Search
Total
1364 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-12708 | 1 Advantech | 1 Webaccess | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| An Improper Restriction Of Operations Within The Bounds Of A Memory Buffer issue was discovered in Advantech WebAccess versions prior to V8.2_20170817. Researchers have identified multiple vulnerabilities that allow invalid locations to be referenced for the memory buffer, which may allow an attacker to execute arbitrary code or cause the system to crash. | |||||
| CVE-2017-12368 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2019-10-09 | 6.8 MEDIUM | 9.6 CRITICAL |
| A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCve10584, CSCve10591, CSCve11503, CSCve10658, CSCve11507, CSCve10749, CSCve10744, CSCve11532, CSCve10762, CSCve10764, CSCve11538. | |||||
| CVE-2017-12370 | 1 Cisco | 1 Webex Meetings | 2019-10-09 | 6.8 MEDIUM | 9.6 CRITICAL |
| A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf38060, CSCvg54836, CSCvf38077, CSCvg54843, CSCvf38084, CSCvg54850. | |||||
| CVE-2017-12372 | 1 Cisco | 2 Webex Meetings, Webex Meetings Server | 2019-10-09 | 6.8 MEDIUM | 9.6 CRITICAL |
| A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf57234, CSCvg54868, CSCvg54870. | |||||
| CVE-2017-12371 | 1 Cisco | 1 Webex Meetings | 2019-10-09 | 6.8 MEDIUM | 9.6 CRITICAL |
| A "Cisco WebEx Network Recording Player Remote Code Execution Vulnerability" exists in Cisco WebEx Network Recording Player for Advanced Recording Format (ARF) and WebEx Recording Format (WRF) files. A remote attacker could exploit this by providing a user with a malicious ARF or WRF file via email or URL and convincing the user to launch the file. Exploitation of this could cause an affected player to crash and, in some cases, could allow arbitrary code execution on the system of a targeted user. Cisco Bug IDs: CSCvf49650, CSCvg54853, CSCvg54856, CSCvf49697, CSCvg54861, CSCvf49707, CSCvg54867. | |||||
| CVE-2017-12240 | 1 Cisco | 1 Ios | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. The attacker could also cause an affected system to reload, resulting in a denial of service (DoS) condition. The vulnerability is due to a buffer overflow condition in the DHCP relay subsystem of the affected software. An attacker could exploit this vulnerability by sending a crafted DHCP Version 4 (DHCPv4) packet to an affected system. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a DoS condition. Cisco Bug IDs: CSCsm45390, CSCuw77959. | |||||
| CVE-2016-6559 | 1 Freebsd | 1 Freebsd | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Improper bounds checking of the obuf variable in the link_ntoa() function in linkaddr.c of the BSD libc library may allow an attacker to read or write from memory. The full impact and severity depends on the method of exploit and how the library is used by applications. According to analysis by FreeBSD developers, it is very unlikely that applications exist that utilize link_ntoa() in an exploitable manner, and the CERT/CC is not aware of any proof of concept. A blog post describes the functionality of link_ntoa() and points out that none of the base utilities use this function in an exploitable manner. For more information, please see FreeBSD Security Advisory SA-16:37. | |||||
| CVE-2016-6563 | 1 Dlink | 18 Dir-818l\(w\), Dir-818l\(w\) Firmware, Dir-822 and 15 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Processing malformed SOAP messages when performing the HNAP Login action causes a buffer overflow in the stack in some D-Link DIR routers. The vulnerable XML fields within the SOAP body are: Action, Username, LoginPassword, and Captcha. The following products are affected: DIR-823, DIR-822, DIR-818L(W), DIR-895L, DIR-890L, DIR-885L, DIR-880L, DIR-868L, and DIR-850L. | |||||
| CVE-2015-1006 | 1 Opto22 | 4 Optodatalink, Optoopcserver, Pac Display and 1 more | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerable file in Opto 22 PAC Project Professional versions prior to R9.4006, PAC Project Basic versions prior to R9.4006, PAC Display Basic versions prior to R9.4f, PAC Display Professional versions prior to R9.4f, OptoOPCServer versions prior to R9.4c, and OptoDataLink version R9.4d and prior versions that were installed by PAC Project installer, versions prior to R9.4006, is susceptible to a heap-based buffer overflow condition that may allow remote code execution on the target system. Opto 22 suggests upgrading to the new product version as soon as possible. | |||||
| CVE-2014-9189 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple stack-based buffer overflow vulnerabilities were found in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules that could lead to possible remote code execution, dynamic memory corruption, or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2014-9187 | 1 Honeywell | 1 Experion Process Knowledge System | 2019-10-09 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple heap-based buffer overflow vulnerabilities exist in Honeywell Experion PKS all versions prior to R400.6, all versions prior to R410.6, and all versions prior to R430.2 modules, which could lead to possible remote code execution or denial of service. Honeywell strongly encourages and recommends all customers running unsupported versions of EKPS prior to R400 to upgrade to a supported version. | |||||
| CVE-2016-10764 | 1 Linux | 1 Linux Kernel | 2019-10-08 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.9.6, there is an off by one in the drivers/mtd/spi-nor/cadence-quadspi.c cqspi_setup_flash() function. There are CQSPI_MAX_CHIPSELECT elements in the ->f_pdata array so the ">" should be ">=" instead. | |||||
| CVE-2018-10238 | 1 Bacnet Protocol Stack Project | 1 Bacnet Protocol Stack | 2019-10-07 | 7.5 HIGH | 9.8 CRITICAL |
| bvlc.c in skarg BACnet Protocol Stack bacserv 0.9.1 and 0.8.5 is affected by a Buffer Overflow because of a lack of packet-size validation. The affected component is bacserv BACnet/IP BVLC forwarded NPDU. The function bvlc_bdt_forward_npdu() calls bvlc_encode_forwarded_npdu() which copies the content from the request into a local in the bvlc_bdt_forward_npdu() stack frame and clobbers the canary. The attack vector is: A BACnet/IP device with BBMD enabled based on this library connected to IP network. The fixed version is: 0.8.6. | |||||
| CVE-2016-10722 | 1 Partclone Project | 1 Partclone | 2019-10-04 | 7.5 HIGH | 9.8 CRITICAL |
| partclone.fat in Partclone before 0.2.88 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the FAT superblock, related to the mark_reserved_sectors function. An attacker may be able to execute arbitrary code in the context of the user running the affected application. | |||||
| CVE-2017-18379 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 4.14, an out of boundary access happened in drivers/nvme/target/fc.c. | |||||
| CVE-2018-17161 | 1 Freebsd | 1 Freebsd | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| In FreeBSD before 11.2-STABLE(r348229), 11.2-RELEASE-p7, 12.0-STABLE(r342228), and 12.0-RELEASE-p1, insufficient validation of network-provided data in bootpd may make it possible for a malicious attacker to craft a bootp packet which could cause a stack buffer overflow. It is possible that the buffer overflow could lead to a Denial of Service or remote code execution. | |||||
| CVE-2017-15597 | 1 Xen | 1 Xen | 2019-10-03 | 9.0 HIGH | 9.1 CRITICAL |
| An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would be accompanied by a suitable page reference. Other portions of code, however, did not match up with that assumption. When such a grant copy operation is being done on a grant of a dying domain, the assumption turns out wrong. A malicious guest administrator can cause hypervisor memory corruption, most likely resulting in host crash and a Denial of Service. Privilege escalation and information leaks cannot be ruled out. | |||||
| CVE-2017-5789 | 1 Hp | 2 Loadrunner, Performance Center | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before 12.53 Patch 4 allow remote attackers to execute arbitrary code via unspecified vectors. At least in LoadRunner, this is a libxdrutil.dll mxdr_string heap-based buffer overflow. | |||||
| CVE-2017-10921 | 1 Xen | 1 Xen | 2019-10-03 | 10.0 HIGH | 10.0 CRITICAL |
| The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2. | |||||
| CVE-2017-8378 | 1 Podofo Project | 1 Podofo | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors related to m_offsets.size. | |||||
| CVE-2017-13208 | 1 Google | 1 Android | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-67474440. | |||||
| CVE-2017-10920 | 1 Xen | 1 Xen | 2019-10-03 | 10.0 HIGH | 10.0 CRITICAL |
| The grant-table feature in Xen through 4.8.x mishandles a GNTMAP_device_map and GNTMAP_host_map mapping, when followed by only a GNTMAP_host_map unmapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 1. | |||||
| CVE-2017-17773 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow. | |||||
| CVE-2017-7895 | 1 Linux | 1 Linux Kernel | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| The NFSv2 and NFSv3 server implementations in the Linux kernel through 4.10.13 lack certain checks for the end of a buffer, which allows remote attackers to trigger pointer-arithmetic errors or possibly have unspecified other impact via crafted requests, related to fs/nfsd/nfs3xdr.c and fs/nfsd/nfsxdr.c. | |||||
| CVE-2018-9059 | 1 Sharing-file | 1 Easy File Sharing Web Server | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 allows remote attackers to execute arbitrary code via a malicious login request to forum.ghp. NOTE: this may overlap CVE-2014-3791. | |||||
| CVE-2017-11767 | 1 Microsoft | 1 Chakracore | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | |||||
| CVE-2017-6274 | 1 Google | 1 Android | 2019-10-03 | 7.5 HIGH | 9.8 CRITICAL |
| An elevation of Privilege vulnerability exists in the Thermal Driver, where a missing bounds checks in the thermal throttle driver can cause an out-of-bounds write in the kernel. This issue is rated as moderate. Product: Pixel. Version: N/A. Android ID: A-34705801. References: N-CVE-2017-6274. | |||||
| CVE-2019-1913 | 1 Cisco | 22 Sf-220-24, Sf-220-24 Firmware, Sf220-24p and 19 more | 2019-10-01 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS. | |||||
| CVE-2007-6762 | 1 Linux | 1 Linux Kernel | 2019-09-27 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 2.6.20, there is an off-by-one bug in net/netlabel/netlabel_cipso_v4.c where it is possible to overflow the doi_def->tags[] array. | |||||
| CVE-2012-1516 | 1 Vmware | 2 Esx, Esxi | 2019-09-27 | 9.0 HIGH | 9.9 CRITICAL |
| The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. | |||||
| CVE-2018-1000804 | 1 Contiki-ng | 1 Contiki-ng | 2019-09-27 | 10.0 HIGH | 9.8 CRITICAL |
| contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack). | |||||
| CVE-2011-5327 | 1 Linux | 1 Linux Kernel | 2019-09-26 | 7.5 HIGH | 9.8 CRITICAL |
| In the Linux kernel before 3.1, an off by one in the drivers/target/loopback/tcm_loop.c tcm_loop_make_naa_tpg() function could result in at least memory corruption. | |||||
| CVE-2018-20182 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-15 | 7.5 HIGH | 9.8 CRITICAL |
| rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. | |||||
| CVE-2019-14305 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-14300 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-14308 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-14307 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-15786 | 1 Robotis | 1 Dynamixel Sdk | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. | |||||
| CVE-2019-15783 | 1 Lute-tab Project | 1 Lute-tab | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. | |||||
| CVE-2019-9933 | 1 Lexmark | 142 6500e, 6500e Firmware, C734 and 139 more | 2019-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| Various Lexmark products have a Buffer Overflow (issue 3 of 3). | |||||
| CVE-2019-9932 | 1 Lexmark | 142 6500e, 6500e Firmware, C734 and 139 more | 2019-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| Various Lexmark products have a Buffer Overflow (issue 2 of 3). | |||||
| CVE-2018-21000 | 1 Safe-transmute Project | 1 Safe-transmute | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the safe-transmute crate before 0.10.1 for Rust. A constructor's arguments are in the wrong order, causing heap memory corruption. | |||||
| CVE-2018-20995 | 1 Slice-deque Project | 1 Slice-deque | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the slice-deque crate before 0.1.16 for Rust. move_head_unchecked allows memory corruption because deque updates are mishandled. | |||||
| CVE-2018-20998 | 1 Arrayfire | 1 Arrayfire | 2019-08-30 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the arrayfire crate before 3.6.0 for Rust. Addition of the repr() attribute to an enum is mishandled, leading to memory corruption. | |||||
| CVE-2019-15548 | 1 Ncurses Project | 1 Ncurses | 2019-08-29 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ncurses crate through 5.99.0 for Rust. There are instr and mvwinstr buffer overflows because interaction with C functions is mishandled. | |||||
| CVE-2019-13452 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Xymon through 4.3.28, a buffer overflow vulnerability exists in reportlog.c. | |||||
| CVE-2019-13451 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Xymon through 4.3.28, a buffer overflow vulnerability exists in history.c. | |||||
| CVE-2019-13484 | 2 Debian, Xymon | 2 Debian Linux, Xymon | 2019-08-28 | 7.5 HIGH | 9.8 CRITICAL |
| In Xymon through 4.3.28, a buffer overflow exists in the status-log viewer CGI because of expansion in appfeed.c. | |||||
| CVE-2019-7020 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a buffer errors vulnerability. Successful exploitation could lead to arbitrary code execution . | |||||
| CVE-2018-12784 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2019-08-21 | 7.5 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have a Buffer Errors vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||