Total
2901 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-13518 | 1 Ezautomation | 1 Ez Touch Editor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the EZ Touch Editor Versions 2.1.0 and prior.
|
|||||
| CVE-2019-13156 | 1 Naver | 1 Cloud Explorer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle.
|
|||||
| CVE-2019-12266 | 1 Wyze | 6 Cam Pan V2, Cam Pan V2 Firmware, Cam V2 and 3 more | 2024-11-21 | 10.0 HIGH | 7.6 HIGH |
|
Stack-based Buffer Overflow vulnerability in Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker to run arbitrary code on the affected device. This issue affects: Wyze Cam Pan v2 versions prior to 4.49.1.47. Wyze Cam v2 versions prior to 4.9.8.1002. Wyze Cam v3 versions prior to 4.36.8.32.
|
|||||
| CVE-2019-11931 | 1 Whatsapp | 3 Whatsapp, Whatsapp Business, Whatsapp Enterprise Client | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A stack-based buffer overflow could be triggered in WhatsApp by sending a specially crafted MP4 file to a WhatsApp user. The issue was present in parsing the elementary stream metadata of an MP4 file and could result in a DoS or RCE. This affects Android versions prior to 2.19.274, iOS versions prior to 2.19.100, Enterprise Client versions prior to 2.25.3, Business for Android versions prior to 2.19.104 and Business for iOS versions prior to 2.19.100.
|
|||||
| CVE-2019-10974 | 1 Nrel | 1 Energyplus | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
|
NREL EnergyPlus, Versions 8.6.0 and possibly prior versions, The application fails to prevent an exception handler from being overwritten with arbitrary code.
|
|||||
| CVE-2019-10967 | 1 Emerson | 2 Ovation Ocr400, Ovation Ocr400 Firmware | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
In Emerson Ovation OCR400 Controller 3.3.1 and earlier, a stack-based buffer overflow vulnerability in the embedded third-party FTP server involves improper handling of a long file name from the LIST command to the FTP service, which may cause the service to overwrite buffers, leading to remote code execution and escalation of privileges.
|
|||||
| CVE-2019-10947 | 1 Deltaww | 1 Cncsoft Screeneditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Delta Industrial Automation CNCSoft, CNCSoft ScreenEditor Version 1.00.88 and prior. Multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files, allowing an attacker to remotely execute arbitrary code. This may occur because CNCSoft lacks user input validation before copying data from project files onto the stack.
|
|||||
| CVE-2019-10193 | 5 Canonical, Debian, Oracle and 2 more | 9 Ubuntu Linux, Debian Linux, Communications Operations Monitor and 6 more | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A stack-buffer overflow vulnerability was found in the Redis hyperloglog data structure versions 3.x before 3.2.13, 4.x before 4.0.14 and 5.x before 5.0.4. By corrupting a hyperloglog using the SETRANGE command, an attacker could cause Redis to perform controlled increments of up to 12 bytes past the end of a stack-allocated buffer.
|
|||||
| CVE-2019-10164 | 4 Fedoraproject, Opensuse, Postgresql and 1 more | 4 Fedora, Leap, Postgresql and 1 more | 2024-11-21 | 9.0 HIGH | 8.8 HIGH |
|
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the PostgreSQL operating system account.
|
|||||
| CVE-2019-0053 | 2 Debian, Juniper | 2 Debian Linux, Junos | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue a ...
Show More |
|||||
| CVE-2019-0008 | 1 Juniper | 11 Ex4300, Ex4300m, Ex4600 and 8 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A certain sequence of valid BGP or IPv6 BFD packets may trigger a stack based buffer overflow in the Junos OS Packet Forwarding Engine manager (FXPC) process on QFX5000 series, EX4300, EX4600 devices. This issue can result in a crash of the fxpc daemon or may potentially lead to remote code execution. Affected releases are Juniper Networks Junos OS on QFX 5000 series, EX4300, EX4600 are: 14.1X53; 15.1X53 versions prior to 15.1X53-D235; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R3 ...
Show More |
|||||
| CVE-2018-8865 | 1 Lantech | 2 Ids 2102, Ids 2102 Firmware | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow vulnerability has been identified which may allow remote code execution. A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
|
|||||
| CVE-2018-8847 | 1 Eaton | 2 9000x, 9000x Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Eaton 9000X DriveA versions 2.0.29 and prior has a stack-based buffer overflow vulnerability, which may allow remote code execution.
|
|||||
| CVE-2018-8840 | 2 Indusoft, Industrial-software | 2 Web Studio, Intouch Machine Edition 2017 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A remote attacker could send a carefully crafted packet in InduSoft Web Studio v8.1 and prior versions, and/or InTouch Machine Edition 2017 v8.1 and prior versions during a tag, alarm, or event related action such as read and write, which may allow remote code execution.
|
|||||
| CVE-2018-8839 | 1 Deltaww | 1 Pmsoft | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Delta PMSoft versions 2.10 and prior have multiple stack-based buffer overflow vulnerabilities where a .ppm file can introduce a value larger than is readable by PMSoft's fixed-length stack buffer. This can cause the buffer to be overwritten, which may allow arbitrary code execution or cause the application to crash. CVSS v3 base score: 7.1; CVSS vector string: AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H. Delta Electronics recommends affected users update to at least PMSoft v2.11, which was made availab ...
Show More |
|||||
| CVE-2018-7527 | 1 We-con | 3 Levistudio Hmi Editor, Levistudiou, Pi Studio Hmi Project Programmer | 2024-11-21 | 6.8 MEDIUM | 5.3 MEDIUM |
|
A buffer overflow can be triggered in LeviStudio HMI Editor, Version 1.10 part of Wecon LeviStudioU 1.8.29, and PI Studio HMI Project Programmer, Build: November 11, 2017 and prior by opening a specially crafted file.
|
|||||
| CVE-2018-7514 | 1 Omron | 7 Cx-flnet, Cx-one, Cx-programmer and 4 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Parsing malformed project files in Omron CX-One versions 4.42 and prior, including the following applications: CX-FLnet versions 1.00 and prior, CX-Protocol versions 1.992 and prior, CX-Programmer versions 9.65 and prior, CX-Server versions 5.0.22 and prior, Network Configurator versions 3.63 and prior, and Switch Box Utility versions 1.68 and prior, may cause a stack-based buffer overflow.
|
|||||
| CVE-2018-7513 | 1 Omron | 1 Cx-supervisor | 2024-11-21 | 4.6 MEDIUM | 5.3 MEDIUM |
|
In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow.
|
|||||
| CVE-2018-7499 | 1 Advantech | 4 Webaccess, Webaccess\/nms, Webaccess Dashboard and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess versions V8.3.0 and prior, WebAccess Dashboard versions V.2.0.15 and prior, WebAccess Scada Node versions prior to 8.3.1, and WebAccess/NMS 2.0.3 and prior, several stack-based buffer overflow vulnerabilities have been identified, which may allow an attacker to execute arbitrary code.
|
|||||
| CVE-2018-7494 | 1 Deltaww | 1 Wplsoft | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a fixed length stack buffer where a value larger than the buffer can be read from a file into the buffer, causing the buffer to be overwritten, which may allow remote code execution or cause the application to crash.
|
|||||
| CVE-2018-5476 | 1 Deltaww | 1 Delta Industrial Automation Dopsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A Stack-based Buffer Overflow issue was discovered in Delta Electronics Delta Industrial Automation DOPSoft, Version 4.00.01 or prior. Stack-based buffer overflow vulnerabilities caused by processing specially crafted .dop or .dpb files may allow an attacker to remotely execute arbitrary code.
|
|||||
| CVE-2018-5475 | 1 Ge | 2 D60 Line Distance Relay, D60 Line Distance Relay Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Stack-based Buffer Overflow issue was discovered in GE D60 Line Distance Relay devices running firmware Version 7.11 and prior. Multiple stack-based buffer overflow vulnerabilities have been identified, which may allow remote code execution.
|
|||||
| CVE-2018-5452 | 1 Emerson | 2 Controlwave Micro, Controlwave Micro Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Stack-based Buffer Overflow issue was discovered in Emerson Process Management ControlWave Micro Process Automation Controller: ControlWave Micro [ProConOS v.4.01.280] firmware: CWM v.05.78.00 and prior. A stack-based buffer overflow vulnerability caused by sending crafted packets on Port 20547 could force the PLC to change its state into halt mode.
|
|||||
| CVE-2018-5442 | 1 Fujielectric | 2 V-server Vpr, V-server Vpr Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Stack-based Buffer Overflow issue was discovered in Fuji Electric V-Server VPR 4.0.1.0 and prior. The stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
|
|||||
| CVE-2018-5440 | 1 3s-software | 2 Codesys Runtime System, Codesys Web Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS Web Server. Specifically: all Microsoft Windows (also WinCE) based CODESYS web servers running stand-alone Version 2.3, or as part of the CODESYS runtime system running prior to Version V1.1.9.19. A crafted request may cause a buffer overflow and could therefore execute arbitrary code on the web server or lead to a denial-of-service condition due to a crash in the web server.
|
|||||
| CVE-2018-20247 | 1 Foxitsoftware | 1 Quick Pdf Library | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Foxit Quick PDF Library (all versions prior to 16.12), issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow.
|
|||||
| CVE-2018-1161 | 1 Quest | 1 Netvault Backup | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.2.0.13. Authentication is not required to exploit this vulnerability. The specific flaw exists within nvwsworker.exe. When parsing the boundary header of a multipart request, the process does not properly validate the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code under the context of SY ...
Show More |
|||||
| CVE-2018-1071 | 4 Canonical, Debian, Redhat and 1 more | 6 Ubuntu Linux, Debian Linux, Enterprise Linux Desktop and 3 more | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
zsh through version 5.4.2 is vulnerable to a stack-based buffer overflow in the exec.c:hashcmd() function. A local attacker could exploit this to cause a denial of service.
|
|||||
| CVE-2018-1046 | 1 Powerdns | 1 Pdns | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
pdns before version 4.1.2 is vulnerable to a buffer overflow in dnsreplay. In the dnsreplay tool provided with PowerDNS Authoritative, replaying a specially crafted PCAP file can trigger a stack-based buffer overflow, leading to a crash and potentially arbitrary code execution. This buffer overflow only occurs when the -ecs-stamp option of dnsreplay is used.
|
|||||
| CVE-2018-18993 | 1 Omron | 3 Cx-one, Cx-programmer, Cx-server | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Two stack-based buffer overflow vulnerabilities have been discovered in CX-One Versions 4.42 and prior (CX-Programmer Versions 9.66 and prior and CX-Server Versions 5.0.23 and prior). When processing project files, the application allows input data to exceed the buffer. An attacker could use a specially crafted project file to overflow the buffer and execute code under the privileges of the application.
|
|||||
| CVE-2018-17937 | 3 Debian, Gpsd Project, Microjson Project | 3 Debian Linux, Gpsd, Microjson | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
gpsd versions 2.90 to 3.17 and microjson versions 1.0 to 1.3, an open source project, allow a stack-based buffer overflow, which may allow remote attackers to execute arbitrary code on embedded platforms via traffic on Port 2947/TCP or crafted JSON inputs.
|
|||||
| CVE-2018-17930 | 1 Teledynedalsa | 1 Sherlock | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
A stack-based buffer overflow vulnerability has been identified in Teledyne DALSA Sherlock Version 7.2.7.4 and prior, which may allow remote code execution.
|
|||||
| CVE-2018-17929 | 1 Deltaww | 1 Tpeditor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In Delta Industrial Automation TPEditor, TPEditor Versions 1.90 and prior, multiple stack-based buffer overflow vulnerabilities may be exploited by processing specially crafted project files lacking user input validation before copying data from project files onto the stack and may allow an attacker to remotely execute arbitrary code.
|
|||||
| CVE-2018-17916 | 1 Aveva | 3 Edge, Indusoft Web Studio, Intouch Machine Edition 2014 | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
InduSoft Web Studio versions prior to 8.1 SP2, and InTouch Edge HMI (formerly InTouch Machine Edition) versions prior to 2017 SP2. A remote attacker could send a carefully crafted packet to exploit a stack-based buffer overflow vulnerability during tag, alarm, or event related actions such as read and write, with potential for code to be executed. If InduSoft Web Studio remote communication security was not enabled, or a password was left blank, a remote user could send a carefully crafted packe ...
Show More |
|||||
| CVE-2018-17911 | 1 Lcds | 1 Laquis Scada | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
LAquis SCADA Versions 4.1.0.3870 and prior has several stack-based buffer overflow vulnerabilities, which may allow remote code execution.
|
|||||
| CVE-2018-17910 | 1 Advantech | 1 Webaccess | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
WebAccess Versions 8.3.2 and prior. The application fails to properly validate the length of user-supplied data, causing a buffer overflow condition that allows for arbitrary remote code execution.
|
|||||
| CVE-2018-17614 | 1 Losant | 1 Arduino Mqtt Client | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Losant Arduino MQTT Client prior to V2.7. User interaction is not required to exploit this vulnerability. The specific flaw exists within the parsing of MQTT PUBLISH packets. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of ...
Show More |
|||||
| CVE-2018-14829 | 1 Rockwellautomation | 1 Rslinx | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote threat actor to intentionally send a malformed CIP packet to Port 44818, causing the software application to stop responding and crash. This vulnerability also has the potential to exploit a buffer overflow condition, which may allow the threat actor to remotely execute arbitrary code.
|
|||||
| CVE-2018-14823 | 1 Fujielectric | 2 V-server, V-server Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Fuji Electric V-Server 4.0.3.0 and prior, A stack-based buffer overflow vulnerability has been identified, which may allow remote code execution.
|
|||||
| CVE-2018-14818 | 1 We-con | 2 Pi Studio, Pi Studio Hmi | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
WECON Technology Co., Ltd. PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior have a stack-based buffer overflow vulnerability which may allow remote code execution.
|
|||||