Total
6591 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24347 | 1 F5 | 1 Njs | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c. | |||||
| CVE-2020-24344 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| JerryScript through 2.3.0 has a (function({a=arguments}){const arguments}) buffer over-read. | |||||
| CVE-2020-24341 | 1 Altran | 2 Picotcp, Picotcp-ng | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The TCP input data processing function in pico_tcp.c does not validate the length of incoming TCP packets, which leads to an out-of-bounds read when assembling received packets into a data segment, eventually causing Denial-of-Service or an information leak. | |||||
| CVE-2020-24340 | 1 Altran | 2 Picotcp, Picotcp-ng | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service. | |||||
| CVE-2020-24339 | 1 Altran | 2 Picotcp, Picotcp-ng | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service. | |||||
| CVE-2020-24335 | 3 Contiki-ng, Contiki-os, Uip Project | 3 Contiki-ng, Contiki, Uip | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in uIP through 1.0, as used in Contiki and Contiki-NG. Domain name parsing lacks bounds checks, allowing an attacker to corrupt memory with crafted DNS packets. | |||||
| CVE-2020-24334 | 3 Contiki-ng, Contiki-os, Uip Project | 3 Contiki-ng, Contiki, Uip | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c. | |||||
| CVE-2020-24119 | 2 Fedoraproject, Upx Project | 2 Fedora, Upx | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| A heap buffer overflow read was discovered in upx 4.0.0, because the check in p_lx_elf.cpp is not perfect. | |||||
| CVE-2020-23931 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||||
| CVE-2020-23928 | 1 Gpac | 1 Gpac | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in gpac before 1.0.1. The abst_box_read function in box_code_adobe.c has a heap-based buffer over-read. | |||||
| CVE-2020-23922 | 2 Apache, Giflib Project | 2 Bookkeeper, Giflib | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in giflib through 5.1.4. DumpScreen2RGB in gif2rgb.c has a heap-based buffer over-read. | |||||
| CVE-2020-23921 | 1 Fast Ber Project | 1 Fast Ber | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| An issue was discovered in fast_ber through v0.4. yy::yylex() in asn_compiler.hpp has a heap-based buffer over-read. | |||||
| CVE-2020-23915 | 1 Cpp-peglib Project | 1 Cpp-peglib | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in cpp-peglib through v0.1.12. peg::resolve_escape_sequence() in peglib.h has a heap-based buffer over-read. | |||||
| CVE-2020-23909 | 1 Advancemame | 1 Advancemame | 2024-11-21 | N/A | 7.1 HIGH |
| Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1. | |||||
| CVE-2020-22217 | 2 C-ares, Debian | 2 C-ares, Debian Linux | 2024-11-21 | N/A | 5.9 MEDIUM |
| Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c. | |||||
| CVE-2020-21535 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| fig2dev 3.2.7b contains a segmentation fault in the gencgm_start function in gencgm.c. | |||||
| CVE-2020-21049 | 1 Libsixel Project | 1 Libsixel | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An invalid read in the stb_image.h component of libsixel prior to v1.8.5 allows attackers to cause a denial of service (DOS) via a crafted PSD file. | |||||
| CVE-2020-20902 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| A CWE-125: Out-of-bounds read vulnerability exists in long_term_filter function in g729postfilter.c in FFmpeg 4.2.1 during computation of the denominator of pseudo-normalized correlation R'(0), that could result in disclosure of information. | |||||
| CVE-2020-1919 | 1 Facebook | 1 Hhvm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Incorrect bounds calculations in substr_compare could lead to an out-of-bounds read when the second string argument passed in is longer than the first. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||
| CVE-2020-1918 | 1 Facebook | 1 Hhvm | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In-memory file operations (ie: using fopen on a data URI) did not properly restrict negative seeking, allowing for the reading of memory prior to the in-memory buffer. This issue affects HHVM versions prior to 4.56.3, all versions between 4.57.0 and 4.80.1, all versions between 4.81.0 and 4.93.1, and versions 4.94.0, 4.95.0, 4.96.0, 4.97.0, 4.98.0. | |||||