Search Results (363262 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-24354 1 Zyxel 2 Vmg5313-b30b, Vmg5313-b30b Firmware 2024-11-21 8.8 High
Zyxel VMG5313-B30B router on firmware 5.13(ABCJ.6)b3_1127, and possibly older versions of firmware are affected by shell injection.
CVE-2020-24353 1 Pega 1 Pega Platform 2024-11-21 6.1 Medium
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.
CVE-2020-24352 1 Qemu 1 Qemu 2024-11-21 5.5 Medium
An issue was discovered in QEMU through 5.1.0. An out-of-bounds memory access was found in the ATI VGA device implementation. This flaw occurs in the ati_2d_blt() routine in hw/display/ati_2d.c while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service.
CVE-2020-24349 1 F5 1 Njs 2024-11-21 5.5 Medium
njs through 0.4.3, used in NGINX, allows control-flow hijack in njs_value_property in njs_value.c. NOTE: the vendor considers the issue to be "fluff" in the NGINX use case because there is no remote attack surface.
CVE-2020-24348 1 F5 1 Njs 2024-11-21 5.5 Medium
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_json_stringify_iterator in njs_json.c.
CVE-2020-24347 1 F5 1 Njs 2024-11-21 5.5 Medium
njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
CVE-2020-24346 1 F5 1 Njs 2024-11-21 7.8 High
njs through 0.4.3, used in NGINX, has a use-after-free in njs_json_parse_iterator_call in njs_json.c.
CVE-2020-24345 1 Jerryscript 1 Jerryscript 2024-11-21 7.8 High
JerryScript through 2.3.0 allows stack consumption via function a(){new new Proxy(a,{})}JSON.parse("[]",a). NOTE: the vendor states that the problem is the lack of the --stack-limit option
CVE-2020-24344 1 Jerryscript 1 Jerryscript 2024-11-21 7.1 High
JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read.
CVE-2020-24343 1 Artifex 1 Mujs 2024-11-21 7.8 High
Artifex MuJS through 1.0.7 has a use-after-free in jsrun.c because of unconditional marking in jsgc.c.
CVE-2020-24342 2 Fedoraproject, Lua 2 Fedora, Lua 2024-11-21 7.8 High
Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row.
CVE-2020-24341 1 Altran 2 Picotcp, Picotcp-ng 2024-11-21 9.1 Critical
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak.
CVE-2020-24340 1 Altran 2 Picotcp, Picotcp-ng 2024-11-21 7.5 High
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service.
CVE-2020-24339 1 Altran 2 Picotcp, Picotcp-ng 2024-11-21 7.5 High
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service.
CVE-2020-24338 1 Altran 1 Picotcp 2024-11-21 9.8 Critical
An issue was discovered in picoTCP through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds writes that lead to Denial-of-Service and Remote Code Execution.
CVE-2020-24337 1 Altran 2 Picotcp, Picotcp-ng 2024-11-21 7.5 High
An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. When an unsupported TCP option with zero length is provided in an incoming TCP packet, it is possible to cause a Denial-of-Service by achieving an infinite loop in the code that parses TCP options, aka tcp_parse_options() in pico_tcp.c.
CVE-2020-24336 2 Contiki-ng, Contiki-os 2 Contiki-ng, Contiki 2024-11-21 9.8 Critical
An issue was discovered in Contiki through 3.0 and Contiki-NG through 4.5. The code for parsing Type A domain name answers in ip64-dns64.c doesn't verify whether the address in the answer's length is sane. Therefore, when copying an address of an arbitrary length, a buffer overflow can occur. This bug can be exploited whenever NAT64 is enabled.
CVE-2020-24335 3 Contiki-ng, Contiki-os, Uip Project 3 Contiki-ng, Contiki, Uip 2024-11-21 7.5 High
An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets.
CVE-2020-24334 3 Contiki-ng, Contiki-os, Uip Project 3 Contiki-ng, Contiki, Uip 2024-11-21 8.2 High
The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c.
CVE-2020-24333 1 Arista 1 Cloudvision Portal 2024-11-21 6.5 Medium
A vulnerability in Arista’s CloudVision Portal (CVP) prior to 2020.2 allows users with “read-only” or greater access rights to the Configlet Management module to download files not intended for access, located on the CVP server, by accessing a specific API.