In Synergy before version 1.12.0, a Synergy server can be crashed by receiving a kMsgHelloBack packet with a client name length set to 0xffffffff (4294967295) if the servers memory is less than 4 GB. It was verified that this issue does not cause a crash through the exception handler if the available memory of the Server is more than 4GB.
CWE-754
CVE-2020-14348
It was found in AMQ Online before 1.5.2 that injecting an invalid field to a user’s AddressSpace configuration of the user namespace puts AMQ Online in an inconsistent state, where the AMQ Online components do not operate properly, such as the failure of provisioning and the failure of creating addresses, though this does not impact upon already existing messaging clients or brokers.
CVE-2020-13649
parser/js/js-scanner.c in JerryScript 2.2.0 mishandles errors during certain out-of-memory conditions, as demonstrated by a scanner_reverse_info_list NULL pointer dereference and a scanner_scan_all assertion failure.
CVE-2020-12292
Improper conditions check in some Intel(R) Thunderbolt(TM) controllers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2020-1122
An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations, aka ‘Windows Language Pack Installer Elevation of Privilege Vulnerability’.
CVE-2020-10571
An issue was discovered in psd-tools before 1.9.4. The Cython implementation of RLE decoding did not check for malicious data.