Vulnerabilities (CVE)

Filtered by CWE-787
Total 12282 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-16000 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Inappropriate implementation in Blink in Google Chrome prior to 86.0.4240.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15995 3 Debian, Fedoraproject, Google 4 Debian Linux, Fedora, Android and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Out of bounds write in V8 in Google Chrome prior to 86.0.4240.99 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15979 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Inappropriate implementation in V8 in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15976 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Android and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Use after free in WebXR in Google Chrome on Android prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15975 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Integer overflow in SwiftShader in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15972 4 Debian, Fedoraproject, Google and 1 more 4 Debian Linux, Fedora, Chrome and 1 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Use after free in audio in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15969 5 Apple, Debian, Fedoraproject and 2 more 10 Ipados, Iphone Os, Macos and 7 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Use after free in WebRTC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15964 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Insufficient data validation in media in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVE-2020-15960 4 Debian, Fedoraproject, Google and 1 more 5 Debian Linux, Fedora, Chrome and 2 more 2024-11-21 6.8 MEDIUM 8.8 HIGH
Heap buffer overflow in storage in Google Chrome prior to 85.0.4183.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
CVE-2020-15904 1 Pypi 1 Bsdiff4 2024-11-21 6.8 MEDIUM 7.8 HIGH
A buffer overflow in the patching routine of bsdiff4 before 1.2.0 allows an attacker to write to heap memory (beyond allocated bounds) via a crafted patch file.
CVE-2020-15900 3 Artifex, Canonical, Opensuse 3 Ghostscript, Ubuntu Linux, Leap 2024-11-21 7.5 HIGH 9.8 CRITICAL
A memory corruption issue was found in Artifex Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator can allow overriding of file access controls. The 'rsearch' calculation for the 'post' size resulted in a size that was too large, and could underflow to max uint32_t. This was fixed in commit 5d499272b95a6b890a1397e11d20937de000d31b.
CVE-2020-15892 1 Dlink 2 Dap-1520, Dap-1520 Firmware 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in apply.cgi on D-Link DAP-1520 devices before 1.10b04Beta02. Whenever a user performs a login action from the web interface, the request values are being forwarded to the ssi binary. On the login page, the web interface restricts the password input field to a fixed length of 15 characters. The problem is that validation is being done on the client side, hence it can be bypassed. When an attacker manages to intercept the login request (POST based) and tampers with the vulnerable parameter (log_pass), to a larger length, the request will be forwarded to the webserver. This results in a stack-based buffer overflow. A few other POST variables, (transferred as part of the login request) are also vulnerable: html_response_page and log_user.
CVE-2020-15888 1 Lua 1 Lua 2024-11-21 6.8 MEDIUM 8.8 HIGH
Lua through 5.4.0 mishandles the interaction between stack resizes and garbage collection, leading to a heap-based buffer overflow, heap-based buffer over-read, or use-after-free.
CVE-2020-15866 2 Debian, Mruby 2 Debian Linux, Mruby 2024-11-21 7.5 HIGH 9.8 CRITICAL
mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function.
CVE-2020-15863 3 Canonical, Debian, Qemu 3 Ubuntu Linux, Debian Linux, Qemu 2024-11-21 4.4 MEDIUM 5.3 MEDIUM
hw/net/xgmac.c in the XGMAC Ethernet controller in QEMU before 07-20-2020 has a buffer overflow. This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit 5519724a13664b43e225ca05351c60b4468e4555.
CVE-2020-15795 1 Siemens 2 Nucleus Net, Nucleus Source Code 2024-11-21 6.8 MEDIUM 8.1 HIGH
A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.
CVE-2020-15744 1 Govicture 2 Pc420, Pc420 Firmware 2024-11-21 10.0 HIGH 9.6 CRITICAL
Stack-based Buffer Overflow vulnerability in the ONVIF server component of Victure PC420 smart camera allows an attacker to execute remote code on the target device. This issue affects: Victure PC420 firmware version 1.2.2 and prior versions.
CVE-2020-15683 3 Debian, Mozilla, Opensuse 5 Debian Linux, Firefox, Firefox Esr and 2 more 2024-11-21 7.5 HIGH 9.8 CRITICAL
Mozilla developers and community members reported memory safety bugs present in Firefox 81 and Firefox ESR 78.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 78.4, Firefox < 82, and Thunderbird < 78.4.
CVE-2020-15674 1 Mozilla 1 Firefox 2024-11-21 6.8 MEDIUM 8.8 HIGH
Mozilla developers reported memory safety bugs present in Firefox 80. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 81.
CVE-2020-15667 1 Mozilla 1 Firefox 2024-11-21 6.8 MEDIUM 8.8 HIGH
When processing a MAR update file, after the signature has been validated, an invalid name length could result in a heap overflow, leading to memory corruption and potentially arbitrary code execution. Within Firefox as released by Mozilla, this issue is only exploitable with the Mozilla-controlled signing key. This vulnerability affects Firefox < 80.