Total
7258 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-16855 | 1 Microsoft | 1 Office | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| <p>An information disclosure vulnerability exists when Microsoft Office software reads out of bound memory due to an uninitialized variable, which could disclose the contents of memory. An attacker who successfully exploited the vulnerability could view out of bound memory.</p> <p>Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of Microsoft Office software.</p> <p>The security update addresses the vulnerability by properly initializing the affected variable.</p> | |||||
| CVE-2020-16591 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A Denial of Service vulnerability exists in the Binary File Descriptor (BFD) in GNU Binutils 2.35 due to an invalid read in process_symbol_table, as demonstrated in readeif. | |||||
| CVE-2020-16236 | 1 Panasonic | 1 Fpwin Pro | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| FPWIN Pro is vulnerable to an out-of-bounds read vulnerability when a user opens a maliciously crafted project file, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-16219 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor Versions 1.97 and prior. An out-of-bounds read may be exploited by processing specially crafted project files. Successful exploitation of this vulnerability may allow an attacker to read/modify information, execute arbitrary code, and/or crash the application. | |||||
| CVE-2020-16211 | 1 Advantech | 1 Webaccess\/hmi Designer | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Advantech WebAccess HMI Designer, Versions 2.1.9.31 and prior. An out-of-bounds read vulnerability may be exploited by processing specially crafted project files, which may allow an attacker to read information. | |||||
| CVE-2020-16201 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| Delta Industrial Automation CNCSoft ScreenEditor, Versions 1.01.23 and prior. Multiple out-of-bounds read vulnerabilities may be exploited by processing specially crafted project files, which may allow an attacker to read information. | |||||
| CVE-2020-16159 | 1 Gopro | 1 Gpmf-parser | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| GoPro gpmf-parser 1.5 has a heap out-of-bounds read and segfault in GPMF_ScaledData(). Parsing malicious input can result in a crash or information disclosure. | |||||
| CVE-2020-16101 | 1 Gallagher | 1 Command Centre | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| It is possible for an unauthenticated remote DCOM websocket connection to crash the Command Centre service due to an out-of-bounds buffer access. Affected versions are v8.20 prior to v8.20.1166(MR3), v8.10 prior to v8.10.1211(MR5), v8.00 prior to v8.00.1228(MR6), all versions of 7.90 and earlier. | |||||
| CVE-2020-16048 | 1 Google | 1 Angle | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in ANGLE allowed a remote attacker to obtain sensitive data via a crafted HTML page. | |||||
| CVE-2020-16041 | 1 Google | 1 Chrome | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Out of bounds read in networking in Google Chrome prior to 87.0.4280.88 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-15981 | 4 Debian, Fedoraproject, Google and 1 more | 4 Debian Linux, Fedora, Chrome and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Out of bounds read in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | |||||
| CVE-2020-15890 | 3 Canonical, Debian, Luajit | 3 Ubuntu Linux, Debian Linux, Luajit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| LuaJit through 2.1.0-beta3 has an out-of-bounds read because __gc handler frame traversal is mishandled. | |||||
| CVE-2020-15889 | 1 Lua | 1 Lua | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Lua 5.4.0 has a getobjname heap-based buffer over-read because youngcollection in lgc.c uses markold for an insufficient number of list members. | |||||
| CVE-2020-15888 | 1 Lua | 1 Lua | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free. | |||||
| CVE-2020-15630 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10977. | |||||
| CVE-2020-15603 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash. | |||||
| CVE-2020-15572 | 1 Torproject | 1 Tor | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001. | |||||
| CVE-2020-15476 | 3 Debian, Linux, Ntop | 3 Debian Linux, Linux Kernel, Ndpi | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. | |||||
| CVE-2020-15473 | 1 Ntop | 1 Ndpi | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In nDPI through 3.2, the OpenVPN dissector is vulnerable to a heap-based buffer over-read in ndpi_search_openvpn in lib/protocols/openvpn.c. | |||||
| CVE-2020-15472 | 2 Debian, Ntop | 2 Debian Linux, Ndpi | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In nDPI through 3.2, the H.323 dissector is vulnerable to a heap-based buffer over-read in ndpi_search_h323 in lib/protocols/h323.c, as demonstrated by a payload packet length that is too short. | |||||