Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-9658 | 2 Adobe, Microsoft | 2 Audition, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe Audition versions 13.0.6 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9590 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9621 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9620 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-02 | 9.3 HIGH | 7.8 HIGH |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9589 | 2 Adobe, Microsoft | 2 Digital Negative Software Development Kit, Windows | 2020-07-01 | 9.3 HIGH | 7.8 HIGH |
| Adobe DNG Software Development Kit (SDK) 1.5 and earlier versions have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-14938 | 1 Freedroid | 1 Freedroidrpg | 2020-07-01 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in map.c in FreedroidRPG 1.0rc2. It assumes lengths of data sets read from saved game files. It copies data from a file into a fixed-size heap-allocated buffer without size verification, leading to a heap-based buffer overflow. | |||||
| CVE-2020-3967 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 4.4 MEDIUM | 7.5 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-3968 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 4.6 MEDIUM | 8.2 HIGH |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. | |||||
| CVE-2020-3971 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2020-07-01 | 2.1 LOW | 5.5 MEDIUM |
| VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory. | |||||
| CVE-2020-14473 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2020-06-30 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow vulnerability in Vigor3900, Vigor2960, and Vigor300B with firmware before 1.5.1.1. | |||||
| CVE-2020-9660 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-06-30 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 17.1 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9612 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9597 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9594 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Macos and 1 more | 2020-06-30 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Acrobat and Reader versions 2020.006.20042 and earlier, 2017.011.30166 and earlier, 2017.011.30166 and earlier, and 2015.006.30518 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-5303 | 1 Tendermint | 1 Tendermint | 2020-06-30 | 4.3 MEDIUM | 3.7 LOW |
| Tendermint before versions 0.33.3, 0.32.10, and 0.31.12 has a denial-of-service vulnerability. Tendermint does not limit the number of P2P connection requests. For each p2p connection, it allocates XXX bytes. Even though this memory is garbage collected once the connection is terminated (due to duplicate IP or reaching a maximum number of inbound peers), temporary memory spikes can lead to OOM (Out-Of-Memory) exceptions. Additionally, Tendermint does not reclaim activeID of a peer after it's removed in Mempool reactor. This does not happen all the time. It only happens when a connection fails (for any reason) before the Peer is created and added to all reactors. RemovePeer is therefore called before AddPeer, which leads to always growing memory (activeIDs map). The activeIDs map has a maximum size of 65535 and the node will panic if this map reaches the maximum. An attacker can create a lot of connection attempts (exploiting above denial of service), which ultimately will lead to the node panicking. These issues are patched in Tendermint 0.33.3 and 0.32.10. | |||||
| CVE-2020-9638 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9637 | 2 Adobe, Microsoft | 2 After Effects, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe After Effects versions 17.1 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-14993 | 1 Draytek | 6 Vigor2960, Vigor2960 Firmware, Vigor300b and 3 more | 2020-06-29 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow on DrayTek Vigor2960, Vigor3900, and Vigor300B devices before 1.5.1.1 allows remote attackers to execute arbitrary code via the formuserphonenumber parameter in an authusersms action to mainfunction.cgi. | |||||
| CVE-2020-9554 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge versions 10.0.1 and earlier version have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2020-9555 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-06-29 | 9.3 HIGH | 7.8 HIGH |
| Adobe Bridge versions 10.0.1 and earlier version have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||