Total
2085 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14511 | 1 Moxa | 8 Edr-g902, Edr-g902-t, Edr-g902-t Firmware and 5 more | 2024-11-21 | 9.8 Critical |
| Malicious operation of the crafted web browser cookie may cause a stack-based buffer overflow in the system web server on the EDR-G902 and EDR-G903 Series Routers (versions prior to 5.4). | ||||
| CVE-2020-14498 | 1 Hms-networks | 1 Ecatcher | 2024-11-21 | 9.6 Critical |
| HMS Industrial Networks AB eCatcher all versions prior to 6.5.5 is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-14393 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.1 High |
| A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | ||||
| CVE-2020-13598 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 6.3 Medium |
| FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h | ||||
| CVE-2020-13434 | 8 Apple, Canonical, Debian and 5 more | 16 Icloud, Ipados, Iphone Os and 13 more | 2024-11-21 | 5.5 Medium |
| SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c. | ||||
| CVE-2020-12825 | 2 Gnome, Redhat | 2 Libcroco, Enterprise Linux | 2024-11-21 | 7.1 High |
| libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption. | ||||
| CVE-2020-12498 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2024-11-21 | 7.8 High |
| mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. | ||||
| CVE-2020-12497 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2024-11-21 | 7.8 High |
| PLCopen XML file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier can lead to a stack-based overflow. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. | ||||
| CVE-2020-12019 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-12002 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.8 Critical |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | ||||
| CVE-2020-11647 | 3 Debian, Opensuse, Wireshark | 3 Debian Linux, Leap, Wireshark | 2024-11-21 | 7.5 High |
| In Wireshark 3.2.0 to 3.2.2, 3.0.0 to 3.0.9, and 2.6.0 to 2.6.15, the BACapp dissector could crash. This was addressed in epan/dissectors/packet-bacapp.c by limiting the amount of recursion. | ||||
| CVE-2020-10931 | 1 Memcached | 1 Memcached | 2024-11-21 | 7.5 High |
| Memcached 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted binary protocol header to try_read_command_binary in memcached.c. | ||||
| CVE-2020-10924 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the UPnP service, which listens on TCP port 5000 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9643. | ||||
| CVE-2020-10881 | 1 Tp-link | 2 Ac1750, Ac1750 Firmware | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an overflow of a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the root user. Was ZDI-CAN-9660. | ||||
| CVE-2020-10639 | 1 Eaton | 2 Hmisoft Vu3, Hmisoft Vu3 Firmware | 2024-11-21 | 7.8 High |
| Eaton HMiSoft VU3 (HMIVU3 runtime not impacted), Version 3.00.23 and prior, however, the HMIVU runtimes are not impacted by these issues. A specially crafted input file could cause a buffer overflow when loaded by the affected product. | ||||
| CVE-2020-10615 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-11-21 | 7.5 High |
| Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability. | ||||
| CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2024-11-21 | 8.8 High |
| In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | ||||
| CVE-2020-10599 | 1 Visam | 2 Vbase Editor, Vbase Web-remote | 2024-11-21 | 9.8 Critical |
| VISAM VBASE Editor version 11.5.0.2 and VBASE Web-Remote Module may allow a vulnerable ActiveX component to be exploited resulting in a buffer overflow, which may lead to a denial-of-service condition and execution of arbitrary code. | ||||
| CVE-2020-10064 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 8.3 High |
| Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7 | ||||
| CVE-2020-10029 | 7 Canonical, Debian, Fedoraproject and 4 more | 18 Ubuntu Linux, Debian Linux, Fedora and 15 more | 2024-11-21 | 5.5 Medium |
| The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. | ||||