Total
1596 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9247 | 1 Huawei | 26 Hima-l29c, Hima-l29c Firmware, Honor 20 Pro and 23 more | 2020-12-08 | 6.8 MEDIUM | 7.8 HIGH |
| There is a buffer overflow vulnerability in several Huawei products. The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. Affected product include Huawei HONOR 20 PRO, Mate 20, Mate 20 Pro, Mate 20 X, P30, P30 Pro, Hima-L29C, Laya-AL00EP, Princeton-AL10B, Tony-AL00B, Yale-L61A, Yale-TL00B and YaleP-AL10B. | |||||
| CVE-2020-4102 | 1 Hcltech | 1 Notes | 2020-12-04 | 7.2 HIGH | 6.7 MEDIUM |
| HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system. | |||||
| CVE-2020-14260 | 1 Hcltech | 1 Domino | 2020-12-04 | 10.0 HIGH | 9.8 CRITICAL |
| HCL Domino is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. | |||||
| CVE-2020-28877 | 1 Tp-link | 30 Wdr7400, Wdr7400 Firmware, Wdr7500 and 27 more | 2020-12-03 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in in the copy_msg_element function for the devDiscoverHandle server in the TP-Link WR and WDR series, including WDR7400, WDR7500, WDR7660, WDR7800, WDR8400, WDR8500, WDR8600, WDR8620, WDR8640, WDR8660, WR880N, WR886N, WR890N, WR890N, WR882N, and WR708N. | |||||
| CVE-2020-25185 | 1 Paradox | 2 Ip150, Ip150 Firmware | 2020-12-03 | 6.5 MEDIUM | 8.8 HIGH |
| The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP150 (firmware versions 5.02.09). | |||||
| CVE-2020-7564 | 1 Schneider-electric | 40 Modicon M340 Bmx Noc 0401, Modicon M340 Bmx Noc 0401 Firmware, Modicon M340 Bmx Noe 0100 and 37 more | 2020-12-02 | 6.5 MEDIUM | 8.8 HIGH |
| A CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability exists in the Web Server on Modicon M340, Modicon Quantum and Modicon Premium Legacy offers and their Communication Modules (see notification for details) which could cause write access and the execution of commands when uploading a specially crafted file on the controller over FTP. | |||||
| CVE-2020-28864 | 1 Winscp | 1 Winscp | 2020-12-02 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow in WinSCP 5.17.8 allows a malicious FTP server to cause a denial of service or possibly have other unspecified impact via a long file name. | |||||
| CVE-2020-27486 | 1 Garmin | 2 Forerunner 235, Forerunner 235 Firmware | 2020-12-02 | 6.5 MEDIUM | 9.9 CRITICAL |
| Garmin Forerunner 235 before 8.20 is affected by: Buffer Overflow. The component is: ConnectIQ TVM. The attack vector is: To exploit the vulnerability, the attacker must upload a malicious ConnectIQ application to the ConnectIQ store. The ConnectIQ program interpreter trusts the string length provided in the data section of the PRG file. It allocates memory for the string immediately, and then copies the string into the TVM object by using a function similar to strcpy. This copy can exceed the length of the allocated string data and overwrite heap data. A successful exploit would allow a ConnectIQ app store application to escape and perform activities outside the restricted application execution environment. | |||||
| CVE-2020-28005 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2020-12-01 | 3.5 LOW | 6.5 MEDIUM |
| httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 | |||||
| CVE-2020-4701 | 3 Ibm, Linux, Microsoft | 3 Db2, Linux Kernel, Windows | 2020-12-01 | 7.2 HIGH | 7.8 HIGH |
| IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code on the system with root privileges. | |||||
| CVE-2018-17770 | 1 Ingenico | 2 Telium 2, Telium 2 Firmware | 2020-11-23 | 7.2 HIGH | 6.6 MEDIUM |
| Ingenico Telium 2 POS terminals have a buffer overflow via the RemotePutFile command of the NTPT3 protocol. This is fixed in Telium 2 SDK v9.32.03 patch N. | |||||
| CVE-2015-3717 | 2 Apple, Sqlite | 3 Iphone Os, Mac Os X, Sqlite | 2020-11-20 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the printf functionality in SQLite, as used in Apple iOS before 8.4 and OS X before 10.10.4, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2017-6058 | 1 Qemu | 1 Qemu | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU (aka Quick Emulator), when the VLANSTRIP feature is enabled on the vmxnet3 device, allows remote attackers to cause a denial of service (out-of-bounds access and QEMU process crash) via vectors related to VLAN stripping. | |||||
| CVE-2020-5644 | 1 Mitsubishielectric | 6 Coreos, Gt1450-qlbde, Gt1450-qmbde and 3 more | 2020-11-20 | 7.5 HIGH | 9.8 CRITICAL |
| Buffer overflow vulnerability in TCP/IP function included in the firmware of GT14 Model of GOT 1000 series (GT1455-QTBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QMBDE CoreOS version "05.65.00.BD" and earlier, GT1450-QLBDE CoreOS version "05.65.00.BD" and earlier, GT1455HS-QTBDE CoreOS version "05.65.00.BD" and earlier, and GT1450HS-QMBDE CoreOS version "05.65.00.BD" and earlier) allows a remote unauthenticated attacker to stop the network functions of the products or execute a malicious program via a specially crafted packet. | |||||
| CVE-2020-11121 | 1 Qualcomm | 62 Qcm4290, Qcm4290 Firmware, Qcs4290 and 59 more | 2020-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | |||||
| CVE-2020-11130 | 1 Qualcomm | 62 Qcm4290, Qcm4290 Firmware, Qcs4290 and 59 more | 2020-11-19 | 4.6 MEDIUM | 7.8 HIGH |
| u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6250, SM6350, SM7125, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P | |||||
| CVE-2020-4097 | 1 Hcltech | 1 Notes | 2020-11-19 | 4.6 MEDIUM | 6.8 MEDIUM |
| In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client. | |||||
| CVE-2020-0584 | 1 Intel | 8 Optane Ssd 900p, Optane Ssd 900p Firmware, Optane Ssd 905p and 5 more | 2020-11-19 | 2.1 LOW | 6.2 MEDIUM |
| Buffer overflow in firmware for Intel(R) SSD DC P4800X and P4801X Series, Intel(R) Optane(TM) SSD 900P and 905P Series may allow an unauthenticated user to potentially enable a denial of service via local access. | |||||
| CVE-2020-17084 | 1 Microsoft | 1 Exchange Server | 2020-11-17 | 9.0 HIGH | 8.8 HIGH |
| Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2020-17083. | |||||
| CVE-2020-28341 | 2 Google, Samsung | 2 Android, Exynos 990 | 2020-11-10 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020). | |||||