Search
Total
6424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-3738 | 1 Adobe | 1 Framemaker | 2020-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
| CVE-2014-8128 | 2 Apple, Libtiff | 3 Iphone Os, Mac Os X, Libtiff | 2020-02-14 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibTIFF prior to 4.0.4, as used in Apple iOS before 8.4 and OS X before 10.10.4 and other products, allows remote attackers to cause a denial of service (out-of-bounds write) via a crafted TIFF image. | |||||
| CVE-2015-7508 | 1 Netsurf-browser | 1 Libnsbmp | 2020-02-14 | 6.8 MEDIUM | 8.8 HIGH |
| Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file. | |||||
| CVE-2018-5064 | 3 Adobe, Apple, Microsoft | 4 Acrobat Dc, Acrobat Reader Dc, Mac Os X and 1 more | 2020-02-13 | 10.0 HIGH | 9.8 CRITICAL |
| Adobe Acrobat and Reader 2018.011.20040 and earlier, 2017.011.30080 and earlier, and 2015.006.30418 and earlier versions have an Out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user. | |||||
| CVE-2015-5627 | 1 Yokogawa | 29 B\/m9000 Vp, B\/m9000 Vp Firmware, B\/m9000cs and 26 more | 2020-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (process outage) via a crafted packet. | |||||
| CVE-2015-5628 | 1 Yokogawa | 29 B\/m9000 Vp, B\/m9000 Vp Firmware, B\/m9000cs and 26 more | 2020-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to execute arbitrary code via a crafted packet. | |||||
| CVE-2015-5626 | 1 Yokogawa | 29 B\/m9000 Vp, B\/m9000 Vp Firmware, B\/m9000cs and 26 more | 2020-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP Entry R5.04.20 and earlier, ProSafe-RS R3.02.10 and earlier, Exaopc R3.72.00 and earlier, Exaquantum R2.85.00 and earlier, Exaquantum/Batch R2.50.30 and earlier, Exapilot R3.96.10 and earlier, Exaplog R3.40.00 and earlier, Exasmoc R4.03.20 and earlier, Exarqe R4.03.20 and earlier, Field Wireless Device OPC Server R2.01.02 and earlier, PRM R3.12.00 and earlier, STARDOM VDS R7.30.01 and earlier, STARDOM OPC Server for Windows R3.40 and earlier, FAST/TOOLS R10.01 and earlier, B/M9000CS R5.05.01 and earlier, B/M9000 VP R7.03.04 and earlier, and FieldMate R1.01 or R1.02 allows remote attackers to cause a denial of service (network-communications outage) via a crafted packet. | |||||
| CVE-2019-17652 | 1 Fortinet | 1 Forticlient | 2020-02-12 | 6.8 MEDIUM | 6.5 MEDIUM |
| A stack buffer overflow vulnerability in FortiClient for Linux 6.2.1 and below may allow a user with low privilege to cause FortiClient processes running under root priviledge crashes via sending specially crafted "StartAvCustomScan" type IPC client requests to the fctsched process due the argv data not been well sanitized. | |||||
| CVE-2020-3119 | 1 Cisco | 83 Nexus 3016, Nexus 3048, Nexus 3064 and 80 more | 2020-02-12 | 8.3 HIGH | 8.8 HIGH |
| A vulnerability in the Cisco Discovery Protocol implementation for Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to execute arbitrary code or cause a reload on an affected device. The vulnerability exists because the Cisco Discovery Protocol parser does not properly validate input for certain fields in a Cisco Discovery Protocol message. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. An successful exploit could allow the attacker to cause a stack overflow, which could allow the attacker to execute arbitrary code with administrative privileges on an affected device. Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent). | |||||
| CVE-2020-6387 | 1 Google | 1 Chrome | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. | |||||
| CVE-2020-6389 | 1 Google | 1 Chrome | 2020-02-12 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in WebRTC in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted video stream. | |||||
| CVE-2019-18671 | 1 Keepkey | 2 Keepkey, Keepkey Firmware | 2020-02-12 | 10.0 HIGH | 9.8 CRITICAL |
| Insufficient checks in the USB packet handling of the ShapeShift KeepKey hardware wallet before firmware 6.2.2 allow out-of-bounds writes in the .bss segment via crafted messages. The vulnerability could allow code execution or other forms of impact. It can be triggered by unauthenticated attackers and the interface is reachable via WebUSB. | |||||
| CVE-2014-2030 | 3 Canonical, Imagemagick, Opensuse | 3 Ubuntu Linux, Imagemagick, Opensuse | 2020-02-11 | 6.8 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick, possibly 6.8.8-5, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PSD image, involving the L%06ld string, a different vulnerability than CVE-2014-1947. | |||||
| CVE-2019-0169 | 1 Intel | 2 Converged Security Management Engine Firmware, Trusted Execution Engine Firmware | 2020-02-11 | 5.8 MEDIUM | 8.8 HIGH |
| Heap overflow in subsystem in Intel(R) CSME before versions 11.8.70, 11.11.70, 11.22.70, 12.0.45; Intel(R) TXE before versions 3.1.70 and 4.0.20 may allow an unauthenticated user to potentially enable escalation of privileges, information disclosure or denial of service via adjacent access. | |||||
| CVE-2019-13537 | 1 Aveva | 2 Iec870ip, Iec870ip Firmware | 2020-02-10 | 5.0 MEDIUM | 7.5 HIGH |
| The IEC870IP driver for AVEVA’s Vijeo Citect and Citect SCADA and Schneider Electric’s Power SCADA Operation has a buffer overflow vulnerability that could result in a server-side crash. | |||||
| CVE-2019-9502 | 2 Broadcom, Synology | 3 Bcm4339, Bcm4339 Firmware, Router Manager | 2020-02-10 | 8.3 HIGH | 8.8 HIGH |
| The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | |||||
| CVE-2019-9501 | 2 Broadcom, Synology | 3 Bcm4339, Bcm4339 Firmware, Router Manager | 2020-02-10 | 8.3 HIGH | 8.8 HIGH |
| The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions. | |||||
| CVE-2014-5439 | 2 Debian, Sniffit Project | 2 Debian Linux, Sniffit | 2020-02-07 | 9.3 HIGH | 7.8 HIGH |
| Multiple Stack-based Buffer Overflow vulnerabilities exists in Sniffit prior to 0.3.7 via a crafted configuration file that will bypass Non-eXecutable bit NX, stack smashing protector SSP, and address space layout randomization ASLR protection mechanisms, which could let a malicious user execute arbitrary code. | |||||
| CVE-2019-18634 | 2 Debian, Sudo Project | 2 Debian Linux, Sudo | 2020-02-07 | 4.6 MEDIUM | 7.8 HIGH |
| In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. (pwfeedback is a default setting in Linux Mint and elementary OS; however, it is NOT the default for upstream and many other packages, and would exist only if enabled by an administrator.) The attacker needs to deliver a long string to the stdin of getln() in tgetpass.c. | |||||
| CVE-2020-8508 | 1 Norman | 1 Malware Cleaner | 2020-02-06 | 7.5 HIGH | 9.8 CRITICAL |
| nsak64.sys in Norman Malware Cleaner 2.08.08 allows users to call arbitrary kernel functions because the passing of function pointers between user and kernel mode is mishandled. | |||||
| CVE-2014-8141 | 2 Redhat, Unzip Project | 6 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Eus and 3 more | 2020-02-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the getZip64Data function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2014-8139 | 2 Redhat, Unzip Project | 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more | 2020-02-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the CRC32 verification in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2014-8140 | 2 Redhat, Unzip Project | 7 Enterprise Linux Desktop, Enterprise Linux Server, Enterprise Linux Server Aus and 4 more | 2020-02-05 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the test_compr_eb function in Info-ZIP UnZip 6.0 and earlier allows remote attackers to execute arbitrary code via a crafted zip file in the -t command argument to the unzip command. | |||||
| CVE-2014-8322 | 1 Aircrack-ng | 1 Aircrack-ng | 2020-02-05 | 7.5 HIGH | 9.8 CRITICAL |
| Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value. | |||||
| CVE-2014-8321 | 1 Aircrack-ng | 1 Aircrack-ng | 2020-02-05 | 4.6 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the gps_tracker function in airodump-ng.c in Aircrack-ng before 1.2 RC 1 allows local users to execute arbitrary code or gain privileges via unspecified vectors. | |||||
| CVE-2019-17094 | 1 Belkin | 2 Wemo Insight Switch, Wemo Insight Switch Firmware | 2020-02-04 | 7.2 HIGH | 7.8 HIGH |
| A Stack-based Buffer Overflow vulnerability in libbelkin_api.so component of Belkin WeMo Insight Switch firmware allows a local attacker to obtain code execution on the device. This issue affects: Belkin WeMo Insight Switch firmware version 2.00.11396 and prior versions. | |||||
| CVE-2015-4041 | 1 Gnu | 1 Coreutils | 2020-02-01 | 4.6 MEDIUM | 7.8 HIGH |
| The keycompare_mb function in sort.c in sort in GNU Coreutils through 8.23 on 64-bit platforms performs a size calculation without considering the number of bytes occupied by multibyte characters, which allows attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via long UTF-8 strings. | |||||
| CVE-2015-0242 | 3 Debian, Microsoft, Postgresql | 3 Debian Linux, Windows, Postgresql | 2020-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | |||||
| CVE-2013-5659 | 1 Info-zip | 1 Wiz | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| Wiz 5.0.3 has a user mode write access violation | |||||
| CVE-2013-3492 | 1 Xnview | 1 Xnview | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| XnView 2.03 has a stack-based buffer overflow vulnerability | |||||
| CVE-2015-5334 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. | |||||
| CVE-2019-20425 | 1 Lustre | 1 Lustre | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2. | |||||
| CVE-2019-20431 | 1 Lustre | 1 Lustre | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value. | |||||
| CVE-2012-5867 | 1 Ht Editor Project | 1 Ht Editor | 2020-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability | |||||
| CVE-2019-20432 | 1 Lustre | 1 Lustre | 2020-01-28 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size. | |||||
| CVE-2012-4900 | 1 Corel | 1 Wordperfect Office X6 | 2020-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference | |||||
| CVE-2019-19840 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request. | |||||
| CVE-2020-7054 | 1 Mz-automation | 1 Libiec61850 | 2020-01-24 | 6.8 MEDIUM | 8.8 HIGH |
| MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. | |||||
| CVE-2019-5082 | 1 Wago | 4 Pfc100, Pfc100 Firmware, Pfc200 and 1 more | 2020-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2020-5496 | 1 Fontforge | 1 Fontforge | 2020-01-22 | 6.8 MEDIUM | 8.8 HIGH |
| FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c. | |||||
| CVE-2018-16140 | 2 Canonical, Fig2dev Project | 2 Ubuntu Linux, Fig2dev | 2020-01-22 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. | |||||
| CVE-2019-19555 | 1 Xfig Project | 1 Xfig | 2020-01-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. | |||||
| CVE-2019-15692 | 1 Tigervnc | 1 Tigervnc | 2020-01-21 | 6.5 MEDIUM | 7.2 HIGH |
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2019-15693 | 1 Tigervnc | 1 Tigervnc | 2020-01-21 | 6.5 MEDIUM | 7.2 HIGH |
| TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which occurs in TightDecoder::FilterGradient. Exploitation of this vulnerability could potentially result into remote code execution. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2019-13722 | 2 Google, Microsoft | 2 Chrome, Windows | 2020-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2019-20162 | 1 Gpac | 1 Gpac | 2020-01-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function gf_isom_box_parse_ex() in isomedia/box_funcs.c. | |||||
| CVE-2019-20208 | 1 Gpac | 1 Gpac | 2020-01-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| dimC_Read in isomedia/box_code_3gpp.c in GPAC 0.8.0 has a stack-based buffer overflow. | |||||
| CVE-2019-20161 | 1 Gpac | 1 Gpac | 2020-01-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC version 0.8.0 and 0.9.0-development-20191109. There is heap-based buffer overflow in the function ReadGF_IPMPX_WatermarkingInit() in odf/ipmpx_code.c. | |||||
| CVE-2014-2072 | 1 3ds | 1 Catia | 2020-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks | |||||
| CVE-2013-3939 | 1 Xnview | 1 Xnview | 2020-01-15 | 6.8 MEDIUM | 7.8 HIGH |
| xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow. | |||||