Total
8118 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-35859 | 1 Lucet-runtime-internals Project | 1 Lucet-runtime-internals | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption. | |||||
| CVE-2020-35683 | 2 Hcc-embedded, Siemens | 3 Nichestack, 7km9300-0ae02-0aa0, 7km9300-0ae02-0aa0 Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service. | |||||
| CVE-2020-35655 | 2 Fedoraproject, Python | 2 Fedora, Pillow | 2024-11-21 | 5.8 MEDIUM | 5.4 MEDIUM |
| In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | |||||
| CVE-2020-35653 | 3 Debian, Fedoraproject, Python | 3 Debian Linux, Fedora, Pillow | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
| In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | |||||
| CVE-2020-35636 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1 in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sface() sfh->volume() OOB read. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2020-35632 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->boundary_entry_objects Edge_of. | |||||
| CVE-2020-35631 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() SD.link_as_face_cycle(). | |||||
| CVE-2020-35630 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sface() sfh->center_vertex(). | |||||
| CVE-2020-35629 | 2 Cgal, Debian | 2 Computational Geometry Algorithms Library, Debian Linux | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Multiple code execution vulnerabilities exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. A specially crafted malformed file can lead to an out-of-bounds read and type confusion, which could lead to code execution. An attacker can provide malicious input to trigger any of these vulnerabilities. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser<EW>::read_sloop() slh->facet(). | |||||
| CVE-2020-35628 | 3 Cgal, Debian, Fedoraproject | 3 Computational Geometry Algorithms Library, Debian Linux, Fedora | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A code execution vulnerability exists in the Nef polygon-parsing functionality of CGAL libcgal CGAL-5.1.1. An oob read vulnerability exists in Nef_S2/SNC_io_parser.h SNC_io_parser::read_sloop() slh->incident_sface. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2020-35535 | 1 Libraw | 1 Libraw | 2024-11-21 | N/A | 5.5 MEDIUM |
| In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. | |||||
| CVE-2020-35533 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | N/A | 5.5 MEDIUM |
| In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. | |||||
| CVE-2020-35532 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | N/A | 5.5 MEDIUM |
| In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. | |||||
| CVE-2020-35531 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | N/A | 5.5 MEDIUM |
| In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. | |||||
| CVE-2020-35519 | 2 Linux, Netapp | 20 Linux Kernel, Cloud Backup, H300e and 17 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||
| CVE-2020-35448 | 2 Gnu, Netapp | 2 Binutils, Ontap Select Deploy Administration Utility | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. | |||||
| CVE-2020-2748 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 2.1 LOW | 3.2 LOW |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). | |||||
| CVE-2020-2743 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2020-2741 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 2.1 LOW | 6.0 MEDIUM |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | |||||
| CVE-2020-29657 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file. | |||||