Search
Total
6424 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23333 | 1 Axiosys | 1 Bento4 | 2021-08-25 | 5.0 MEDIUM | 7.5 HIGH |
| A heap-based buffer overflow exists in the AP4_CttsAtom::AP4_CttsAtom component located in /Core/Ap4Utils.h of Bento4 version 06c39d9. This can lead to a denial of service (DOS). | |||||
| CVE-2021-28591 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-08-25 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-28592 | 2 Adobe, Microsoft | 2 Illustrator, Windows | 2021-08-25 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Illustrator version 25.2.3 (and earlier) is affected by an Out-of-bounds Write vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-0626 | 1 Google | 1 Android | 2021-08-25 | 4.6 MEDIUM | 6.7 MEDIUM |
| In ged, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05687510; Issue ID: ALPS05687510. | |||||
| CVE-2021-0407 | 1 Google | 1 Android | 2021-08-24 | 4.6 MEDIUM | 6.7 MEDIUM |
| In clk driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05479659; Issue ID: ALPS05479659. | |||||
| CVE-2021-0640 | 1 Google | 1 Android | 2021-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In noteAtomLogged of StatsdStats.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-9Android ID: A-187957589 | |||||
| CVE-2021-0576 | 1 Google | 1 Android | 2021-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In flv extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187236084 | |||||
| CVE-2021-0574 | 1 Google | 1 Android | 2021-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187234876 | |||||
| CVE-2021-0573 | 1 Google | 1 Android | 2021-08-24 | 4.6 MEDIUM | 7.8 HIGH |
| In asf extractor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231635 | |||||
| CVE-2021-0519 | 1 Google | 1 Android | 2021-08-24 | 7.2 HIGH | 7.8 HIGH |
| In BITSTREAM_FLUSH of ih264e_bitstream.h, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-8.1 Android-9Android ID: A-176533109 | |||||
| CVE-2017-4943 | 1 Vmware | 1 Vcenter Server | 2021-08-24 | 7.2 HIGH | 7.8 HIGH |
| VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a local privilege escalation vulnerability via the 'showlog' plugin. Successful exploitation of this issue could result in a low privileged user gaining root level privileges over the appliance base OS. | |||||
| CVE-2020-21066 | 1 Axiosys | 1 Bento4 | 2021-08-23 | 4.3 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Bento4 v1.5.1.0. There is a heap-buffer-overflow in AP4_Dec3Atom::AP4_Dec3Atom at Ap4Dec3Atom.cpp, leading to a denial of service (program crash), as demonstrated by mp42aac. | |||||
| CVE-2021-38614 | 1 Polipo Project | 1 Polipo | 2021-08-23 | 5.0 MEDIUM | 7.5 HIGH |
| ** UNSUPPORTED WHEN ASSIGNED ** Polipo through 1.1.1, when NDEBUG is used, allows a heap-based buffer overflow during parsing of a Range header. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-38592 | 1 Wasm3 Project | 1 Wasm3 | 2021-08-20 | 5.0 MEDIUM | 7.5 HIGH |
| Wasm3 0.5.0 has a heap-based buffer overflow in op_Const64 (called from EvaluateExpression and m3_LoadModule). | |||||
| CVE-2021-38525 | 1 Netgear | 52 D3600, D3600 Firmware, D6000 and 49 more | 2021-08-19 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6200 before 1.1.00.36, D7000 before 1.0.1.70, EX6200v2 before 1.0.1.78, EX7000 before 1.0.1.78, EX8000 before 1.0.1.186, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6120 before 1.0.0.46, R6220 before 1.1.0.80, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.42, R7000P before 1.3.1.64, R7800 before 1.0.2.60, R8900 before 1.0.4.12, R9000 before 1.0.4.12, and XR500 before 2.3.2.40. | |||||
| CVE-2021-38522 | 1 Netgear | 2 R6400, R6400 Firmware | 2021-08-19 | 6.5 MEDIUM | 7.2 HIGH |
| NETGEAR R6400 devices before 1.0.1.52 are affected by a stack-based buffer overflow by an authenticated user. | |||||
| CVE-2021-38523 | 1 Netgear | 2 R6400, R6400 Firmware | 2021-08-19 | 6.5 MEDIUM | 7.2 HIGH |
| NETGEAR R6400 devices before 1.0.1.70 are affected by a stack-based buffer overflow by an authenticated user. | |||||
| CVE-2021-38524 | 1 Netgear | 26 Mk62, Mk62 Firmware, Mr60 and 23 more | 2021-08-19 | 4.0 MEDIUM | 4.9 MEDIUM |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an authenticated user. This affects MK62 before 1.0.6.110, MR60 before 1.0.6.110, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.32, RAX50 before 1.0.2.32, RAX75 before 1.0.3.106, RAX80 before 1.0.3.106, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, and RBS750 before 3.2.16.6. | |||||
| CVE-2021-38517 | 1 Netgear | 8 R6400, R6400 Firmware, Rax75 and 5 more | 2021-08-19 | 6.5 MEDIUM | 7.2 HIGH |
| Certain NETGEAR devices are affected by out-of-bounds reads and writes. This affects R6400 before 1.0.1.70, RAX75 before 1.0.4.120, RAX80 before 1.0.4.120, and XR300 before 1.0.3.50. | |||||
| CVE-2021-37650 | 1 Google | 1 Tensorflow | 2021-08-18 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.ExperimentalDatasetToTFRecord` and `tf.raw_ops.DatasetToTFRecord` can trigger heap buffer overflow and segmentation fault. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/data/experimental/to_tf_record_op.cc#L93-L102) assumes that all records in the dataset are of string type. However, there is no check for that, and the example given above uses numeric types. We have patched the issue in GitHub commit e0b6e58c328059829c3eb968136f17aa72b6c876. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
| CVE-2021-37651 | 1 Google | 1 Tensorflow | 2021-08-18 | 4.6 MEDIUM | 7.8 HIGH |
| TensorFlow is an end-to-end open source platform for machine learning. In affected versions the implementation for `tf.raw_ops.FractionalAvgPoolGrad` can be tricked into accessing data outside of bounds of heap allocated buffers. The [implementation](https://github.com/tensorflow/tensorflow/blob/f24faa153ad31a4b51578f8181d3aaab77a1ddeb/tensorflow/core/kernels/fractional_avg_pool_op.cc#L205) does not validate that the input tensor is non-empty. Thus, code constructs an empty `EigenDoubleMatrixMap` and then accesses this buffer with indices that are outside of the empty area. We have patched the issue in GitHub commit 0f931751fb20f565c4e94aa6df58d54a003cdb30. The fix will be included in TensorFlow 2.6.0. We will also cherrypick this commit on TensorFlow 2.5.1, TensorFlow 2.4.3, and TensorFlow 2.3.4, as these are also affected and still in supported range. | |||||
| CVE-2021-32943 | 1 Advantech | 1 Webaccess\/scada | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA (WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1). | |||||
| CVE-2020-21677 | 1 Libsixel Project | 1 Libsixel | 2021-08-17 | 4.3 MEDIUM | 6.5 MEDIUM |
| A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format. | |||||
| CVE-2021-20349 | 1 Ibm | 1 Tivoli Workload Scheduler | 2021-08-17 | 4.6 MEDIUM | 5.3 MEDIUM |
| IBM Tivoli Workload Scheduler 9.4 and 9.5 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local attacker could overflow a buffer and gain lower level privileges. IBM X-Force ID: 194599. | |||||
| CVE-2020-15214 | 1 Google | 1 Tensorflow | 2021-08-17 | 6.8 MEDIUM | 8.1 HIGH |
| In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger a write out bounds / segmentation fault if the segment ids are not sorted. Code assumes that the segment ids are in increasing order, using the last element of the tensor holding them to determine the dimensionality of output tensor. This results in allocating insufficient memory for the output tensor and in a write outside the bounds of the output array. This usually results in a segmentation fault, but depending on runtime conditions it can provide for a write gadget to be used in future memory corruption-based exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are sorted, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | |||||
| CVE-2020-15212 | 1 Google | 1 Tensorflow | 2021-08-17 | 7.5 HIGH | 8.6 HIGH |
| In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `output_data` buffer. This might result in a segmentation fault but it can also be used to further corrupt the memory and can be chained with other vulnerabilities to create more advanced exploits. The issue is patched in commit 204945b19e44b57906c9344c0d00120eeeae178a and is released in TensorFlow versions 2.2.1, or 2.3.1. A potential workaround would be to add a custom `Verifier` to the model loading code to ensure that the segment ids are all positive, although this only handles the case when the segment ids are stored statically in the model. A similar validation could be done if the segment ids are generated at runtime between inference steps. If the segment ids are generated as outputs of a tensor during inference steps, then there are no possible workaround and users are advised to upgrade to patched code. | |||||
| CVE-2021-33485 | 1 Codesys | 7 Control, Control Rte, Control Runtime System Toolkit and 4 more | 2021-08-17 | 7.5 HIGH | 9.8 CRITICAL |
| CODESYS Control Runtime system before 3.5.17.10 has a Heap-based Buffer Overflow. | |||||
| CVE-2020-21680 | 1 Fig2dev Project | 1 Fig2dev | 2021-08-16 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format. | |||||
| CVE-2021-33793 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2021-08-12 | 7.5 HIGH | 9.8 CRITICAL |
| Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion. | |||||
| CVE-2021-36584 | 1 Gpac | 1 Gpac | 2021-08-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC 1.0.1. There is a heap-based buffer overflow in the function gp_rtp_builder_do_tx3g function in ietf/rtp_pck_3gpp.c, as demonstrated by MP4Box. This can cause a denial of service (DOS). | |||||
| CVE-2021-35325 | 1 Totolink | 2 A720r, A720r Firmware | 2021-08-12 | 5.0 MEDIUM | 7.5 HIGH |
| A stack overflow in the checkLoginUser function of TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to cause a denial of service (DOS). | |||||
| CVE-2021-37231 | 1 Atomicparsley Project | 1 Atomicparsley | 2021-08-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check. | |||||
| CVE-2021-37232 | 1 Atomicparsley Project | 1 Atomicparsley | 2021-08-11 | 7.5 HIGH | 9.8 CRITICAL |
| A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64. | |||||
| CVE-2021-27954 | 1 Ecobee | 2 Ecobee3 Lite, Ecobee3 Lite Firmware | 2021-08-11 | 6.4 MEDIUM | 8.2 HIGH |
| A heap-based buffer overflow vulnerability exists on the ecobee3 lite 4.5.81.200 device in the HKProcessConfig function of the HomeKit Wireless Access Control setup process. A threat actor can exploit this vulnerability to force the device to connect to a SSID or cause a denial of service. | |||||
| CVE-2020-24829 | 1 Gpac | 1 Gpac | 2021-08-11 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in GPAC v0.8.0, as demonstrated by MP4Box. It contains a heap-based buffer overflow in gf_m2ts_section_complete in media_tools/mpegts.c that can cause a denial of service (DOS) via a crafted MP4 file. | |||||
| CVE-2021-26096 | 1 Fortinet | 1 Fortisandbox | 2021-08-11 | 6.5 MEDIUM | 8.8 HIGH |
| Multiple instances of heap-based buffer overflow in the command shell of FortiSandbox before 4.0.0 may allow an authenticated attacker to manipulate memory and alter its content by means of specifically crafted command line arguments. | |||||
| CVE-2021-22423 | 1 Huawei | 1 Harmonyos | 2021-08-10 | 7.2 HIGH | 7.8 HIGH |
| A component of the HarmonyOS has a Out-of-bounds Write Vulnerability. Local attackers may exploit this vulnerability to cause integer overflow. | |||||
| CVE-2021-37164 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2021-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| A buffer overflow issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. In the tcpTxThread function, the received data is copied to a stack buffer. An off-by-3 condition can occur, resulting in a stack-based buffer overflow. | |||||
| CVE-2018-21133 | 1 Netgear | 4 Wac505, Wac505 Firmware, Wac510 and 1 more | 2021-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| Certain NETGEAR devices are affected by a stack-based buffer overflow by an unauthenticated attacker. This affects WAC505 before 5.0.0.17 and WAC510 before 5.0.0.17. | |||||
| CVE-2016-20009 | 1 Windriver | 1 Vxworks | 2021-08-10 | 7.5 HIGH | 9.8 CRITICAL |
| ** UNSUPPORTED WHEN ASSIGNED ** A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-12358 | 1 Intel | 539 Bios, Core I3-l13g4, Core I5-l16g7 and 536 more | 2021-08-10 | 2.1 LOW | 4.4 MEDIUM |
| Out of bounds write in the firmware for some Intel(R) Processors may allow a privileged user to potentially enable denial of service via local access. | |||||
| CVE-2021-30564 | 1 Google | 1 Chrome | 2021-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| Heap buffer overflow in WebXR in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-35522 | 1 Idemia | 22 Ma Vp Md, Ma Vp Md Firmware, Morphowave Compact Md and 19 more | 2021-08-09 | 9.0 HIGH | 9.8 CRITICAL |
| A Buffer Overflow in Thrift command handlers in IDEMIA Morpho Wave Compact and VisionPass devices before 2.6.2, Sigma devices before 4.9.4, and MA VP MD devices before 4.9.7 allows remote attackers to achieve code execution, denial of services, and information disclosure via TCP/IP packets. | |||||
| CVE-2021-30559 | 1 Google | 1 Chrome | 2021-08-09 | 6.8 MEDIUM | 8.8 HIGH |
| Out of bounds write in ANGLE in Google Chrome prior to 91.0.4472.164 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2021-36004 | 2 Adobe, Microsoft | 2 Indesign, Windows | 2021-08-07 | 6.8 MEDIUM | 8.8 HIGH |
| Adobe InDesign version 16.0 (and earlier) is affected by an Out-of-bounds Write vulnerability in the CoolType library. An unauthenticated attacker could leverage this vulnerability to achieve remote code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2020-3291 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2021-08-06 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | |||||
| CVE-2020-3290 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2021-08-06 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | |||||
| CVE-2020-3289 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2021-08-06 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | |||||
| CVE-2020-3288 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2021-08-06 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | |||||
| CVE-2020-3293 | 1 Cisco | 12 Rv016, Rv016 Firmware, Rv042 and 9 more | 2021-08-06 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative privileges to execute arbitrary code on an affected device. The vulnerabilities are due to insufficient boundary restrictions on user-supplied input to scripts in the web-based management interface. An attacker with administrative privileges that are sufficient to log in to the web-based management interface could exploit each vulnerability by sending crafted requests that contain overly large values to an affected device, causing a stack overflow. A successful exploit could allow the attacker to cause the device to crash or allow the attacker to execute arbitrary code with root privileges on the underlying operating system. | |||||