Total
710 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-5210 | 1 Nethack | 1 Nethack | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. | |||||
CVE-2020-5209 | 1 Nethack | 1 Nethack | 2024-11-21 | 4.6 MEDIUM | 5.0 MEDIUM |
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5. | |||||
CVE-2020-5204 | 1 Troglobit | 1 Uftpd | 2024-11-21 | 6.5 MEDIUM | 6.5 MEDIUM |
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11 | |||||
CVE-2020-5136 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
A buffer overflow vulnerability in SonicOS allows an authenticated attacker to cause Denial of Service (DoS) in the SSL-VPN and virtual assist portal, which leads to a firewall crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version 7.0.0.0. | |||||
CVE-2020-4869 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM MQ Appliance 9.2 CD and 9.2 LTS is vulnerable to a denial of service, caused by a buffer overflow. A remote attacker could send a specially crafted SNMP query to cause the appliance to reload. IBM X-Force ID: 190831. | |||||
CVE-2020-4465 | 1 Ibm | 1 Mq Appliance | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and cause a denial of service. IBM X-Force ID: 181562. | |||||
CVE-2020-4102 | 1 Hcltech | 1 Notes | 2024-11-21 | 7.2 HIGH | 6.7 MEDIUM |
HCL Notes is susceptible to a Buffer Overflow vulnerability in DXL due to improper validation of user input. A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system. | |||||
CVE-2020-4097 | 1 Hcltech | 1 Notes | 2024-11-21 | 4.6 MEDIUM | 6.8 MEDIUM |
In HCL Notes version 9 previous to release 9.0.1 FixPack 10 Interim Fix 8, version 10 previous to release 10.0.1 FixPack 6 and version 11 previous to 11.0.1 FixPack 1, a vulnerability in the input parameter handling of the Notes Client could potentially be exploited by an attacker resulting in a buffer overflow. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client. | |||||
CVE-2020-3344 | 1 Cisco | 1 Advanced Malware Protection For Endpoints | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. | |||||
CVE-2020-3343 | 1 Cisco | 1 Advanced Malware Protection For Endpoints | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
A vulnerability in Cisco AMP for Endpoints Linux Connector Software and Cisco AMP for Endpoints Mac Connector Software could allow an authenticated, local attacker to cause a buffer overflow on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted packet to an affected device. A successful exploit could allow the attacker to cause the Cisco AMP for Endpoints service to crash and restart. | |||||
CVE-2020-36316 | 1 Relic Project | 1 Relic | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
In RELIC before 2021-04-03, there is a buffer overflow in PKCS#1 v1.5 signature verification because garbage bytes can be present. | |||||
CVE-2020-35990 | 1 Foxit | 1 Pdf Reader | 2024-11-21 | N/A | 5.5 MEDIUM |
Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file. | |||||
CVE-2020-35786 | 1 Netgear | 2 R7800, R7800 Firmware | 2024-11-21 | 2.7 LOW | 4.5 MEDIUM |
NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user. | |||||
CVE-2020-35776 | 1 Digium | 1 Asterisk | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
A buffer overflow in res_pjsip_diversion.c in Sangoma Asterisk versions 13.38.1, 16.15.1, 17.9.1, and 18.1.1 allows remote attacker to crash Asterisk by deliberately misusing SIP 181 responses. | |||||
CVE-2020-35225 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 5.2 MEDIUM | 6.8 MEDIUM |
The NSDP protocol implementation on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices was not properly validating the length of string parameters sent in write requests, potentially allowing denial of service attacks. | |||||
CVE-2020-35224 | 1 Netgear | 4 Gs116e, Gs116e Firmware, Jgs516pe and 1 more | 2024-11-21 | 6.1 MEDIUM | 6.5 MEDIUM |
A buffer overflow vulnerability in the NSDP protocol authentication method on NETGEAR JGS516PE/GS116Ev2 v2.6.0.43 devices allows remote unauthenticated attackers to force a device reboot. | |||||
CVE-2020-28759 | 1 Tengine Project | 1 Tengine | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
** DISPUTED ** The serializer module in OAID Tengine lite-v1.0 has a Buffer Overflow and crash. NOTE: another person has stated "I don't think there is an proof of overflow so far." | |||||
CVE-2020-28005 | 1 Tp-link | 2 Tl-wpa4220, Tl-wpa4220 Firmware | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
httpd on TP-Link TL-WPA4220 devices (hardware versions 2 through 4) allows remote authenticated users to trigger a buffer overflow (causing a denial of service) by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220(EU)_V4_201023 | |||||
CVE-2020-27690 | 1 Imomobile | 2 Verve Connect Vh510, Verve Connect Vh510 Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
The Relish (Verve Connect) VH510 device with firmware before 1.0.1.6L0516 contains a buffer overflow within its web management portal. When a POST request is sent to /boaform/admin/formDOMAINBLK with a large blkDomain value, the Boa server crashes. | |||||
CVE-2020-25211 | 3 Debian, Fedoraproject, Linux | 3 Debian Linux, Fedora, Linux Kernel | 2024-11-21 | 3.6 LOW | 6.0 MEDIUM |
In the Linux kernel through 5.8.7, local attackers able to inject conntrack netlink configuration could overflow a local buffer, causing crashes or triggering use of incorrect protocol numbers in ctnetlink_parse_tuple_filter in net/netfilter/nf_conntrack_netlink.c, aka CID-1cc5ef91d2ff. |