933 | 1 Apple | 6 Icloud, Ipados, Iphone Os and 3 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.6 and iPadOS 13.6, iCloud for Windows 7.20, watchOS 6.2.8, tvOS 13.4.8, macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra. Processing a maliciously crafted image may lead to arbitrary code execution.
|
|||||
| CVE-2020-27931 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1, watchOS 7.0, tvOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.
|
|||||