Search Results (44126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-13974 4 Canonical, Debian, Linux and 1 more 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more 2024-11-21 7.8 High
An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case.
CVE-2020-13910 1 Pengutronix 1 Barebox 2024-11-21 9.1 Critical
Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check.
CVE-2020-13902 1 Imagemagick 1 Imagemagick 2024-11-21 7.1 High
ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding.
CVE-2020-13840 2 Google, Lg 35 Android, Cv1, Cv1s and 32 more 2024-11-21 9.8 Critical
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020).
CVE-2020-13839 2 Google, Lg 35 Android, Cv1, Cv1s and 32 more 2024-11-21 9.8 Critical
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020).
CVE-2020-13832 1 Google 1 Android 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020).
CVE-2020-13831 2 Google, Samsung 2 Android, Exynos 7570 2024-11-21 9.8 Critical
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020).
CVE-2020-13826 1 I-doit 1 I-doit 2024-11-21 8.8 High
A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export.
CVE-2020-13822 2 Indutny, Redhat 3 Elliptic, Openshift, Red Hat Single Sign On 2024-11-21 7.7 High
The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' bytes, or integer overflows. This could conceivably have a security-relevant impact if an application relied on a single canonical signature.
CVE-2020-13791 1 Qemu 1 Qemu 2024-11-21 5.5 Medium
hw/pci/pci.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access by providing an address near the end of the PCI configuration space.
CVE-2020-13790 3 Libjpeg-turbo, Mozilla, Redhat 3 Libjpeg-turbo, Mozjpeg, Enterprise Linux 2024-11-21 8.1 High
libjpeg-turbo 2.0.4, and mozjpeg 4.0.0, has a heap-based buffer over-read in get_rgb_row() in rdppm.c via a malformed PPM input file.
CVE-2020-13754 4 Canonical, Debian, Qemu and 1 more 5 Ubuntu Linux, Debian Linux, Qemu and 2 more 2024-11-21 6.7 Medium
hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.
CVE-2020-13656 1 Morganstanley 1 Hobbes 2024-11-21 9.8 Critical
In Morgan Stanley Hobbes through 2020-05-21, the array implementation lacks bounds checking, allowing exploitation of an out-of-bounds (OOB) read/write vulnerability that leads to both local and remote code (via RPC) execution.
CVE-2020-13654 1 Xwiki 1 Xwiki 2024-11-21 7.5 High
XWiki Platform before 12.8 mishandles escaping in the property displayer.
CVE-2020-13625 4 Canonical, Debian, Fedoraproject and 1 more 4 Ubuntu Linux, Debian Linux, Fedora and 1 more 2024-11-21 7.5 High
PHPMailer before 6.1.6 contains an output escaping bug when the name of a file attachment contains a double quote character. This can result in the file type being misinterpreted by the receiver or any mail relay processing the message.
CVE-2020-13603 1 Zephyrproject 1 Zephyr 2024-11-21 6.9 Medium
Integer Overflow in memory allocating functions. Zephyr versions >= 1.14.2, >= 2.4.0 contain Integer Overflow or Wraparound (CWE-190). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94vp-8gc2-rm45
CVE-2020-13601 1 Zephyrproject 1 Zephyr 2024-11-21 9 Critical
Possible read out of bounds in dns read. Zephyr versions >= 1.14.2, >= 2.3.0 contain Out-of-bounds Read (CWE-125). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-mm57-9hqw-qh44
CVE-2020-13600 1 Zephyrproject 1 Zephyr 2024-11-21 7 High
Malformed SPI in response for eswifi can corrupt kernel memory. Zephyr versions >= 1.14.2, >= 2.3.0 contain Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-hx4p-j86p-2mhr
CVE-2020-13598 1 Zephyrproject 1 Zephyr 2024-11-21 6.3 Medium
FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat. Zephyr versions >= v1.14.2, >= v2.3.0 contain Stack-based Buffer Overflow (CWE-121). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h
CVE-2020-13586 1 Softmaker 1 Planmaker 2021 2024-11-21 7.8 High
A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.