Search
Total
3972 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14305 | 1 Linux | 1 Linux Kernel | 2020-12-10 | 8.3 HIGH | 8.1 HIGH |
| An out-of-bounds memory write flaw was found in how the Linux kernel’s Voice Over IP H.323 connection tracking functionality handled connections on ipv6 port 1720. This flaw allows an unauthenticated remote user to crash the system, causing a denial of service. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-26970 | 1 Mozilla | 1 Thunderbird | 2020-12-10 | 9.3 HIGH | 8.8 HIGH |
| When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1. | |||||
| CVE-2020-26969 | 1 Mozilla | 1 Firefox | 2020-12-10 | 9.3 HIGH | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83. | |||||
| CVE-2020-26968 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2020-12-10 | 9.3 HIGH | 8.8 HIGH |
| Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | |||||
| CVE-2020-26952 | 1 Mozilla | 1 Firefox | 2020-12-09 | 9.3 HIGH | 8.8 HIGH |
| Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83. | |||||
| CVE-2018-3868 | 1 Computer-insel | 1 Photoline | 2020-12-09 | 6.8 MEDIUM | 7.8 HIGH |
| A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. | |||||
| CVE-2019-9423 | 1 Google | 1 Android | 2020-12-05 | 4.6 MEDIUM | 7.8 HIGH |
| In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616 | |||||
| CVE-2020-25464 | 1 Moddable | 1 Moddable | 2020-12-04 | 5.0 MEDIUM | 7.5 HIGH |
| Heap buffer overflow at moddable/xs/sources/xsDebug.c in Moddable SDK before before 20200903. The top stack frame is only partially initialized because the stack overflowed while creating the frame. This leads to a crash in the code sending the stack frame to the debugger. | |||||
| CVE-2017-2910 | 1 Libxls Project | 1 Libxls | 2020-12-04 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability. | |||||
| CVE-2020-9117 | 1 Huawei | 4 Nova 4, Nova 4 Firmware, Sydneym-al00 and 1 more | 2020-12-04 | 4.6 MEDIUM | 7.8 HIGH |
| HUAWEI nova 4 versions earlier than 10.0.0.165(C01E34R2P4) and SydneyM-AL00 versions earlier than 10.0.0.165(C00E66R1P5) have an out-of-bounds read and write vulnerability. An attacker with specific permissions crafts malformed packet with specific parameter and sends the packet to the affected products. Due to insufficient validation of packet, which may be exploited to cause the information leakage or arbitrary code execution. | |||||
| CVE-2020-29367 | 1 C-blosc2 Project | 1 C-blosc2 | 2020-12-03 | 9.3 HIGH | 7.8 HIGH |
| blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. | |||||
| CVE-2020-7563 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2020-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. | |||||
| CVE-2020-28579 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2020-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | |||||
| CVE-2020-25177 | 1 We-con | 1 Plc Editor | 2020-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution. | |||||
| CVE-2019-14934 | 1 Pdfresurrect Project | 1 Pdfresurrect | 2020-12-01 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write. | |||||
| CVE-2018-1100 | 3 Canonical, Redhat, Zsh | 5 Ubuntu Linux, Enterprise Linux Desktop, Enterprise Linux Server and 2 more | 2020-12-01 | 7.2 HIGH | 7.8 HIGH |
| zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the utils.c:checkmailpath function. A local attacker could exploit this to execute arbitrary code in the context of another user. | |||||
| CVE-2020-28373 | 1 Netgear | 26 R6250, R6250 Firmware, R6400 and 23 more | 2020-11-23 | 8.3 HIGH | 8.8 HIGH |
| upnpd on certain NETGEAR devices allows remote (LAN) attackers to execute arbitrary code via a stack-based buffer overflow. This affects R6400v2 V1.0.4.102_10.0.75, R6400 V1.0.1.62_1.0.41, R7000P V1.3.2.126_10.1.66, XR300 V1.0.3.50_10.3.36, R8000 V1.0.4.62, R8300 V1.0.2.136, R8500 V1.0.2.136, R7300DST V1.0.0.74, R7850 V1.0.5.64, R7900 V1.0.4.30, RAX20 V1.0.2.64, RAX80 V1.0.3.102, and R6250 V1.0.4.44. | |||||
| CVE-2019-9767 | 1 Cleanersoft | 1 Free Mp3 Cd Ripper | 2020-11-20 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in Free MP3 CD Ripper 2.6, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wma file. | |||||
| CVE-2017-18926 | 2 Debian, Librdf | 2 Debian Linux, Raptor Rdf Syntax Library | 2020-11-19 | 5.8 MEDIUM | 7.1 HIGH |
| raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the XML writer, leading to heap-based buffer overflows (sometimes seen in raptor_qname_format_as_xml). | |||||
| CVE-2020-27347 | 1 Tmux Project | 1 Tmux | 2020-11-17 | 4.6 MEDIUM | 7.8 HIGH |
| In tmux before version 3.1c the function input_csi_dispatch_sgr_colon() in file input.c contained a stack-based buffer-overflow that can be exploited by terminal output. | |||||
| CVE-2015-7504 | 3 Debian, Qemu, Xen | 3 Debian Linux, Qemu, Xen | 2020-11-16 | 4.6 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the pcnet_receive function in hw/net/pcnet.c in QEMU allows guest OS administrators to cause a denial of service (instance crash) or possibly execute arbitrary code via a series of packets in loopback mode. | |||||
| CVE-2019-18389 | 3 Opensuse, Redhat, Virglrenderer Project | 3 Leap, Enterprise Linux, Virglrenderer | 2020-11-16 | 4.6 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow in the vrend_renderer_transfer_write_iov function in vrend_renderer.c in virglrenderer through 0.8.0 allows guest OS users to cause a denial of service, or QEMU guest-to-host escape and code execution, via VIRGL_CCMD_RESOURCE_INLINE_WRITE commands. | |||||
| CVE-2020-9958 | 1 Apple | 2 Ipad Os, Iphone Os | 2020-11-15 | 9.3 HIGH | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.0 and iPadOS 14.0. An application may be able to cause unexpected system termination or write kernel memory. | |||||
| CVE-2020-27196 | 1 Lightbend | 1 Play Framework | 2020-11-13 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in PlayJava in Play Framework 2.6.0 through 2.8.2. The body parsing of HTTP requests eagerly parses a payload given a Content-Type header. A deep JSON structure sent to a valid POST endpoint (that may or may not expect JSON payloads) causes a StackOverflowError and Denial of Service. | |||||
| CVE-2020-5991 | 2 Microsoft, Nvidia | 2 Windows, Cuda Toolkit | 2020-11-13 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure. | |||||
| CVE-2020-28343 | 2 Google, Samsung | 4 Android, Exynos 980, Exynos 9820 and 1 more | 2020-11-10 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020). | |||||
| CVE-2019-19273 | 2 Google, Samsung | 5 Android, Exynos 8895, Galaxy Note8 and 2 more | 2020-11-10 | 7.2 HIGH | 7.8 HIGH |
| On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. | |||||
| CVE-2020-24411 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2020-11-10 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-0451 | 1 Google | 1 Android | 2020-11-10 | 9.3 HIGH | 8.8 HIGH |
| In sbrDecoder_AssignQmfChannels2SbrChannels of sbrdecoder.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9 Android-8.0 Android-8.1Android ID: A-158762825 | |||||
| CVE-2020-13398 | 4 Canonical, Debian, Freerdp and 1 more | 4 Ubuntu Linux, Debian Linux, Freerdp and 1 more | 2020-11-09 | 6.5 MEDIUM | 8.3 HIGH |
| An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | |||||
| CVE-2020-11125 | 1 Qualcomm | 96 Agatti, Agatti Firmware, Apq8009 and 93 more | 2020-11-09 | 4.6 MEDIUM | 7.8 HIGH |
| u'Out of bound access can happen in MHI command process due to lack of check of channel id value received from MHI devices' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in Agatti, APQ8009, Bitra, IPQ4019, IPQ5018, IPQ6018, IPQ8064, IPQ8074, Kamorta, MDM9150, MDM9607, MDM9650, MSM8905, MSM8917, MSM8953, Nicobar, QCA6390, QCA9531, QCM2150, QCS404, QCS405, QCS605, QCS610, QM215, QRB5165, Rennell, SA415M, SA515M, SA6155P, SA8155P, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2020-16010 | 1 Google | 2 Android, Chrome | 2020-11-04 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in UI in Google Chrome on Android prior to 86.0.4240.185 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. | |||||
| CVE-2019-10896 | 2 Fedoraproject, Wireshark | 2 Fedora, Wireshark | 2020-11-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.13, 2.6.0 to 2.6.7, and 3.0.0, the DOF dissector could crash. This was addressed in epan/dissectors/packet-dof.c by properly handling generated IID and OID bytes. | |||||
| CVE-2020-12865 | 1 Sane-project | 1 Sane Backends | 2020-11-02 | 5.2 MEDIUM | 8.0 HIGH |
| A heap buffer overflow in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-084. | |||||
| CVE-2020-12861 | 1 Sane-project | 1 Sane Backends | 2020-11-02 | 7.9 HIGH | 8.8 HIGH |
| A heap buffer overflow in SANE Backends before 1.0.30 allows a malicious device connected to the same local network as the victim to execute arbitrary code, aka GHSL-2020-080. | |||||
| CVE-2019-19918 | 1 Lout Project | 1 Lout | 2020-11-02 | 6.8 MEDIUM | 7.8 HIGH |
| Lout 3.40 has a heap-based buffer overflow in the srcnext() function in z02.c. | |||||
| CVE-2020-3982 | 2 Apple, Vmware | 6 Mac Os X, Cloud Foundation, Esxi and 3 more | 2020-10-30 | 4.9 MEDIUM | 7.7 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap. | |||||
| CVE-2015-8743 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-10-29 | 3.6 LOW | 7.1 HIGH |
| QEMU (aka Quick Emulator) built with the NE2000 device emulation support is vulnerable to an OOB r/w access issue. It could occur while performing 'ioport' r/w operations. A privileged (CAP_SYS_RAWIO) user/process could use this flaw to leak or corrupt QEMU memory bytes. | |||||
| CVE-2017-5509 | 1 Imagemagick | 1 Imagemagick | 2020-10-28 | 6.8 MEDIUM | 7.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | |||||
| CVE-2017-5510 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2020-10-28 | 6.8 MEDIUM | 7.8 HIGH |
| coders/psd.c in ImageMagick allows remote attackers to have unspecified impact via a crafted PSD file, which triggers an out-of-bounds write. | |||||
| CVE-2020-1664 | 1 Juniper | 1 Junos | 2020-10-28 | 7.2 HIGH | 7.8 HIGH |
| A stack buffer overflow vulnerability in the device control daemon (DCD) on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service (DoS) against the daemon or execute arbitrary code in the system with root privilege. This issue affects Juniper Networks Junos OS: 17.3 versions prior to 17.3R3-S9; 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D53, 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S4; 18.4 versions prior to 18.4R2-S5, 18.4R3-S5; 19.1 versions prior to 19.1R3-S3; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S4, 20.1R2; 20.2 versions prior to 20.2R1-S1, 20.2R2. Versions of Junos OS prior to 17.3 are unaffected by this vulnerability. | |||||
| CVE-2020-9980 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2020-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. Processing a maliciously crafted font file may lead to arbitrary code execution. | |||||
| CVE-2020-9872 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-9871 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-9874 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-26561 | 1 Belkin | 2 Linksys Wrt 160nl, Linksys Wrt 160nl Firmware | 2020-10-27 | 6.5 MEDIUM | 8.8 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Belkin LINKSYS WRT160NL 1.0.04.002_US_20130619 devices have a stack-based buffer overflow vulnerability because of sprintf in create_dir in mini_httpd. Successful exploitation leads to arbitrary code execution. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-9879 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-9919 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-27 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||
| CVE-2020-9927 | 1 Apple | 1 Mac Os X | 2020-10-27 | 7.2 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-9937 | 1 Apple | 7 Icloud, Ipad Os, Iphone Os and 4 more | 2020-10-26 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8, iTunes 12.10.8 for Windows, iCloud for Windows 11.3, iCloud for Windows 7.20. Processing a maliciously crafted image may lead to arbitrary code execution. | |||||