Total
6591 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12884 | 1 Arm | 1 Mbed Os | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A buffer over-read was discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse_multiple_options() parses CoAP options that may occur multiple consecutive times in a single packet. While processing the options, packet_data_pptr is accessed after being incremented by option_len without a prior out-of-bounds memory check. The temp_parsed_uri_query_ptr is validated for a correct range, but the range valid for temp_parsed_uri_query_ptr is derived from the amount of allocated heap memory, not the actual input size. Therefore the check of temp_parsed_uri_query_ptr may be insufficient for safe access to the area pointed to by packet_data_pptr. As a result, access to a memory area outside of the intended boundary of the packet buffer is made. | |||||
| CVE-2020-12883 | 1 Arm | 1 Mbed Os | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Buffer over-reads were discovered in the CoAP library in Arm Mbed OS 5.15.3. The CoAP parser is responsible for parsing received CoAP packets. The function sn_coap_parser_options_parse() parses CoAP input linearly using a while loop. Once an option is parsed in a loop, the current point (*packet_data_pptr) is increased correspondingly. The pointer is restricted by the size of the received buffer, as well as by the option delta and option length bytes. The actual input packet length is not verified against the number of bytes read when processing the option extended delta and the option extended length. Moreover, the calculation of the message_left variable, in the case of non-extended option deltas, is incorrect and indicates more data left for processing than provided in the function input. All of these lead to heap-based or stack-based memory location read access that is outside of the intended boundary of the buffer. Depending on the platform-specific memory management mechanisms, it can lead to processing of unintended inputs or system memory access violation errors. | |||||
| CVE-2020-12864 | 3 Canonical, Opensuse, Sane-project | 3 Ubuntu Linux, Leap, Sane Backends | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-081. | |||||
| CVE-2020-12863 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-083. | |||||
| CVE-2020-12862 | 4 Canonical, Debian, Opensuse and 1 more | 4 Ubuntu Linux, Debian Linux, Leap and 1 more | 2024-11-21 | 3.3 LOW | 4.3 MEDIUM |
| An out-of-bounds read in SANE Backends before 1.0.30 may allow a malicious device connected to the same local network as the victim to read important information, such as the ASLR offsets of the program, aka GHSL-2020-082. | |||||
| CVE-2020-12783 | 4 Canonical, Debian, Exim and 1 more | 4 Ubuntu Linux, Debian Linux, Exim and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Exim through 4.93 has an out-of-bounds read in the SPA authenticator that could result in SPA/NTLM authentication bypass in auths/spa.c and auths/auth-spa.c. | |||||
| CVE-2020-12761 | 1 Enlightenment | 1 Imlib2 | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. | |||||
| CVE-2020-12740 | 2 Broadcom, Fedoraproject | 2 Tcpreplay, Fedora | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| tcprewrite in Tcpreplay through 4.3.2 has a heap-based buffer over-read during a get_c operation. The issue is being triggered in the function get_ipv6_next() at common/get.c. | |||||
| CVE-2020-12674 | 4 Canonical, Debian, Dovecot and 1 more | 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Dovecot before 2.3.11.3, sending a specially formatted RPA request will crash the auth service because a length of zero is mishandled. | |||||
| CVE-2020-12673 | 4 Canonical, Debian, Dovecot and 1 more | 4 Ubuntu Linux, Debian Linux, Dovecot and 1 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| In Dovecot before 2.3.11.3, sending a specially formatted NTLM request will crash the auth service because of an out-of-bounds read. | |||||
| CVE-2020-12498 | 1 Phoenixcontact | 2 Pc Worx, Pc Worx Express | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote code execution due to insufficient input data validation. | |||||
| CVE-2020-12485 | 1 Vivo | 1 Frame Touch Module | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
| The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device. | |||||
| CVE-2020-12425 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Due to confusion processing a hyphen character in Date.parse(), a one-byte out of bounds read could have occurred, leading to potential information disclosure. This vulnerability affects Firefox < 78. | |||||
| CVE-2020-12418 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Manipulating individual parts of a URL object could have caused an out-of-bounds read, leaking process memory to malicious JavaScript. This vulnerability affects Firefox ESR < 68.10, Firefox < 78, and Thunderbird < 68.10.0. | |||||
| CVE-2020-12407 | 1 Mozilla | 1 Firefox | 2024-11-21 | 2.6 LOW | 6.5 MEDIUM |
| Mozilla Developer Nicolas Silva found that when using WebRender, Firefox would under certain conditions leak arbitrary GPU memory to the visible screen. The leaked memory content was visible to the user, but not observable from web content. This vulnerability affects Firefox < 77. | |||||
| CVE-2020-12403 | 1 Mozilla | 1 Nss | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| A flaw was found in the way CHACHA20-POLY1305 was implemented in NSS in versions before 3.55. When using multi-part Chacha20, it could cause out-of-bounds reads. This issue was fixed by explicitly disabling multi-part ChaCha20 (which was not functioning correctly) and strictly enforcing tag length. The highest threat from this vulnerability is to confidentiality and system availability. | |||||
| CVE-2020-12380 | 1 Intel | 48 Bmc Firmware, Hns2600bpb, Hns2600bpb24 and 45 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Out of bounds read in the BMC firmware for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.47 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12360 | 3 Intel, Netapp, Siemens | 552 Bios, Core I3-l13g4, Core I5-l16g7 and 549 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Out of bounds read in the firmware for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12356 | 2 Intel, Netapp | 2 Active Management Technology Firmware, Cloud Backup | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Out-of-bounds read in subsystem in Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow a privileged user to potentially enable information disclosure via local access. | |||||
| CVE-2020-12247 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after splitting a string into two parts. A crash may also occur. | |||||