CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19725
https://notcve.org/view.php?id=CVE-2020-19725
It can cause segmentation faults or arbitrary code execution. • https://github.com/Z3Prover/z3/issues/3363 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18652 – exempi: denial of service via opening of crafted webp file
https://notcve.org/view.php?id=CVE-2020-18652
Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. A buffer overflow flaw was found in the exempi package. This issue occurs in WEBP_Support.cpp and may allow remote attackers to cause a denial of service via opening a crafted webp file. • https://gitlab.freedesktop.org/libopenraw/exempi/commit/acee2894ceb91616543927c2a6e45050c60f98f7 https://gitlab.freedesktop.org/libopenraw/exempi/issues/12 https://lists.debian.org/debian-lts-announce/2023/09/msg00032.html https://access.redhat.com/security/cve/CVE-2020-18652 https://bugzilla.redhat.com/show_bug.cgi? • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48174 – busybox: stack overflow vulnerability in ash.c leads to arbitrary code execution
https://notcve.org/view.php?id=CVE-2022-48174
In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution. ... This issue occurs via a stack overflow vulnerability in ash.c in BusyBox, which may allow arbitrary code execution. • https://bugs.busybox.net/show_bug.cgi?id=15216 https://access.redhat.com/security/cve/CVE-2022-48174 https://bugzilla.redhat.com/show_bug.cgi?id=2237153 • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2020-35357
https://notcve.org/view.php?id=CVE-2020-35357
Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. • https://git.savannah.gnu.org/cgit/gsl.git/commit/?id=989a193268b963aa1047814f7f1402084fb7d859 https://lists.debian.org/debian-lts-announce/2023/09/msg00023.html https://savannah.gnu.org/bugs/?59624 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-31447
https://notcve.org/view.php?id=CVE-2023-31447
user_login.cgi on Draytek Vigor2620 devices before 3.9.8.4 (and on all versions of Vigor2925 devices) allows attackers to send a crafted payload to modify the content of the code segment, insert shellcode, and execute arbitrary code. • https://draytek.com https://gist.github.com/rrrrrrri/013c9eef64b265af4163478bfcf29ff4 • CWE-94: Improper Control of Generation of Code ('Code Injection') •