Total
71 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3969 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 4.4 MEDIUM | 7.8 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-10062 | 1 Zephyrproject | 1 Zephyr | 2020-06-12 | 7.5 HIGH | 9.8 CRITICAL |
| An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions. | |||||
| CVE-2011-2852 | 1 Google | 1 Chrome | 2020-05-08 | 6.8 MEDIUM | N/A |
| Off-by-one error in Google V8, as used in Google Chrome before 14.0.835.163, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||||
| CVE-2020-6835 | 1 Bftpd Project | 1 Bftpd | 2020-01-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking. | |||||
| CVE-2014-8182 | 2 Debian, Openldap | 2 Debian Linux, Openldap | 2020-01-09 | 4.3 MEDIUM | 7.5 HIGH |
| An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses. | |||||
| CVE-2015-0841 | 1 Monopd Project | 1 Monopd | 2019-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line. | |||||
| CVE-2017-14502 | 1 Libarchive | 1 Libarchive | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header. | |||||
| CVE-2018-7329 | 1 Wireshark | 1 Wireshark | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, epan/dissectors/packet-s7comm.c had an infinite loop that was addressed by correcting off-by-one errors. | |||||
| CVE-2017-9720 | 1 Google | 1 Android | 2019-10-02 | 6.8 MEDIUM | 7.8 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, due to an off-by-one error in a camera driver, an out-of-bounds read/write can occur. | |||||
| CVE-2018-9860 | 1 Botan Project | 1 Botan | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs. | |||||
| CVE-2017-1000416 | 1 Axtls Project | 1 Axtls | 2019-10-02 | 5.0 MEDIUM | 5.3 MEDIUM |
| axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting in the year (19)50 of UTCTime being misinterpreted as 2050. | |||||