Export limit exceeded: 347893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 79588 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79588 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36439 | 1 Ticketed Lock Project | 1 Ticketed Lock | 2024-11-21 | 8.1 High |
| An issue was discovered in the ticketed_lock crate before 0.3.0 for Rust. There are unconditional implementations of Send for ReadTicket<T> and WriteTicket<T>. | ||||
| CVE-2020-36438 | 1 Tiny Future Project | 1 Tiny Future | 2024-11-21 | 8.1 High |
| An issue was discovered in the tiny_future crate before 0.4.0 for Rust. Future<T> does not have bounds on its Send and Sync traits. | ||||
| CVE-2020-36437 | 1 Conqueue Project | 1 Conqueue | 2024-11-21 | 8.1 High |
| An issue was discovered in the conqueue crate before 0.4.0 for Rust. There are unconditional implementations of Send and Sync for QueueSender<T>. | ||||
| CVE-2020-36436 | 1 Unicycle Project | 1 Unicycle | 2024-11-21 | 8.1 High |
| An issue was discovered in the unicycle crate before 0.7.1 for Rust. PinSlab<T> and Unordered<T, S> do not have bounds on their Send and Sync traits. | ||||
| CVE-2020-36435 | 1 Ruspiro-singleton Project | 1 Ruspiro-singleton | 2024-11-21 | 8.1 High |
| An issue was discovered in the ruspiro-singleton crate before 0.4.1 for Rust. In Singleton, Send and Sync do not have bounds checks. | ||||
| CVE-2020-36433 | 1 Aeplay | 1 Chunky | 2024-11-21 | 7.5 High |
| An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement. | ||||
| CVE-2020-36430 | 2 Fedoraproject, Libass Project | 2 Fedora, Libass | 2024-11-21 | 7.8 High |
| libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. | ||||
| CVE-2020-36428 | 1 Matio Project | 1 Matio | 2024-11-21 | 8.8 High |
| matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). | ||||
| CVE-2020-36426 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-11-21 | 7.5 High |
| An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte). | ||||
| CVE-2020-36423 | 2 Arm, Debian | 2 Mbed Tls, Debian Linux | 2024-11-21 | 7.5 High |
| An issue was discovered in Arm Mbed TLS before 2.23.0. A remote attacker can recover plaintext because a certain Lucky 13 countermeasure doesn't properly consider the case of a hardware accelerator. | ||||
| CVE-2020-36420 | 1 Polipo Project | 1 Polipo | 2024-11-21 | 7.5 High |
| Polipo through 1.1.1, when NDEBUG is omitted, allows denial of service via a reachable assertion during parsing of a malformed Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2020-36407 | 2 Aomedia, Linux | 2 Libavif, Linux Kernel | 2024-11-21 | 8.8 High |
| libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. | ||||
| CVE-2020-36406 | 2 Linux, Uwebsockets Project | 2 Linux Kernel, Uwebsockets | 2024-11-21 | 8.8 High |
| uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate | ||||
| CVE-2020-36405 | 2 Keystone-engine, Linux | 2 Keystone Engine, Linux Kernel | 2024-11-21 | 7.8 High |
| Keystone Engine 0.9.2 has a use-after-free in llvm_ks::X86Operand::getToken. | ||||
| CVE-2020-36404 | 2 Keystone-engine, Linux | 2 Keystone, Linux Kernel | 2024-11-21 | 7.8 High |
| Keystone Engine 0.9.2 has an invalid free in llvm_ks::SmallVectorImpl<llvm_ks::MCFixup>::~SmallVectorImpl. | ||||
| CVE-2020-36403 | 2 Htslib, Linux | 2 Htslib, Linux Kernel | 2024-11-21 | 8.8 High |
| HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). | ||||
| CVE-2020-36402 | 2 Linux, Soliditylang | 2 Linux Kernel, Solidity | 2024-11-21 | 7.8 High |
| Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change. | ||||
| CVE-2020-36401 | 2 Linux, Mruby | 2 Linux Kernel, Mruby | 2024-11-21 | 7.8 High |
| mruby 2.1.2 has a double free in mrb_default_allocf (called from mrb_free and obj_free). | ||||
| CVE-2020-36394 | 1 Pam Setquota Project | 1 Pam Setquota | 2024-11-21 | 7.0 High |
| pam_setquota.c in the pam_setquota module before 2020-05-29 for Linux-PAM allows local attackers to set their quota on an arbitrary filesystem, in certain situations where the attacker's home directory is a FUSE filesystem mounted under /home. | ||||
| CVE-2020-36388 | 1 Civicrm | 1 Civicrm | 2024-11-21 | 8.8 High |
| In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive. | ||||