Total
8567 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-36150 | 2 Fedoraproject, Symonics | 2 Fedora, Libmysofa | 2024-11-21 | 6.5 Medium |
| Incorrect handling of input data in loudness function in the libmysofa library 0.5 - 1.1 will lead to heap buffer overflow and access to unallocated memory block. | ||||
| CVE-2020-36134 | 1 Aomedia | 1 Aomedia | 2024-11-21 | 6.5 Medium |
| AOM v2.0.1 was discovered to contain a segmentation violation via the component aom_dsp/x86/obmc_sad_avx2.c. | ||||
| CVE-2020-35892 | 1 Simple-slab Project | 1 Simple-slab | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read. | ||||
| CVE-2020-35890 | 1 Ordnung Project | 1 Ordnung | 2024-11-21 | 7.5 High |
| An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity. | ||||
| CVE-2020-35861 | 1 Bumpalo Project | 1 Bumpalo | 2024-11-21 | 7.5 High |
| An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys. | ||||
| CVE-2020-35859 | 1 Lucet-runtime-internals Project | 1 Lucet-runtime-internals | 2024-11-21 | 9.1 Critical |
| An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption. | ||||
| CVE-2020-35683 | 2 Hcc-embedded, Siemens | 3 Nichestack, 7km9300-0ae02-0aa0, 7km9300-0ae02-0aa0 Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered in HCC Nichestack 3.0. The code that parses ICMP packets relies on an unchecked value of the IP payload size (extracted from the IP header) to compute the ICMP checksum. When the IP payload size is set to be smaller than the size of the IP header, the ICMP checksum computation function may read out of bounds, causing a Denial-of-Service. | ||||
| CVE-2020-35655 | 3 Fedoraproject, Python, Redhat | 3 Fedora, Pillow, Enterprise Linux | 2024-11-21 | 5.4 Medium |
| In Pillow before 8.1.0, SGIRleDecode has a 4-byte buffer over-read when decoding crafted SGI RLE image files because offsets and length tables are mishandled. | ||||
| CVE-2020-35653 | 4 Debian, Fedoraproject, Python and 1 more | 5 Debian Linux, Fedora, Pillow and 2 more | 2024-11-21 | 7.1 High |
| In Pillow before 8.1.0, PcxDecode has a buffer over-read when decoding a crafted PCX file because the user-supplied stride value is trusted for buffer calculations. | ||||
| CVE-2020-35535 | 1 Libraw | 1 Libraw | 2024-11-21 | 5.5 Medium |
| In LibRaw, there is an out-of-bounds read vulnerability within the "LibRaw::parseSonySRF()" function (libraw\src\metadata\sony.cpp) when processing srf files. | ||||
| CVE-2020-35533 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 5.5 Medium |
| In LibRaw, an out-of-bounds read vulnerability exists within the "LibRaw::adobe_copy_pixel()" function (libraw\src\decoders\dng.cpp) when reading data from the image file. | ||||
| CVE-2020-35532 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 5.5 Medium |
| In LibRaw, an out-of-bounds read vulnerability exists within the "simple_decode_row()" function (libraw\src\x3f\x3f_utils_patched.cpp) which can be triggered via an image with a large row_stride field. | ||||
| CVE-2020-35531 | 2 Debian, Libraw | 2 Debian Linux, Libraw | 2024-11-21 | 5.5 Medium |
| In LibRaw, an out-of-bounds read vulnerability exists within the get_huffman_diff() function (libraw\src\x3f\x3f_utils_patched.cpp) when reading data from an image file. | ||||
| CVE-2020-35519 | 2 Linux, Netapp | 20 Linux Kernel, Cloud Backup, H300e and 17 more | 2024-11-21 | 7.8 High |
| An out-of-bounds (OOB) memory access flaw was found in x25_bind in net/x25/af_x25.c in the Linux kernel version v5.12-rc5. A bounds check failure allows a local attacker with a user account on the system to gain access to out-of-bounds memory, leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2020-35493 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-11-21 | 5.5 Medium |
| A flaw exists in binutils in bfd/pef.c. An attacker who is able to submit a crafted PEF file to be parsed by objdump could cause a heap buffer overflow -> out-of-bounds read that could lead to an impact to application availability. This flaw affects binutils versions prior to 2.34. | ||||
| CVE-2020-35448 | 3 Gnu, Netapp, Redhat | 3 Binutils, Ontap Select Deploy Administration Utility, Enterprise Linux | 2024-11-21 | 3.3 Low |
| An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.35.1. A heap-based buffer over-read can occur in bfd_getl_signed_32 in libbfd.c because sh_entsize is not validated in _bfd_elf_slurp_secondary_reloc_section in elf.c. | ||||
| CVE-2020-2748 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 3.2 Low |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N). | ||||
| CVE-2020-2743 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 6.0 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.36, prior to 6.0.16 and prior to 6.1.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2020-2741 | 2 Opensuse, Oracle | 2 Leap, Vm Virtualbox | 2024-11-21 | 6.0 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 5.2.40, prior to 6.0.20 and prior to 6.1.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.0 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N). | ||||
| CVE-2020-29657 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 9.1 Critical |
| In JerryScript 2.3.0, there is an out-of-bounds read in main_print_unhandled_exception in the main-utils.c file. | ||||