ReportizFlow
Filtered by vendor
Subscriptions
Total
476 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-7042 | 4 Fedoraproject, Openfortivpn Project, Openssl and 1 more | 5 Fedora, Openfortivpn, Openssl and 2 more | 2024-11-21 | 5.3 Medium |
| An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted). | ||||
| CVE-2020-6821 | 2 Mozilla, Redhat | 5 Firefox, Firefox Esr, Thunderbird and 2 more | 2024-11-21 | 7.5 High |
| When reading from areas partially or fully outside the source resource with WebGL's <code>copyTexSubImage</code> method, the specification requires the returned values be zero. Previously, this memory was uninitialized, leading to potentially sensitive data disclosure. This vulnerability affects Thunderbird < 68.7.0, Firefox ESR < 68.7, and Firefox < 75. | ||||
| CVE-2020-6793 | 2 Mozilla, Redhat | 3 Thunderbird, Enterprise Linux, Rhel E4s | 2024-11-21 | 6.5 Medium |
| When processing an email message with an ill-formed envelope, Thunderbird could read data from a random memory location. This vulnerability affects Thunderbird < 68.5. | ||||
| CVE-2020-6792 | 3 Canonical, Mozilla, Redhat | 4 Ubuntu Linux, Thunderbird, Enterprise Linux and 1 more | 2024-11-21 | 4.3 Medium |
| When deriving an identifier for an email message, uninitialized memory was used in addition to the message contents. This vulnerability affects Thunderbird < 68.5. | ||||
| CVE-2020-6444 | 5 Debian, Fedoraproject, Google and 2 more | 6 Debian Linux, Fedora, Chrome and 3 more | 2024-11-21 | 6.3 Medium |
| Uninitialized use in WebRTC in Google Chrome prior to 81.0.4044.92 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2020-6398 | 6 Debian, Fedoraproject, Google and 3 more | 10 Debian Linux, Fedora, Chrome and 7 more | 2024-11-21 | 8.8 High |
| Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | ||||
| CVE-2020-3964 | 1 Vmware | 4 Cloud Foundation, Esxi, Fusion and 1 more | 2024-11-21 | 4.7 Medium |
| VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. | ||||
| CVE-2020-36617 | 1 Greenend | 1 Sftpserver | 2024-11-21 | 4.6 Medium |
| A vulnerability was found in ewxrjk sftpserver. It has been declared as problematic. Affected by this vulnerability is the function sftp_parse_path of the file parse.c. The manipulation leads to uninitialized pointer. The real existence of this vulnerability is still doubted at the moment. The name of the patch is bf4032f34832ee11d79aa60a226cc018e7ec5eed. It is recommended to apply a patch to fix this issue. The identifier VDB-216205 was assigned to this vulnerability. NOTE: In some deployment models this would be a vulnerability. README specifically warns about avoiding such deployment models. | ||||
| CVE-2020-36514 | 1 Acc Reader Project | 1 Acc Reader | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. fill_buf may read from uninitialized memory locations. | ||||
| CVE-2020-36513 | 1 Acc Reader Project | 1 Acc Reader | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the acc_reader crate through 2020-12-27 for Rust. read_up_to may read from uninitialized memory locations. | ||||
| CVE-2020-36512 | 1 Buffoon Project | 1 Buffoon | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the buffoon crate through 2020-12-31 for Rust. InputStream::read_exact may read from uninitialized memory locations. | ||||
| CVE-2020-36511 | 1 Bite Project | 1 Bite | 2024-11-21 | 7.5 High |
| An issue was discovered in the bite crate through 2020-12-31 for Rust. read::BiteReadExpandedExt::read_framed_max may read from uninitialized memory locations. | ||||
| CVE-2020-36452 | 1 Array-tools Project | 1 Array-tools | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the array-tools crate before 0.3.2 for Rust. FixedCapacityDequeLike::clone() has a drop of uninitialized memory. | ||||
| CVE-2020-36443 | 1 Libp2p | 1 Libp2p-deflate | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function. | ||||
| CVE-2020-36432 | 1 Alg Ds Project | 1 Alg Ds | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new(). | ||||
| CVE-2020-36210 | 1 Autorand Project | 1 Autorand | 2024-11-21 | 7.8 High |
| An issue was discovered in the autorand crate before 0.2.3 for Rust. Because of impl Random on arrays, uninitialized memory can be dropped when a panic occurs, leading to memory corruption. | ||||
| CVE-2020-35893 | 1 Simple-slab Project | 1 Simple-slab | 2024-11-21 | 7.5 High |
| An issue was discovered in the simple-slab crate before 0.3.3 for Rust. remove() has an off-by-one error, causing memory leakage and a drop of uninitialized memory. | ||||
| CVE-2020-35888 | 1 Arr Project | 1 Arr | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the arr crate through 2020-08-25 for Rust. Uninitialized memory is dropped by Array::new_from_template. | ||||
| CVE-2020-35878 | 1 Ozone Project | 1 Ozone | 2024-11-21 | 9.8 Critical |
| An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. | ||||
| CVE-2020-35494 | 4 Broadcom, Fedoraproject, Gnu and 1 more | 9 Brocade Fabric Operating System Firmware, Fedora, Binutils and 6 more | 2024-11-21 | 6.1 Medium |
| There's a flaw in binutils /opcodes/tic4x-dis.c. An attacker who is able to submit a crafted input file to be processed by binutils could cause usage of uninitialized memory. The highest threat is to application availability with a lower threat to data confidentiality. This flaw affects binutils versions prior to 2.34. | ||||