Total
4813 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-27031 | 1 Google | 1 Android | 2020-12-16 | 2.1 LOW | 4.4 MEDIUM |
| In nfc_data_event of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-151313205 | |||||
| CVE-2020-0482 | 1 Google | 1 Android | 2020-12-16 | 2.1 LOW | 4.4 MEDIUM |
| In command of IncidentService.cpp, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-150706572 | |||||
| CVE-2020-27033 | 1 Google | 1 Android | 2020-12-16 | 2.1 LOW | 4.4 MEDIUM |
| In nfc_ncif_proc_get_routing of nfc_ncif.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153655153 | |||||
| CVE-2020-0280 | 1 Google | 1 Android | 2020-12-15 | 1.9 LOW | 5.5 MEDIUM |
| In nci_proc_ee_management_rsp of nci_hrcv.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-136565424 | |||||
| CVE-2020-27021 | 1 Google | 1 Android | 2020-12-15 | 2.1 LOW | 4.4 MEDIUM |
| In avrc_ctrl_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-168712245 | |||||
| CVE-2020-27024 | 1 Google | 1 Android | 2020-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure triggered by a malformed Bluetooth packet, with no additional execution privileges needed. User interaction is not needed for exploitation. Bounds Sanitizer mitigates this in the default configuration.Product: AndroidVersions: Android-11Android ID: A-162327732 | |||||
| CVE-2020-27036 | 1 Google | 1 Android | 2020-12-15 | 4.6 MEDIUM | 6.7 MEDIUM |
| In phNxpNciHal_send_ext_cmd of phNxpNciHal_ext.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731369 | |||||
| CVE-2020-27037 | 1 Google | 1 Android | 2020-12-15 | 2.1 LOW | 4.4 MEDIUM |
| In phNxpNciHal_core_initialized of phNxpNciHal.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the NFC server with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-153731335 | |||||
| CVE-2020-28915 | 1 Linux | 1 Linux Kernel | 2020-12-15 | 6.1 MEDIUM | 5.8 MEDIUM |
| A buffer over-read (at the framebuffer layer) in the fbcon code in the Linux kernel before 5.8.15 could be used by local attackers to read kernel memory, aka CID-6735b4632def. | |||||
| CVE-2020-0494 | 1 Google | 1 Android | 2020-12-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In ih264d_parse_ave of ih264d_sei.c, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-152895390 | |||||
| CVE-2020-0492 | 1 Google | 1 Android | 2020-12-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| In BitstreamFillCache of bitstream.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-154058264 | |||||
| CVE-2020-0463 | 1 Google | 1 Android | 2020-12-15 | 5.0 MEDIUM | 7.5 HIGH |
| In sdp_server_handle_client_req of sdp_server.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure from the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.0 Android-8.1 Android-9Android ID: A-169342531 | |||||
| CVE-2020-24334 | 3 Contiki-ng, Contiki-os, Uip Project | 3 Contiki-ng, Contiki, Uip | 2020-12-15 | 6.4 MEDIUM | 8.2 HIGH |
| The code that processes DNS responses in uIP through 1.0, as used in Contiki and Contiki-NG, does not check whether the number of responses specified in the DNS packet header corresponds to the response data available in the DNS packet, leading to an out-of-bounds read and Denial-of-Service in resolv.c. | |||||
| CVE-2020-24383 | 1 Fnet Project | 1 Fnet | 2020-12-14 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in FNET through 4.6.4. The code for processing resource records in mDNS queries doesn't check for proper '\0' termination of the resource record name string, leading to an out-of-bounds read, and potentially causing information leak or Denial-or-Service. | |||||
| CVE-2020-25109 | 1 Ethernut | 1 Nut\/os | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The number of DNS queries/responses (set in a DNS header) is not checked against the data present. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | |||||
| CVE-2020-25107 | 1 Ethernut | 1 Nut\/os | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. There is no check on whether a domain name has '\0' termination. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | |||||
| CVE-2020-25110 | 1 Ethernut | 1 Nut\/os | 2020-12-14 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the DNS implementation in Ethernut in Nut/OS 5.1. The length byte of a domain name in a DNS query/response is not checked, and is used for internal memory operations. This may lead to successful Denial-of-Service, and possibly Remote Code Execution. | |||||
| CVE-2020-17445 | 1 Altran | 1 Picotcp | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in picoTCP 1.7.0. The code for processing the IPv6 destination options does not check for a valid length of the destination options header. This results in an Out-of-Bounds Read, and, depending on the memory protection mechanism, this may result in Denial-of-Service in pico_ipv6_process_destopt() in pico_ipv6.c. | |||||
| CVE-2020-24339 | 1 Altran | 2 Picotcp, Picotcp-ng | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The DNS domain name record decompression functionality in pico_dns_decompress_name() in pico_dns_common.c does not validate the compression pointer offset values with respect to the actual data present in a DNS response packet, causing out-of-bounds reads that lead to Denial-of-Service. | |||||
| CVE-2020-24340 | 1 Altran | 2 Picotcp, Picotcp-ng | 2020-12-14 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in picoTCP and picoTCP-NG through 1.7.0. The code that processes DNS responses in pico_mdns_handle_data_as_answers_generic() in pico_mdns.c does not check whether the number of answers/responses specified in a DNS packet header corresponds to the response data available in the packet, leading to an out-of-bounds read, invalid pointer dereference, and Denial-of-Service. | |||||