Search
Total
3972 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17144 | 1 Foxitsoftware | 1 Phantompdf | 2019-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DWG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9274. | |||||
| CVE-2019-17145 | 1 Foxitsoftware | 1 Phantompdf | 2019-10-28 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.6.0.25114. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of DXF files to PDF. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9276. | |||||
| CVE-2019-13545 | 1 Hornerautomation | 1 Cscape | 2019-10-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Horner Automation Cscape 9.90 and prior, improper validation of data may cause the system to write outside the intended buffer area, which may allow arbitrary code execution. | |||||
| CVE-2019-2184 | 1 Google | 1 Android | 2019-10-16 | 9.3 HIGH | 8.8 HIGH |
| In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122 | |||||
| CVE-2019-2185 | 1 Google | 1 Android | 2019-10-16 | 9.3 HIGH | 8.8 HIGH |
| In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699 | |||||
| CVE-2019-2186 | 1 Google | 1 Android | 2019-10-16 | 9.3 HIGH | 8.8 HIGH |
| In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447 | |||||
| CVE-2019-17256 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at DPX!ReadDPX_W+0x0000000000001203. | |||||
| CVE-2019-17245 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 4.6 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x0000000000004359. | |||||
| CVE-2019-17242 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 4.6 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000966f. | |||||
| CVE-2019-17241 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 4.6 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d563. | |||||
| CVE-2019-17259 | 1 Kmplayer | 1 Kmplayer | 2019-10-10 | 4.6 MEDIUM | 7.8 HIGH |
| KMPlayer 4.2.2.31 allows a User Mode Write AV starting at utils!src_new+0x000000000014d6ee. | |||||
| CVE-2019-17258 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at JPEG_LS+0x000000000000839c. | |||||
| CVE-2019-17261 | 1 Xnview | 1 Xnview | 2019-10-10 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001e51. | |||||
| CVE-2019-17262 | 1 Xnview | 1 Xnview | 2019-10-10 | 4.6 MEDIUM | 7.8 HIGH |
| XnView Classic 2.49.1 allows a User Mode Write AV starting at Xwsq+0x0000000000001fc0. | |||||
| CVE-2019-17248 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000025b6. | |||||
| CVE-2019-17255 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at EXR!ReadEXR+0x0000000000010836. | |||||
| CVE-2019-17251 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!GetPlugInInfo+0x0000000000007d43. | |||||
| CVE-2019-17250 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x00000000000042f5. | |||||
| CVE-2019-17249 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000d57b. | |||||
| CVE-2019-17246 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at WSQ!ReadWSQ+0x000000000000258c. | |||||
| CVE-2019-17252 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at FORMATS!Read_BadPNG+0x0000000000000115. | |||||
| CVE-2019-17253 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8. | |||||
| CVE-2019-17254 | 1 Irfanview | 1 Irfanview | 2019-10-10 | 6.8 MEDIUM | 7.8 HIGH |
| IrfanView 4.53 allows Data from a Faulting Address to control a subsequent Write Address starting at FORMATS!Read_BadPNG+0x0000000000000101. | |||||
| CVE-2019-6764 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.1.16828. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XFA Template objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7972. | |||||
| CVE-2019-6760 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.4.16811. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7694. | |||||
| CVE-2019-6759 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7614. | |||||
| CVE-2019-6755 | 2 Foxitsoftware, Microsoft | 3 Foxit Reader, Phantompdf, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.3.10826. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within ConvertToPDF_x86.dll. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7613. | |||||
| CVE-2019-6751 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6.779. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7632. | |||||
| CVE-2019-6750 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7639. | |||||
| CVE-2019-6749 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZIX files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7638. | |||||
| CVE-2019-6748 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7637. | |||||
| CVE-2019-6747 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Studio Photo 3.6.6. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of EZI files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7636. | |||||
| CVE-2019-6743 | 1 Mi | 1 Mi6 Browser | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Xiaomi Mi6 Browser prior to 10.4.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the WebAssembly.Instance method. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7466. | |||||
| CVE-2019-1887 | 1 Cisco | 1 Unified Communications Manager | 2019-10-09 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in the Session Initiation Protocol (SIP) protocol implementation of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. The vulnerability is due to insufficient validation of input SIP traffic. An attacker could exploit this vulnerability by sending a malformed SIP packet to an affected Cisco Unified Communications Manager. A successful exploit could allow the attacker to trigger a new registration process on all connected phones, temporarily disrupting service. | |||||
| CVE-2019-13544 | 1 Deltaww | 1 Tpeditor | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics TPEditor, Versions 1.94 and prior. Multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files, which may allow remote code execution. | |||||
| CVE-2019-13323 | 2 Foxitsoftware, Microsoft | 2 Foxit Studio Photo, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.909. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8783. | |||||
| CVE-2019-12810 | 2 Estsoft, Microsoft | 2 Alsee, Windows | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability exists in the .PSD parsing functionality of ALSee v5.3 ~ v8.39. A specially crafted .PSD file can cause an out of bounds write vulnerability resulting in code execution. By persuading a victim to open a specially-crafted .PSD file, an attacker could execute arbitrary code. | |||||
| CVE-2019-10961 | 1 Advantech | 1 Webaccess Hmi Designer | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. | |||||
| CVE-2018-9982 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of the Texture Width in U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5483. | |||||
| CVE-2018-8837 | 1 Advantech | 1 Webaccess Hmi Designer | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| Processing specially crafted .pm3 files in Advantech WebAccess HMI Designer 2.1.7.32 and prior may cause the system to write outside the intended buffer area and may allow remote code execution. | |||||
| CVE-2018-7509 | 1 Deltaww | 1 Wplsoft | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| WPLSoft in Delta Electronics versions 2.45.0 and prior writes data from a file outside the bounds of the intended buffer space, which could cause memory corruption or may allow remote code execution. | |||||
| CVE-2018-3859 | 1 Acdsystems | 1 Canvas Draw | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3860. | |||||
| CVE-2018-3860 | 1 Acdsystems | 1 Canvas Draw | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the TIFF parsing functionality of Canvas Draw version 4.0.0. A specially crafted TIFF image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a TIFF image to trigger this vulnerability and gain the ability to execute code. A different vulnerability than CVE-2018-3859. | |||||
| CVE-2018-3871 | 1 Acdsystems | 1 Canvas Draw | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3870. | |||||
| CVE-2018-3870 | 1 Acdsystems | 1 Canvas Draw | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable out-of-bounds write exists in the PCX parsing functionality of Canvas Draw version 4.0.0. A specially crafted PCX image processed via the application can lead to an out-of-bounds write, overwriting arbitrary data. An attacker can deliver a PCX image to trigger this vulnerability and gain code execution. A different vulnerability than CVE-2018-3871. | |||||
| CVE-2018-20253 | 1 Rarlab | 1 Winrar | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| In WinRAR versions prior to and including 5.60, There is an out-of-bounds write vulnerability during parsing of a crafted LHA / LZH archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-20252 | 1 Rarlab | 1 Winrar | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| In WinRAR versions prior to and including 5.60, there is an out-of-bounds write vulnerability during parsing of crafted ACE and RAR archive formats. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2018-1176 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ePub files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5442. | |||||
| CVE-2018-18981 | 1 Rockwellautomation | 1 Factorytalk Services Platform | 2019-10-09 | 7.8 HIGH | 7.5 HIGH |
| In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could lead to a partial or complete denial-of-service condition to the affected services. | |||||
| CVE-2018-17927 | 1 Deltaww | 1 Tpeditor | 2019-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple out-of-bounds write vulnerabilities may be exploited by processing specially crafted project files lacking user input validation, which may cause the system to write outside the intended buffer area and may allow remote code execution. | |||||