Search
Total
11946 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8800 | 1 Apple | 1 Xcode | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in Xcode 11.2. Processing a maliciously crafted file may lead to arbitrary code execution. | |||||
| CVE-2020-9793 | 1 Apple | 5 Ipad Os, Iphone Os, Mac Os X and 2 more | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A remote attacker may be able to cause arbitrary code execution. | |||||
| CVE-2020-1321 | 1 Microsoft | 2 365 Apps, Office | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. | |||||
| CVE-2019-9877 | 1 Xpdfreader | 1 Xpdf | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2020-1419 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists when the Windows kernel fails to properly initialize a memory address, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1367, CVE-2020-1389, CVE-2020-1426. | |||||
| CVE-2020-1093 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2021-07-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1035, CVE-2020-1058, CVE-2020-1060. | |||||
| CVE-2020-27173 | 1 Vm-superio Project | 1 Vm-superio | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In vm-superio before 0.1.1, the serial console FIFO can grow to unlimited memory usage when data is sent to the input source (i.e., standard input). This behavior cannot be reproduced from the guest side. When no rate limiting is in place, the host can be subject to memory pressure, impacting all other VMs running on the same host. | |||||
| CVE-2020-4554 | 1 Ibm | 1 I2 Analysts Notebook | 2021-07-21 | 6.9 MEDIUM | 7.8 HIGH |
| IBM i2 Analyst Notebook 9.2.1 and 9.2.2 could allow a local attacker to execute arbitrary code on the system, caused by a memory corruption. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 183322. | |||||
| CVE-2020-0869 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0801, CVE-2020-0807, CVE-2020-0809. | |||||
| CVE-2019-11221 | 2 Debian, Gpac | 2 Debian Linux, Gpac | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| GPAC 0.7.1 has a buffer overflow issue in gf_import_message() in media_import.c. | |||||
| CVE-2020-0103 | 1 Google | 1 Android | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| In a2dp_aac_decoder_cleanup of a2dp_aac_decoder.cc, there is a possible invalid free due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-9Android ID: A-148107188 | |||||
| CVE-2020-0956 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-0957, CVE-2020-0958. | |||||
| CVE-2020-3871 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15.3. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2019-10056 | 1 Suricata-ids | 1 Suricata | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Suricata 4.1.3. The code mishandles the case of sending a network packet with the right type, such that the function DecodeEthernet in decode-ethernet.c is executed a second time. At this point, the algorithm cuts the first part of the packet and doesn't determine the current length. Specifically, if the packet is exactly 28 long, in the first iteration it subtracts 14 bytes. Then, it is working with a packet length of 14. At this point, the case distinction says it is a valid packet. After that it casts the packet, but this packet has no type, and the program crashes at the type case distinction. | |||||
| CVE-2020-25022 | 1 Noise-java Project | 1 Noise-java | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access. | |||||
| CVE-2019-11560 | 1 Hisilicon | 2 Hi3516, Hi3516 Firmware | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability in the streaming server provided by hisilicon in HI3516 models allows an unauthenticated attacker to remotely run arbitrary code by sending a special RTSP over HTTP packet. The vulnerability was found in many cameras using hisilicon's hardware and software, as demonstrated by TENVIS cameras 1.3.3.3, 1.2.7.2, 1.2.1.4, 7.1.20.1.2, and 13.1.1.1.7.2; FDT FD7902 11.3.14.1.3 and 10.3.14.1.3; FOSCAM cameras 3.2.1.1.1_0815 and 3.2.2.2.1_0815; and Dericam cameras V11.3.8.1.12. | |||||
| CVE-2019-8776 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15. An application may be able to execute arbitrary code with system privileges. | |||||
| CVE-2020-9932 | 1 Apple | 4 Ipados, Iphone Os, Safari and 1 more | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in Safari 13.0.1, iOS 13.1 and iPadOS 13.1, tvOS 13. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
| CVE-2020-13250 | 1 Hashicorp | 1 Consul | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| HashiCorp Consul and Consul Enterprise include an HTTP API (introduced in 1.2.0) and DNS (introduced in 1.4.3) caching feature that was vulnerable to denial of service. Fixed in 1.6.6 and 1.7.4. | |||||
| CVE-2020-4325 | 1 Ibm | 2 Cloud Pak For Automation, Process Federation Server | 2021-07-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| The IBM Process Federation Server 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, and 19.0.0.3 Global Teams REST API does not properly shutdown the thread pools that it creates to retrieve Global Teams information from the federated systems. As a consequence, the Java Virtual Machine can't recover the memory used by those thread pools, which leads to an OutOfMemory exception when the Process Federation Server Global Teams REST API is used extensively. IBM X-Force ID: 177596. | |||||
| CVE-2019-9209 | 2 Debian, Wireshark | 2 Debian Linux, Wireshark | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.12 and 2.6.0 to 2.6.6, the ASN.1 BER and related dissectors could crash. This was addressed in epan/dissectors/packet-ber.c by preventing a buffer overflow associated with excessive digits in time values. | |||||
| CVE-2019-10054 | 1 Suricata-ids | 1 Suricata | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Suricata 4.1.3. The function process_reply_record_v3 lacks a check for the length of reply.data. It causes an invalid memory access and the program crashes within the nfs/nfs3.rs file. | |||||
| CVE-2019-9638 | 5 Canonical, Debian, Netapp and 2 more | 5 Ubuntu Linux, Debian Linux, Storage Automation Store and 2 more | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the EXIF component in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. There is an uninitialized read in exif_process_IFD_in_MAKERNOTE because of mishandling the maker_note->offset relationship to value_len. | |||||
| CVE-2020-0830 | 1 Microsoft | 11 Chakracore, Edge, Internet Explorer and 8 more | 2021-07-21 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way the scripting engine handles objects in memory in Microsoft browsers, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0768, CVE-2020-0823, CVE-2020-0825, CVE-2020-0826, CVE-2020-0827, CVE-2020-0828, CVE-2020-0829, CVE-2020-0831, CVE-2020-0832, CVE-2020-0833, CVE-2020-0848. | |||||
| CVE-2020-3740 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2021-07-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Framemaker versions 2019.0.4 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-0528 | 1 Intel | 158 Core I5-7200u, Core I5-7200u Firmware, Core I5-7260u and 155 more | 2021-07-21 | 4.6 MEDIUM | 7.8 HIGH |
| Improper buffer restrictions in BIOS firmware for 7th, 8th, 9th and 10th Generation Intel(R) Core(TM) Processor families may allow an authenticated user to potentially enable escalation of privilege and/or denial of service via local access. | |||||
| CVE-2020-9636 | 1 Adobe | 1 Framemaker | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Framemaker versions 2019.0.5 and below have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-12981 | 1 Libming | 1 Libming | 2021-07-21 | 6.8 MEDIUM | 8.8 HIGH |
| Ming (aka libming) 0.4.8 has an "fill overflow" vulnerability in the function SWFShape_setLeftFillStyle in blocks/shape.c. | |||||
| CVE-2020-0801 | 1 Microsoft | 3 Windows 10, Windows Server 2016, Windows Server 2019 | 2021-07-21 | 6.9 MEDIUM | 8.8 HIGH |
| A memory corruption vulnerability exists when Windows Media Foundation improperly handles objects in memory, aka 'Media Foundation Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2020-0807, CVE-2020-0809, CVE-2020-0869. | |||||
| CVE-2019-13244 | 1 Faststone | 1 Image Viewer | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| FastStone Image Viewer 7.0 has a User Mode Write AV starting at image00400000+0x0000000000002d7d. | |||||
| CVE-2020-0961 | 1 Microsoft | 2 Office, Office 365 Proplus | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Microsoft Office Access Connectivity Engine improperly handles objects in memory, aka 'Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability'. | |||||
| CVE-2020-0881 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory, aka 'GDI+ Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0883. | |||||
| CVE-2019-13250 | 1 Acdsee | 1 Acdsee | 2021-07-21 | 6.8 MEDIUM | 7.8 HIGH |
| ACDSee Free 1.1.21 has a User Mode Write AV starting at IDE_ACDStd!IEP_SetColorProfile+0x00000000000b9c2f. | |||||
| CVE-2019-1010258 | 1 Nanosvg Project | 1 Nanosvg | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| nanosvg library nanosvg after commit c1f6e209c16b18b46aa9f45d7e619acf42c29726 is affected by: Buffer Overflow. The impact is: Memory corruption leading to at least DoS. More severe impact vectors need more investigation. The component is: it's part of a svg processing library. function nsvg__parseColorRGB in src/nanosvg.h / line 1227. The attack vector is: It depends library usage. If input is passed from the network, then network connectivity is enough. Most likely an attack will require opening a specially crafted .svg file. | |||||
| CVE-2020-0676 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 2.1 LOW | 5.5 MEDIUM |
| An information disclosure vulnerability exists in the Cryptography Next Generation (CNG) service when it fails to properly handle objects in memory.To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.The security update addresses the vulnerability by correcting how the service handles objects in memory., aka 'Windows Key Isolation Service Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0675, CVE-2020-0677, CVE-2020-0748, CVE-2020-0755, CVE-2020-0756. | |||||
| CVE-2019-1010232 | 1 Juniper | 1 Libslax | 2021-07-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Juniper juniper/libslax libslax latest version (as of commit 084ddf6ab4a55b59dfa9a53f9c5f14d192c4f8e5 Commits on Sep 1, 2018) is affected by: Buffer Overflow. The impact is: remote dos. The component is: slaxlexer.c:601(funtion:slaxGetInput). The attack vector is: ./slaxproc --slax-to-xslt POC0. | |||||
| CVE-2020-0855 | 1 Microsoft | 2 Office, Office 365 Proplus | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Word software when it fails to properly handle objects in memory, aka 'Microsoft Word Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0850, CVE-2020-0851, CVE-2020-0852, CVE-2020-0892. | |||||
| CVE-2020-0953 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists when the Windows Jet Database Engine improperly handles objects in memory, aka 'Jet Database Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0889, CVE-2020-0959, CVE-2020-0960, CVE-2020-0988, CVE-2020-0992, CVE-2020-0994, CVE-2020-0995, CVE-2020-0999, CVE-2020-1008. | |||||
| CVE-2020-0907 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in the way that Microsoft Graphics Components handle objects in memory, aka 'Microsoft Graphics Components Remote Code Execution Vulnerability'. | |||||
| CVE-2019-12817 | 2 Canonical, Linux | 2 Ubuntu Linux, Linux Kernel | 2021-07-21 | 6.9 MEDIUM | 7.0 HIGH |
| arch/powerpc/mm/mmu_context_book3s64.c in the Linux kernel before 5.1.15 for powerpc has a bug where unrelated processes may be able to read/write to one another's virtual memory under certain conditions via an mmap above 512 TB. Only a subset of powerpc systems are affected. | |||||
| CVE-2020-1225 | 1 Microsoft | 3 365 Apps, Excel, Office | 2021-07-21 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-1226. | |||||
| CVE-2019-8750 | 1 Apple | 2 Icloud, Watchos | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in watchOS 6.1, iCloud for Windows 11.0. Multiple issues in libxslt. | |||||
| CVE-2019-1000006 | 1 Riot-os | 1 Riot | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| RIOT RIOT-OS version after commit 7af03ab624db0412c727eed9ab7630a5282e2fd3 contains a Buffer Overflow vulnerability in sock_dns, an implementation of the DNS protocol utilizing the RIOT sock API that can result in Remote code executing. This attack appears to be exploitable via network connectivity. | |||||
| CVE-2020-0991 | 1 Microsoft | 2 Office, Office 365 Proplus | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0760. | |||||
| CVE-2020-3759 | 1 Adobe | 1 Digital Editions | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Adobe Digital Editions versions 4.5.10 and below have a buffer errors vulnerability. Successful exploitation could lead to information disclosure. | |||||
| CVE-2019-8694 | 1 Apple | 1 Mac Os X | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Mojave 10.14.6. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-15518 | 1 Veeam | 2 Veeam Availability Suite, Veeam Backup \& Replication | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| VeeamFSR.sys in Veeam Availability Suite before 10 and Veeam Backup & Replication before 10 has no device object DACL, which allows unprivileged users to achieve total control over filesystem I/O requests. | |||||
| CVE-2019-8747 | 1 Apple | 1 Watchos | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption vulnerability was addressed with improved locking. This issue is fixed in watchOS 6.1. An application may be able to execute arbitrary code with kernel privileges. | |||||
| CVE-2020-0901 | 1 Microsoft | 2 365 Apps, Office | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka 'Microsoft Excel Remote Code Execution Vulnerability'. | |||||
| CVE-2020-3713 | 2 Adobe, Microsoft | 2 Illustrator Cc, Windows | 2021-07-21 | 9.3 HIGH | 7.8 HIGH |
| Adobe Illustrator CC versions 24.0 and earlier have a memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||