Export limit exceeded: 14085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (14085 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25226 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0). The web server of the affected devices contains a vulnerability that may lead to a buffer overflow condition. An attacker could cause this condition on the webserver by sending a specially crafted request. The webserver could stop and not recover anymore. | ||||
| CVE-2020-25212 | 5 Canonical, Debian, Linux and 2 more | 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more | 2024-11-21 | 7.0 High |
| A TOCTOU mismatch in the NFS client code in the Linux kernel before 5.8.3 could be used by local attackers to corrupt memory or possibly have unspecified other impact because a size check is in fs/nfs/nfs4proc.c instead of fs/nfs/nfs4xdr.c, aka CID-b4487b935452. | ||||
| CVE-2020-25199 | 1 We-con | 1 Levistudiou | 2024-11-21 | 7.8 High |
| A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | ||||
| CVE-2020-25177 | 1 We-con | 1 Plc Editor | 2024-11-21 | 8.8 High |
| WECON PLC Editor Versions 1.3.8 and prior has a stack-based buffer overflow vulnerability has been identified that may allow arbitrary code execution. | ||||
| CVE-2020-25171 | 1 Fujielectric | 1 V-server | 2024-11-21 | 7.8 High |
| The affected Fuji Electric V-Server Lite versions prior to 3.3.24.0 are vulnerable to an out-of-bounds write, which may allow an attacker to remotely execute arbitrary code. | ||||
| CVE-2020-25159 | 1 Rtautomation | 2 499es Ethernet\/ip Adaptor, 499es Ethernet\/ip Adaptor Firmware | 2024-11-21 | 9.8 Critical |
| 499ES EtherNet/IP (ENIP) Adaptor Source Code is vulnerable to a stack-based buffer overflow, which may allow an attacker to send a specially crafted packet that may result in a denial-of-service condition or code execution. | ||||
| CVE-2020-25112 | 1 Contiki-os | 1 Contiki-os | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the IPv6 stack in Contiki through 3.0. There are inconsistent checks for IPv6 header extension lengths. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet. | ||||
| CVE-2020-25111 | 1 Contiki-os | 1 Contiki-os | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the IPv6 stack in Contiki through 3.0. There is an insufficient check for the IPv6 header length. This leads to Denial-of-Service and potential Remote Code Execution via a crafted ICMPv6 echo packet. | ||||
| CVE-2020-25108 | 1 Ethernut | 1 Nut\/os | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The DNS response data length is not checked (it can be set to an arbitrary value from a packet). This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | ||||
| CVE-2020-25085 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2024-11-21 | 5.0 Medium |
| QEMU 5.0.0 has a heap-based Buffer Overflow in flatview_read_continue in exec.c because hw/sd/sdhci.c mishandles a write operation in the SDHC_BLKSIZE case. | ||||
| CVE-2020-25066 | 1 Treck | 1 Tcp\/ip | 2024-11-21 | 10 Critical |
| A heap-based buffer overflow in the Treck HTTP Server component before 6.0.1.68 allows remote attackers to cause a denial of service (crash/reset) or to possibly execute arbitrary code. | ||||
| CVE-2020-25052 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020). | ||||
| CVE-2020-25023 | 1 Noise-java Project | 1 Noise-java | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Noise-Java through 2020-08-27. AESGCMOnCtrCipherState.encryptWithAd() allows out-of-bounds access. | ||||
| CVE-2020-25022 | 1 Noise-java Project | 1 Noise-java | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Noise-Java through 2020-08-27. AESGCMFallbackCipherState.encryptWithAd() allows out-of-bounds access. | ||||
| CVE-2020-25021 | 1 Noise-java Project | 1 Noise-java | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Noise-Java through 2020-08-27. ChaChaPolyCipherState.encryptWithAd() allows out-of-bounds access. | ||||
| CVE-2020-24999 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 7.8 High |
| There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | ||||
| CVE-2020-24870 | 2 Libraw, Redhat | 2 Libraw, Enterprise Linux | 2024-11-21 | 8.8 High |
| Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp. | ||||
| CVE-2020-24863 | 2 Freebsd, Midnightbsd | 2 Freebsd, Midnightbsd | 2024-11-21 | 5.5 Medium |
| A memory corruption vulnerability was found in the kernel function kern_getfsstat in MidnightBSD before 1.2.7 and 1.3 through 2020-08-19, and FreeBSD through 11.4, that allows an attacker to trigger an invalid free and crash the system via a crafted size value in conjunction with an invalid mode. | ||||
| CVE-2020-24753 | 1 Objective Open Cbor Run-time Project | 1 Objective Open Cbor Run-time | 2024-11-21 | 9.8 Critical |
| A memory corruption vulnerability in Objective Open CBOR Run-time (oocborrt) in versions before 2020-08-12 could allow an attacker to execute code via crafted Concise Binary Object Representation (CBOR) input to the cbor2json decoder. An uncaught error while decoding CBOR Major Type 3 text strings leads to the use of an attacker-controllable uninitialized stack value. This can be used to modify memory, causing a crash or potentially exploitable heap corruption. | ||||
| CVE-2020-24659 | 5 Canonical, Fedoraproject, Gnu and 2 more | 5 Ubuntu Linux, Fedora, Gnutls and 2 more | 2024-11-21 | 7.5 High |
| An issue was discovered in GnuTLS before 3.6.15. A server can trigger a NULL pointer dereference in a TLS 1.3 client if a no_renegotiation alert is sent with unexpected timing, and then an invalid second handshake occurs. The crash happens in the application's error handling path, where the gnutls_deinit function is called after detecting a handshake failure. | ||||