Overflow に分類される脆弱性に紐づく CVE を、公開年で絞り込みます。一覧は新しい公開が上に来る並びで、CVSS / EPSS のリスク指標でもさらに絞り込めます。
直近の脆弱性公開や傾向を押さえ、セキュリティチームが高リスクな事象や悪用の可能性を素早く把握するためのビューです。
2020 年に公開され、Overflow に分類される CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2020-35892 | An issue was discovered in the simple-slab crate before 0.3.3 for Rust. index() allows an out-of-bounds read. | 9.1 | 1.51% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35890 | An issue was discovered in the ordnung crate through 2020-09-03 for Rust. compact::Vec violates memory safety via out-of-bounds access for large capacity. | 7.5 | 1.39% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35887 | An issue was discovered in the arr crate through 2020-08-25 for Rust. There is a buffer overflow in Index and IndexMut. | 9.8 | 1.48% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35878 | An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of the dropping of uninitialized memory. | 9.8 | 1.52% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35877 | An issue was discovered in the ozone crate through 2020-07-04 for Rust. Memory safety is violated because of out-of-bounds access. | 9.8 | 1.52% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35869 | An issue was discovered in the rusqlite crate before 0.23.0 for Rust. Memory safety can be violated because rusqlite::trace::log mishandles format strings. | 9.8 | 1.71% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35861 | An issue was discovered in the bumpalo crate before 3.2.1 for Rust. The realloc feature allows the reading of unknown memory. Attackers can potentially read cryptographic keys. | 7.5 | 1.49% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35859 | An issue was discovered in the lucet-runtime-internals crate before 0.5.1 for Rust. It mishandles sigstack allocation. Guest programs may be able to obtain sensitive information, or guest programs can experience memory corruption. | 9.1 | 1.50% | 2020-12-31 | 2024-11-21 |
| CVE-2019-25005 | An issue was discovered in the chacha20 crate before 0.2.3 for Rust. A ChaCha20 counter overflow makes it easier for attackers to determine plaintext. | 7.5 | 1.31% | 2020-12-31 | 2024-11-21 |
| CVE-2020-25844 | The digest generation function of NHIServiSignAdapter has not been verified for parameter’s length, which leads to a stack overflow loophole. Remote attackers can use the leak to execute code without privilege. | 8.1 | 1.90% | 2020-12-31 | 2024-11-21 |
| CVE-2020-25843 | NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege. | 8.1 | 1.90% | 2020-12-31 | 2024-11-21 |
| CVE-2020-11947 | iscsi_aio_ioctl_cb in block/iscsi.c in QEMU 4.1.0 has a heap-based buffer over-read that may disclose unrelated information from process memory to an attacker. | 3.8 | 0.46% | 2020-12-31 | 2024-11-21 |
| CVE-2019-20808 | In QEMU 4.1.0, an out-of-bounds read flaw was found in the ATI VGA implementation. It occurs in the ati_cursor_define() routine while handling MMIO write operations through the ati_mm_write() callback. A malicious guest could abuse this flaw to crash the QEMU process, resulting in a denial of service. | 6.5 | 0.33% | 2020-12-31 | 2024-11-21 |
| CVE-2020-35796 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects CBR40 before 2.5.0.10, D6220 before 1.0.0.60, D6400 before 1.0.0.94, D7000v2 before 1.0.0.62, D8500 before 1.0.3.50, DC112A before 1.0.0.48, DGN2200v4 before 1.0.0.114, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.84, EX3800 before 1.0.0.84, EX3920 before 1.0.0.84, EX6000 before 1.0.0.44, EX6100 before 1.0.2.28, EX6120 before 1.0.0.54, EX6130 before 1.0.0.36, EX6150 before | 8.8 | 1.50% | 2020-12-30 | 2024-11-21 |
| CVE-2020-35795 | Certain NETGEAR devices are affected by a buffer overflow by an unauthenticated attacker. This affects AC2100 before 1.2.0.72, AC2400 before 1.2.0.72, AC2600 before 1.2.0.72, CBK40 before 2.5.0.10, CBR40 before 2.5.0.10, D7800 before 1.0.1.58, EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX7500 before 1.0.0.68, MK62 before 1.0.5.102, MR60 before 1.0.5.102, MS60 before 1.0.5.102, R6120 before 1.0.0.70, R6220 before 1.1.0.100, R6230 before 1.1.0.100, R6260 before 1.1.0.76, R6330 before 1.1.0.76, | 9.8 | 1.18% | 2020-12-30 | 2024-11-21 |
| CVE-2020-35788 | NETGEAR WAC104 devices before 1.0.4.13 are affected by a buffer overflow by an authenticated user. | 7.6 | 0.41% | 2020-12-30 | 2024-11-21 |
| CVE-2020-35787 | Certain NETGEAR devices are affected by a buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6 | 8.0 | 0.48% | 2020-12-30 | 2024-11-21 |
| CVE-2020-35786 | NETGEAR R7800 devices before 1.0.2.74 are affected by a buffer overflow by an authenticated user. | 4.5 | 0.47% | 2020-12-30 | 2024-11-21 |
| CVE-2020-9125 | There is an out-of-bound read vulnerability in huawei smartphone Mate 30 versions earlier than 10.1.0.156 (C00E155R7P2). An attacker with specific permission can exploit this vulnerability by sending crafted packet with specific parameter to the target device. Due to insufficient validation of the parameter, successful exploit can cause the device to behave abnormally. | 6.7 | 0.25% | 2020-12-29 | 2024-11-21 |
| CVE-2020-9094 | There is an out of bound read vulnerability in some verisons of Huawei CloudEngine product. A module does not deal with specific message properly. Attackers can exploit this vulnerability by sending malicious packet. This can lead to denial of service. | 7.5 | 0.74% | 2020-12-29 | 2024-11-21 |