Search
Total
3972 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3415 | 1 Cisco | 66 Nexus 3016, Nexus 3048, Nexus 3064 and 63 more | 2020-09-03 | 7.9 HIGH | 8.8 HIGH |
| A vulnerability in the Data Management Engine (DME) of Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code with administrative privileges or cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the Cisco Discovery Protocol process to crash and restart multiple times, causing the affected device to reload and resulting in a DoS condition. Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). Exploitation of this vulnerability also requires jumbo frames to be enabled on the interface that receives the crafted Cisco Discovery Protocol packets on the affected device. | |||||
| CVE-2020-9676 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-9674 | 2 Adobe, Microsoft | 2 Bridge, Windows | 2020-09-01 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Bridge versions 10.0.3 and earlier have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2020-17404 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11191. | |||||
| CVE-2020-17403 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-09-01 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11003. | |||||
| CVE-2018-10636 | 1 Deltaww | 2 Cncsoft, Screeneditor | 2020-08-31 | 9.3 HIGH | 8.8 HIGH |
| CNCSoft Version 1.00.83 and prior with ScreenEditor Version 1.00.54 has multiple stack-based buffer overflow vulnerabilities that could cause the software to crash due to lacking user input validation before copying data from project files onto the stack. Which may allow an attacker to gain remote code execution with administrator privileges if exploited. | |||||
| CVE-2018-1046 | 1 Powerdns | 1 Pdns | 2020-08-31 | 9.3 HIGH | 7.8 HIGH |
| pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used. | |||||
| CVE-2019-13290 | 1 Artifex | 1 Mupdf | 2020-08-30 | 6.8 MEDIUM | 7.8 HIGH |
| Artifex MuPDF 1.15.0 has a heap-based buffer overflow in fz_append_display_node located at fitz/list-device.c, allowing remote attackers to execute arbitrary code via a crafted PDF file. This occurs with a large BDC property name that overflows the allocated size of a display list node. | |||||
| CVE-2018-14633 | 4 Canonical, Debian, Linux and 1 more | 8 Ubuntu Linux, Debian Linux, Linux Kernel and 5 more | 2020-08-28 | 8.3 HIGH | 7.0 HIGH |
| A security flaw was found in the chap_server_compute_md5() function in the ISCSI target code in the Linux kernel in a way an authentication request from an ISCSI initiator is processed. An unauthenticated remote attacker can cause a stack buffer overflow and smash up to 17 bytes of the stack. The attack requires the iSCSI target to be enabled on the victim host. Depending on how the target's code was built (i.e. depending on a compiler, compile flags and hardware architecture) an attack may lead to a system crash and thus to a denial-of-service or possibly to a non-authorized access to data exported by an iSCSI target. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although we believe it is highly unlikely. Kernel versions 4.18.x, 4.14.x and 3.10.x are believed to be vulnerable. | |||||
| CVE-2018-1171 | 2 Joyent, Oracle | 2 Smartos, Solaris | 2020-08-28 | 6.9 MEDIUM | 7.0 HIGH |
| This vulnerability allows local attackers to escalate privileges on vulnerable installations of Joyent SmartOS release-20170803-20170803T064301Z. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the DTrace DOF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the host OS. Was ZDI-CAN-5106. | |||||
| CVE-2018-10606 | 1 We-con | 1 Levistudiou | 2020-08-28 | 9.3 HIGH | 8.8 HIGH |
| WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple heap-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. | |||||
| CVE-2018-10602 | 1 We-con | 1 Levistudiou | 2020-08-28 | 9.3 HIGH | 8.8 HIGH |
| WECON LeviStudio Versions 1.8.29 and 1.8.44 have multiple stack-based buffer overflow vulnerabilities that can be exploited when the application processes specially crafted project files. | |||||
| CVE-2020-4587 | 1 Ibm | 2 Connect\, Sterling Connect\ | 2020-08-27 | 7.2 HIGH | 7.8 HIGH |
| IBM Sterling Connect:Direct for UNIX 4.2.0, 4.3.0, 6.0.0, and 6.1.0 is vulnerable to a stack based buffer ovreflow, caused by improper bounds checking. A local attacker could manipulate CD UNIX to obtain root provileges. IBM X-Force ID: 184578. | |||||
| CVE-2020-15629 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2020-08-25 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-10764. | |||||
| CVE-2020-19891 | 1 Dbhcms Project | 1 Dbhcms | 2020-08-25 | 6.5 MEDIUM | 7.2 HIGH |
| DBHcms v1.2.0 has an Arbitrary file write vulnerability in dbhcms\mod\mod.editor.php $_POST['updatefile'] is filename and $_POST['tinymce_content'] is file content, there is no filter function for security. A remote authenticated admin user can exploit this vulnerability to get a webshell. | |||||
| CVE-2019-1271 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.2 HIGH | 7.8 HIGH |
| An elevation of privilege exists in hdAudio.sys which may lead to an out of band write, aka 'Windows Media Elevation of Privilege Vulnerability'. | |||||
| CVE-2018-17474 | 3 Debian, Google, Redhat | 5 Debian Linux, Chrome, Enterprise Linux Desktop and 2 more | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-12527 | 1 Squid-cache | 1 Squid | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in Squid 4.0.23 through 4.7. When checking Basic Authentication with HttpHeader::getAuth, Squid uses a global buffer to store the decoded data. Squid does not check that the decoded length isn't greater than the buffer, leading to a heap-based buffer overflow with user controlled data. | |||||
| CVE-2019-12483 | 1 Gpac | 1 Gpac | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue was discovered in GPAC 0.7.1. There is a heap-based buffer overflow in the function ReadGF_IPMPX_RemoveToolNotificationListener in odf/ipmpx_code.c in libgpac.a, as demonstrated by MP4Box. | |||||
| CVE-2019-1236 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'VBScript Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1208. | |||||
| CVE-2019-12323 | 1 Hostingcontroller | 1 Hc10 | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS. | |||||
| CVE-2018-17098 | 1 Surina | 1 Soundtouch | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| The WavFileBase class in WavFile.cpp in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (heap corruption from size inconsistency) or possibly have unspecified other impact, as demonstrated by SoundStretch. | |||||
| CVE-2019-1237 | 1 Microsoft | 5 Chakracore, Edge, Windows 10 and 2 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1217, CVE-2019-1298, CVE-2019-1300. | |||||
| CVE-2019-1221 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | |||||
| CVE-2019-1217 | 1 Microsoft | 4 Chakracore, Edge, Windows 10 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1138, CVE-2019-1237, CVE-2019-1298, CVE-2019-1300. | |||||
| CVE-2019-1212 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 7.8 HIGH | 7.5 HIGH |
| A memory corruption vulnerability exists in the Windows Server DHCP service when processing specially crafted packets, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1206. | |||||
| CVE-2018-17043 | 1 Doc2txt Project | 1 Doc2txt | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| An issue has been found in doc2txt through 2014-03-19. It is a heap-based buffer overflow in the function Storage::init in Storage.cpp, called from parse_doc in parse_doc.cpp. | |||||
| CVE-2019-1206 | 1 Microsoft | 3 Windows Server 2012, Windows Server 2016, Windows Server 2019 | 2020-08-24 | 5.0 MEDIUM | 7.5 HIGH |
| A memory corruption vulnerability exists in the Windows Server DHCP service when an attacker sends specially crafted packets to a DHCP failover server, aka 'Windows DHCP Server Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1212. | |||||
| CVE-2019-1199 | 1 Microsoft | 2 Office, Office 365 Proplus | 2020-08-24 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability exists in Microsoft Outlook when the software fails to properly handle objects in memory, aka 'Microsoft Outlook Memory Corruption Vulnerability'. | |||||
| CVE-2018-17022 | 1 Asus | 2 Gt-ac5300, Gt-ac5300 Firmware | 2020-08-24 | 8.0 HIGH | 7.2 HIGH |
| Stack-based buffer overflow on the ASUS GT-AC5300 router through 3.0.0.4.384_32738 allows remote attackers to cause a denial of service (device crash) or possibly have unspecified other impact by setting a long sh_path0 value and then sending an appGet.cgi?hook=select_list("Storage_x_SharedPath") request, because ej_select_list in router/httpd/web.c uses strcpy. | |||||
| CVE-2019-12083 | 1 Rust-lang | 1 Rust | 2020-08-24 | 6.8 MEDIUM | 8.1 HIGH |
| The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. | |||||
| CVE-2019-1197 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1196. | |||||
| CVE-2018-16986 | 1 Ti | 5 Ble-stack, Cc1350, Cc2640 and 2 more | 2020-08-24 | 5.8 MEDIUM | 8.8 HIGH |
| Texas Instruments BLE-STACK v2.2.1 for SimpleLink CC2640 and CC2650 devices allows remote attackers to execute arbitrary code via a malformed packet that triggers a buffer overflow. | |||||
| CVE-2018-16981 | 1 Nothings | 1 Stb Image.h | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| stb stb_image.h 2.19, as used in catimg, Emscripten, and other products, has a heap-based buffer overflow in the stbi__out_gif_code function. | |||||
| CVE-2019-11957 | 1 Hp | 1 Intelligent Management Center | 2020-08-24 | 9.3 HIGH | 8.1 HIGH |
| A remote code execution vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than version 7.3 E0506P09. | |||||
| CVE-2019-1195 | 1 Microsoft | 4 Edge, Windows 10, Windows Server 2016 and 1 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1196, CVE-2019-1197. | |||||
| CVE-2019-1194 | 1 Microsoft | 9 Internet Explorer, Windows 10, Windows 7 and 6 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1133. | |||||
| CVE-2019-1193 | 1 Microsoft | 10 Edge, Internet Explorer, Windows 10 and 7 more | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that Microsoft browsers access objects in memory, aka 'Microsoft Browser Memory Corruption Vulnerability'. | |||||
| CVE-2019-1196 | 1 Microsoft | 3 Edge, Windows 10, Windows Server 2019 | 2020-08-24 | 7.6 HIGH | 7.5 HIGH |
| A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195, CVE-2019-1197. | |||||
| CVE-2018-16797 | 1 Kakaocorp | 1 Potplayer | 2020-08-24 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow in PotPlayerMini.exe in PotPlayer 1.7.8556 allows remote attackers to execute arbitrary code via a .wav file with large BytesPerSec and SamplesPerSec values, and a small Data_Chunk_Size value. | |||||
| CVE-2019-11640 | 1 Gnu | 1 Recutils | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GNU recutils 1.8. There is a heap-based buffer overflow in the function rec_fex_parse_str_simple at rec-fex.c in librec.a. | |||||
| CVE-2019-11639 | 1 Gnu | 1 Recutils | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in GNU recutils 1.8. There is a stack-based buffer overflow in the function rec_type_check_enum at rec-types.c in librec.a. | |||||
| CVE-2018-16743 | 1 Mgetty Project | 1 Mgetty | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow. | |||||
| CVE-2019-11542 | 1 Pulsesecure | 2 Pulse Connect Secure, Pulse Policy Secure | 2020-08-24 | 6.5 MEDIUM | 7.2 HIGH |
| In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse Policy Secure version 9.0RX before 9.0R3.2, 5.4RX before 5.4R7.1, 5.3RX before 5.3R12.1, 5.2RX before 5.2R12.1, and 5.1RX before 5.1R15.1, an authenticated attacker (via the admin web interface) can send a specially crafted message resulting in a stack buffer overflow. | |||||
| CVE-2019-1152 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1151. | |||||
| CVE-2018-16742 | 1 Mgetty Project | 1 Mgetty | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter. | |||||
| CVE-2018-16666 | 1 Contiki-ng | 1 Contiki-ng. | 2020-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Contiki-NG through 4.1. There is a stack-based buffer overflow in next_string in os/storage/antelope/aql-lexer.c while parsing AQL (parsing next string). | |||||
| CVE-2019-1151 | 1 Microsoft | 9 Office, Windows 10, Windows 7 and 6 more | 2020-08-24 | 9.3 HIGH | 8.8 HIGH |
| A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts, aka 'Microsoft Graphics Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1144, CVE-2019-1145, CVE-2019-1149, CVE-2019-1150, CVE-2019-1152. | |||||
| CVE-2019-11506 | 1 Graphicsmagick | 1 Graphicsmagick | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In GraphicsMagick from version 1.3.30 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WriteMATLABImage of coders/mat.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to ExportRedQuantumType in magick/export.c. | |||||
| CVE-2019-11505 | 1 Graphicsmagick | 1 Graphicsmagick | 2020-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| In GraphicsMagick from version 1.3.8 to 1.4 snapshot-20190403 Q8, there is a heap-based buffer overflow in the function WritePDBImage of coders/pdb.c, which allows an attacker to cause a denial of service or possibly have unspecified other impact via a crafted image file. This is related to MagickBitStreamMSBWrite in magick/bit_stream.c. | |||||