CWE:
 

Nic nie znaleziono w bazie WLB2


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2020-08-25
High
CVE-2020-14510

Updating...
 

 
GateManager versions prior to 9.2c, The affected product contains a hard-coded credential for telnet, allowing an unprivileged attacker to execute commands as root.

 
Medium
CVE-2020-14508

Updating...
 

 
GateManager versions prior to 9.2c, The affected product is vulnerable to an off-by-one error, which may allow an attacker to remotely execute arbitrary code or cause a denial-of-service condition.

 
2020-06-24
Medium
CVE-2020-3969

Vendor: Vmware
Software: Cloud foundation
 

 
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an off-by-one heap-overflow vulnerability in the SVGA device. A malicious actor with local access to a virtual machine with 3D graphics enabled may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

 
2020-06-05
Medium
CVE-2020-10062

Vendor: Zephyrproject
Software: Zephyr
 

 
An off-by-one error in the Zephyr project MQTT packet length decoder can result in memory corruption and possible remote code execution. NCC-ZEP-031 This issue affects: zephyrproject-rtos zephyr version 2.2.0 and later versions.

 
2020-05-15
Medium
CVE-2019-19721

Vendor: Videolan
Software: Vlc media player
 

 
An off-by-one error in the DecodeBlock function in codec/sdl_image.c in VideoLAN VLC media player before 3.0.9 allows remote attackers to cause a denial of service (memory corruption) via a crafted image file. NOTE: this may be related to the SDL_Image product.

 
2020-04-14
Low
CVE-2020-11765

Vendor: Openexr
Software: Openexr
 

 
An issue was discovered in OpenEXR before 2.4.1. There is an off-by-one error in use of the ImfXdr.h read function by DwaCompressor::Classifier::Classifier, leading to an out-of-bounds read.

 
2020-01-10
Medium
CVE-2020-6835

Vendor: Bftpd project
Software: Bftpd
 

 
An issue was discovered in Bftpd before 5.4. There is a heap-based off-by-one error during file-transfer error checking.

 
2020-01-02
Low
CVE-2014-8182

Vendor: Openldap
Software: Openldap
 

 
An off-by-one error leading to a crash was discovered in openldap 2.4 when processing DNS SRV messages. If slapd was configured to use the dnssrv backend, an attacker could crash the service with crafted DNS responses.

 
2019-12-09
Medium
CVE-2015-0841

Vendor: Monopd project
Software: Monopd
 

 
Off-by-one error in the readBuf function in listener.cpp in libcapsinetwork and monopd before 0.9.8, allows remote attackers to cause a denial of service (crash) via a long line.

 
2018-04-12
Medium
CVE-2018-9860

Vendor: Botan project
Software: Botan
 

 
An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An off-by-one error when processing malformed TLS-CBC ciphertext could cause the receiving side to include in the HMAC computation exactly 64K bytes of data following the record buffer, aka an over-read. The MAC comparison will subsequently fail and the connection will be closed. This could be used for denial of service. No information leak occurs.

 

 


Copyright 2020, cxsecurity.com

 

Back to Top