Total
12252 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10809 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service. | |||||
| CVE-2020-10742 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
| A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. | |||||
| CVE-2020-10654 | 1 Pingidentity | 1 Pingid Ssh Integration | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. | |||||
| CVE-2020-10646 | 1 Fujielectric | 1 V-server | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. | |||||
| CVE-2020-10638 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | |||||
| CVE-2020-10615 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability. | |||||
| CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | |||||
| CVE-2020-10543 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 15 Fedora, Leap, Communications Billing And Revenue Management and 12 more | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | |||||
| CVE-2020-10531 | 9 Canonical, Debian, Fedoraproject and 6 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. | |||||
| CVE-2020-10245 | 1 Codesys | 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. | |||||
| CVE-2020-10232 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. | |||||
| CVE-2020-10223 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| npdf.dll in Nitro Pro before 13.13.2.242 is vulnerable to JBIG2Decode CNxJBIG2DecodeStream Heap Corruption at npdf!CAPPDAnnotHandlerUtils::create_popup_for_markup+0x12fbe via a crafted PDF document. | |||||
| CVE-2020-10214 | 1 Dlink | 2 Dir-825, Dir-825 Firmware | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntp_sync.cgi with a sufficiently long parameter ntp_server. | |||||
| CVE-2020-10065 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 5.8 MEDIUM | 3.8 LOW |
| Missing Size Checks in Bluetooth HCI over SPI. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Length Parameter Inconsistency (CWE-130). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hg2w-62p6-g67c | |||||
| CVE-2020-10064 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
| Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 | |||||
| CVE-2020-10061 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| Improper handling of the full-buffer case in the Zephyr Bluetooth implementation can result in memory corruption. This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions, and version 1.14.0 and later versions. | |||||
| CVE-2020-10029 | 6 Canonical, Debian, Fedoraproject and 3 more | 12 Ubuntu Linux, Debian Linux, Fedora and 9 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. | |||||
| CVE-2020-10021 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 4.6 MEDIUM | 8.1 HIGH |
| Out-of-bounds Write in the USB Mass Storage memoryWrite handler with unaligned Sizes See NCC-ZEP-024, NCC-ZEP-025, NCC-ZEP-026 This issue affects: zephyrproject-rtos zephyr version 1.14.1 and later versions. version 2.1.0 and later versions. | |||||
| CVE-2020-10017 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. Processing a maliciously crafted audio file may lead to arbitrary code execution. | |||||
| CVE-2020-10016 | 1 Apple | 6 Ipados, Iphone Os, Mac Os X and 3 more | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1, iOS 14.2 and iPadOS 14.2, tvOS 14.2, watchOS 7.1. An application may be able to execute arbitrary code with kernel privileges. | |||||