Export limit exceeded: 20745 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20745 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15800 | 1 Siemens | 132 Scalance X200-4pirt, Scalance X200-4pirt Firmware, Scalance X201-3pirt and 129 more | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.5), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.5.0), SCALANCE X-300 switch family (incl. X408 and SIPLUS NET variants) (All versions < V4.1.0). The webserver of the affected devices contains a vulnerability that may lead to a heap overflow condition. An attacker could cause this condition on the webserver by sending specially crafted requests. This could stop the webserver temporarily. | ||||
| CVE-2020-15744 | 1 Govicture | 2 Pc420, Pc420 Firmware | 2024-11-21 | 9.6 Critical |
| Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions. | ||||
| CVE-2020-15684 | 1 Mozilla | 1 Firefox | 2024-11-21 | 9.8 Critical |
| Mozilla developers reported memory safety bugs present in Firefox 81. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 82. | ||||
| CVE-2020-15683 | 4 Debian, Mozilla, Opensuse and 1 more | 8 Debian Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 9.8 Critical |
| Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4. | ||||
| CVE-2020-15675 | 1 Mozilla | 1 Firefox | 2024-11-21 | 8.8 High |
| When processing surfaces, the lifetime may outlive a persistent buffer leading to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 81. | ||||
| CVE-2020-15673 | 4 Debian, Mozilla, Opensuse and 1 more | 8 Debian Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox 80 and Firefox ESR 78.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81, Thunderbird < 78.3, and Firefox ESR < 78.3. | ||||
| CVE-2020-15670 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2024-11-21 | 8.8 High |
| Mozilla developers reported memory safety bugs present in Firefox for Android 79. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 80, Firefox ESR < 78.2, Thunderbird < 78.2, and Firefox for Android < 80. | ||||
| CVE-2020-15667 | 1 Mozilla | 1 Firefox | 2024-11-21 | 8.8 High |
| When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80. | ||||
| CVE-2020-15659 | 4 Canonical, Mozilla, Opensuse and 1 more | 8 Ubuntu Linux, Firefox, Firefox Esr and 5 more | 2024-11-21 | 8.8 High |
| Mozilla developers and community members reported memory safety bugs present in Firefox 78 and Firefox ESR 78.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 79, Firefox ESR < 68.11, Firefox ESR < 78.1, Thunderbird < 68.11, and Thunderbird < 78.1. | ||||
| CVE-2020-15636 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR R6400, R6700, R7000, R7850, R7900, R8000, RS400, and XR300 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the check_ra service. A crafted raePolicyVersion in a RAE_Policy.json file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-9852. | ||||
| CVE-2020-15635 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers with firmware 1.0.4.84_10.0.58. Authentication is not required to exploit this vulnerability. The specific flaw exists within the acsd service, which listens on TCP port 5916 by default. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-9853. | ||||
| CVE-2020-15630 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Was ZDI-CAN-10977. | ||||
| CVE-2020-15603 | 2 Microsoft, Trendmicro | 5 Windows, Antivirus\+ 2020, Internet Security 2020 and 2 more | 2024-11-21 | 7.5 High |
| An invalid memory read vulnerability in a Trend Micro Secuity 2020 (v16.0.0.1302 and below) consumer family of products' driver could allow an attacker to manipulate the specific driver to do a system call operation with an invalid address, resulting in a potential system crash. | ||||
| CVE-2020-15572 | 1 Torproject | 1 Tor | 2024-11-21 | 7.5 High |
| Tor before 0.4.3.6 has an out-of-bounds memory access that allows a remote denial-of-service (crash) attack against Tor instances built to use Mozilla Network Security Services (NSS), aka TROVE-2020-001. | ||||
| CVE-2020-15532 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-11-21 | 6.5 Medium |
| Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. | ||||
| CVE-2020-15531 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2024-11-21 | 8.8 High |
| Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. | ||||
| CVE-2020-15503 | 4 Debian, Fedoraproject, Libraw and 1 more | 4 Debian Linux, Fedora, Libraw and 1 more | 2024-11-21 | 7.5 High |
| LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength. | ||||
| CVE-2020-15490 | 1 Wavlink | 2 Wl-wn530hg4, Wl-wn530hg4 Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Wavlink WL-WN530HG4 M30HG4.V5030.191116 devices. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. (The set of affected scripts is similar to CVE-2020-12266.) | ||||
| CVE-2020-15479 | 1 Passmark | 3 Burnintest, Osforensics, Performancetest | 2024-11-21 | 8.8 High |
| An issue was discovered in PassMark BurnInTest through 9.1, OSForensics through 7.1, and PerformanceTest through 10. The driver's IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow. This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo32.sys and DirectIo64.sys. | ||||
| CVE-2020-15476 | 3 Debian, Linux, Ntop | 3 Debian Linux, Linux Kernel, Ndpi | 2024-11-21 | 7.5 High |
| In nDPI through 3.2, the Oracle protocol dissector has a heap-based buffer over-read in ndpi_search_oracle in lib/protocols/oracle.c. | ||||