Total
3031 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6825 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-08-04 | 9.8 Critical |
| Mozilla developers and community members Tyson Smith and Christian Holler reported memory safety bugs present in Firefox 74 and Firefox ESR 68.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. | ||||
| CVE-2020-6083 | 1 Rockwellautomation | 2 Allen-bradley Flex Io 1794-aent\/b, Allen-bradley Flex Io 1794-aent\/b Firmware | 2024-08-04 | 7.5 High |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2020-6087 | 1 Rockwellautomation | 2 Flex I\/o 1794-aent\/b, Flex I\/o 1794-aent\/b Firmware | 2024-08-04 | 7.5 High |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | ||||
| CVE-2020-6085 | 1 Rockwellautomation | 1 Flex I\/o 1794-aent | 2024-08-04 | 7.5 High |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less than 0x18 bytes following the Key Format field. | ||||
| CVE-2020-6086 | 1 Rockwellautomation | 2 Flex I\/o 1794-aent\/b, Flex I\/o 1794-aent\/b Firmware | 2024-08-04 | 7.5 High |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.If the Simple Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | ||||
| CVE-2020-6084 | 1 Rockwellautomation | 1 Flex I\/o 1794-aent | 2024-08-04 | 7.5 High |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability by sending an Electronic Key Segment with less bytes than required by the Key Format Table. | ||||
| CVE-2020-6088 | 1 Rockwellautomation | 2 Flex Io 1794-aent\/b, Flex Io 1794-aent\/b Firmware | 2024-08-04 | 7.5 High |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2020-6018 | 1 Valvesoftware | 1 Game Networking Sockets | 2024-08-04 | 9.8 Critical |
| Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long encrypted messages in function AES_GCM_DecryptContext::Decrypt() when compiled using libsodium, leading to a Stack-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. | ||||
| CVE-2020-6017 | 1 Valvesoftware | 1 Game Networking Sockets | 2024-08-04 | 9.8 Critical |
| Valve's Game Networking Sockets prior to version v1.2.0 improperly handles long unreliable segments in function SNP_ReceiveUnreliableSegment() when configured to support plain-text messages, leading to a Heap-Based Buffer Overflow and resulting in a memory corruption and possibly even a remote code execution. | ||||
| CVE-2020-5644 | 1 Mitsubishielectric | 6 Coreos, Gt1450-qlbde, Gt1450-qmbde and 3 more | 2024-08-04 | 9.8 Critical |
| Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | ||||
| CVE-2020-5734 | 1 Solarwinds | 1 Dameware | 2024-08-04 | 7.5 High |
| Classic buffer overflow in SolarWinds Dameware allows a remote, unauthenticated attacker to cause a denial of service by sending a large 'SigPubkeyLen' during ECDH key exchange. | ||||
| CVE-2020-5653 | 1 Mitsubishielectric | 10 Melsec Iq-rd81dl96, Melsec Iq-rd81dl96 Firmware, Melsec Iq-rd81mes96n and 7 more | 2024-08-04 | 9.8 Critical |
| Buffer overflow vulnerability in TCP/IP function included in the firmware of MELSEC iQ-R series (RJ71EIP91 EtherNet/IP Network Interface Module First 2 digits of serial number are '02' or before, RJ71PN92 PROFINET IO Controller Module First 2 digits of serial number are '01' or before, RD81DL96 High Speed Data Logger Module First 2 digits of serial number are '08' or before, RD81MES96N MES Interface Module First 2 digits of serial number are '04' or before, and RD81OPC96 OPC UA Server Module First 2 digits of serial number are '04' or before) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | ||||
| CVE-2020-5595 | 1 Mitsubishielectric | 4 Coreos, Got2000 Gt23, Got2000 Gt25 and 1 more | 2024-08-04 | 9.8 Critical |
| TCP/IP function included in the firmware of Mitsubishi Electric GOT2000 series (CoreOS with version -Y and earlier installed in GT27 Model, GT25 Model, and GT23 Model) contains a buffer overflow vulnerability, which may allow a remote attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | ||||
| CVE-2020-5312 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-04 | 9.8 Critical |
| libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | ||||
| CVE-2020-5311 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-08-04 | 9.8 Critical |
| libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | ||||
| CVE-2020-5133 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-08-04 | 7.5 High |
| A vulnerability in SonicOS allows a remote unauthenticated attacker to cause Denial of Service due to buffer overflow, which leads to a firewall crash. This vulnerability affected SonicOS Gen 6 version 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | ||||
| CVE-2020-5208 | 5 Debian, Fedoraproject, Ipmitool Project and 2 more | 9 Debian Linux, Fedora, Ipmitool and 6 more | 2024-08-04 | 7.7 High |
| It's been found that multiple functions in ipmitool before 1.8.19 neglect proper checking of the data received from a remote LAN party, which may lead to buffer overflows and potentially to remote code execution on the ipmitool side. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1.8.19. | ||||
| CVE-2020-5213 | 1 Nethack | 1 Nethack | 2024-08-04 | 5 Medium |
| In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5. | ||||
| CVE-2020-5135 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-08-04 | 9.8 Critical |
| A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | ||||
| CVE-2020-5210 | 1 Nethack | 1 Nethack | 2024-08-04 | 5 Medium |
| In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. | ||||