Total
3037 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-27818 | 3 Debian, Fedoraproject, Libpng | 4 Debian Linux, Extra Packages For Enterprise Linux, Fedora and 1 more | 2024-08-04 | 3.3 Low |
| A flaw was found in the check_chunk_name() function of pngcheck-2.4.0. An attacker able to pass a malicious file to be processed by pngcheck could cause a temporary denial of service, posing a low risk to application availability. | ||||
| CVE-2020-27824 | 4 Debian, Fedoraproject, Redhat and 1 more | 4 Debian Linux, Fedora, Enterprise Linux and 1 more | 2024-08-04 | 5.5 Medium |
| A flaw was found in OpenJPEG’s encoder in the opj_dwt_calc_explicit_stepsizes() function. This flaw allows an attacker who can supply crafted input to decomposition levels to cause a buffer overflow. The highest threat from this vulnerability is to system availability. | ||||
| CVE-2020-27745 | 2 Debian, Schedmd | 2 Debian Linux, Slurm | 2024-08-04 | 9.8 Critical |
| Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | ||||
| CVE-2020-27678 | 3 Illumos, Joyent, Omniosce | 3 Illumos, Smartos, Omnios | 2024-08-04 | 9.8 Critical |
| An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c. | ||||
| CVE-2020-27690 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2024-08-04 | 5.5 Medium |
| The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes. | ||||
| CVE-2020-27486 | 1 Garmin | 2 Forerunner 235, Forerunner 235 Firmware | 2024-08-04 | 9.9 Critical |
| Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. | ||||
| CVE-2020-27507 | 1 Kamailio | 1 Kamailio | 2024-08-04 | 9.8 Critical |
| The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact. | ||||
| CVE-2020-25756 | 1 Cesanta | 1 Mongoose | 2024-08-04 | 9.8 Critical |
| A buffer overflow vulnerability exists in the mg_get_http_header function in Cesanta Mongoose 6.18 due to a lack of bounds checking. A crafted HTTP header can exploit this bug. NOTE: a committer has stated "this will not happen in practice. | ||||
| CVE-2020-27372 | 1 Brandy Project | 1 Brandy | 2024-08-04 | 9.8 Critical |
| A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function. | ||||
| CVE-2020-26971 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-08-04 | 8.8 High |
| Certain blit values provided by the user were not properly constrained leading to a heap buffer overflow on some video drivers. This vulnerability affects Firefox < 84, Thunderbird < 78.6, and Firefox ESR < 78.6. | ||||
| CVE-2020-26968 | 2 Mozilla, Redhat | 6 Firefox, Firefox Esr, Thunderbird and 3 more | 2024-08-04 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 82 and Firefox ESR 78.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 83, Firefox ESR < 78.5, and Thunderbird < 78.5. | ||||
| CVE-2020-26759 | 1 Clickhouse-driver Project | 1 Clickhouse-driver | 2024-08-04 | 9.8 Critical |
| clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow. | ||||
| CVE-2020-26422 | 2 Oracle, Wireshark | 2 Zfs Storage Appliance Kit, Wireshark | 2024-08-04 | 3.7 Low |
| Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2020-26154 | 5 Debian, Fedoraproject, Libproxy Project and 2 more | 5 Debian Linux, Fedora, Libproxy and 2 more | 2024-08-04 | 9.8 Critical |
| url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | ||||
| CVE-2020-25969 | 1 Gnuplot Project | 1 Gnuplot | 2024-08-04 | 9.8 Critical |
| gnuplot v5.5 was discovered to contain a buffer overflow via the function plotrequest(). | ||||
| CVE-2020-25583 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 9.8 Critical |
| In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 when processing a DNSSL option, rtsold(8) decodes domain name labels per an encoding specified in RFC 1035 in which the first octet of each label contains the label's length. rtsold(8) did not validate label lengths correctly and could overflow the destination buffer. | ||||
| CVE-2020-25577 | 1 Freebsd | 1 Freebsd | 2024-08-04 | 9.8 Critical |
| In FreeBSD 12.2-STABLE before r368250, 11.4-STABLE before r368253, 12.2-RELEASE before p1, 12.1-RELEASE before p11 and 11.4-RELEASE before p5 rtsold(8) does not verify that the RDNSS option does not extend past the end of the received packet before processing its contents. While the kernel currently ignores such malformed packets, it passes them to userspace programs. Any programs expecting the kernel to do validation may be vulnerable to an overflow. | ||||
| CVE-2020-25279 | 1 Google | 1 Android | 2024-08-04 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020). | ||||
| CVE-2020-25211 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2024-08-04 | 6.0 Medium |
| In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. | ||||
| CVE-2020-25185 | 1 Paradox | 2 Ip150, Ip150 Firmware | 2024-08-04 | 8.8 High |
| The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | ||||