Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7524 | 1 Schneider-electric | 2 Modicon M218, Modicon M218 Firmware | 2024-11-21 | 7.5 High |
| Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal. | ||||
| CVE-2020-7502 | 1 Schneider-electric | 2 Modicon M218, Modicon M218 Firmware | 2024-11-21 | 7.5 High |
| A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller. | ||||
| CVE-2020-7465 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2024-11-21 | 9.8 Critical |
| The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | ||||
| CVE-2020-7461 | 2 Freebsd, Siemens | 5 Freebsd, Simatic Rf350m, Simatic Rf350m Firmware and 2 more | 2024-11-21 | 7.3 High |
| In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. | ||||
| CVE-2020-7458 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.8 Critical |
| In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution. | ||||
| CVE-2020-7454 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.8 Critical |
| In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. | ||||
| CVE-2020-7450 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 9.8 Critical |
| In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. | ||||
| CVE-2020-7248 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 7.5 High |
| libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | ||||
| CVE-2020-7131 | 1 Hp | 3 Blade Maintenance Entity, Integrated Maintenance Entity, Maintenance Entity | 2024-11-21 | 9.0 Critical |
| This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity). | ||||
| CVE-2020-7122 | 1 Arubanetworks | 12 Cx 6200f, Cx 6200f Firmware, Cx 6300 and 9 more | 2024-11-21 | 7.5 High |
| Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000. | ||||
| CVE-2020-7121 | 1 Arubanetworks | 12 Cx 6200f, Cx 6200f Firmware, Cx 6300 and 9 more | 2024-11-21 | 7.5 High |
| Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021. | ||||
| CVE-2020-7085 | 1 Autodesk | 1 Fbx Software Development Kit | 2024-11-21 | 7.8 High |
| A heap overflow vulnerability in the Autodesk FBX-SDK versions 2019.2 and earlier may lead to arbitrary code execution on a system running it. | ||||
| CVE-2020-7065 | 5 Canonical, Debian, Php and 2 more | 6 Ubuntu Linux, Debian Linux, Php and 3 more | 2024-11-21 | 7.4 High |
| In PHP versions 7.3.x below 7.3.16 and 7.4.x below 7.4.4, while using mb_strtolower() function with UTF-32LE encoding, certain invalid strings could cause PHP to overwrite stack-allocated buffer. This could lead to memory corruption, crashes and potentially code execution. | ||||
| CVE-2020-7054 | 1 Mz-automation | 1 Libiec61850 | 2024-11-21 | 8.8 High |
| MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. | ||||
| CVE-2020-7039 | 5 Debian, Libslirp Project, Opensuse and 2 more | 12 Debian Linux, Libslirp, Leap and 9 more | 2024-11-21 | 5.6 Medium |
| tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. | ||||
| CVE-2020-7007 | 1 Moxa | 4 Eds-510e, Eds-510e Firmware, Eds-g516e and 1 more | 2024-11-21 | 9.8 Critical |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, the attacker may execute arbitrary codes or target the device, causing it to go out of service. | ||||
| CVE-2020-7002 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 7.8 High |
| Delta Industrial Automation CNCSoft ScreenEditor, v1.00.96 and prior. Multiple stack-based buffer overflows can be exploited when a valid user opens a specially crafted, malicious input file. | ||||
| CVE-2020-6996 | 1 Trianglemicroworks | 1 Dnp3 Source Code Library | 2024-11-21 | 9.8 Critical |
| Triangle MicroWorks DNP3 Outstation LibrariesDNP3 Outstation .NET Protocol components and DNP3 Outstation ANSI C source code libraries are affected:3.16.00 through 3.25.01. A specially crafted message may cause a stack-based buffer overflow. Authentication is not required to exploit this vulnerability. | ||||
| CVE-2020-6989 | 1 Moxa | 110 Pt-7528-12msc-12tx-4gsfp-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv, Pt-7528-12msc-12tx-4gsfp-hv-hv Firmware and 107 more | 2024-11-21 | 9.8 Critical |
| In Moxa PT-7528 series firmware, Version 4.0 or lower, and PT-7828 series firmware, Version 3.9 or lower, a buffer overflow in the web server allows remote attackers to cause a denial-of-service condition or execute arbitrary code. | ||||
| CVE-2020-6970 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 9.8 Critical |
| A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. | ||||