Total
3257 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-25666 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2024-11-21 | 3.3 Low |
| There are 4 places in HistogramCompare() in MagickCore/histogram.c where an integer overflow is possible during simple math calculations. This occurs in the rgb values and `count` value for a color. The patch uses casts to `ssize_t` type for these calculations, instead of `int`. This flaw could impact application reliability in the event that ImageMagick processes a crafted input file. This flaw affects ImageMagick versions prior to 7.0.9-0. | ||||
| CVE-2020-25574 | 1 Hyper | 1 Http | 2024-11-21 | 7.5 High |
| An issue was discovered in the http crate before 0.1.20 for Rust. An integer overflow in HeaderMap::reserve() could result in denial of service (e.g., an infinite loop). | ||||
| CVE-2020-25221 | 2 Linux, Netapp | 6 Linux Kernel, Cloud Backup, Hci Compute Node and 3 more | 2024-11-21 | 7.8 High |
| get_gate_page in mm/gup.c in the Linux kernel 5.7.x and 5.8.x before 5.8.7 allows privilege escalation because of incorrect reference counting (caused by gate page mishandling) of the struct page that backs the vsyscall page. The result is a refcount underflow. This can be triggered by any 64-bit process that can use ptrace() or process_vm_readv(), aka CID-9fa2dd946743. | ||||
| CVE-2020-24838 | 1 Issuer Project | 1 Issuer | 2024-11-21 | 7.5 High |
| An integer overflow has been found in the the latest version of Issuer. The total issuedCount can be zero if the parameter is overly large. An attacker can obtain the private key of the owner issued with a certain 'amount', and the issuedCount can be zero if there is an overflow. | ||||
| CVE-2020-24397 | 1 Zohocorp | 1 Manageengine Desktop Central | 2024-11-21 | 7.2 High |
| An issue was discovered in the client side of Zoho ManageEngine Desktop Central 10.0.0.SP-534. An attacker-controlled server can trigger an integer overflow in InternetSendRequestEx and InternetSendRequestByBitrate that leads to a heap-based buffer overflow and Remote Code Execution with SYSTEM privileges. | ||||
| CVE-2020-24213 | 1 Ygopro | 1 Ygocore | 2024-11-21 | 7.5 High |
| An integer overflow was discovered in YGOPro ygocore v13.51. Attackers can use it to leak the game server thread's memory. | ||||
| CVE-2020-22875 | 1 Jsish | 1 Jsish | 2024-11-21 | 9.8 Critical |
| Integer overflow vulnerability in function Jsi_ObjSetLength in jsish before 3.0.6, allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-22874 | 1 Jsish | 1 Jsish | 2024-11-21 | 9.8 Critical |
| Integer overflow vulnerability in function Jsi_ObjArraySizer in jsish before 3.0.8, allows remote attackers to execute arbitrary code. | ||||
| CVE-2020-21699 | 1 Alibaba | 1 Tengine | 2024-11-21 | 7.5 High |
| The web server Tengine 2.2.2 developed in the Nginx version from 0.5.6 thru 1.13.2 is vulnerable to an integer overflow vulnerability in the nginx range filter module, resulting in the leakage of potentially sensitive information triggered by specially crafted requests. | ||||
| CVE-2020-20898 | 1 Ffmpeg | 1 Ffmpeg | 2024-11-21 | 8.8 High |
| Integer Overflow vulnerability in function filter16_prewitt in libavfilter/vf_convolution.c in Ffmpeg 4.2.1, allows attackers to cause a Denial of Service or other unspecified impacts. | ||||
| CVE-2020-1895 | 1 Facebook | 1 Instagram | 2024-11-21 | 7.8 High |
| A large heap overflow could occur in Instagram for Android when attempting to upload an image with specially crafted dimensions. This affects versions prior to 128.0.0.26.128. | ||||
| CVE-2020-1634 | 1 Juniper | 10 Junos, Srx1500, Srx300 and 7 more | 2024-11-21 | 7.5 High |
| On High-End SRX Series devices, in specific configurations and when specific networking events or operator actions occur, an SPC receiving genuine multicast traffic may core. Subsequently, all FPCs in a chassis may reset causing a Denial of Service. This issue affects both IPv4 and IPv6. This issue affects: Juniper Networks Junos OS 12.3X48 version 12.3X48-D80 and later versions prior to 12.3X48-D95 on High-End SRX Series. This issue does not affect Branch SRX Series devices. | ||||
| CVE-2020-1281 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2024-11-21 | 8.8 High |
| A remote code execution vulnerability exists when Microsoft Windows OLE fails to properly validate user input, aka 'Windows OLE Remote Code Execution Vulnerability'. | ||||
| CVE-2020-1108 | 2 Microsoft, Redhat | 17 .net, .net Core, .net Framework and 14 more | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. | ||||
| CVE-2020-19909 | 1 Haxx | 1 Curl | 2024-11-21 | 3.3 Low |
| Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error. | ||||
| CVE-2020-19497 | 1 Matio Project | 1 Matio | 2024-11-21 | 8.8 High |
| Integer overflow vulnerability in Mat_VarReadNextInfo5 in mat5.c in tbeu matio (aka MAT File I/O Library) 1.5.17, allows attackers to cause a Denial of Service or possibly other unspecified impacts. | ||||
| CVE-2020-19490 | 1 Tinyexr Project | 1 Tinyexr | 2024-11-21 | 5.5 Medium |
| tinyexr 0.9.5 has a integer overflow over-write in tinyexr::DecodePixelData in tinyexr.h, related to OpenEXR code. | ||||
| CVE-2020-18684 | 1 Atlassian | 1 Floodlight | 2024-11-21 | 9.8 Critical |
| Floodlight through 1.2 has an integer overflow in checkFlow in StaticFlowEntryPusherResource.java via priority or port number. | ||||
| CVE-2020-17752 | 1 Mon Project | 1 Mon | 2024-11-21 | 9.8 Critical |
| Integer overflow vulnerability in payable function of a smart contract implementation for an Ethereum token, as demonstrated by the smart contract implemented at address 0xB49E984A83d7A638E7F2889fc8328952BA951AbE, an implementation for MillionCoin (MON). | ||||
| CVE-2020-17444 | 1 Altran | 1 Picotcp | 2024-11-21 | 7.5 High |
| An issue was discovered in picoTCP 1.7.0. The routine for processing the next header field (and deducing whether the IPv6 extension headers are valid) doesn't check whether the header extension length field would overflow. Therefore, if it wraps around to zero, iterating through the extension headers will not increment the current data pointer. This leads to an infinite loop and Denial-of-Service in pico_ipv6_check_headers_sequence() in pico_ipv6.c. | ||||