Total
13894 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26421 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Zfs Storage Appliance Kit and 1 more | 2024-11-21 | 4.2 Medium |
| Crash in USB HID protocol dissector and possibly other dissectors in Wireshark 3.4.0 and 3.2.0 to 3.2.8 allows denial of service via packet injection or crafted capture file. | ||||
| CVE-2020-26243 | 1 Nanopb Project | 1 Nanopb | 2024-11-21 | 7.5 High |
| Nanopb is a small code-size Protocol Buffers implementation. In Nanopb before versions 0.4.4 and 0.3.9.7, decoding specifically formed message can leak memory if dynamic allocation is enabled and an oneof field contains a static submessage that contains a dynamic field, and the message being decoded contains the submessage multiple times. This is rare in normal messages, but it is a concern when untrusted data is parsed. This is fixed in versions 0.3.9.7 and 0.4.4. The following workarounds are available: 1) Set the option `no_unions` for the oneof field. This will generate fields as separate instead of C union, and avoids triggering the problematic code. 2) Set the type of the submessage field inside oneof to `FT_POINTER`. This way the whole submessage will be dynamically allocated and the problematic code is not executed. 3) Use an arena allocator for nanopb, to make sure all memory can be released afterwards. | ||||
| CVE-2020-25690 | 2 Fontforge, Redhat | 2 Fontforge, Enterprise Linux | 2024-11-21 | 8.8 High |
| An out-of-bounds write flaw was found in FontForge in versions before 20200314 while parsing SFD files containing certain LayerCount tokens. This flaw allows an attacker to manipulate the memory allocated on the heap, causing the application to crash or execute arbitrary code. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | ||||
| CVE-2020-25614 | 1 Xmlquery Project | 1 Xmlquery | 2024-11-21 | 9.8 Critical |
| xmlquery before 1.3.1 lacks a check for whether a LoadURL response is in the XML format, which allows attackers to cause a denial of service (SIGSEGV) at xmlquery.(*Node).InnerText or possibly have unspecified other impact. | ||||
| CVE-2020-25599 | 4 Debian, Fedoraproject, Opensuse and 1 more | 4 Debian Linux, Fedora, Leap and 1 more | 2024-11-21 | 7.0 High |
| An issue was discovered in Xen through 4.14.x. There are evtchn_reset() race conditions. Uses of EVTCHNOP_reset (potentially by a guest on itself) or XEN_DOMCTL_soft_reset (by itself covered by XSA-77) can lead to the violation of various internal assumptions. This may lead to out of bounds memory accesses or triggering of bug checks. In particular, x86 PV guests may be able to elevate their privilege to that of the host. Host and guest crashes are also possible, leading to a Denial of Service (DoS). Information leaks cannot be ruled out. All Xen versions from 4.5 onwards are vulnerable. Xen versions 4.4 and earlier are not vulnerable. | ||||
| CVE-2020-25211 | 4 Debian, Fedoraproject, Linux and 1 more | 9 Debian Linux, Fedora, Linux Kernel and 6 more | 2024-11-21 | 6.0 Medium |
| In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. | ||||
| CVE-2020-25016 | 1 Rgb-rust Project | 1 Rgb-rust | 2024-11-21 | 9.1 Critical |
| A safety violation was discovered in the rgb crate before 0.8.20 for Rust, leading to (for example) dereferencing of arbitrary pointers or disclosure of uninitialized memory. This occurs because structs can be treated as bytes for read and write operations. | ||||
| CVE-2020-24342 | 2 Fedoraproject, Lua | 2 Fedora, Lua | 2024-11-21 | 7.8 High |
| Lua through 5.4.0 allows a stack redzone cross in luaO_pushvfstring because a protection mechanism wrongly calls luaD_callnoyield twice in a row. | ||||
| CVE-2020-24074 | 1 Silk-v3-decoder Project | 1 Silk-v3-decoder | 2024-11-21 | 9.8 Critical |
| The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow. | ||||
| CVE-2020-23904 | 1 Xiph | 1 Speex | 2024-11-21 | 5.5 Medium |
| A stack buffer overflow in speexenc.c of Speex v1.2 allows attackers to cause a denial of service (DoS) via a crafted WAV file. NOTE: the vendor states "I cannot reproduce it" and it "is a demo program. | ||||
| CVE-2020-23574 | 1 Sysax | 1 Multi Server | 2024-11-21 | 6.5 Medium |
| When uploading a file in Sysax Multi Server 6.90, an authenticated user can modify the filename="" parameter in the uploadfile_name1.htm form to a length of 368 or more bytes. This will create a buffer overflow condition, causing the application to crash. | ||||
| CVE-2020-23563 | 1 Irfanview | 1 Irfanview | 2024-11-21 | 5.5 Medium |
| IrfanView 4.54 allows a user-mode write access violation starting at FORMATS!ShowPlugInSaveOptions_W+0x0000000000002cba. | ||||
| CVE-2020-21687 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| Buffer Overflow vulnerability in scan function in stdscan.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | ||||
| CVE-2020-21685 | 1 Nasm | 1 Netwide Assembler | 2024-11-21 | 5.5 Medium |
| Buffer Overflow vulnerability in hash_findi function in hashtbl.c in nasm 2.15rc0 allows remote attackers to cause a denial of service via crafted asm file. | ||||
| CVE-2020-21684 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 5.5 Medium |
| A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | ||||
| CVE-2020-21683 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 5.5 Medium |
| A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format. | ||||
| CVE-2020-21682 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 5.5 Medium |
| A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | ||||
| CVE-2020-21681 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 5.5 Medium |
| A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format. | ||||
| CVE-2020-21680 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 5.5 Medium |
| A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | ||||
| CVE-2020-21678 | 1 Fig2dev Project | 1 Fig2dev | 2024-11-21 | 5.5 Medium |
| A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format. | ||||