Total
13459 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14331 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 7.2 HIGH | 6.6 MEDIUM |
|
A flaw was found in the Linux kernel’s implementation of the invert video code on VGA consoles when a local attacker attempts to resize the console, calling an ioctl VT_RESIZE, which causes an out-of-bounds write to occur. This flaw allows a local user with access to the VGA console to crash the system, potentially escalating their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
|
|||||
| CVE-2020-14315 | 1 Daemonology | 1 Bsdiff | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A memory corruption vulnerability is present in bspatch as shipped in Colin Percival’s bsdiff tools version 4.3. Insufficient checks when handling external inputs allows an attacker to bypass the sanity checks in place and write out of a dynamically allocated buffer boundaries.
|
|||||
| CVE-2020-14309 | 2 Gnu, Opensuse | 2 Grub2, Leap | 2024-11-21 | 4.6 MEDIUM | 6.7 MEDIUM |
|
There's an issue with grub2 in all versions before 2.06 when handling squashfs filesystems containing a symbolic link with name length of UINT32 bytes in size. The name size leads to an arithmetic overflow leading to a zero-size allocation further causing a heap-based buffer overflow with attacker controlled data.
|
|||||
| CVE-2020-14305 | 2 Linux, Netapp | 10 Linux Kernel, A250, A250 Firmware and 7 more | 2024-11-21 | 8.3 HIGH | 8.1 HIGH |
|
An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
|
|||||
| CVE-2020-14268 | 1 Hcltech | 1 Notes | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability in the MIME message handling of the Notes client (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.
|
|||||
| CVE-2020-14244 | 1 Hcltech | 1 Domino | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability in the MIME message handling of the Domino server (versions 9 and 10) could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server.
|
|||||
| CVE-2020-14231 | 1 Hcltechsw | 1 Hcl Client Application Access | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.
|
|||||
| CVE-2020-14224 | 1 Hcltech | 1 Notes | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.
|
|||||
| CVE-2020-14212 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
FFmpeg through 4.3 has a heap-based buffer overflow in avio_get_str in libavformat/aviobuf.c because dnn_backend_native.c calls ff_dnn_load_model_native and a certain index check is omitted.
|
|||||
| CVE-2020-14147 | 4 Debian, Oracle, Redislabs and 1 more | 4 Debian Linux, Communications Operations Monitor, Redis and 1 more | 2024-11-21 | 4.0 MEDIUM | 7.7 HIGH |
|
An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression.
|
|||||
| CVE-2020-14127 | 1 Mi | 3 Miui, Redmi K40, Redmi Note 10 Pro | 2024-11-21 | N/A | 7.5 HIGH |
|
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by heap overflow and can be exploited by attackers to make remote denial of service.
|
|||||
| CVE-2020-14125 | 1 Mi | 3 Miui, Redmi Note 11, Redmi Note 9t | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service.
|
|||||
| CVE-2020-14107 | 1 Mi | 1 Xiaomi Mirror Screen | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A stack overflow in the HTTP server of Cast can be exploited to make the app crash in LAN.
|
|||||
| CVE-2020-14095 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Xiaomi router R3600, ROM version<1.0.20, a connect service suffers from an injection vulnerability through the web interface, leading to a stack overflow or remote code execution.
|
|||||
| CVE-2020-14094 | 1 Mi | 2 Xiaomi R3600, Xiaomi R3600 Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Xiaomi router R3600, ROM version<1.0.20, the connection service can be injected through the web interface, resulting in stack overflow or remote code execution.
|
|||||
| CVE-2020-14080 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to apply_sec.cgi via the action ping_test with a sufficiently long ping_ipaddr key.
|
|||||
| CVE-2020-14079 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action auto_up_fw (or auto_up_lp) with a sufficiently long update_file_name key.
|
|||||
| CVE-2020-14078 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login with a sufficiently long REMOTE_ADDR key.
|
|||||
| CVE-2020-14077 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action set_sta_enrollee_pin_wifi1 (or set_sta_enrollee_pin_wifi0) with a sufficiently long wps_sta_enrollee_pin key.
|
|||||
| CVE-2020-14076 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action st_dev_connect, st_dev_disconnect, or st_dev_rconnect with a sufficiently long wan_type key.
|
|||||
| CVE-2020-14074 | 1 Trendnet | 2 Tew-827dru, Tew-827dru Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kick_ban_wifi_mac_allow with a sufficiently long qcawifi.wifi0_vap0.maclist key.
|
|||||
| CVE-2020-13995 | 1 Airforce | 1 Nitf Extract Utility | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
U.S. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable (sBuffer) leads to a Write-What-Where outcome. Writing beyond sBuffer will clobber most global variables until reaching a pointer such as DES_info or image_info. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain ...
Show More |
|||||
| CVE-2020-13985 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.
|
|||||
| CVE-2020-13916 | 1 Ruckuswireless | 25 C110, E510, H320 and 22 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A stack buffer overflow in webs in Ruckus Wireless Unleashed through 200.7.10.102.92 allows a remote attacker to execute code via an unauthenticated crafted HTTP request. This affects C110, E510, H320, H510, M510, R320, R310, R500, R510 R600, R610, R710, R720, R750, T300, T301n, T301s, T310c, T310d, T310n, T310s, T610, T710, and T710s devices.
|
|||||
| CVE-2020-13901 | 1 Meetecho | 1 Janus | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow.
|
|||||
| CVE-2020-13811 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file.
|
|||||
| CVE-2020-13768 | 1 Minishare Project | 1 Minishare | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
|
|||||
| CVE-2020-13765 | 3 Canonical, Debian, Qemu | 3 Ubuntu Linux, Debian Linux, Qemu | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
|
rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation.
|
|||||
| CVE-2020-13656 | 1 Morganstanley | 1 Hobbes | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution.
|
|||||
| CVE-2020-13600 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.2 HIGH | 7.0 HIGH |
|
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
|
|||||
| CVE-2020-13598 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.6 MEDIUM | 6.3 MEDIUM |
|
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
|
|||||
| CVE-2020-13586 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-13581 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.
|
|||||
| CVE-2020-13580 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt m ...
Show More |
|||||
| CVE-2020-13579 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the con ...
Show More |
|||||
| CVE-2020-13572 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-13556 | 1 Opener Project | 1 Opener | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.
|
|||||
| CVE-2020-13547 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
|
|||||
| CVE-2020-13546 | 1 Softmaker | 1 Office Textmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.
|
|||||
| CVE-2020-13545 | 1 Softmaker | 1 Softmaker Office | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability.
|
|||||