Search
Total
6424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9680 | 2 Adobe, Microsoft | 2 Prelude, Windows | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Prelude versions 9.0 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9684 | 2 Adobe, Microsoft | 3 Photoshop, Photoshop Cc, Windows | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9687 | 2 Adobe, Microsoft | 3 Photoshop, Photoshop Cc, Windows | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Photoshop versions Photoshop CC 2019, and Photoshop 2020 have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-0120 | 1 Google | 1 Android | 2020-07-23 | 4.6 MEDIUM | 7.8 HIGH |
| In notifyErrorForPendingRequests of QCamera3HWI.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-149995442 | |||||
| CVE-2019-9200 | 3 Canonical, Debian, Freedesktop | 3 Ubuntu Linux, Debian Linux, Poppler | 2020-07-23 | 6.8 MEDIUM | 8.8 HIGH |
| A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2020-7818 | 1 Hmtalk | 1 Daviewindy | 2020-07-22 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-9650 | 1 Adobe | 1 Media Encoder | 2020-07-22 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9646 | 1 Adobe | 1 Media Encoder | 2020-07-22 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Media Encoder versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2019-20912 | 1 Gnu | 1 Libredwg | 2020-07-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a stack overflow in bits.c, possibly related to bit_read_TF. | |||||
| CVE-2020-0225 | 1 Google | 1 Android | 2020-07-22 | 10.0 HIGH | 9.8 CRITICAL |
| In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-142546668 | |||||
| CVE-2020-0541 | 1 Intel | 1 Converged Security Management Engine Firmware | 2020-07-22 | 4.6 MEDIUM | 6.7 MEDIUM |
| Out-of-bounds write in subsystem for Intel(R) CSME versions before 12.0.64, 13.0.32, 14.0.33 and 14.5.12 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-11904 | 1 Treck | 1 Tcp\/ip | 2020-07-22 | 7.5 HIGH | 7.3 HIGH |
| The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. | |||||
| CVE-2020-11897 | 1 Treck | 1 Tcp\/ip | 2020-07-22 | 10.0 HIGH | 10.0 CRITICAL |
| The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. | |||||
| CVE-2020-0230 | 1 Google | 1 Android | 2020-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156337262 | |||||
| CVE-2020-0231 | 1 Google | 1 Android | 2020-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| There is a possible out of bounds write due to an incorrect bounds check. Product: AndroidVersions: Android SoCAndroid ID: A-156333727 | |||||
| CVE-2011-0495 | 3 Debian, Digium, Fedoraproject | 6 Debian Linux, Asterisk, Asterisknow and 3 more | 2020-07-15 | 6.0 MEDIUM | N/A |
| Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition before C.3.6.2; when running in pedantic mode allows remote authenticated users to execute arbitrary code via crafted caller ID data in vectors involving the (1) SIP channel driver, (2) URIENCODE dialplan function, or (3) AGI dialplan function. | |||||
| CVE-2018-16999 | 1 Nasm | 1 Netwide Assembler | 2020-07-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| Netwide Assembler (NASM) 2.14rc15 has an invalid memory write (segmentation fault) in expand_smacro in preproc.c, which allows attackers to cause a denial of service via a crafted input file. | |||||
| CVE-2020-14482 | 1 Deltaww | 1 Dopsoft | 2020-07-10 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Industrial Automation DOPSoft, Version 4.00.08.15 and prior. Opening a specially crafted project file may overflow the heap, which may allow remote code execution, disclosure/modification of information, or cause the application to crash. | |||||
| CVE-2020-1751 | 2 Gnu, Redhat | 2 Glibc, Enterprise Linux | 2020-07-09 | 5.9 MEDIUM | 7.0 HIGH |
| An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2019-19505 | 1 Tendacn | 2 Pa6, Pa6 Firmware | 2020-07-08 | 9.0 HIGH | 8.8 HIGH |
| Tenda PA6 Wi-Fi Powerline extender 1.0.1.21 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the "Wireless" section in the web-UI. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. | |||||
| CVE-2020-15474 | 1 Ntop | 1 Ndpi | 2020-07-06 | 7.5 HIGH | 9.8 CRITICAL |
| In nDPI through 3.2, there is a stack overflow in extractRDNSequence in lib/protocols/tls.c. | |||||
| CVE-2020-15365 | 1 Libraw | 1 Libraw | 2020-07-06 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibRaw before 0.20-Beta3 has an out-of-bounds write in parse_exif() in metadata\exif_gps.cpp via an unrecognized AtomName and a zero value of tiff_nifds. | |||||
| CVE-2020-9659 | 2 Adobe, Microsoft | 2 Audition, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9654 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9653 | 2 Adobe, Microsoft | 2 Premiere Pro, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Pro versions 14.2 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9657 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9656 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Premiere Rush versions 1.5.12 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-6458 | 1 Google | 1 Chrome | 2020-07-02 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds read and write in PDFium in Google Chrome prior to 81.0.4044.122 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2020-9658 | 2 Adobe, Microsoft | 2 Audition, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9590 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9621 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9620 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9589 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-01 | 9.3 HIGH | 7.8 HIGH |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-14938 | 1 Freedroid | 1 Freedroidrpg | 2020-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow. | |||||
| CVE-2020-3967 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 4.4 MEDIUM | 7.5 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-3968 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 4.6 MEDIUM | 8.2 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-3971 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 2.1 LOW | 5.5 MEDIUM |
| VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. | |||||
| CVE-2020-14473 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2020-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. | |||||
| CVE-2020-9660 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-06-30 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 17.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9612 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9597 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9594 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-5303 | 1 Tendermint | 1 Tendermint | 2020-06-30 | 4.3 MEDIUM | 3.7 LOW |
| Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated (due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions. Additionally, Tendermint does not reclaim activeID of a peer after it's removed in Mempool reactor. This does not happen all the time. It only happens when a connection fails (for any reason) before the Peer is created and added to all reactors. RemovePeer is therefore called before AddPeer, which leads to always growing memory (activeIDs map). The activeIDs map has a maximum size of 65535 and the node will panic if this map reaches the maximum. An attacker can create a lot of connection attempts (exploiting above denial of service), which ultimately will lead to the node panicking. These issues are patched in Tendermint 0.33.3 and 0.32.10. | |||||
| CVE-2020-9638 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9637 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-14993 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2020-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. | |||||
| CVE-2020-9554 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9555 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9556 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9559 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||