Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-20310 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20311 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCPDFAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20312 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. | |||||
| CVE-2018-20313 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyPreviewAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20314 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyCheckLicence race condition that can cause a stack-based buffer overflow or an out-of-bounds read. | |||||
| CVE-2018-20316 | 1 Foxitsoftware | 2 Phantompdf, Reader | 2021-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Foxit Reader before 9.5, and PhantomPDF before 8.3.10 and 9.x before 9.5, has a proxyDoAction race condition that can cause a stack-based buffer overflow or an out-of-bounds read, a different issue than CVE-2018-20310 because of a different opcode. | |||||
| CVE-2020-35963 | 2 Linux, Treasuredata | 2 Linux Kernel, Fluent Bit | 2021-01-08 | 6.8 MEDIUM | 7.8 HIGH |
| flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion. | |||||
| CVE-2020-35881 | 1 Traitobject Project | 1 Traitobject | 2021-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the traitobject crate through 2020-06-01 for Rust. It has false expectations about fat pointers, possibly causing memory corruption in, for example, Rust 2.x. | |||||
| CVE-2020-11834 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_vooc.c, the function proc_fastchg_fw_update_write in proc_fastchg_fw_update_write does not check the parameter len, resulting in a vulnerability. | |||||
| CVE-2020-11833 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_mp2650.c, the function mp2650_data_log_write in mp2650_data_log_write does not check the parameter len which causes a vulnerability. | |||||
| CVE-2020-11832 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| In functions charging_limit_current_write and charging_limit_time_write in /SM8250_Q_Master/android/vendor/oppo_charger/oppo/oppo_charger.c have not checked the parameters, which causes a vulnerability. | |||||
| CVE-2020-11835 | 1 Oppo | 4 Find X2 Pro, Find X2 Pro Firmware, Reno3 Pro and 1 more | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| In /SM8250_Q_Master/android/vendor/oppo_charger/oppo/charger_ic/oppo_da9313.c, failure to check the parameter buf in the function proc_work_mode_write in proc_work_mode_write causes a vulnerability. | |||||
| CVE-2020-35924 | 1 Try-mutex Project | 1 Try-mutex | 2021-01-06 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in the try-mutex crate before 0.3.0 for Rust. TryMutex<T> allows cross-thread sending of a non-Send type. | |||||
| CVE-2019-25001 | 1 Serde Cbor Project | 1 Serde Cbor | 2021-01-05 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the serde_cbor crate before 0.10.2 for Rust. The CBOR deserializer can cause stack consumption via nested semantic tags. | |||||
| CVE-2019-16747 | 1 Matrixssl | 1 Matrixssl | 2021-01-04 | 5.0 MEDIUM | 7.5 HIGH |
| In MatrixSSL before 4.2.2 Open, the DTLS server can encounter an invalid pointer free (leading to memory corruption and a daemon crash) via a crafted incoming network message, a different vulnerability than CVE-2019-14431. | |||||
| CVE-2020-25843 | 1 Panorama | 1 Nhiservisignadapter | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege. | |||||
| CVE-2020-35799 | 1 Netgear | 92 D3600, D3600 Firmware, D6000 and 89 more | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.78, D6200 before 1.1.00.32, D7000 before 1.0.1.68, D7800 before 1.0.1.56, DM200 before 1.0.0.61, EX2700 before 1.0.1.52, EX6100v2 before 1.0.1.76, EX6150v2 before 1.0.1.76, EX6200v2 before 1.0.1.74, EX6400 before 1.0.2.140, EX7300 before 1.0.2.140, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.38, R6050 before 1.0.1.18, R6080 before 1.0.0.38, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6260 before 1.1.0.40, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900v2 before 1.2.0.36, R7500v2 before 1.0.3.40, R7800 before 1.0.2.62, R8900 before 1.0.4.12, R9000 before 1.0.4.12, RBK20 before 2.3.0.28, RBR20 before 2.3.0.28, RBS20 before 2.3.0.28, RBK40 before 2.3.0.28, RBR40 before 2.3.0.28, RBS40 before 2.3.0.28, RBK50 before 2.3.0.32, RBR50 before 2.3.0.32, RBS50 before 2.3.0.32, WN2000RPTv3 before 1.0.1.34, WN3000RPv2 before 1.0.0.78, WN3000RPv2 before 1.0.0.78, WN3000RPv3 before 1.0.2.78, WN3100RPv2 before 1.0.0.66, WNR2000v5 before 1.0.0.70, WNR2020 before 1.1.0.62, XR450 before 2.3.2.32, and XR500 before 2.3.2.32. | |||||
| CVE-2020-7845 | 1 Jiransecurity | 1 Spamsniper | 2020-12-30 | 7.5 HIGH | 9.8 CRITICAL |
| Spamsniper 5.0 ~ 5.2.7 contain a stack-based buffer overflow vulnerability caused by improper boundary checks when parsing MAIL FROM command. It leads remote attacker to execute arbitrary code via crafted packet. | |||||
| CVE-2020-20276 | 1 Troglobit | 1 Uftpd | 2020-12-22 | 7.5 HIGH | 9.8 CRITICAL |
| An unauthenticated stack-based buffer overflow vulnerability in common.c's handle_PORT in uftpd FTP server versions 2.10 and earlier can be abused to cause a crash and could potentially lead to remote code execution. | |||||
| CVE-2020-14224 | 1 Hcltech | 1 Notes | 2020-12-22 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user. | |||||