Total
2592 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29203 | 1 Struct2json Project | 1 Struct2json | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| struct2json before 2020-11-18 is affected by a Buffer Overflow because strcpy is used for S2J_STRUCT_GET_string_ELEMENT. | |||||
| CVE-2020-28969 | 1 Aplixio | 1 Pdf Shapingup | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Aplioxio PDF ShapingUp 5.0.0.139 contains a buffer overflow which allows attackers to cause a denial of service (DoS) via a crafted PDF file. | |||||
| CVE-2020-28967 | 1 Flashget | 1 Flashget | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
| FlashGet v1.9.6 was discovered to contain a buffer overflow in the 'current path directory' function. This vulnerability allows attackers to elevate local process privileges via overwriting the registers. | |||||
| CVE-2020-28963 | 2 Krylack, Microsoft | 2 Zip Password Recovery, Windows | 2024-11-21 | 7.2 HIGH | 7.8 HIGH |
| Passcovery Co. Ltd ZIP Password Recovery v3.70.69.0 was discovered to contain a buffer overflow via the decompress function. | |||||
| CVE-2020-28926 | 2 Debian, Readymedia Project | 2 Debian Linux, Readymedia | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ReadyMedia (aka MiniDLNA) before versions 1.3.0 allows remote code execution. Sending a malicious UPnP HTTP request to the miniDLNA service using HTTP chunked encoding can lead to a signedness bug resulting in a buffer overflow in calls to memcpy/memmove. | |||||
| CVE-2020-28877 | 1 Tp-link | 30 Wdr7400, Wdr7400 Firmware, Wdr7500 and 27 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. | |||||
| CVE-2020-28864 | 1 Winscp | 1 Winscp | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. | |||||
| CVE-2020-28840 | 1 Matthiaswandel | 1 Jhead | 2024-11-21 | N/A | 7.8 HIGH |
| Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS). | |||||
| CVE-2020-28759 | 1 Tengine Project | 1 Tengine | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far. | |||||
| CVE-2020-28341 | 2 Google, Samsung | 2 Android, Exynos 990 | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020). | |||||
| CVE-2020-28005 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 | |||||
| CVE-2020-27823 | 3 Debian, Fedoraproject, Uclouvain | 3 Debian Linux, Fedora, Openjpeg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-27745 | 2 Debian, Schedmd | 2 Debian Linux, Slurm | 2024-11-21 | 6.8 MEDIUM | 9.8 CRITICAL |
| Slurm before 19.05.8 and 20.x before 20.02.6 has an RPC Buffer Overflow in the PMIx MPI plugin. | |||||
| CVE-2020-27690 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes. | |||||
| CVE-2020-27678 | 3 Illumos, Joyent, Omniosce | 3 Illumos, Smartos, Omnios | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in illumos before 2020-10-22, as used in OmniOS before r151030by, r151032ay, and r151034y and SmartOS before 20201022. There is a buffer overflow in parse_user_name in lib/libpam/pam_framework.c. | |||||
| CVE-2020-27507 | 1 Kamailio | 1 Kamailio | 2024-11-21 | N/A | 9.8 CRITICAL |
| The Kamailio SIP before 5.5.0 server mishandles INVITE requests with duplicated fields and overlength tag, leading to a buffer overflow that crashes the server or possibly have unspecified other impact. | |||||
| CVE-2020-27486 | 1 Garmin | 2 Forerunner 235, Forerunner 235 Firmware | 2024-11-21 | 6.5 MEDIUM | 9.9 CRITICAL |
| Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. | |||||
| CVE-2020-27372 | 1 Brandy Project | 1 Brandy | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow vulnerability exists in Brandy Basic V Interpreter 1.21 in the run_interpreter function. | |||||
| CVE-2020-26759 | 1 Clickhouse-driver Project | 1 Clickhouse-driver | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| clickhouse-driver before 0.1.5 allows a malicious clickhouse server to trigger a crash or execute arbitrary code (on a database client) via a crafted server response, due to a buffer overflow. | |||||
| CVE-2020-26422 | 2 Oracle, Wireshark | 2 Zfs Storage Appliance Kit, Wireshark | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
| Buffer overflow in QUIC dissector in Wireshark 3.4.0 to 3.4.1 allows denial of service via packet injection or crafted capture file | |||||