Total
547 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6793 | 1 Mozilla | 1 Thunderbird | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. | |||||
| CVE-2020-6792 | 2 Canonical, Mozilla | 2 Ubuntu Linux, Thunderbird | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. | |||||
| CVE-2020-6444 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2024-11-21 | 6.8 MEDIUM | 6.3 MEDIUM |
| Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2020-6398 | 6 Debian, Fedoraproject, Google and 3 more | 9 Debian Linux, Fedora, Chrome and 6 more | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||||
| CVE-2020-3964 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-11-21 | 1.9 LOW | 4.7 MEDIUM |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. | |||||
| CVE-2020-36617 | 1 Greenend | 1 Sftpserver | 2024-11-21 | N/A | 4.6 MEDIUM |
| A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models. | |||||
| CVE-2020-36514 | 1 Acc Reader Project | 1 Acc Reader | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations. | |||||
| CVE-2020-36513 | 1 Acc Reader Project | 1 Acc Reader | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations. | |||||
| CVE-2020-36512 | 1 Buffoon Project | 1 Buffoon | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations. | |||||
| CVE-2020-36511 | 1 Bite Project | 1 Bite | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations. | |||||
| CVE-2020-36452 | 1 Array-tools Project | 1 Array-tools | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | |||||
| CVE-2020-36443 | 1 Libp2p | 1 Libp2p-deflate | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function. | |||||
| CVE-2020-36432 | 1 Alg Ds Project | 1 Alg Ds | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). | |||||
| CVE-2020-36210 | 1 Autorand Project | 1 Autorand | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. | |||||
| CVE-2020-35893 | 1 Simple-slab Project | 1 Simple-slab | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. | |||||
| CVE-2020-35888 | 1 Arr Project | 1 Arr | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. | |||||
| CVE-2020-35878 | 1 Ozone Project | 1 Ozone | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. | |||||
| CVE-2020-35494 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. | |||||
| CVE-2020-2575 | 1 Oracle | 1 Vm Virtualbox | 2024-11-21 | 4.4 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-29371 | 1 Linux | 1 Linux Kernel | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd. | |||||