National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 131,463 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2020-9432

openssl_x509_check_host in lua-openssl 0.7.7-1 mishandles X.509 certificate validation because it uses lua_pushboolean for certain non-boolean return values.

Published: February 27, 2020; 06:15:13 PM -05:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2020-9431

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the LTE RRC dissector could leak memory. This was addressed in epan/dissectors/packet-lte-rrc.c by adjusting certain append operations.

Published: February 27, 2020; 06:15:13 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-9430

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the WiMax DLMAP dissector could crash. This was addressed in plugins/epan/wimax/msg_dlmap.c by validating a length field.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-9429

In Wireshark 3.2.0 to 3.2.1, the WireGuard dissector could crash. This was addressed in epan/dissectors/packet-wireguard.c by handling the situation where a certain data structure intentionally has a NULL value.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-9428

In Wireshark 3.2.0 to 3.2.1, 3.0.0 to 3.0.8, and 2.6.0 to 2.6.14, the EAP dissector could crash. This was addressed in epan/dissectors/packet-eap.c by using more careful sscanf parsing.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2020-6418

Type confusion in V8 in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 6.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2020-6407

Out of bounds memory access in streams in Google Chrome prior to 80.0.3987.122 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-6386

Use after free in speech in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-6384

Use after free in WebAudio in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2020-6383

Type confusion in V8 in Google Chrome prior to 80.0.3987.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Published: February 27, 2020; 06:15:12 PM -05:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2018-8878

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network devices' hostnames and MAC addresses by reading the custom_id variable on the blocking.asp page.

Published: February 27, 2020; 05:15:13 PM -05:00
(not available)
CVE-2018-8877

Information disclosure in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to acquire information on internal network IP address ranges by reading the new_lan_ip variable on the error_page.htm page.

Published: February 27, 2020; 05:15:13 PM -05:00
(not available)
CVE-2020-7063

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when creating PHAR archive using PharData::buildFromIterator() function, the files are added with default permissions (0666, or all access) even if the original files on the filesystem were with more restrictive permissions. This may result in files having more lax permissions than intended when such archive is extracted.

Published: February 27, 2020; 04:15:19 PM -05:00
V3.1: 5.3 MEDIUM
    V2: 5.0 MEDIUM
CVE-2020-7062

In PHP versions 7.2.x below 7.2.28, 7.3.x below 7.3.15 and 7.4.x below 7.4.3, when using file upload functionality, if upload progress tracking is enabled, but session.upload_progress.cleanup is set to 0 (disabled), and the file upload fails, the upload procedure would try to clean up data that does not exist and encounter null pointer dereference, which would likely lead to a crash.

Published: February 27, 2020; 04:15:19 PM -05:00
V3.1: 7.5 HIGH
    V2: 4.3 MEDIUM
CVE-2020-7061

In PHP versions 7.3.x below 7.3.15 and 7.4.x below 7.4.3, while extracting PHAR files on Windows using phar extension, certain content inside PHAR file could lead to one-byte read past the allocated buffer. This could potentially lead to information disclosure or crash.

Published: February 27, 2020; 04:15:18 PM -05:00
V3.1: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2020-3878

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Published: February 27, 2020; 04:15:18 PM -05:00
(not available)
CVE-2020-3877

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Catalina 10.15.3, watchOS 6.1.2. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

Published: February 27, 2020; 04:15:18 PM -05:00
(not available)
CVE-2020-3875

A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1, macOS Catalina 10.15.3, tvOS 13.3.1, watchOS 6.1.2. An application may be able to read restricted memory.

Published: February 27, 2020; 04:15:18 PM -05:00
(not available)
CVE-2020-3874

An issued existed in the naming of screenshots. The issue was corrected with improved naming. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Screenshots of the Messages app may reveal additional message content.

Published: February 27, 2020; 04:15:18 PM -05:00
(not available)
CVE-2020-3873

This issue was addressed with improved setting propagation. This issue is fixed in iOS 13.3.1 and iPadOS 13.3.1. Turning off "Load remote content in messages” may not apply to all mail previews.

Published: February 27, 2020; 04:15:18 PM -05:00
(not available)