Vulnerabilities (CVE)

Filtered by CWE-120
Total 710 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-5210 1 Nethack 1 Nethack 2024-11-21 4.6 MEDIUM 5.0 MEDIUM
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
CVE-2020-5209 1 Nethack 1 Nethack 2024-11-21 4.6 MEDIUM 5.0 MEDIUM
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
CVE-2020-5204 1 Troglobit 1 Uftpd 2024-11-21 6.5 MEDIUM 6.5 MEDIUM
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11
CVE-2020-5136 1 Sonicwall 2 Sonicos, Sonicosv 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0.
CVE-2020-4869 1 Ibm 1 Mq Appliance 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831.
CVE-2020-4465 1 Ibm 1 Mq Appliance 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562.
CVE-2020-4102 1 Hcltech 1 Notes 2024-11-21 7.2 HIGH 6.7 MEDIUM
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system.
CVE-2020-4097 1 Hcltech 1 Notes 2024-11-21 4.6 MEDIUM 6.8 MEDIUM
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client.
CVE-2020-3344 1 Cisco 1 Advanced Malware Protection For Endpoints 2024-11-21 2.1 LOW 5.5 MEDIUM
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart.
CVE-2020-3343 1 Cisco 1 Advanced Malware Protection For Endpoints 2024-11-21 2.1 LOW 5.5 MEDIUM
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart.
CVE-2020-36316 1 Relic Project 1 Relic 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present.
CVE-2020-35990 1 Foxit 1 Pdf Reader 2024-11-21 N/A 5.5 MEDIUM
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.
CVE-2020-35786 1 Netgear 2 R7800, R7800 Firmware 2024-11-21 2.7 LOW 4.5 MEDIUM
NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user.
CVE-2020-35776 1 Digium 1 Asterisk 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses.
CVE-2020-35225 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 5.2 MEDIUM 6.8 MEDIUM
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks.
CVE-2020-35224 1 Netgear 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more 2024-11-21 6.1 MEDIUM 6.5 MEDIUM
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot.
CVE-2020-28759 1 Tengine Project 1 Tengine 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
** DISPUTED ** The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far."
CVE-2020-28005 1 Tp-link 2 Tl-wpa4220, Tl-wpa4220 Firmware 2024-11-21 3.5 LOW 6.5 MEDIUM
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023
CVE-2020-27690 1 Imomobile 2 Verve Connect Vh510, Verve Connect Vh510 Firmware 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes.
CVE-2020-25211 3 Debian, Fedoraproject, Linux 3 Debian Linux, Fedora, Linux Kernel 2024-11-21 3.6 LOW 6.0 MEDIUM
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff.