Total
12074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3287 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | |||||
| CVE-2020-3286 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | |||||
| CVE-2020-3283 | 1 Cisco | 29 Asa 5505, Asa 5505 Firmware, Asa 5510 and 26 more | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| A vulnerability in the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) handler of Cisco Firepower Threat Defense (FTD) Software when running on the Cisco Firepower 1000 Series platform could allow an unauthenticated, remote attacker to trigger a denial of service (DoS) condition on an affected device. The vulnerability is due to a communication error between internal functions. An attacker could exploit this vulnerability by sending a crafted SSL/TLS message to an affected device. A successful exploit could allow the attacker to cause a buffer underrun, which leads to a crash. The crash causes the affected device to reload. | |||||
| CVE-2020-3269 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco RV110W, RV130, RV130W, and RV215W Series Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary commands. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3198 | 1 Cisco | 5 1120, 1240, 809 and 2 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco IOS Software for Cisco 809 and 829 Industrial Integrated Services Routers (Industrial ISRs) and Cisco 1000 Series Connected Grid Routers (CGR1000) could allow an unauthenticated, remote attacker or an authenticated, local attacker to execute arbitrary code on an affected system or cause an affected system to crash and reload. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-3119 | 1 Cisco | 83 Nexus 3016, Nexus 3048, Nexus 3064 and 80 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2020-36773 | 1 Artifex | 1 Ghostscript | 2024-11-21 | N/A | 9.8 CRITICAL |
| Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature). | |||||
| CVE-2020-36602 | 1 Huawei | 16 576up005 Hota-cm-h-shark-bd, 576up005 Hota-cm-h-shark-bd Firmware, 577hota-cm-h-shark-bd and 13 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write. | |||||
| CVE-2020-36601 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | N/A | 7.5 HIGH |
| Out-of-bounds write vulnerability in the kernel modules. Successful exploitation of this vulnerability may cause a panic reboot. | |||||
| CVE-2020-36600 | 1 Huawei | 2 Emui, Magic Ui | 2024-11-21 | N/A | 7.5 HIGH |
| Out-of-bounds write vulnerability in the power consumption module. Successful exploitation of this vulnerability may cause the system to restart. | |||||
| CVE-2020-36518 | 4 Debian, Fasterxml, Netapp and 1 more | 36 Debian Linux, Jackson-databind, Active Iq Unified Manager and 33 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects. | |||||
| CVE-2020-36431 | 1 Unicorn-engine | 1 Unicorn Engine | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Unicorn Engine 1.0.2 has an out-of-bounds write in helper_wfe_arm. | |||||
| CVE-2020-36430 | 2 Fedoraproject, Libass Project | 2 Fedora, Libass | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| libass 0.15.x before 0.15.1 has a heap-based buffer overflow in decode_chars (called from decode_font and process_text) because the wrong integer data type is used for subtraction. | |||||
| CVE-2020-36429 | 1 Open62541 | 1 Open62541 | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Variant_encodeJson in open62541 1.x before 1.0.4 has an out-of-bounds write for a large recursion depth. | |||||
| CVE-2020-36428 | 1 Matio Project | 1 Matio | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| matio (aka MAT File I/O Library) 1.5.18 through 1.5.21 has a heap-based buffer overflow in ReadInt32DataDouble (called from ReadInt32Data and Mat_VarRead4). | |||||
| CVE-2020-36407 | 2 Aomedia, Linux | 2 Libavif, Linux Kernel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| libavif 0.8.0 and 0.8.1 has an out-of-bounds write in avifDecoderDataFillImageGrid. | |||||
| CVE-2020-36406 | 2 Linux, Uwebsockets Project | 2 Linux Kernel, Uwebsockets | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| uWebSockets 18.11.0 and 18.12.0 has a stack-based buffer overflow in uWS::TopicTree::trimTree (called from uWS::TopicTree::unsubscribeAll). NOTE: the vendor's position is that this is "a minor issue or not even an issue at all" because the developer of an application (that uses uWebSockets) should not be allowing the large number of triggered topics to accumulate | |||||
| CVE-2020-36403 | 2 Htslib, Linux | 2 Htslib, Linux Kernel | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read). | |||||
| CVE-2020-36402 | 2 Linux, Soliditylang | 2 Linux Kernel, Solidity | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Solidity 0.7.5 has a stack-use-after-return issue in smtutil::CHCSmtLib2Interface::querySolver. NOTE: c39a5e2b7a3fabbf687f53a2823fc087be6c1a7e is cited in the OSV "fixed" field but does not have a code change. | |||||
| CVE-2020-36400 | 1 Zeromq | 1 Libzmq | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| ZeroMQ libzmq 4.3.3 has a heap-based buffer overflow in zmq::tcp_read, a different vulnerability than CVE-2021-20235. | |||||