Total
12074 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-10837 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (with TEEGRIS) software. The Esecomm Trustlet allows a stack overflow and arbitrary code execution. The Samsung ID is SVE-2019-15984 (February 2020). | |||||
| CVE-2020-10836 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The Widevine Trustlet allows read and write operations on arbitrary memory locations. The Samsung ID is SVE-2019-15873 (February 2020). | |||||
| CVE-2020-10832 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. Kernel Wi-Fi drivers allow out-of-bounds Read or Write operations (e.g., a buffer overflow). The Samsung IDs are SVE-2019-16125, SVE-2019-16134, SVE-2019-16158, SVE-2019-16159, SVE-2019-16319, SVE-2019-16320, SVE-2019-16337, SVE-2019-16464, SVE-2019-16465, SVE-2019-16467 (March 2020). | |||||
| CVE-2020-10829 | 1 Google | 1 Android | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with O(8.0), P(9.0), and Q(10.0) (Broadcom chipsets) software. A kernel driver heap overflow leads to arbitrary code execution. The Samsung ID is SVE-2019-15880 (March 2020). | |||||
| CVE-2020-10828 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | |||||
| CVE-2020-10827 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in apmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. | |||||
| CVE-2020-10825 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 3 of 3). | |||||
| CVE-2020-10824 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 2 of 3). | |||||
| CVE-2020-10823 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in /cgi-bin/activate.cgi through var parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request (issue 1 of 3). | |||||
| CVE-2020-10809 | 1 Hdfgroup | 1 Hdf5 | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in HDF5 through 1.12.0. A heap-based buffer overflow exists in the function Decompress() located in decompress.c. It can be triggered by sending a crafted file to the gif2h5 binary. It allows an attacker to cause Denial of Service. | |||||
| CVE-2020-10742 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
| A flaw was found in the Linux kernel. An index buffer overflow during Direct IO write leading to the NFS client to crash. In some cases, a reach out of the index after one memory allocation by kmalloc will cause a kernel panic. The highest threat from this vulnerability is to data confidentiality and system availability. | |||||
| CVE-2020-10654 | 1 Pingidentity | 1 Pingid Ssh Integration | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Ping Identity PingID SSH before 4.0.14 contains a heap buffer overflow in PingID-enrolled servers. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. | |||||
| CVE-2020-10646 | 1 Fujielectric | 1 V-server | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. | |||||
| CVE-2020-10638 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | |||||
| CVE-2020-10615 | 1 Trianglemicroworks | 1 Scada Data Gateway | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Triangle MicroWorks SCADA Data Gateway 3.02.0697 through 4.0.122, 2.41.0213 through 4.0.122 allows remote attackers cause a denial-of-service condition due to a lack of proper validation of the length of user-supplied data, prior to copying it to a fixed-length stack-based buffer. Authentication is not required to exploit this vulnerability. | |||||
| CVE-2020-10607 | 1 Advantech | 1 Webaccess | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| In Advantech WebAccess, Versions 8.4.2 and prior. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. | |||||
| CVE-2020-10543 | 4 Fedoraproject, Opensuse, Oracle and 1 more | 15 Fedora, Leap, Communications Billing And Revenue Management and 12 more | 2024-11-21 | 6.4 MEDIUM | 8.2 HIGH |
| Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | |||||
| CVE-2020-10531 | 9 Canonical, Debian, Fedoraproject and 6 more | 11 Ubuntu Linux, Debian Linux, Fedora and 8 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. | |||||
| CVE-2020-10245 | 1 Codesys | 14 Control For Beaglebone, Control For Empc-a\/imx6, Control For Iot2000 and 11 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| CODESYS V3 web server before 3.5.15.40, as used in CODESYS Control runtime systems, has a buffer overflow. | |||||
| CVE-2020-10232 | 3 Debian, Fedoraproject, Sleuthkit | 3 Debian Linux, Fedora, The Sleuth Kit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In version 4.8.0 and earlier of The Sleuth Kit (TSK), there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfs_istat() in fs/yaffs.c. | |||||