Export limit exceeded: 347694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 13942 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43468 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43468 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25110 | 1 Ethernut | 1 Nut\/os | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | ||||
| CVE-2020-25109 | 1 Ethernut | 1 Nut\/os | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses (set in a DNS header) is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | ||||
| CVE-2020-25107 | 1 Ethernut | 1 Nut\/os | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | ||||
| CVE-2020-25085 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 5.0 Medium |
| QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | ||||
| CVE-2020-25054 | 1 Samsung | 1 Exynos | 2024-11-21 | 9.1 Critical |
| An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020). | ||||
| CVE-2020-25023 | 1 Noise-java Project | 1 Noise-java | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access. | ||||
| CVE-2020-25022 | 1 Noise-java Project | 1 Noise-java | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access. | ||||
| CVE-2020-25021 | 1 Noise-java Project | 1 Noise-java | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access. | ||||
| CVE-2020-25016 | 1 Rgb-rust Project | 1 Rgb-rust | 2024-11-21 | 9.1 Critical |
| A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. | ||||
| CVE-2020-24995 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 7.8 High |
| Buffer overflow vulnerability in sniff_channel_order function in aacdec_template.c in ffmpeg 3.1.2, allows attackers to execute arbitrary code (local). | ||||
| CVE-2020-24977 | 7 Debian, Fedoraproject, Netapp and 4 more | 20 Debian Linux, Fedora, Active Iq Unified Manager and 17 more | 2024-11-21 | 6.5 Medium |
| GNOME project libxml2 v2.9.10 has a global buffer over-read vulnerability in xmlEncodeEntitiesInternal at libxml2/entities.c. The issue has been fixed in commit 50f06b3e. | ||||
| CVE-2020-24972 | 3 Fedoraproject, Kleopatra Project, Opensuse | 4 Fedora, Kleopatra, Backports Sle and 1 more | 2024-11-21 | 8.8 High |
| The Kleopatra component before 3.1.12 (and before 20.07.80) for GnuPG allows remote attackers to execute arbitrary code because openpgp4fpr: URLs are supported without safe handling of command-line options. The Qt platformpluginpath command-line option can be used to load an arbitrary DLL. | ||||
| CVE-2020-24939 | 1 Stampit | 1 Supermixer | 2024-11-21 | 7.5 High |
| Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation. | ||||
| CVE-2020-24918 | 1 Ambarella | 1 Oryx Rtsp Server | 2024-11-21 | 9.8 Critical |
| A buffer overflow in the RTSP service of the Ambarella Oryx RTSP Server 2020-01-07 allows an unauthenticated attacker to send a crafted RTSP request, with a long digest authentication header, to execute arbitrary code in parse_authentication_header() in libamprotocol-rtsp.so.1 in rtsp_svc (or cause a crash). This allows remote takeover of a Furbo Dog Camera, for example. NOTE: The vendor states that the RTSP library is used for DEMO only, using it in product is a customer's behavior. Ambarella has emphasized that RTSP is DEMO only library, should NOT be used in product in our document. Because Ambarella's SDK is proprietary, we didn't publish our SDK source code in public network. | ||||
| CVE-2020-24889 | 1 Libraw | 1 Libraw | 2024-11-21 | 7.8 High |
| A buffer overflow vulnerability in LibRaw version < 20.0 LibRaw::GetNormalizedModel in src/metadata/normalize_model.cpp may lead to context-dependent arbitrary code execution. | ||||
| CVE-2020-24870 | 2 Libraw, Redhat | 2 Libraw, Enterprise Linux | 2024-11-21 | 8.8 High |
| Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. | ||||
| CVE-2020-24838 | 1 Issuer Project | 1 Issuer | 2024-11-21 | 7.5 High |
| An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain 'amount', and the issuedCount can be zero if there is an overflow. | ||||
| CVE-2020-24837 | 1 Zcfees Project | 1 Zcfees | 2024-11-21 | 7.5 High |
| An integer underflow has been found in the latest version of ZCFees. The variables 'currPeriodIdx' and 'lastPeriodExecIdx' are both unsigned integers, and the result of the minus operation may be a negative integer which leads to an underflow. The attackers can modify the current timestamp of the transaction somehow and block the execution of the process function. | ||||
| CVE-2020-24824 | 1 Libelfin Project | 1 Libelfin | 2024-11-21 | 5.5 Medium |
| A global buffer overflow issue in the dwarf::line_table::line_table function of Libelfin v0.3 allows attackers to cause a denial of service (DOS). | ||||
| CVE-2020-24711 | 1 Getgophish | 1 Gophish | 2024-11-21 | 6.5 Medium |
| The Reset button on the Account Settings page in Gophish before 0.11.0 allows attackers to cause a denial of service via a clickjacking attack | ||||