Total
445 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-15223 | 1 Ory | 1 Fosite | 2024-11-21 | 8 High |
| In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful revocation while the token is still valid. Whether an attacker can use this for her advantage depends on the ability to trigger errors in the store. This is fixed in version 0.34.0 | ||||
| CVE-2020-15202 | 2 Google, Opensuse | 2 Tensorflow, Leap | 2024-11-21 | 9 Critical |
| In Tensorflow before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, the `Shard` API in TensorFlow expects the last argument to be a function taking two `int64` (i.e., `long long`) arguments. However, there are several places in TensorFlow where a lambda taking `int` or `int32` arguments is being used. In these cases, if the amount of work to be parallelized is large enough, integer truncation occurs. Depending on how the two arguments of the lambda are used, this can result in segfaults, read/write outside of heap allocated arrays, stack overflows, or data corruption. The issue is patched in commits 27b417360cbd671ef55915e4bb6bb06af8b8a832 and ca8c013b5e97b1373b3bb1c97ea655e69f31a575, and is released in TensorFlow versions 1.15.4, 2.0.3, 2.1.2, 2.2.1, or 2.3.1. | ||||
| CVE-2020-15117 | 2 Fedoraproject, Symless | 2 Fedora, Synergy | 2024-11-21 | 6.5 Medium |
| In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB. | ||||
| CVE-2020-14348 | 1 Redhat | 1 Amq Online | 2024-11-21 | 4.3 Medium |
| It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user's AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers. | ||||
| CVE-2020-13649 | 1 Jerryscript | 1 Jerryscript | 2024-11-21 | 7.5 High |
| parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure. | ||||
| CVE-2020-12292 | 1 Intel | 26 Dsl5320 Thunderbolt 2, Dsl5320 Thunderbolt 2 Firmware, Dsl5520 Thunderbolt 2 and 23 more | 2024-11-21 | 5.5 Medium |
| Improper conditions check in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2020-10571 | 1 Psd-tools Project | 1 Psd-tools | 2024-11-21 | 9.8 Critical |
| An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data. | ||||
| CVE-2020-0588 | 1 Intel | 76 Bios, Xeon Bronze 3204, Xeon Bronze 3206r and 73 more | 2024-11-21 | 6.7 Medium |
| Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2020-0587 | 1 Intel | 114 Bios, Core I5-7640x, Core I7-3820 and 111 more | 2024-11-21 | 6.7 Medium |
| Improper conditions check in BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2019-9633 | 1 Gnome | 1 Glib | 2024-11-21 | N/A |
| gio/gsocketclient.c in GNOME GLib 2.59.2 does not ensure that a parent GTask remains alive during the execution of a connection-attempting enumeration, which allows remote attackers to cause a denial of service (g_socket_client_connected_callback mishandling and application crash) via a crafted web site, as demonstrated by GNOME Web (aka Epiphany). | ||||
| CVE-2019-8960 | 1 Flexera | 1 Flexnet Publisher | 2024-11-21 | 7.5 High |
| A Denial of Service vulnerability related to command handling has been identified in FlexNet Publisher lmadmin.exe version 11.16.2. The message reading function used in lmadmin.exe can, given a certain message, call itself again and then wait for a further message. With a particular flag set in the original message, but no second message received, the function eventually return an unexpected value which leads to an exception being thrown. The end result can be process termination. | ||||
| CVE-2019-7167 | 1 Z.cash | 1 Zcash | 2024-11-21 | N/A |
| Zcash, before the Sapling network upgrade (2018-10-28), had a counterfeiting vulnerability. A key-generation process, during evaluation of polynomials related to a to-be-proven statement, produced certain bypass elements. Availability of these elements allowed a cheating prover to bypass a consistency check, and consequently transform the proof of one statement into an ostensibly valid proof of a different statement, thereby breaking the soundness of the proof system. This misled the original Sprout zk-SNARK verifier into accepting the correctness of a transaction. | ||||
| CVE-2019-6857 | 1 Schneider-electric | 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more | 2024-11-21 | 7.5 High |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service of the controller when reading specific memory blocks using Modbus TCP. | ||||
| CVE-2019-6856 | 1 Schneider-electric | 58 140cpu65150, 140cpu65150 Firmware, 140cpu65160 and 55 more | 2024-11-21 | 7.5 High |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Modicon M580, Modicon M340, Modicon Quantum, Modicon Premium (see security notification for specific versions) which could cause a Denial of Service when writing specific physical memory blocks using Modbus TCP. | ||||
| CVE-2019-6833 | 1 Schneider-electric | 49 Hmig2u, Hmig3u, Hmig3ufc and 46 more | 2024-11-21 | 6.5 Medium |
| A CWE-754 – Improper Check for Unusual or Exceptional Conditions vulnerability exists in Magelis HMI Panels (all versions of - HMIGTO, HMISTO, XBTGH, HMIGTU, HMIGTUX, HMISCU, HMISTU, XBTGT, XBTGT, HMIGXO, HMIGXU), which could cause a temporary freeze of the HMI when a high rate of frames is received. When the attack stops, the buffered commands are processed by the HMI panel. | ||||
| CVE-2019-6831 | 1 Schneider-electric | 2 Bmxnor0200h, Bmxnor0200h Firmware | 2024-11-21 | 8.6 High |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions), which could cause disconnection of active connections when an unusually high number of IEC 60870- 5-104 packets are received by the module on port 2404/TCP. | ||||
| CVE-2019-6819 | 1 Schneider-electric | 38 Bmeh582040, Bmeh582040c, Bmeh584040 and 35 more | 2024-11-21 | 7.5 High |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists which could cause a possible Denial of Service when specific Modbus frames are sent to the controller in the products: Modicon M340 - firmware versions prior to V3.01, Modicon M580 - firmware versions prior to V2.80, All firmware versions of Modicon Quantum and Modicon Premium. | ||||
| CVE-2019-6813 | 1 Schneider-electric | 4 Bmxnor0200h, Bmxnor0200h Firmware, Modicon M340 and 1 more | 2024-11-21 | 7.5 High |
| A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in BMXNOR0200H Ethernet / Serial RTU module (all firmware versions) and Modicon M340 controller (all firmware versions), which could cause denial of service when truncated SNMP packets on port 161/UDP are received by the device. | ||||
| CVE-2019-6811 | 1 Schneider-electric | 4 Modicon Quantum 140noe77101, Modicon Quantum 140noe77101 Firmware, Modicon Quantum 140noe77111 and 1 more | 2024-11-21 | 7.5 High |
| An Improper Check for Unusual or Exceptional Conditions (CWE-754) vulnerability exists in Modicon Quantum 140 NOE771x1 version 6.9 and earlier, which could cause denial of service when the module receives an IP fragmented packet with a length greater than 65535 bytes. The module then requires a power cycle to recover. | ||||
| CVE-2019-5763 | 4 Debian, Fedoraproject, Google and 1 more | 7 Debian Linux, Fedora, Chrome and 4 more | 2024-11-21 | N/A |
| Failure to check error conditions in V8 in Google Chrome prior to 72.0.3626.81 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||