Total
6546 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-14938 | 2 Canonical, Digitalcorpora | 2 Ubuntu Linux, Tcpflow | 2020-11-29 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, one can cause an integer overflow in the function handle_80211, which will result in an out-of-bounds read and may allow access to sensitive memory (or a denial of service). | |||||
| CVE-2020-8036 | 1 Tcpdump | 1 Tcpdump | 2020-11-25 | 5.0 MEDIUM | 7.5 HIGH |
| The tok2strbuf() function in tcpdump 4.10.0-PRE-GIT was used by the SOME/IP dissector in an unsafe way. | |||||
| CVE-2020-12485 | 1 Vivo | 1 Frame Touch Module | 2020-11-24 | 4.9 MEDIUM | 5.5 MEDIUM |
| The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device. | |||||
| CVE-2017-5847 | 2 Debian, Gstreamer Project | 2 Debian Linux, Gstreamer | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_asf_demux_process_ext_content_desc function in gst/asfdemux/gstasfdemux.c in gst-plugins-ugly in GStreamer allows remote attackers to cause a denial of service (out-of-bounds heap read) via vectors involving extended content descriptors. | |||||
| CVE-2017-5848 | 3 Debian, Gstreamer Project, Redhat | 8 Debian Linux, Gstreamer, Enterprise Linux Desktop and 5 more | 2020-11-20 | 5.0 MEDIUM | 7.5 HIGH |
| The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in gst-plugins-bad in GStreamer allows remote attackers to cause a denial of service (invalid memory read and crash) via vectors involving PSM parsing. | |||||
| CVE-2020-11132 | 1 Qualcomm | 162 Apq8009, Apq8009 Firmware, Apq8096au and 159 more | 2020-11-19 | 3.6 LOW | 7.1 HIGH |
| u'Buffer over read in boot due to size check ignored before copying GUID attribute from request to response' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9650, MSM8108, MSM8208, MSM8209, MSM8608, MSM8905, MSM8909, MSM8998, QCM4290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QSM8250, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SC8180X, SC8180X+SDX55, SC8180XP, SDA640, SDA670, SDA845, SDA855, SDM1000, SDM640, SDM670, SDM710, SDM712, SDM830, SDM845, SDM850, SDX24, SDX50M, SDX55, SDX55M, SM4125, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR1120, SXR1130, SXR2130, SXR2130P, WCD9330 | |||||
| CVE-2016-9598 | 2 Redhat, Xmlsoft | 2 Jboss Core Services, Libxml2 | 2020-11-16 | 4.3 MEDIUM | 6.5 MEDIUM |
| libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483. | |||||
| CVE-2016-10070 | 2 Imagemagick, Opensuse | 2 Imagemagick, Leap | 2020-11-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| Heap-based buffer overflow in the CalcMinMax function in coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | |||||
| CVE-2016-10071 | 1 Imagemagick | 1 Imagemagick | 2020-11-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted mat file. | |||||
| CVE-2020-5991 | 2 Microsoft, Nvidia | 2 Windows, Cuda Toolkit | 2020-11-13 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA CUDA Toolkit, all versions prior to 11.1.1, contains a vulnerability in the NVJPEG library in which an out-of-bounds read or write operation may lead to code execution, denial of service, or information disclosure. | |||||
| CVE-2017-11664 | 1 Mindwerks | 1 Wildmidi | 2020-11-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file. | |||||
| CVE-2020-24409 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2020-11-10 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2020-24410 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2020-11-10 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 24.2 (and earlier) is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This vulnerability requires user interaction to exploit. | |||||
| CVE-2018-5802 | 4 Canonical, Debian, Libraw and 1 more | 6 Ubuntu Linux, Debian Linux, Libraw and 3 more | 2020-11-10 | 6.8 MEDIUM | 8.8 HIGH |
| An error within the "kodak_radc_load_raw()" function (internal/dcraw_common.cpp) related to the "buf" variable in LibRaw versions prior to 0.18.7 can be exploited to cause an out-of-bounds read memory access and subsequently cause a crash. | |||||
| CVE-2018-7858 | 4 Canonical, Opensuse, Qemu and 1 more | 9 Ubuntu Linux, Leap, Qemu and 6 more | 2020-11-10 | 2.1 LOW | 5.5 MEDIUM |
| Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA Emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds access and QEMU process crash) by leveraging incorrect region calculation when updating VGA display. | |||||
| CVE-2017-13672 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 2.1 LOW | 5.5 MEDIUM |
| QEMU (aka Quick Emulator), when built with the VGA display emulator support, allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors involving display update. | |||||
| CVE-2017-11334 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 2.1 LOW | 4.4 MEDIUM |
| The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area. | |||||
| CVE-2017-11434 | 2 Debian, Qemu | 2 Debian Linux, Qemu | 2020-11-10 | 2.1 LOW | 5.5 MEDIUM |
| The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) allows local guest OS users to cause a denial of service (out-of-bounds read and QEMU process crash) via a crafted DHCP options string. | |||||
| CVE-2017-14226 | 2 Libreoffice, Libwpd | 2 Libreoffice, Libwpd | 2020-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| WP1StylesListener.cpp, WP5StylesListener.cpp, and WP42StylesListener.cpp in libwpd 0.10.1 mishandle iterators, which allows remote attackers to cause a denial of service (heap-based buffer over-read in the WPXTableList class in WPXTable.cpp). This vulnerability can be triggered in LibreOffice before 5.3.7. It may lead to suffering a remote attack against a LibreOffice application. | |||||
| CVE-2020-11114 | 1 Qualcomm | 2 Ar9344, Ar9344 Firmware | 2020-11-09 | 5.8 MEDIUM | 8.8 HIGH |
| u'Bluetooth devices does not properly restrict the L2CAP payload length allowing users in radio range to cause a buffer overflow via a crafted Link Layer packet(Equivalent to CVE-2019-17060,CVE-2019-17061 and CVE-2019-17517 in Sweyntooth paper)' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music in AR9344 | |||||