Export limit exceeded: 44000 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44000 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-14147 | 4 Debian, Oracle, Redislabs and 1 more | 4 Debian Linux, Communications Operations Monitor, Redis and 1 more | 2024-11-21 | 7.7 High |
| An integer overflow in the getnum function in lua_struct.c in Redis before 6.0.3 allows context-dependent attackers with permission to run Lua code in a Redis session to cause a denial of service (memory corruption and application crash) or possibly bypass intended sandbox restrictions via a large number, which triggers a stack-based buffer overflow. NOTE: this issue exists because of a CVE-2015-8080 regression. | ||||
| CVE-2020-14125 | 1 Mi | 3 Miui, Redmi Note 11, Redmi Note 9t | 2024-11-21 | 7.5 High |
| A denial of service vulnerability exists in some Xiaomi models of phones. The vulnerability is caused by out-of-bound read/write and can be exploited by attackers to make denial of service. | ||||
| CVE-2020-14124 | 1 Mi | 2 Ax3600, Ax3600 Firmware | 2024-11-21 | 9.8 Critical |
| There is a buffer overflow in librsa.so called by getwifipwdurl interface, resulting in code execution on Xiaomi router AX3600 with ROM version =rom< 1.1.12. | ||||
| CVE-2020-14096 | 1 Mi | 2 Xiaomi Ai Speaker, Xiaomi Ai Speaker Firmware | 2024-11-21 | 9.8 Critical |
| Memory overflow in Xiaomi AI speaker Rom version <1.59.6 can happen when the speaker verifying a malicious firmware during OTA process. | ||||
| CVE-2020-14034 | 1 Meetecho | 1 Janus | 2024-11-21 | 9.8 Critical |
| An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_get_codec_from_pt in utils.c has a Buffer Overflow via long value in an SDP Offer packet. | ||||
| CVE-2020-14033 | 1 Meetecho | 1 Janus | 2024-11-21 | 9.8 Critical |
| An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_streaming_rtsp_parse_sdp in plugins/janus_streaming.c has a Buffer Overflow via a crafted RTSP server. | ||||
| CVE-2020-14026 | 1 Ozeki | 1 Ozeki Ng Sms Gateway | 2024-11-21 | 8.8 High |
| CSV Injection (aka Excel Macro Injection or Formula Injection) exists in the Export Of Contacts feature in Ozeki NG SMS Gateway through 4.17.6 via a value that is mishandled in a CSV export. | ||||
| CVE-2020-14011 | 1 Lansweeper | 1 Lansweeper | 2024-11-21 | 9.8 Critical |
| Lansweeper 6.0.x through 7.2.x has a default installation in which the admin password is configured for the admin account, unless "Built-in admin" is manually unchecked. This allows command execution via the Add New Package and Scheduled Deployments features. | ||||
| CVE-2020-13999 | 2 Fedoraproject, Libemf Project | 2 Fedora, Libemf | 2024-11-21 | 5.5 Medium |
| ScaleViewPortExtEx in libemf.cpp in libEMF (aka ECMA-234 Metafile Library) 1.0.12 allows an integer overflow and denial of service via a crafted EMF file. | ||||
| CVE-2020-13988 | 1 Contiki-ng | 1 Contiki-ng | 2024-11-21 | 7.5 High |
| An issue was discovered in Contiki through 3.0. An Integer Overflow exists in the uIP TCP/IP Stack component when parsing TCP MSS options of IPv4 network packets in uip_process in net/ipv4/uip.c. | ||||
| CVE-2020-13987 | 5 Contiki-os, Open-iscsi Project, Redhat and 2 more | 12 Contiki, Open-iscsi, Enterprise Linux and 9 more | 2024-11-21 | 7.5 High |
| An issue was discovered in Contiki through 3.0. An Out-of-Bounds Read vulnerability exists in the uIP TCP/IP Stack component when calculating the checksums for IP packets in upper_layer_chksum in net/ipv4/uip.c. | ||||
| CVE-2020-13985 | 1 Contiki-os | 1 Contiki | 2024-11-21 | 7.5 High |
| An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c. | ||||
| CVE-2020-13974 | 4 Canonical, Debian, Linux and 1 more | 4 Ubuntu Linux, Debian Linux, Linux Kernel and 1 more | 2024-11-21 | 7.8 High |
| An issue was discovered in the Linux kernel 4.4 through 5.7.1. drivers/tty/vt/keyboard.c has an integer overflow if k_ascii is called several times in a row, aka CID-b86dab054059. NOTE: Members in the community argue that the integer overflow does not lead to a security issue in this case. | ||||
| CVE-2020-13910 | 1 Pengutronix | 1 Barebox | 2024-11-21 | 9.1 Critical |
| Pengutronix Barebox through v2020.05.0 has an out-of-bounds read in nfs_read_reply in net/nfs.c because a field of an incoming network packet is directly used as a length field without any bounds check. | ||||
| CVE-2020-13902 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 7.1 High |
| ImageMagick 7.0.9-27 through 7.0.10-17 has a heap-based buffer over-read in BlobToStringInfo in MagickCore/string.c during TIFF image decoding. | ||||
| CVE-2020-13840 | 2 Google, Lg | 35 Android, Cv1, Cv1s and 32 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via an MTK AT command handler buffer overflow. The LG ID is LVE-SMP-200008 (June 2020). | ||||
| CVE-2020-13839 | 2 Google, Lg | 35 Android, Cv1, Cv1s and 32 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 (MTK chipsets). Code execution can occur via a custom AT command handler buffer overflow. The LG ID is LVE-SMP-200007 (June 2020). | ||||
| CVE-2020-13832 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with Q(10.0) (with TEEGRIS on Exynos chipsets) software. The Widevine Trustlet allows arbitrary code execution because of memory disclosure, The Samsung IDs are SVE-2020-17117, SVE-2020-17118, SVE-2020-17119, and SVE-2020-17161 (June 2020). | ||||
| CVE-2020-13831 | 2 Google, Samsung | 2 Android, Exynos 7570 | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 7570 chipsets) software. The Trustonic Kinibi component allows arbitrary memory mapping. The Samsung ID is SVE-2019-16665 (June 2020). | ||||
| CVE-2020-13826 | 1 I-doit | 1 I-doit | 2024-11-21 | 8.8 High |
| A CSV injection (aka Excel Macro Injection or Formula Injection) issue in i-doit 1.14.2 allows an attacker to execute arbitrary commands via a Title parameter that is mishandled in a CSV export. | ||||