Total
12209 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-13901 | 1 Meetecho | 1 Janus | 2024-11-21 | 9.8 Critical |
| An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_merge in sdp.c has a stack-based buffer overflow. | ||||
| CVE-2020-13880 | 1 Irfanview | 1 B3d | 2024-11-21 | 9.8 Critical |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+1cbf heap-based out-of-bounds write. | ||||
| CVE-2020-13879 | 1 Irfanview | 1 B3d | 2024-11-21 | 9.8 Critical |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+214f heap-based out-of-bounds write. | ||||
| CVE-2020-13878 | 1 Irfanview | 1 B3d | 2024-11-21 | 9.8 Critical |
| IrfanView B3D PlugIns before version 4.56 has a B3d.dll!+27ef heap-based out-of-bounds write. | ||||
| CVE-2020-13811 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-11-21 | 7.8 High |
| An issue was discovered in Foxit Studio Photo before 3.6.6.922. It has an out-of-bounds write via a crafted TIFF file. | ||||
| CVE-2020-13768 | 1 Minishare Project | 1 Minishare | 2024-11-21 | 9.8 Critical |
| In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued. | ||||
| CVE-2020-13765 | 4 Canonical, Debian, Qemu and 1 more | 4 Ubuntu Linux, Debian Linux, Qemu and 1 more | 2024-11-21 | 5.6 Medium |
| rom_copy() in hw/core/loader.c in QEMU 4.0 and 4.1.0 does not validate the relationship between two addresses, which allows attackers to trigger an invalid memory copy operation. | ||||
| CVE-2020-13754 | 4 Canonical, Debian, Qemu and 1 more | 5 Ubuntu Linux, Debian Linux, Qemu and 2 more | 2024-11-21 | 6.7 Medium |
| hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. | ||||
| CVE-2020-13656 | 1 Morganstanley | 1 Hobbes | 2024-11-21 | 9.8 Critical |
| In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution. | ||||
| CVE-2020-13600 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7 High |
| Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr | ||||
| CVE-2020-13598 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 6.3 Medium |
| FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h | ||||
| CVE-2020-13586 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 7.8 High |
| A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13581 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 7.8 High |
| In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||
| CVE-2020-13580 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 7.8 High |
| An exploitable heap-based buffer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a 16-bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory. This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||
| CVE-2020-13579 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 7.8 High |
| An exploitable integer overflow vulnerability exists in the PlanMaker document parsing functionality of SoftMaker Office 2021’s PlanMaker application. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||
| CVE-2020-13572 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 8.8 High |
| A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2020-13556 | 1 Opener Project | 1 Opener | 2024-11-21 | 9.8 Critical |
| An out-of-bounds write vulnerability exists in the Ethernet/IP server functionality of EIP Stack Group OpENer 2.3 and development commit 8c73bf3. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability. | ||||
| CVE-2020-13547 | 1 Foxitsoftware | 1 Foxit Reader | 2024-11-21 | 8.8 High |
| A type confusion vulnerability exists in the JavaScript engine of Foxit Software’s Foxit PDF Reader, version 10.1.0.37527. A specially crafted PDF document can trigger an improper use of an object, resulting in memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability. | ||||
| CVE-2020-13546 | 1 Softmaker | 1 Office Textmaker 2021 | 2024-11-21 | 7.8 High |
| In SoftMaker Software GmbH SoftMaker Office TextMaker 2021 (revision 1014), a specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||
| CVE-2020-13545 | 1 Softmaker | 1 Softmaker Office | 2024-11-21 | 7.8 High |
| An exploitable signed conversion vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document parser to miscalculate a length used to allocate a buffer, later upon usage of this buffer the application will write outside its bounds resulting in a heap-based memory corruption. An attacker can entice the victim to open a document to trigger this vulnerability. | ||||