Total
12759 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-7822 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed image file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7818 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.9 and earlier has a Heap-based overflow vulnerability, triggered when the user opens a malformed PDF file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7563 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause corruption of data, a crash, or code execution when uploading a specially crafted file on the controller over FTP. | |||||
| CVE-2020-7558 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7556 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7555 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7553 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787 Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247 that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7552 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7551 | 1 Schneider-electric | 1 Interactive Graphical Scada System | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists in IGSS Definition (Def.exe) version 14.0.0.20247, that could cause Remote Code Execution when malicious CGF (Configuration Group File) file is imported to IGSS Definition. | |||||
| CVE-2020-7524 | 1 Schneider-electric | 2 Modicon M218, Modicon M218 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (V5.0.0.7 and prior) which could cause Denial of Service when sending specific crafted IPV4 packet to the controller: Sending a specific IPv4 protocol package to Schneider Electric Modicon M218 Logic Controller can cause IPv4 devices to go down. The device does not work properly and must be powered back on to return to normal. | |||||
| CVE-2020-7502 | 1 Schneider-electric | 2 Modicon M218, Modicon M218 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A CWE-787: Out-of-bounds Write vulnerability exists in Modicon M218 Logic Controller (Firmware version 4.3 and prior), which may cause a Denial of Service when specific TCP/IP crafted packets are sent to the Modicon M218 Logic Controller. | |||||
| CVE-2020-7465 | 2 Mpd Project, Stormshield | 2 Mpd, Stormshield Network Security | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| The L2TP implementation of MPD before 5.9 allows a remote attacker who can send specifically crafted L2TP control packet with AVP Q.931 Cause Code to execute arbitrary code or cause a denial of service (memory corruption). | |||||
| CVE-2020-7461 | 2 Freebsd, Siemens | 5 Freebsd, Simatic Rf350m, Simatic Rf350m Firmware and 2 more | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| In FreeBSD 12.1-STABLE before r365010, 11.4-STABLE before r365011, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEASE before p13, dhclient(8) fails to handle certain malformed input related to handling of DHCP option 119 resulting a heap overflow. The heap overflow could in principle be exploited to achieve remote code execution. The affected process runs with reduced privileges in a Capsicum sandbox, limiting the immediate impact of an exploit. | |||||
| CVE-2020-7458 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r362281, 11.4-STABLE before r362281, and 11.4-RELEASE before p1, long values in the user-controlled PATH environment variable cause posix_spawnp to write beyond the end of the heap allocated stack possibly leading to arbitrary code execution. | |||||
| CVE-2020-7454 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r360971, 12.1-RELEASE before p5, 11.4-STABLE before r360971, 11.4-BETA1 before p1 and 11.3-RELEASE before p9, libalias does not properly validate packet length resulting in modules causing an out of bounds read/write condition if no checking was built into the module. | |||||
| CVE-2020-7450 | 1 Freebsd | 1 Freebsd | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD 12.1-STABLE before r357213, 12.1-RELEASE before 12.1-RELEASE-p2, 12.0-RELEASE before 12.0-RELEASE-p13, 11.3-STABLE before r357214, and 11.3-RELEASE before 11.3-RELEASE-p6, URL handling in libfetch with URLs containing username and/or password components is vulnerable to a heap buffer overflow allowing program misbehavior or malicious code execution. | |||||
| CVE-2020-7248 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libubox in OpenWrt before 18.06.7 and 19.x before 19.07.1 has a tagged binary data JSON serialization vulnerability that may cause a stack based buffer overflow. | |||||
| CVE-2020-7131 | 1 Hp | 3 Blade Maintenance Entity, Integrated Maintenance Entity, Maintenance Entity | 2024-11-21 | 9.0 HIGH | 9.0 CRITICAL |
| This document describes a security vulnerability in Blade Maintenance Entity, Integrated Maintenance Entity and Maintenance Entity products. All J/H-series NonStop systems have a security vulnerability associated with an open UDP port 17185 on the Maintenance LAN which could result in information disclosure, denial-of-service attacks or local memory corruption against the affected system and a complete control of the system may also be possible. This vulnerability exists only if one gains access to the Maintenance LAN to which Blade Maintenance Entity, Integrated Maintenance Entity or Maintenance Entity product is connected. **Workaround:** Block the UDP port 17185(In the Maintenance LAN Network Switch/Firewall). Fix: Install following SPRs, which are already available: * T1805A01^AAI (Integrated Maintenance Entity) * T4805A01^AAZ (Blade Maintenance Entity). These SPRs are also usable with the following RVUs: * J06.19.00 ? J06.23.01. No fix planned for the following RVUs: J06.04.00 ? J06.18.01. No fix planned for H-Series NonStop systems. No fix planned for the product T2805 (Maintenance Entity). | |||||
| CVE-2020-7122 | 1 Arubanetworks | 12 Cx 6200f, Cx 6200f Firmware, Cx 6300 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the CDP (Cisco Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.1000. | |||||
| CVE-2020-7121 | 1 Arubanetworks | 12 Cx 6200f, Cx 6200f Firmware, Cx 6300 and 9 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Two memory corruption vulnerabilities in the Aruba CX Switches Series 6200F, 6300, 6400, 8320, 8325, and 8400 have been found. Successful exploitation of these vulnerabilities could result in Local Denial of Service of the LLDP (Link Layer Discovery Protocol) process in the switch. This applies to firmware versions prior to 10.04.3021. | |||||