Vulnerabilities (CVE)

Filtered by CWE-120
Total 710 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-1962 1 Qualcomm 168 Aqt1000, Aqt1000 Firmware, Ar9380 and 165 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
Buffer Overflow while processing IOCTL for getting peripheral endpoint information there is no proper validation for input maximum endpoint pair and its size in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2021-1961 1 Qualcomm 226 Apq8009, Apq8009 Firmware, Apq8053 and 223 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2021-1931 1 Qualcomm 242 Aqt1000, Aqt1000 Firmware, Ar8031 and 239 more 2024-11-21 7.2 HIGH 6.7 MEDIUM
Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CVE-2021-0421 2 Google, Mediatek 54 Android, Mt6580, Mt6582 90 and 51 more 2024-11-21 2.1 LOW 5.5 MEDIUM
In memory management driver, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05403499; Issue ID: ALPS05381235.
CVE-2020-9240 1 Huawei 2 Taurus-an00b, Taurus-an00b Firmware 2024-11-21 2.1 LOW 5.5 MEDIUM
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
CVE-2020-9238 1 Huawei 2 Taurus-an00b, Taurus-an00b Firmware 2024-11-21 3.3 LOW 6.5 MEDIUM
Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a buffer overflow vulnerability. A function in a module does not verify inputs sufficiently. Attackers can exploit this vulnerability by sending specific request. This could compromise normal service of the affected device.
CVE-2020-8927 6 Canonical, Debian, Fedoraproject and 3 more 10 Ubuntu Linux, Debian Linux, Fedora and 7 more 2024-11-21 6.4 MEDIUM 5.3 MEDIUM
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
CVE-2020-8896 1 Google 1 Earth 2024-11-21 4.3 MEDIUM 4.2 MEDIUM
A Buffer Overflow vulnerability in the khcrypt implementation in Google Earth Pro versions up to and including 7.3.2 allows an attacker to perform a Man-in-the-Middle attack using a specially crafted key to read data past the end of the buffer used to hold it. Mitigation: Update to Google Earth Pro 7.3.3.
CVE-2020-8720 1 Intel 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Buffer overflow in a subsystem for some Intel(R) Server Boards, Server Systems and Compute Modules before version 1.59 may allow a privileged user to potentially enable denial of service via local access.
CVE-2020-8710 1 Intel 153 Compute Module Hns2600bp Firmware, Compute Module Hns2600bpb, Compute Module Hns2600bpb24 and 150 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
Buffer overflow in the bootloader for some Intel(R) Server Boards, Server Systems and Compute Modules before version 2.45 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2020-8608 3 Debian, Libslirp Project, Opensuse 3 Debian Linux, Libslirp, Leap 2024-11-21 6.8 MEDIUM 5.6 MEDIUM
In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.
CVE-2020-8261 2 Ivanti, Pulsesecure 4 Connect Secure, Policy Secure, Pulse Connect Secure and 1 more 2024-11-21 4.3 MEDIUM 4.3 MEDIUM
A vulnerability in the Pulse Connect Secure / Pulse Policy Secure < 9.1R9 is vulnerable to arbitrary cookie injection.
CVE-2020-7374 1 Documalis 2 Free Pdf Editor, Free Pdf Scanner 2024-11-21 6.8 MEDIUM 5.3 MEDIUM
Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.
CVE-2020-7261 1 Mcafee 1 Endpoint Security 2024-11-21 2.1 LOW 6.1 MEDIUM
Buffer Overflow via Environment Variables vulnerability in AMSI component in McAfee Endpoint Security (ENS) Prior to 10.7.0 February 2020 Update allows local users to disable Endpoint Security via a carefully crafted user input.
CVE-2020-7120 1 Arubanetworks 1 Clearpass Policy Manager 2024-11-21 4.6 MEDIUM 5.3 MEDIUM
A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition. A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account.
CVE-2020-6999 1 Moxa 2 Mds-g516e, Mds-g516e Firmware 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
In Moxa EDS-G516E Series firmware, Version 5.2 or lower, some of the parameters in the setting pages do not ensure text is the correct size for its buffer.
CVE-2020-5214 1 Nethack 1 Nethack 2024-11-21 7.5 HIGH 5.0 MEDIUM
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVE-2020-5213 1 Nethack 1 Nethack 2024-11-21 7.5 HIGH 5.0 MEDIUM
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVE-2020-5212 1 Nethack 1 Nethack 2024-11-21 7.5 HIGH 5.0 MEDIUM
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
CVE-2020-5211 1 Nethack 1 Nethack 2024-11-21 7.5 HIGH 5.0 MEDIUM
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.