Vulnerabilities (CVE)

Filtered by CWE-125
Total 8878 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-36615 1 Apple 1 Macos 2026-06-17 N/A 7.8 HIGH
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.0.1. Processing a maliciously crafted font may lead to arbitrary code execution.
CVE-2020-36602 1 Huawei 16 576up005 Hota-cm-h-shark-bd, 576up005 Hota-cm-h-shark-bd Firmware, 577hota-cm-h-shark-bd and 13 more 2026-06-17 N/A 6.1 MEDIUM
There is an out-of-bounds read and write vulnerability in some headset products. An unauthenticated attacker gets the device physically and crafts malformed message with specific parameter and sends the message to the affected products. Due to insufficient validation of message, which may be exploited to cause out-of-bounds read and write.
CVE-2020-36521 1 Apple 7 Icloud, Ipados, Iphone Os and 4 more 2026-06-17 N/A 7.1 HIGH
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.
CVE-2020-36426 2 Arm, Debian 2 Mbed Tls, Debian Linux 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
CVE-2020-36386 1 Linux 1 Linux Kernel 2026-06-17 5.6 MEDIUM 7.1 HIGH
An issue was discovered in the Linux kernel before 5.8.1. net/bluetooth/hci_event.c has a slab out-of-bounds read in hci_extended_inquiry_result_evt, aka CID-51c19bf3d5cf.
CVE-2020-36331 5 Apple, Debian, Netapp and 2 more 6 Ipados, Iphone Os, Debian Linux and 3 more 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2020-36330 5 Apple, Debian, Netapp and 2 more 6 Ipados, Iphone Os, Debian Linux and 3 more 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
CVE-2020-36325 1 Jansson Project 1 Jansson 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification
CVE-2020-36281 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixFewColorsOctcubeQuantMixed in colorquant1.c.
CVE-2020-36280 2 Fedoraproject, Leptonica 2 Fedora, Leptonica 2026-06-17 5.0 MEDIUM 7.5 HIGH
Leptonica before 1.80.0 allows a heap-based buffer over-read in pixReadFromTiffStream, related to tiffio.c.
CVE-2020-36279 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
Leptonica before 1.80.0 allows a heap-based buffer over-read in rasteropGeneralLow, related to adaptmap_reg.c and adaptmap.c.
CVE-2020-36278 4 Debian, Fedoraproject, Leptonica and 1 more 4 Debian Linux, Fedora, Leptonica and 1 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
Leptonica before 1.80.0 allows a heap-based buffer over-read in findNextBorderPixel in ccbord.c.
CVE-2020-36223 3 Apple, Debian, Openldap 4 Mac Os X, Macos, Debian Linux and 1 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
A flaw was discovered in OpenLDAP before 2.4.57 leading to a slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read).
CVE-2020-36150 2 Fedoraproject, Symonics 2 Fedora, Libmysofa 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block.
CVE-2020-36134 1 Aomedia 1 Aomedia 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c.
CVE-2020-36074 1 Tailor Management System Project 1 Tailor Management System 2026-06-17 N/A 8.8 HIGH
SQL injection vulnerability found in Tailor Mangement System v.1 allows a remote attacker to execute arbitrary code via the title parameter.
CVE-2020-35892 1 Simple-slab Project 1 Simple-slab 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read.
CVE-2020-35890 1 Ordnung Project 1 Ordnung 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity.
CVE-2020-35861 1 Bumpalo Project 1 Bumpalo 2026-06-17 5.0 MEDIUM 7.5 HIGH
An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys.
CVE-2020-35859 1 Lucet-runtime-internals Project 1 Lucet-runtime-internals 2026-06-17 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption.