Export limit exceeded: 21316 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21316 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-26267 | 1 Google | 1 Tensorflow | 2024-11-21 | 4.4 Medium |
| In affected versions of TensorFlow the tf.raw_ops.DataFormatVecPermute API does not validate the src_format and dst_format attributes. The code assumes that these two arguments define a permutation of NHWC. This can result in uninitialized memory accesses, read outside of bounds and even crashes. This is fixed in versions 1.15.5, 2.0.4, 2.1.3, 2.2.2, 2.3.2, and 2.4.0. | ||||
| CVE-2020-26185 | 2 Dell, Oracle | 5 Bsafe Micro-edition-suite, Database, Http Server and 2 more | 2024-11-21 | 7.5 High |
| Dell BSAFE Micro Edition Suite, versions prior to 4.5.1, contain a Buffer Over-Read Vulnerability. | ||||
| CVE-2020-26154 | 5 Debian, Fedoraproject, Libproxy Project and 2 more | 6 Debian Linux, Fedora, Libproxy and 3 more | 2024-11-21 | 9.8 Critical |
| url.cpp in libproxy through 0.4.15 is prone to a buffer overflow when PAC is enabled, as demonstrated by a large PAC file that is delivered without a Content-length header. | ||||
| CVE-2020-25928 | 1 Hcc-embedded | 1 Nichestack Tcp\/ip | 2024-11-21 | 9.8 Critical |
| The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: DNS response processing functions: dns_upcall(), getoffset(), dnc_set_answer(). The attack vector is: a specific DNS response packet. The code does not check the "response data length" field of individual DNS answers, which may cause out-of-bounds read/write operations, leading to Information leak, Denial-or-Service, or Remote Code Execution, depending on the context. | ||||
| CVE-2020-25927 | 1 Hcc-embedded | 1 Nichestack Tcp\/ip | 2024-11-21 | 7.5 High |
| The DNS feature in InterNiche NicheStack TCP/IP 4.0.1 is affected by: Out-of-bounds Read. The impact is: a denial of service (remote). The component is: DNS response processing in function: dns_upcall(). The attack vector is: a specific DNS response packet. The code does not check whether the number of queries/responses specified in the DNS packet header corresponds to the query/response data available in the DNS packet. | ||||
| CVE-2020-25887 | 1 Cesanta | 1 Mongoose | 2024-11-21 | 8.8 High |
| Buffer overflow in mg_resolve_from_hosts_file in Mongoose 6.18, when reading from a crafted hosts file. | ||||
| CVE-2020-25857 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 7.5 High |
| The function ClientEAPOLKeyRecvd() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK. | ||||
| CVE-2020-25856 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 8.1 High |
| The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an rtl_memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. | ||||
| CVE-2020-25855 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 8.1 High |
| The function AES_UnWRAP() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for a memcpy() operation, resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. | ||||
| CVE-2020-25854 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 8.1 High |
| The function DecWPA2KeyData() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, rt_arc4_crypt_veneer() or _AES_UnWRAP_veneer(), resulting in a stack buffer overflow which can be exploited for remote code execution or denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network's PSK in order to exploit this. | ||||
| CVE-2020-25853 | 1 Realtek | 2 Rtl8195a, Rtl8195a Firmware | 2024-11-21 | 7.5 High |
| The function CheckMic() in the Realtek RTL8195A Wi-Fi Module prior to versions released in April 2020 (up to and excluding 2.08) does not validate the size parameter for an internal function, _rt_md5_hmac_veneer() or _rt_hmac_sha1_veneer(), resulting in a stack buffer over-read which can be exploited for denial of service. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker does not need to know the network's PSK. | ||||
| CVE-2020-25844 | 1 Panorama | 1 Nhiservisignadapter | 2024-11-21 | 8.1 High |
| The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege. | ||||
| CVE-2020-25843 | 1 Panorama | 1 Nhiservisignadapter | 2024-11-21 | 8.1 High |
| NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege. | ||||
| CVE-2020-25796 | 1 Sized-chunks Project | 1 Sized-chunks | 2024-11-21 | 7.5 High |
| An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the InlineArray implementation, an unaligned reference may be generated for a type that has a large alignment requirement. | ||||
| CVE-2020-25793 | 1 Sized-chunks Project | 1 Sized-chunks | 2024-11-21 | 7.5 High |
| An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with From<InlineArray<A, T>>. | ||||
| CVE-2020-25791 | 1 Sized-chunks Project | 1 Sized-chunks | 2024-11-21 | 7.5 High |
| An issue was discovered in the sized-chunks crate through 0.6.2 for Rust. In the Chunk implementation, the array size is not checked when constructed with unit(). | ||||
| CVE-2020-25774 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 4.3 Medium |
| A vulnerability in the Trend Micro Apex One ServerMigrationTool component could allow an attacker to trigger an out-of-bounds red information disclosure which would disclose sensitive information to an unprivileged account. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. | ||||
| CVE-2020-25772 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 5.5 Medium |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | ||||
| CVE-2020-25771 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 5.5 Medium |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25770. | ||||
| CVE-2020-25770 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2024-11-21 | 5.5 Medium |
| An out-of-bounds read information disclosure vulnerabilities in Trend Micro Apex One may allow a local attacker to disclose sensitive information to an unprivileged account on vulnerable installations of the product. An attacker must first obtain the ability to execute low-privileged code on the target in order to exploit these vulnerabilities. The subs affected in this vulnerability makes it unique compared to similar CVEs such as CVE-2020-24564 and CVE-2020-25771. | ||||