Search Results (83841 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-26987 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 8.8 High
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017)
CVE-2020-26986 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 8.8 High
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014)
CVE-2020-26985 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 8.8 High
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of RGB and SGI files. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11986, ZDI-CAN-11994)
CVE-2020-26984 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 8.8 High
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11972)
CVE-2020-26983 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 8.8 High
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing PDF files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11900)
CVE-2020-26982 1 Siemens 2 Jt2go, Teamcenter Visualization 2024-11-21 8.8 High
A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing CG4 and CGM files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-11898)
CVE-2020-26974 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-11-21 8.8 High
When flex-basis was used on a table wrapper, a StyleGenericFlexBasis object could have been incorrectly cast to the wrong type. This resulted in a heap user-after-free, memory corruption, and a potentially exploitable crash. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
CVE-2020-26971 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-11-21 8.8 High
Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6.
CVE-2020-26970 2 Mozilla, Redhat 4 Thunderbird, Enterprise Linux, Rhel E4s and 1 more 2024-11-21 8.8 High
When reading SMTP server status codes, Thunderbird writes an integer value to a position on the stack that is intended to contain just one byte. Depending on processor architecture and stack layout, this leads to stack corruption that may be exploitable. This vulnerability affects Thunderbird < 78.5.1.
CVE-2020-26969 1 Mozilla 1 Firefox 2024-11-21 8.8 High
Mozilla developers reported memory safety bugs present in Firefox 82. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83.
CVE-2020-26968 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-11-21 8.8 High
Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
CVE-2020-26958 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-11-21 6.1 Medium
Firefox did not block execution of scripts with incorrect MIME types when the response was intercepted and cached through a ServiceWorker. This could lead to a cross-site script inclusion vulnerability, or a Content Security Policy bypass. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
CVE-2020-26956 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-11-21 6.1 Medium
In some cases, removing HTML elements during sanitization would keep existing SVG event handlers and therefore lead to XSS. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
CVE-2020-26952 1 Mozilla 1 Firefox 2024-11-21 8.8 High
Incorrect bookkeeping of functions inlined during JIT compilation could have led to memory corruption and a potentially exploitable crash when handling out-of-memory errors. This vulnerability affects Firefox < 83.
CVE-2020-26951 2 Mozilla, Redhat 6 Firefox, Firefox Esr, Thunderbird and 3 more 2024-11-21 6.1 Medium
A parsing and event loading mismatch in Firefox's SVG code could have allowed load events to fire, even after sanitization. An attacker already capable of exploiting an XSS vulnerability in privileged internal pages could have used this attack to bypass our built-in sanitizer. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5.
CVE-2020-26934 4 Debian, Fedoraproject, Opensuse and 1 more 5 Debian Linux, Fedora, Backports Sle and 2 more 2024-11-21 6.1 Medium
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link.
CVE-2020-26932 2 Debian, Sympa 2 Debian Linux, Sympa 2024-11-21 4.3 Medium
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for sympa_newaliases-wrapper, whereas the intended permissions are mode 4750 (for access by the sympa group)
CVE-2020-26929 1 Netgear 4 R6220, R6220 Firmware, R6230 and 1 more 2024-11-21 7.3 High
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R6220 before 1.1.0.100 and R6230 before 1.1.0.100.
CVE-2020-26923 1 Netgear 8 Wc7500, Wc7500 Firmware, Wc7600 and 5 more 2024-11-21 4.3 Medium
Certain NETGEAR devices are affected by stored XSS. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.
CVE-2020-26922 1 Netgear 8 Wc7500, Wc7500 Firmware, Wc7600 and 5 more 2024-11-21 6.4 Medium
Certain NETGEAR devices are affected by command injection by an authenticated user. This affects WC7500 before 6.5.5.24, WC7600 before 6.5.5.24, WC7600v2 before 6.5.5.24, and WC9500 before 6.5.5.24.