Total
13442 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-21533 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 5.5 Medium |
| fig2dev 3.2.7b contains a stack buffer overflow in the read_textobject function in read.c. | ||||
| CVE-2020-21532 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 5.5 Medium |
| fig2dev 3.2.7b contains a global buffer overflow in the setfigfont function in genepic.c. | ||||
| CVE-2020-21531 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 5.5 Medium |
| fig2dev 3.2.7b contains a global buffer overflow in the conv_pattern_index function in gencgm.c. | ||||
| CVE-2020-21529 | 2 Debian, Xfig Project | 2 Debian Linux, Fig2dev | 2024-11-21 | 5.5 Medium |
| fig2dev 3.2.7b contains a stack buffer overflow in the bezier_spline function in genepic.c. | ||||
| CVE-2020-21468 | 1 Redislabs | 1 Redis | 2024-11-21 | 7.5 High |
| A segmentation fault in the redis-server component of Redis 5.0.7 leads to a denial of service (DOS). NOTE: the vendor cannot reproduce this issue in a released version, such as 5.0.7 | ||||
| CVE-2020-20220 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 6.5 Medium |
| Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference). | ||||
| CVE-2020-1899 | 1 Facebook | 1 Hhvm | 2024-11-21 | 7.5 High |
| The unserialize() function supported a type code, "S", which was meant to be supported only for APC serialization. This type code allowed arbitrary memory addresses to be accessed as if they were static StringData objects. This issue affected HHVM prior to v4.32.3, between versions 4.33.0 and 4.56.0, 4.57.0, 4.58.0, 4.58.1, 4.59.0, 4.60.0, 4.61.0, 4.62.0. | ||||
| CVE-2020-1814 | 1 Huawei | 6 Nip6800, Nip6800 Firmware, Secospace Usg6600 and 3 more | 2024-11-21 | 5.3 Medium |
| Huawei NIP6800 versions V500R001C30, V500R001C60SPC500, and V500R005C00; Secospace USG6600 and USG9500 versions V500R001C30SPC200, V500R001C30SPC600, V500R001C60SPC500, and V500R005C00 have a Dangling pointer dereference vulnerability. An authenticated attacker may do some special operations in the affected products in some special scenarios to exploit the vulnerability. Due to improper race conditions of different operations, successful exploit will lead to Dangling pointer dereference, causing some service abnormal. | ||||
| CVE-2020-1671 | 1 Juniper | 1 Junos | 2024-11-21 | 7.5 High |
| On Juniper Networks Junos OS platforms configured as DHCPv6 local server or DHCPv6 Relay Agent, Juniper Networks Dynamic Host Configuration Protocol Daemon (JDHCPD) process might crash with a core dump if a malformed DHCPv6 packet is received, resulting with the restart of the daemon. This issue only affects DHCPv6, it does not affect DHCPv4. This issue affects: Juniper Networks Junos OS 17.4 versions prior to 17.4R2-S12, 17.4R3-S3; 18.1 versions prior to 18.1R3-S11; 18.2 versions prior to 18.2R3-S6; 18.2X75 versions prior to 18.2X75-D65; 18.3 versions prior to 18.3R2-S4, 18.3R3-S3; 18.4 versions prior to 18.4R2-S5, 18.4R3-S4; 19.1 versions prior to 19.1R3-S2; 19.2 versions prior to 19.2R1-S5, 19.2R3; 19.2 version 19.2R2 and later versions; 19.3 versions prior to 19.3R2-S4, 19.3R3; 19.4 versions prior to 19.4R1-S3, 19.4R2-S2, 19.4R3; 20.1 versions prior to 20.1R1-S3, 20.1R2; This issue does not affect Juniper Networks Junos OS prior to 17.4R1. | ||||
| CVE-2020-19143 | 2 Debian, Simplesystems | 2 Debian Linux, Libtiff | 2024-11-21 | 6.5 Medium |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "TIFFVGetField" funtion in the component 'libtiff/tif_dir.c'. | ||||
| CVE-2020-19131 | 3 Debian, Redhat, Simplesystems | 3 Debian Linux, Enterprise Linux, Libtiff | 2024-11-21 | 7.5 High |
| Buffer Overflow in LibTiff v4.0.10 allows attackers to cause a denial of service via the "invertImage()" function in the component "tiffcrop". | ||||
| CVE-2020-18974 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 3.3 Low |
| Buffer Overflow in Netwide Assembler (NASM) v2.15.xx allows attackers to cause a denial of service via 'crc64i' in the component 'nasmlib/crc64'. This issue is different than CVE-2019-7147. | ||||
| CVE-2020-18773 | 1 Exiv2 | 1 Exiv2 | 2024-11-21 | 6.5 Medium |
| An invalid memory access in the decode function in iptc.cpp of Exiv2 0.27.99.0 allows attackers to cause a denial of service (DOS) via a crafted tif file. | ||||
| CVE-2020-18771 | 2 Debian, Exiv2 | 2 Debian Linux, Exiv2 | 2024-11-21 | 8.1 High |
| Exiv2 0.27.99.0 has a global buffer over-read in Exiv2::Internal::Nikon1MakerNote::print0x0088 in nikonmn_int.cpp which can result in an information leak. | ||||
| CVE-2020-18494 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | ||||
| CVE-2020-18232 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 8.8 High |
| Buffer Overflow vulnerability in function H5S_close in H5S.c in HDF5 1.10.4 allows remote attackers to run arbitrary code via creation of crafted file. | ||||
| CVE-2020-17541 | 2 Libjpeg-turbo, Redhat | 2 Libjpeg-turbo, Enterprise Linux | 2024-11-21 | 8.8 High |
| Libjpeg-turbo all version have a stack-based buffer overflow in the "transform" component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. | ||||
| CVE-2020-17426 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of CR2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11230. | ||||
| CVE-2020-17397 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 8.2 High |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.4. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the handling of network packets. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-11253. | ||||
| CVE-2020-17380 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 6.3 Medium |
| A heap-based buffer overflow was found in QEMU through 5.0.0 in the SDHCI device emulation support. It could occur while doing a multi block SDMA transfer via the sdhci_sdma_transfer_multi_blocks() routine in hw/sd/sdhci.c. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host. | ||||