Total
1969 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21943 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A heap-based buffer overflow vulnerability exists in the XWD parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21942 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An out-of-bounds write vulnerability exists in the TIFF YCbCr image parser functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21940 | 1 Anker | 2 Eufy Homebase 2, Eufy Homebase 2 Firmware | 2024-11-21 | 7.5 HIGH | 10.0 CRITICAL |
|
A heap-based buffer overflow vulnerability exists in the pushMuxer processRtspInfo functionality of Anker Eufy Homebase 2 2.1.6.9h. A specially-crafted network packet can lead to a heap buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.
|
|||||
| CVE-2021-21914 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A heap-based buffer overflow vulnerability exists in the DecoderStream::Append functionality of Accusoft ImageGear 19.10. A specially-crafted file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21830 | 1 Att | 1 Xmill | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A heap-based buffer overflow vulnerability exists in the XML Decompression LabelDict::Load functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21829 | 1 Att | 1 Xmill | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A heap-based buffer overflow vulnerability exists in the XML Decompression EnumerationUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21825 | 1 Att | 1 Xmill | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A heap-based buffer overflow vulnerability exists in the XML Decompression PlainTextUncompressor::UncompressItem functionality of AT&T Labs’ Xmill 0.7. A specially crafted XMI file can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21810 | 1 Att | 1 Xmill | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A memory corruption vulnerability exists in the XML-parsing ParseAttribs functionality of AT&T Labs’ Xmill 0.7. A specially crafted XML file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21795 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A heap-based buffer overflow vulnerability exists in the PSD read_icc_icCurve_data functionality of Accusoft ImageGear 19.9. A specially crafted malformed file can lead to an integer overflow that, in turn, leads to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2021-21572 | 1 Dell | 256 Alienware M15 R6, Alienware M15 R6 Firmware, Chengming 3990 and 253 more | 2024-11-21 | 6.9 MEDIUM | 7.2 HIGH |
|
Dell BIOSConnect feature contains a buffer overflow vulnerability. An authenticated malicious admin user with local access to the system may potentially exploit this vulnerability to run arbitrary code and bypass UEFI restrictions.
|
|||||
| CVE-2021-21555 | 1 Dell | 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more | 2024-11-21 | 7.2 HIGH | 6.1 MEDIUM |
|
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
|
|||||
| CVE-2021-21554 | 1 Dell | 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more | 2024-11-21 | 7.2 HIGH | 6.1 MEDIUM |
|
Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment.
|
|||||
| CVE-2021-21077 | 2 Adobe, Microsoft | 2 Animate, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2021-21006 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
|
Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
|
|||||
| CVE-2021-20043 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances.
|
|||||
| CVE-2020-8899 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747.
|
|||||
| CVE-2020-7852 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
|||||
| CVE-2020-7829 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
|||||
| CVE-2020-7828 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
|||||
| CVE-2020-7586 | 1 Siemens | 4 Simatic Pcs 7, Simatic Process Device Manager, Simatic Step 7 and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. S ...
Show More |
|||||
| CVE-2020-6970 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server.
|
|||||
| CVE-2020-6156 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index.
|
|||||
| CVE-2020-6155 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file.
|
|||||
| CVE-2020-6150 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow.
|
|||||
| CVE-2020-6149 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section.
|
|||||
| CVE-2020-6148 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow.
|
|||||
| CVE-2020-6147 | 2 Apple, Pixar | 3 Ipados, Iphone Os, Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow.
|
|||||
| CVE-2020-6146 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted do ...
Show More |
|||||
| CVE-2020-6007 | 1 Philips | 2 Hue Bridge V2, Hue Bridge V2 Firmware | 2024-11-21 | 4.3 MEDIUM | 7.9 HIGH |
|
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
|
|||||
| CVE-2020-5138 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0.
|
|||||
| CVE-2020-4068 | 1 Apnswift Project | 1 Apnswift | 2024-11-21 | 7.5 HIGH | 6.3 MEDIUM |
|
In APNSwift 1.0.0, calling APNSwiftSigner.sign(digest:) is likely to result in a heap buffer overflow. This has been fixed in 1.0.1.
|
|||||
| CVE-2020-28598 | 1 Prusa3d | 1 Prusaslicer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An out-of-bounds write vulnerability exists in the Admesh stl_fix_normal_directions() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted AMF file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-28595 | 1 Prusa3d | 1 Prusaslicer | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An out-of-bounds write vulnerability exists in the Obj.cpp load_obj() functionality of Prusa Research PrusaSlicer 2.2.0 and Master (commit 4b040b856). A specially crafted obj file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-28587 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).
|
|||||
| CVE-2020-27841 | 4 Debian, Fedoraproject, Oracle and 1 more | 4 Debian Linux, Fedora, Outside In Technology and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There's a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.
|
|||||
| CVE-2020-27829 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45.
|
|||||
| CVE-2020-27814 | 2 Debian, Uclouvain | 2 Debian Linux, Openjpeg | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.
|
|||||
| CVE-2020-27752 | 1 Imagemagick | 1 Imagemagick | 2024-11-21 | 5.8 MEDIUM | 7.1 HIGH |
|
A flaw was found in ImageMagick in MagickCore/quantum-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger a heap buffer overflow. This would most likely lead to an impact to application availability, but could potentially lead to an impact to data integrity as well. This flaw affects ImageMagick versions prior to 7.0.9-0.
|
|||||
| CVE-2020-27297 | 1 Honeywell | 1 Opc Ua Tunneller | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233).
|
|||||
| CVE-2020-27263 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2024-11-21 | 6.4 MEDIUM | 9.1 CRITICAL |
|
KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data.
|
|||||