Total
1969 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-13586 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-13581 | 1 Softmaker | 1 Planmaker 2021 | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
In SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014), a specially crafted document can cause the document parser to copy data from a particular record type into a buffer that is smaller than the size used for the copy which will cause a heap-based buffer overflow. An attacker can entice the victim to open a document to trigger this vulnerability.
|
|||||
| CVE-2020-13572 | 1 Accusoft | 1 Imagegear | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A heap overflow vulnerability exists in the way the GIF parser decodes LZW compressed streams in Accusoft ImageGear 19.8. A specially crafted malformed file can trigger a heap overflow, which can result in arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
|
|||||
| CVE-2020-13494 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could be used to bypass mitigations and aid further exploitation. To trigger this vulnerability, victim needs to access an attacker-provided malformed file.
|
|||||
| CVE-2020-13493 | 2 Apple, Pixar | 2 Macos, Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file.
|
|||||
| CVE-2020-11061 | 2 Bareos, Debian | 2 Bareos, Debian Linux | 2024-11-21 | 6.0 MEDIUM | 6.0 MEDIUM |
|
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.
|
|||||
| CVE-2020-10928 | 1 Netgear | 2 R6700, R6700 Firmware | 2024-11-21 | 4.6 MEDIUM | 8.4 HIGH |
|
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 V1.0.4.84_10.0.58 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, heap-based buffer. An attacker can leverage this vulnerability to execute code in the ...
Show More |
|||||
| CVE-2020-10896 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of U3D objects in PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vul ...
Show More |
|||||
| CVE-2020-10646 | 1 Fujielectric | 1 V-server | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Fuji Electric V-Server Lite all versions prior to 4.0.9.0 contains a heap based buffer overflow. The buffer allocated to read data, when parsing VPR files, is too small.
|
|||||
| CVE-2020-10638 | 1 Advantech | 1 Webaccess | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Advantech WebAccess Node, Version 8.4.4 and prior, Version 9.0.0. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.
|
|||||
| CVE-2020-10064 | 1 Zephyrproject | 1 Zephyr | 2024-11-21 | 7.5 HIGH | 8.3 HIGH |
|
Improper Input Frame Validation in ieee802154 Processing. Zephyr versions >= v1.14.2, >= v2.2.0 contain Stack-based Buffer Overflow (CWE-121), Heap-based Buffer Overflow (CWE-122). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7
|
|||||
| CVE-2019-9502 | 2 Broadcom, Synology | 3 Bcm4339, Bcm4339 Firmware, Router Manager | 2024-11-21 | 8.3 HIGH | 7.9 HIGH |
|
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. If the vendor information element data length is larger than 164 bytes, a heap buffer overflow is triggered in wlc_wpa_plumb_gtk. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
|
|||||
| CVE-2019-9501 | 2 Broadcom, Synology | 3 Bcm4339, Bcm4339 Firmware, Router Manager | 2024-11-21 | 8.3 HIGH | 7.9 HIGH |
|
The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. By supplying a vendor information element with a data length larger than 32 bytes, a heap buffer overflow is triggered in wlc_wpa_sup_eapol. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system. More typically, this vulnerability will result in denial-of-service conditions.
|
|||||
| CVE-2019-9500 | 2 Broadcom, Linux | 2 Brcmfmac Driver, Linux Kernel | 2024-11-21 | 7.9 HIGH | 7.9 HIGH |
|
The Broadcom brcmfmac WiFi driver prior to commit 1b5e2423164b3670e8bc9174e4762d297990deff is vulnerable to a heap buffer overflow. If the Wake-up on Wireless LAN functionality is configured, a malicious event frame can be constructed to trigger an heap buffer overflow in the brcmf_wowl_nd_results function. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE-2019-9503, can be used remotely. In the worst case scenario, by send ...
Show More |
|||||
| CVE-2019-9136 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed JPEG2000 format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
|||||
| CVE-2019-9135 | 1 Datools | 1 Daviewindy | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
DaviewIndy 8.98.7 and earlier versions have a Heap-based overflow vulnerability, triggered when the user opens a malformed DIB format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution.
|
|||||
| CVE-2019-8274 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
|
|||||
| CVE-2019-8273 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
|
|||||
| CVE-2019-8271 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212.
|
|||||
| CVE-2019-8262 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
UltraVNC revision 1203 has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution. This attack appears to be exploitable via network connectivity. These vulnerabilities have been fixed in revision 1204.
|
|||||
| CVE-2019-8258 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199.
|
|||||
| CVE-2019-6740 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixe ...
Show More |
|||||
| CVE-2019-6539 | 1 We-con | 1 Levistudiou | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
|
Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC.
|
|||||
| CVE-2019-6530 | 1 Panasonic | 1 Control Fpwin Pro | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
Panasonic FPWIN Pro version 7.3.0.0 and prior allows attacker-created project files to be loaded by an authenticated user causing heap-based buffer overflows, which may lead to remote code execution.
|
|||||
| CVE-2019-5482 | 6 Debian, Fedoraproject, Haxx and 3 more | 17 Debian Linux, Fedora, Curl and 14 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
|
|||||
| CVE-2019-5436 | 7 Debian, F5, Fedoraproject and 4 more | 11 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 8 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
|
|||||
| CVE-2019-5154 | 1 Leadtools | 1 Leadtools | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20.0.2019.3.15. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.
|
|||||
| CVE-2019-5125 | 1 Leadtools | 1 Leadtools | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
An exploitable heap overflow vulnerability exists in the JPEG2000 parsing functionality of LEADTOOLS 20. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability.
|
|||||
| CVE-2019-5058 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image 2.0.4. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
|
|||||
| CVE-2019-5057 | 2 Libsdl, Opensuse | 3 Sdl2 Image, Backports Sle, Leap | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An exploitable code execution vulnerability exists in the PCX image-rendering functionality of SDL2_image 2.0.4. A specially crafted PCX image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.
|
|||||
| CVE-2019-5050 | 1 Gonitro | 1 Nitropdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
|
|||||
| CVE-2019-5048 | 1 Gonitro | 1 Nitropdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A specifically crafted PDF file can lead to a heap corruption when opened in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
|
|||||
| CVE-2019-5046 | 1 Gonitro | 1 Nitropdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
|
|||||
| CVE-2019-5045 | 1 Gonitro | 1 Nitropdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
A specifically crafted jpeg2000 file embedded in a PDF file can lead to a heap corruption when opening a PDF document in NitroPDF 12.12.1.522. With careful memory manipulation, this can lead to arbitrary code execution. In order to trigger this vulnerability, the victim would need to open the malicious file.
|
|||||
| CVE-2019-5039 | 1 Openweave | 1 Openweave-core | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.0.2. A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability.
|
|||||
| CVE-2019-5030 | 1 Antennahouse | 1 Rainbow Pdf Office Server Document Converter | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
A buffer overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro MR1 (7,0,2019,0220). While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution.
|
|||||
| CVE-2019-5019 | 1 Rainbowpdf | 1 Office Server Document Converter | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A heap-based overflow vulnerability exists in the PowerPoint document conversion function of Rainbow PDF Office Server Document Converter V7.0 Pro R1 (7,0,2018,1113). While parsing Document Summary Property Set stream, the getSummaryInformation function is incorrectly checking the correlation between size and the number of properties in PropertySet packets, causing an out-of-bounds write that leads to heap corruption and consequent code execution.
|
|||||
| CVE-2019-3846 | 7 Canonical, Debian, Fedoraproject and 4 more | 15 Ubuntu Linux, Debian Linux, Fedora and 12 more | 2024-11-21 | 8.3 HIGH | 8.8 HIGH |
|
A flaw that allowed an attacker to corrupt memory and possibly escalate privileges was found in the mwifiex kernel module while connecting to a malicious wireless network.
|
|||||
| CVE-2019-3570 | 1 Facebook | 1 Hiphop Virtual Machine | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Call to the scrypt_enc() function in HHVM can lead to heap corruption by using specifically crafted parameters (N, r and p). This happens if the parameters are configurable by an attacker for instance by providing the output of scrypt_enc() in a context where Hack/PHP code would attempt to verify it by re-running scrypt_enc() with the same parameters. This could result in information disclosure, memory being overwriten or crashes of the HHVM process. This issue affects versions 4.3.0, 4.4.0, 4.5 ...
Show More |
|||||
| CVE-2019-18330 | 1 Siemens | 1 Sppa-t3000 Ms3000 Migration Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
A vulnerability has been identified in SPPA-T3000 MS3000 Migration Server (All versions). An attacker with network access to the MS3000 Server could cause a Denial-of-Service condition and potentially gain remote code execution by sending specifically crafted packets to 5010/tcp. This vulnerability is independent from CVE-2019-18323, CVE-2019-18324, CVE-2019-18325, CVE-2019-18326, CVE-2019-18327, CVE-2019-18328, and CVE-2019-18329. Please note that an attacker needs to have network access to the ...
Show More |
|||||