Total
7100 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14694 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 4.7 MEDIUM | 5.3 MEDIUM |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2020-14676 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 4.4 MEDIUM | 7.5 HIGH |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.44, prior to 6.0.24 and prior to 6.1.12. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H). | |||||
| CVE-2020-14377 | 3 Canonical, Dpdk, Opensuse | 3 Ubuntu Linux, Data Plane Development Kit, Leap | 2024-11-21 | 3.6 LOW | 7.1 HIGH |
| A flaw was found in dpdk in versions before 18.11.10 and before 19.11.5. A complete lack of validation of attacker-controlled parameters can lead to a buffer over read. The results of the over read are then written back to the guest virtual machine memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. The highest threat from this vulnerability is to data confidentiality and system availability. | |||||
| CVE-2020-14364 | 6 Canonical, Debian, Fedoraproject and 3 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2024-11-21 | 4.4 MEDIUM | 5.0 MEDIUM |
| An out-of-bounds read/write access flaw was found in the USB emulator of the QEMU in versions before 5.2.0. This issue occurs while processing USB packets from a guest when USBDevice 'setup_len' exceeds its 'data_buf[4096]' in the do_token_in, do_token_out routines. This flaw allows a guest user to crash the QEMU process, resulting in a denial of service, or the potential execution of arbitrary code with the privileges of the QEMU process on the host. | |||||
| CVE-2020-14314 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2020-14163 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in ecma/operations/ecma-container-object.c in JerryScript 2.2.0. Operations with key/value pairs did not consider the case where garbage collection is triggered after the key operation but before the value operation, as demonstrated by improper read access to memory in ecma_gc_set_object_visited in ecma/base/ecma-gc.c. | |||||
| CVE-2020-14153 | 1 Ijg | 1 Libjpeg | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| In IJG JPEG (aka libjpeg) from version 8 through 9c, jdhuff.c has an out-of-bounds array read for certain table pointers. | |||||
| CVE-2020-14148 | 3 Barton, Debian, Fedoraproject | 3 Ngircd, Debian Linux, Fedora | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. | |||||
| CVE-2020-14125 | 1 Mi | 3 Miui, Redmi Note 11, Redmi Note 9t | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service. | |||||
| CVE-2020-13987 | 4 Contiki-os, Open-iscsi Project, Siemens and 1 more | 11 Contiki, Open-iscsi, Sentron 3va Com100 and 8 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. | |||||
| CVE-2020-13910 | 1 Pengutronix | 1 Barebox | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. | |||||
| CVE-2020-13902 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. | |||||
| CVE-2020-13791 | 1 Qemu | 1 Qemu | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space. | |||||
| CVE-2020-13790 | 2 Libjpeg-turbo, Mozilla | 2 Libjpeg-turbo, Mozjpeg | 2024-11-21 | 5.8 MEDIUM | 8.1 HIGH |
| libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file. | |||||
| CVE-2020-13656 | 1 Morganstanley | 1 Hobbes | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution. | |||||
| CVE-2020-13601 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.5 HIGH | 9.0 CRITICAL |
| Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44 | |||||
| CVE-2020-13498 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-13497 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in String Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-13496 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-13439 | 1 Rockcarry | 1 Ffjpeg | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| ffjpeg through 2020-02-24 has a heap-based buffer over-read in jfif_decode in jfif.c. | |||||