Total
12281 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12369 | 1 Intel | 1 Graphics Drivers | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Out of bound write in some Intel(R) Graphics Drivers before version 26.20.100.8336 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
| CVE-2020-12358 | 3 Intel, Netapp, Siemens | 548 Bios, Core I3-l13g4, Core I5-l16g7 and 545 more | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
| Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2020-12289 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| Out-of-bounds write in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2020-12284 | 3 Canonical, Debian, Ffmpeg | 3 Ubuntu Linux, Debian Linux, Ffmpeg | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| cbs_jpeg_split_fragment in libavcodec/cbs_jpeg.c in FFmpeg 4.1 and 4.2.2 has a heap-based buffer overflow during JPEG_MARKER_SOS handling because of a missing length check. | |||||
| CVE-2020-12268 | 3 Artifex, Debian, Opensuse | 3 Jbig2dec, Debian Linux, Leap | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| jbig2_image_compose in jbig2_image.c in Artifex jbig2dec before 0.18 has a heap-based buffer overflow. | |||||
| CVE-2020-12248 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. | |||||
| CVE-2020-12038 | 1 Rockwellautomation | 5 Eds Subsystem, Rslinx, Rslinx Enterprise and 2 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Products that use EDS Subsystem: Version 28.0.1 and prior (FactoryTalk Linx software (Previously called RSLinx Enterprise): Versions 6.00, 6.10, and 6.11, RSLinx Classic: Version 4.11.00 and prior, RSNetWorx software: Version 28.00.00 and prior, Studio 5000 Logix Designer software: Version 32 and prior) is vulnerable. A memory corruption vulnerability exists in the algorithm that matches square brackets in the EDS subsystem. This may allow an attacker to craft specialized EDS files to crash the EDSParser COM object, leading to denial-of-service conditions. | |||||
| CVE-2020-12031 | 1 Rockwellautomation | 1 Factorytalk View | 2024-11-21 | 4.6 MEDIUM | 7.5 HIGH |
| In all versions of FactoryTalk View SE, after bypassing memory corruption mechanisms found in the operating system, a local, authenticated attacker may corrupt the associated memory space allowing for arbitrary code execution. Rockwell Automation recommends applying patch 1126290. Before installing this patch, the patch rollup dated 06 Apr 2020 or later MUST be applied. 1066644 – Patch Roll-up for CPR9 SRx. | |||||
| CVE-2020-12019 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| WebAccess Node Version 8.4.4 and prior is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. | |||||
| CVE-2020-12011 | 2 Iconics, Mitsubishielectric | 11 Bizviz, Energy Analytix, Facility Analytix and 8 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A specially crafted communication packet sent to the affected systems could cause a denial-of-service condition or allow remote code execution. This issue affects: Mitsubishi Electric MC Works64 version 4.02C (10.95.208.31) and earlier, all versions; MC Works32 version 3.00A (9.50.255.02); ICONICS GenBroker64, Platform Services, Workbench, FrameWorX Server version 10.96 and prior; GenBroker32 version 9.5 and prior. | |||||
| CVE-2020-12002 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. | |||||
| CVE-2020-11958 | 2 Canonical, Re2c | 2 Ubuntu Linux, Re2c | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| re2c 1.3 has a heap-based buffer overflow in Scanner::fill in parse/scanner.cc via a long lexeme. | |||||
| CVE-2020-11939 | 1 Ntop | 1 Ndpi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| In nDPI through 3.2 Stable, the SSH protocol dissector has multiple KEXINIT integer overflows that result in a controlled remote heap overflow in concat_hash_string in ssh.c. Due to the granular nature of the overflow primitive and the ability to control both the contents and layout of the nDPI library's heap memory through remote input, this vulnerability may be abused to achieve full Remote Code Execution against any network inspection stack that is linked against nDPI and uses it to perform network traffic analysis. | |||||
| CVE-2020-11904 | 1 Treck | 1 Tcp\/ip | 2024-11-21 | 7.5 HIGH | 7.3 HIGH |
| The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write. | |||||
| CVE-2020-11901 | 1 Treck | 1 Tcp\/ip | 2024-11-21 | 9.3 HIGH | 9.0 CRITICAL |
| The Treck TCP/IP stack before 6.0.1.66 allows Remote Code execution via a single invalid DNS response. | |||||
| CVE-2020-11897 | 1 Treck | 1 Tcp\/ip | 2024-11-21 | 10.0 HIGH | 10.0 CRITICAL |
| The Treck TCP/IP stack before 5.0.1.35 has an Out-of-Bounds Write via multiple malformed IPv6 packets. | |||||
| CVE-2020-11896 | 1 Treck | 1 Tcp\/ip | 2024-11-21 | 9.3 HIGH | 10.0 CRITICAL |
| The Treck TCP/IP stack before 6.0.1.66 allows Remote Code Execution, related to IPv4 tunneling. | |||||
| CVE-2020-11873 | 1 Google | 1 Android | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. A stack-based buffer overflow in the logging tool could allow an attacker to gain privileges. The LG ID is LVE-SMP-200005 (April 2020). | |||||
| CVE-2020-11835 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. | |||||
| CVE-2020-11834 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability. | |||||