Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-20763 | 1 Netgear | 2 R7800, R7800 Firmware | 2020-04-17 | 5.2 MEDIUM | 6.8 MEDIUM |
| NETGEAR R7800 devices before 1.0.2.52 are affected by a stack-based buffer overflow by an authenticated user. | |||||
| CVE-2019-20767 | 1 Netgear | 20 D3600, D3600 Firmware, D6000 and 17 more | 2020-04-17 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D6100 before 1.0.0.60, D3600 before 1.0.0.75, D6000 before 1.0.0.75, R9000 before 1.0.4.26, R8900 before 1.0.4.26, R7800 before 1.0.2.52, WNDR4500v3 before 1.0.0.58, WNDR4300v2 before 1.0.0.58, WNDR4300 before 1.0.2.104, WNDR3700v4 before 1.0.2.102, and WNR2000v5 before 1.0.0.66. | |||||
| CVE-2019-14492 | 2 Opencv, Opensuse | 2 Opencv, Leap | 2020-04-17 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in OpenCV before 3.4.7 and 4.x before 4.1.1. There is an out of bounds read/write in the function HaarEvaluator::OptFeature::calc in modules/objdetect/src/cascadedetect.hpp, which leads to denial of service. | |||||
| CVE-2011-3019 | 1 Google | 1 Chrome | 2020-04-16 | 6.8 MEDIUM | N/A |
| Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska video (aka MKV) file. | |||||
| CVE-2011-3018 | 1 Google | 1 Chrome | 2020-04-16 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to path rendering. | |||||
| CVE-2020-10646 | 1 Fujielectric | 1 V-server | 2020-04-13 | 6.8 MEDIUM | 7.8 HIGH |
| Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small. | |||||
| CVE-2019-11516 | 1 Google | 1 Android | 2020-04-13 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered in the Bluetooth component of the Cypress (formerly owned by Broadcom) Wireless IoT codebase. Extended Inquiry Responses (EIRs) are improperly handled, which causes a heap-based buffer overflow during device inquiry. This overflow can be used to overwrite existing functions with arbitrary code. The Reserved for Future Use (RFU) bits are not discarded by eir_handleRx(), and are included in an EIR's length. Therefore, one can exceed the expected 240 bytes, which leads to a heap-based buffer overflow in eir_getReceivedEIR() called by bthci_event_SendInquiryResultEvent(). In order to exploit this bug, an attacker must repeatedly connect to the victim's device in a short amount of time from different source addresses. This will cause the victim's Bluetooth stack to resolve the device names and therefore allocate buffers with attacker-controlled data. Due to the heap corruption, the name will be eventually written to an attacker-controlled location, leading to a write-what-where condition. | |||||
| CVE-2015-8546 | 2 Google, Samsung | 5 Android, Galaxy Note5, Galaxy S6 and 2 more | 2020-04-13 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015). | |||||
| CVE-2020-11600 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with Q(10.0) software. There is arbitrary code execution in the Fingerprint Trustlet via a memory overwrite. The Samsung IDs are SVE-2019-16587, SVE-2019-16588, SVE-2019-16589 (April 2020). | |||||
| CVE-2020-1990 | 1 Paloaltonetworks | 1 Pan-os | 2020-04-09 | 9.0 HIGH | 7.2 HIGH |
| A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. This issue affects Palo Alto Networks PAN-OS 8.1 versions before 8.1.13; 9.0 versions before 9.0.7. This issue does not affect PAN-OS 7.1. | |||||
| CVE-2018-21049 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.X) (Exynos chipsets) software. There is an arbitrary memory write in a Trustlet because a secure driver allows access to sensitive APIs. The Samsung ID is SVE-2018-12881 (November 2018). | |||||
| CVE-2018-21087 | 1 Google | 1 Android | 2020-04-09 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software. There is a vnswap heap-based buffer overflow via the store function, with resultant privilege escalation. The Samsung ID is SVE-2017-10599 (January 2018). | |||||
| CVE-2018-21057 | 1 Google | 1 Android | 2020-04-09 | 10.0 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with N(7.x) O(8.x, and P(9.0) (Exynos chipsets) software. There is a stack-based buffer overflow in the Shannon Baseband. The Samsung ID is SVE-2018-12757 (September 2018). | |||||
| CVE-2004-0574 | 1 Microsoft | 4 Exchange Server, Windows 2000, Windows Nt and 1 more | 2020-04-09 | 10.0 HIGH | N/A |
| The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. | |||||
| CVE-2005-0560 | 1 Microsoft | 1 Exchange Server | 2020-04-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port. | |||||
| CVE-2017-18645 | 1 Google | 1 Android | 2020-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) (Qualcomm chipsets) software. There is a panel_lpm sysfs stack-based buffer overflow. The Samsung ID is SVE-2017-9414 (December 2017). | |||||
| CVE-2017-18644 | 1 Google | 1 Android | 2020-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with L(5.1), M(6.x), and N(7.x) software. There is a muic_set_reg_sel heap-based buffer overflow during the reading of MUIC register values. The Samsung ID is SVE-2017-10011 (December 2017). | |||||
| CVE-2016-11025 | 1 Google | 1 Android | 2020-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016). | |||||
| CVE-2017-18655 | 1 Google | 1 Android | 2020-04-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a stack-based buffer overflow with resultant memory corruption in a trustlet. The Samsung IDs are SVE-2017-8889, SVE-2017-8891, and SVE-2017-8892 (August 2017). | |||||
| CVE-2016-11030 | 1 Google | 1 Android | 2020-04-07 | 6.8 MEDIUM | 8.1 HIGH |
| An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) (with Hrm sensor support) software. The sysfs of the MAX86902 sensor driver does not prevent concurrent access, leading to a race condition and resultant heap-based buffer overflow. The Samsung ID is SVE-2016-7341 (December 2016). | |||||