Total
2592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8597 | 4 Canonical, Debian, Point-to-point Protocol Project and 1 more | 6 Ubuntu Linux, Debian Linux, Point-to-point Protocol and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | |||||
| CVE-2020-8423 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A buffer overflow in the httpd daemon on TP-Link TL-WR841N V10 (firmware version 3.16.9) devices allows an authenticated remote attacker to execute arbitrary code via a GET request to the page for the configuration of the Wi-Fi network. | |||||
| CVE-2020-8261 | 2 Ivanti, Pulsesecure | 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection. | |||||
| CVE-2020-8252 | 3 Fedoraproject, Nodejs, Opensuse | 3 Fedora, Node.js, Leap | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes. | |||||
| CVE-2020-8249 | 1 Pulsesecure | 1 Pulse Secure Desktop Client | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability in the Pulse Secure Desktop Client (Linux) < 9.1R9 could allow local attackers to perform buffer overflow. | |||||
| CVE-2020-8215 | 1 Automattic | 1 Canvas | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. | |||||
| CVE-2020-8012 | 1 Broadcom | 1 Unified Infrastructure Management | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitrary code. | |||||
| CVE-2020-7877 | 2 Mastersoft, Microsoft | 3 Zook Agent, Zook Viewer, Windows | 2024-11-21 | 6.5 MEDIUM | 8.0 HIGH |
| A buffer overflow issue was discovered in ZOOK solution(remote administration tool) through processing 'ConnectMe' command while parsing a crafted OUTERIP value because of missing boundary check. This vulnerability allows the attacker to execute remote arbitrary command. | |||||
| CVE-2020-7593 | 1 Siemens | 2 Logo\! 8 Bm, Logo\! 8 Bm Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability has been identified in LOGO! 8 BM (incl. SIPLUS variants) (V1.81.01 - V1.81.03), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.01), LOGO! 8 BM (incl. SIPLUS variants) (V1.82.02). A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution. | |||||
| CVE-2020-7564 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. | |||||
| CVE-2020-7559 | 1 Schneider-electric | 1 Ecostruxure Control Expert | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in PLC Simulator on EcoStruxureª Control Expert (now Unity Pro) (all versions) that could cause a crash of the PLC simulator present in EcoStruxureª Control Expert software when receiving a specially crafted request over Modbus. | |||||
| CVE-2020-7374 | 1 Documalis | 2 Free Pdf Editor, Free Pdf Scanner | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
| Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software. | |||||
| CVE-2020-7261 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 2.1 LOW | 6.1 MEDIUM |
| Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input. | |||||
| CVE-2020-7120 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
| A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account. | |||||
| CVE-2020-7080 | 1 Autodesk | 1 Fbx Software Development Kit | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| A buffer overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to arbitrary code execution on a system running it. | |||||
| CVE-2020-6999 | 1 Moxa | 2 Mds-g516e, Mds-g516e Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer. | |||||
| CVE-2020-6994 | 1 Belden | 14 Hirschmann Eagle20, Hirschmann Eagle30, Hirschmann Embedded Ethernet Switch and 11 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability was found in some devices of Hirschmann Automation and Control HiOS and HiSecOS. The vulnerability is due to improper parsing of URL arguments. An attacker could exploit this vulnerability by specially crafting HTTP requests to overflow an internal buffer. The following devices using HiOS Version 07.0.02 and lower are affected: RSP, RSPE, RSPS, RSPL, MSP, EES, EES, EESX, GRS, OS, RED. The following devices using HiSecOS Version 03.2.00 and lower are affected: EAGLE20/30. | |||||
| CVE-2020-6088 | 1 Rockwellautomation | 2 Flex Io 1794-aent\/b, Flex Io 1794-aent\/b Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2020-6087 | 1 Rockwellautomation | 2 Flex I\/o 1794-aent\/b, Flex I\/o 1794-aent\/b Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability If the ANSI Extended Symbol Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | |||||
| CVE-2020-6086 | 1 Rockwellautomation | 2 Flex I\/o 1794-aent\/b, Flex I\/o 1794-aent\/b Firmware | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.If the Simple Segment Sub-Type is supplied, the device treats the byte following as the Data Size in words. When this value represents a size greater than what remains in the packet data, the device enters a fault state where communication with the device is lost and a physical power cycle is required. | |||||