Total
12599 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25690 | 2 Fontforge, Redhat | 2 Fontforge, Enterprise Linux | 2024-08-04 | 8.8 High |
| An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2020-25614 | 1 Xmlquery Project | 1 Xmlquery | 2024-08-04 | 9.8 Critical |
| xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact. | ||||
| CVE-2020-25599 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-08-04 | 7.0 High |
| An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable. | ||||
| CVE-2020-25211 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2024-08-04 | 6.0 Medium |
| In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. | ||||
| CVE-2020-25016 | 1 Rgb-rust Project | 1 Rgb-rust | 2024-08-04 | 9.1 Critical |
| A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. | ||||
| CVE-2020-23904 | 1 Xiph | 1 Speex | 2024-08-04 | 5.5 Medium |
| A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program. | ||||
| CVE-2020-21468 | 1 Redislabs | 1 Redis | 2024-08-04 | 7.5 High |
| A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7 | ||||
| CVE-2020-24342 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2024-08-04 | 7.8 High |
| Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | ||||
| CVE-2020-24074 | 1 Silk-v3-decoder Project | 1 Silk-v3-decoder | 2024-08-04 | 9.8 Critical |
| The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. | ||||
| CVE-2020-23574 | 1 Sysax | 1 Multi Server | 2024-08-04 | 6.5 Medium |
| When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash. | ||||
| CVE-2020-23563 | 1 Irfanview | 1 Irfanview | 2024-08-04 | 5.5 Medium |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba. | ||||
| CVE-2020-21682 | 1 Fig2dev Project | 1 Fig2dev | 2024-08-04 | 5.5 Medium |
| A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | ||||
| CVE-2020-21687 | 1 Nasm | 1 Netwide Assembler | 2024-08-04 | 5.5 Medium |
| Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | ||||
| CVE-2020-21531 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-08-04 | 5.5 Medium |
| fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. | ||||
| CVE-2020-21681 | 1 Fig2dev Project | 1 Fig2dev | 2024-08-04 | 5.5 Medium |
| A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | ||||
| CVE-2020-21675 | 2 Debian, Fig2dev Project | 2 Debian Linux, Fig2dev | 2024-08-04 | 5.5 Medium |
| A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format. | ||||
| CVE-2020-21685 | 1 Nasm | 1 Netwide Assembler | 2024-08-04 | 5.5 Medium |
| Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | ||||
| CVE-2020-21678 | 1 Fig2dev Project | 1 Fig2dev | 2024-08-04 | 5.5 Medium |
| A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. | ||||
| CVE-2020-21529 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-08-04 | 5.5 Medium |
| fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. | ||||
| CVE-2020-21680 | 1 Fig2dev Project | 1 Fig2dev | 2024-08-04 | 5.5 Medium |
| A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | ||||