Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-29394 | 2 Debian, Genivi | 2 Debian Linux, Diagnostic Log And Trace | 2024-11-21 | 7.8 High |
| A buffer overflow in the dlt_filter_load function in dlt_common.c from dlt-daemon through 2.18.5 (GENIVI Diagnostic Log and Trace) allows arbitrary code execution because fscanf is misused (no limit on the number of characters to be read in the format argument). | ||||
| CVE-2020-29367 | 1 C-blosc2 Project | 1 C-blosc2 | 2024-11-21 | 7.8 High |
| blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data. | ||||
| CVE-2020-29363 | 4 Debian, Oracle, P11-kit Project and 1 more | 4 Debian Linux, Communications Cloud Native Core Policy, P11-kit and 1 more | 2024-11-21 | 7.5 High |
| An issue was discovered in p11-kit 0.23.6 through 0.23.21. A heap-based buffer overflow has been discovered in the RPC protocol used by p11-kit server/remote commands and the client library. When the remote entity supplies a serialized byte array in a CK_ATTRIBUTE, the receiving entity may not allocate sufficient length for the buffer to store the deserialized value. | ||||
| CVE-2020-29040 | 1 Xen | 1 Xen | 2024-11-21 | 8.8 High |
| An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one error. NOTE: this issue is caused by an incorrect fix for CVE-2020-27671. | ||||
| CVE-2020-29019 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 5.3 Medium |
| A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.7 and version before 6.2.4 may allow a remote, unauthenticated attacker to crash the httpd daemon thread by sending a request with a crafted cookie header. | ||||
| CVE-2020-29016 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 9.8 Critical |
| A stack-based buffer overflow vulnerability in FortiWeb 6.3.0 through 6.3.5 and version before 6.2.4 may allow an unauthenticated, remote attacker to overwrite the content of the stack and potentially execute arbitrary code by sending a crafted request with a large certname. | ||||
| CVE-2020-28964 | 1 Tonec | 1 Internet Download Manager | 2024-11-21 | 6.7 Medium |
| Internet Download Manager 6.37.11.1 was discovered to contain a stack buffer overflow in the Search function. This vulnerability allows attackers to escalate local process privileges via unspecified vectors. | ||||
| CVE-2020-28928 | 4 Debian, Fedoraproject, Musl-libc and 1 more | 4 Debian Linux, Fedora, Musl and 1 more | 2024-11-21 | 5.5 Medium |
| In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow). | ||||
| CVE-2020-28895 | 2 Oracle, Windriver | 2 Communications Eagle, Vxworks | 2024-11-21 | 7.3 High |
| In Wind River VxWorks, memory allocator has a possible overflow in calculating the memory block's size to be allocated by calloc(). As a result, the actual memory allocated is smaller than the buffer size specified by the arguments, leading to memory corruption. | ||||
| CVE-2020-28600 | 1 Openscad | 1 Openscad | 2024-11-21 | 7.8 High |
| An out-of-bounds write vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-28599 | 2 Fedoraproject, Openscad | 2 Fedora, Openscad | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow vulnerability exists in the import_stl.cc:import_stl() functionality of Openscad openscad-2020.12-RC2. A specially crafted STL file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-28598 | 1 Prusa3d | 1 Prusaslicer | 2024-11-21 | 7.8 High |
| An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-28596 | 1 Prusa3d | 1 Prusaslicer | 2024-11-21 | 7.8 High |
| A stack-based buffer overflow vulnerability exists in the Objparser::objparse() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-28595 | 1 Prusa3d | 1 Prusaslicer | 2024-11-21 | 7.8 High |
| An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-28592 | 1 Cosori | 2 Cs158-af, Cs158-af Firmware | 2024-11-21 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5.8-Quart Air Fryer CS158-AF 1.1.0. A specially crafted JSON object can lead to remote code execution. An attacker can send a malicious packet to trigger this vulnerability. | ||||
| CVE-2020-28587 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 7.8 High |
| A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). | ||||
| CVE-2020-28579 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 8.8 High |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an authenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | ||||
| CVE-2020-28578 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 9.8 Critical |
| A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an unauthenticated, remote attacker to send a specially crafted HTTP message and achieve remote code execution with elevated privileges. | ||||
| CVE-2020-28575 | 1 Trendmicro | 1 Serverprotect | 2024-11-21 | 6.7 Medium |
| A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.0 may allow an attacker to escalate privileges on affected installations. An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. | ||||
| CVE-2020-28386 | 1 Siemens | 1 Solid Edge | 2024-11-21 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2020 (All Versions < SE2020MP12), Solid Edge SE2021 (All Versions < SE2021MP2). Affected applications lack proper validation of user-supplied data when parsing DFT files. This could result in an out of bounds write past the end of an allocated structure. An attacker could leverage this vulnerability to execute code in the context of the current process. | ||||