Total
3257 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-9852 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2024-11-21 | 7.8 High |
| An integer overflow was addressed through improved input validation. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5. A malicious application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2020-9841 | 1 Apple | 1 Mac Os X | 2024-11-21 | 7.8 High |
| An integer overflow was addressed through improved input validation. This issue is fixed in macOS Catalina 10.15.5. An application may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2020-9095 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2024-11-21 | 5.5 Medium |
| HUAWEI P30 Pro smartphone with Versions earlier than 10.1.0.160(C00E160R2P8) has an integer overflow vulnerability. Some functions are lack of verification when they process some messages sent from other module. Attackers can exploit this vulnerability by send malicious message to cause integer overflow. This can compromise normal service. | ||||
| CVE-2020-8874 | 1 Parallels | 1 Parallels Desktop | 2024-11-21 | 6.7 Medium |
| This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10032. | ||||
| CVE-2020-8844 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 7.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPEG files within CovertToPDF. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9102. | ||||
| CVE-2020-8760 | 2 Intel, Netapp | 2 Active Management Technology Firmware, Cloud Backup | 2024-11-21 | 7.8 High |
| Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70, 14.0.45 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-8746 | 2 Intel, Netapp | 2 Active Management Technology Firmware, Cloud Backup | 2024-11-21 | 6.5 Medium |
| Integer overflow in subsystem for Intel(R) AMT versions before 11.8.80, 11.12.80, 11.22.80, 12.0.70 and 14.0.45 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2020-7919 | 4 Debian, Fedoraproject, Golang and 1 more | 4 Debian Linux, Fedora, Go and 1 more | 2024-11-21 | 7.5 High |
| Go before 1.12.16 and 1.13.x before 1.13.7 (and the crypto/cryptobyte package before 0.0.0-20200124225646-8b5121be2f68 for Go) allows attacks on clients (resulting in a panic) via a malformed X.509 certificate. | ||||
| CVE-2020-7881 | 2 Afreecatv, Microsoft | 2 Afreecatv, Windows | 2024-11-21 | 7.5 High |
| The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using 21201 port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy() operate by "FanTicket" field. It is because of stored data without validation of length. | ||||
| CVE-2020-7872 | 1 Hmtalk | 1 Daviewindy | 2024-11-21 | 7.8 High |
| DaviewIndy v8.98.7.0 and earlier versions have a Integer overflow vulnerability, triggered when the user opens a malformed format file that is mishandled by DaviewIndy. Attackers could exploit this and arbitrary code execution. | ||||
| CVE-2020-7860 | 2 Linux, Unegg Project | 2 Linux Kernel, Unegg | 2024-11-21 | 7.8 High |
| UnEGG v0.5 and eariler versions have a Integer overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by UnEGG. Attackers could exploit this and arbitrary code execution. This issue affects: Estsoft UnEGG 0.5 versions prior to 1.0 on linux. | ||||
| CVE-2020-7689 | 1 Node.bcrypt.js Project | 1 Node.bcrypt.js | 2024-11-21 | 5.9 Medium |
| Data is truncated wrong when its length is greater than 255 bytes. | ||||
| CVE-2020-7083 | 1 Autodesk | 1 Fbx Software Development Kit | 2024-11-21 | 6.5 Medium |
| An intager overflow vulnerability in the Autodesk FBX-SDK versions 2019.0 and earlier may lead to denial of service of the application. | ||||
| CVE-2020-6569 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 6.3 Medium |
| Integer overflow in WebUSB in Google Chrome prior to 85.0.4183.83 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-6523 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 8.8 High |
| Out of bounds write in Skia in Google Chrome prior to 84.0.4147.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-6381 | 6 Debian, Fedoraproject, Google and 3 more | 12 Debian Linux, Fedora, Android and 9 more | 2024-11-21 | 8.8 High |
| Integer overflow in JavaScript in Google Chrome on ChromeOS and Android prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-6327 | 1 Sap | 1 3d Visual Enterprise Viewer | 2024-11-21 | 4.3 Medium |
| SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated 3DM file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. | ||||
| CVE-2020-6116 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 7.8 High |
| An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | ||||
| CVE-2020-6113 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 7.8 High |
| An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability. | ||||
| CVE-2020-6096 | 3 Debian, Fedoraproject, Gnu | 3 Debian Linux, Fedora, Glibc | 2024-11-21 | 8.1 High |
| An exploitable signed comparison vulnerability exists in the ARMv7 memcpy() implementation of GNU glibc 2.30.9000. Calling memcpy() (on ARMv7 targets that utilize the GNU glibc implementation) with a negative value for the 'num' parameter results in a signed comparison vulnerability. If an attacker underflows the 'num' parameter to memcpy(), this vulnerability could lead to undefined behavior such as writing to out-of-bounds memory and potentially remote code execution. Furthermore, this memcpy() implementation allows for program execution to continue in scenarios where a segmentation fault or crash should have occurred. The dangers occur in that subsequent execution and iterations of this code will be executed with this corrupted data. | ||||