Total
1596 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-3667 | 1 Qualcomm | 60 Apq8098, Apq8098 Firmware, Ipq5018 and 57 more | 2020-09-11 | 10.0 HIGH | 9.8 CRITICAL |
u'Buffer Overflow in mic calculation for WPA due to copying data into buffer without validating the length of buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ5018, IPQ6018, IPQ8074, Kamorta, MSM8998, Nicobar, QCA6390, QCA8081, QCS404, QCS405, QCS605, Rennell, SA415M, Saipan, SC7180, SC8180X, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130 | |||||
CVE-2020-3668 | 1 Qualcomm | 46 Ipq6018, Ipq6018 Firmware, Ipq8074 and 43 more | 2020-09-11 | 10.0 HIGH | 9.8 CRITICAL |
u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Kamorta, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, QCS605, Rennell, SA415M, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130 | |||||
CVE-2020-25125 | 2 Gnupg, Gpg4win | 2 Gnupg, Gpg4win | 2020-09-11 | 6.8 MEDIUM | 7.8 HIGH |
GnuPG 2.2.21 and 2.2.22 (and Gpg4win 3.1.12) has an array overflow, leading to a crash or possibly unspecified other impact, when a victim imports an attacker's OpenPGP key, and this key has AEAD preferences. The overflow is caused by a g10/key-check.c error. NOTE: GnuPG 2.3.x is unaffected. GnuPG 2.2.23 is a fixed version. | |||||
CVE-2019-13992 | 1 Qualcomm | 62 Bitra, Bitra Firmware, Ipq6018 and 59 more | 2020-09-11 | 7.2 HIGH | 7.8 HIGH |
u'Out of bound memory access if stack push and pop operation are performed without doing a bound check on stack top' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in Bitra, IPQ6018, IPQ8074, MDM9205, Nicobar, QCA8081, QCN7605, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA6155P, Saipan, SC7180, SC8180X, SDA845, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
CVE-2006-2935 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2020-08-28 | 4.6 MEDIUM | N/A |
The dvd_read_bca function in the DVD handling code in drivers/cdrom/cdrom.c in Linux kernel 2.2.16, and later versions, assigns the wrong value to a length variable, which allows local users to execute arbitrary code via a crafted USB Storage device that triggers a buffer overflow. | |||||
CVE-2020-9063 | 1 Ncr | 2 Aptra Xfs, Selfserv Atm | 2020-08-27 | 7.2 HIGH | 7.6 HIGH |
NCR SelfServ ATMs running APTRA XFS 05.01.00 or earlier do not authenticate or protect the integrity of USB HID communications between the currency dispenser and the host computer, permitting an attacker with physical access to internal ATM components the ability to inject a malicious payload and execute arbitrary code with SYSTEM privileges on the host computer by causing a buffer overflow on the host. | |||||
CVE-2019-6258 | 1 D-link | 2 Dir-822, Dir-822 Firmware | 2020-08-25 | 7.5 HIGH | 9.8 CRITICAL |
D-Link DIR-822 Rev.Bx devices with firmware v.202KRb06 and older allow a buffer overflow via long MacAddress data in a /HNAP1/SetClientInfo HNAP protocol message, which is mishandled in /usr/sbin/udhcpd during reading of the /var/servd/LAN-1-udhcpd.conf file. | |||||
CVE-2020-15531 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air remote code execution vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. | |||||
CVE-2020-15532 | 1 Silabs | 1 Bluetooth Low Energy Software Development Kit | 2020-08-24 | 3.3 LOW | 6.5 MEDIUM |
Silicon Labs Bluetooth Low Energy SDK before 2.13.3 has a buffer overflow via packet data. This is an over-the-air denial of service vulnerability in Bluetooth LE in EFR32 SoCs and associated modules running Bluetooth SDK, supporting Central or Observer roles. | |||||
CVE-2020-8712 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2020-08-19 | 4.6 MEDIUM | 7.8 HIGH |
Buffer overflow in a verification process for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow an authenticated user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-8710 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2020-08-19 | 4.6 MEDIUM | 6.7 MEDIUM |
Buffer overflow in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access. | |||||
CVE-2020-8707 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2020-08-19 | 5.8 MEDIUM | 8.8 HIGH |
Buffer overflow in daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
CVE-2020-7374 | 1 Documalis | 2 Free Pdf Editor, Free Pdf Scanner | 2020-08-19 | 6.8 MEDIUM | 7.8 HIGH |
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software. | |||||
CVE-2019-15948 | 1 Ti | 6 Cc256xb-bt-sp, Cc256xb-bt-sp Firmware, Cc256xc-bt-sp and 3 more | 2020-08-18 | 5.8 MEDIUM | 8.8 HIGH |
Texas Instruments CC256x and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code. This affects CC256xC-BT-SP 1.2, CC256xB-BT-SP 1.8, and WL18xx-BT-SP 4.4. | |||||
CVE-2020-8706 | 1 Intel | 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more | 2020-08-18 | 5.8 MEDIUM | 8.8 HIGH |
Buffer overflow in a daemon for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
CVE-2014-6310 | 2 Call-cc, Debian | 2 Chicken, Debian Linux | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function. | |||||
CVE-2013-7088 | 3 Clamav, Debian, Fedoraproject | 3 Clamav, Debian Linux, Fedora | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
ClamAV before 0.97.7 has buffer overflow in the libclamav component | |||||
CVE-2020-5311 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow. | |||||
CVE-2020-5312 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2020-08-18 | 7.5 HIGH | 9.8 CRITICAL |
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow. | |||||
CVE-2019-18397 | 2 Debian, Gnu | 2 Debian Linux, Fribidi | 2020-08-18 | 6.8 MEDIUM | 7.8 HIGH |
A buffer overflow in the fribidi_get_par_embedding_levels_ex() function in lib/fribidi-bidi.c of GNU FriBidi through 1.0.7 allows an attacker to cause a denial of service or possibly execute arbitrary code by delivering crafted text content to a user, when this content is then rendered by an application that uses FriBidi for text layout calculations. Examples include any GNOME or GTK+ based application that uses Pango for text layout, as this internally uses FriBidi for bidirectional text layout. For example, the attacker can construct a crafted text file to be opened in GEdit, or a crafted IRC message to be viewed in HexChat. |