Total
9629 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2020-6060 | 1 Minisnmpd Project | 1 Minisnmpd | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A stack buffer overflow vulnerability exists in the way MiniSNMPD version 1.4 handles multiple connections. A specially timed sequence of SNMP connections can trigger a stack overflow, resulting in a denial of service. To trigger this vulnerability, an attacker needs to simply initiate multiple connections to the server. | |||||
CVE-2020-8854 | 2 Foxitsoftware, Microsoft | 3 Phantompdf, Reader, Windows | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.0.29478. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the conversion of JPEG files to PDF. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-9606. | |||||
CVE-2020-3729 | 2 Adobe, Microsoft | 2 Framemaker, Windows | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Adobe Framemaker versions 2019.0.4 and below have an out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution. | |||||
CVE-2019-7286 | 1 Apple | 2 Iphone Os, Mac Os X | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4, macOS Mojave 10.14.3 Supplemental Update. An application may be able to gain elevated privileges. | |||||
CVE-2019-8673 | 1 Apple | 6 Icloud, Iphone Os, Itunes and 3 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, iCloud for Windows 7.13, iCloud for Windows 10.6. Processing maliciously crafted web content may lead to arbitrary code execution. | |||||
CVE-2020-6796 | 1 Mozilla | 2 Firefox, Firefox Esr | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
A content process could have modified shared memory relating to crash reporting information, crash itself, and cause an out-of-bound write. This could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 73 and Firefox < ESR68.5. | |||||
CVE-2019-17253 | 1 Irfanview | 1 Irfanview | 2023-12-10 | 6.8 MEDIUM | 7.8 HIGH |
IrfanView 4.53 allows a User Mode Write AV starting at JPEG_LS+0x000000000000a6b8. | |||||
CVE-2019-16927 | 1 Glyphandcog | 1 Xpdf | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. | |||||
CVE-2019-19840 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request. | |||||
CVE-2018-8879 | 1 Asus | 2 Rt-ac66u, Rt-ac66u Firmware | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Stack-based buffer overflow in Asuswrt-Merlin firmware for ASUS devices older than 384.4 and ASUS firmware before 3.0.0.4.382.50470 for devices allows remote attackers to execute arbitrary code by providing a long string to the blocking.asp page via a GET or POST request. Vulnerable parameters are flag, mac, and cat_id. | |||||
CVE-2019-5544 | 4 Fedoraproject, Openslp, Redhat and 1 more | 10 Fedora, Openslp, Enterprise Linux Desktop and 7 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. | |||||
CVE-2020-6800 | 2 Canonical, Mozilla | 4 Ubuntu Linux, Firefox, Firefox Esr and 1 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Mozilla developers and community members reported memory safety bugs present in Firefox 72 and Firefox ESR 68.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts. This vulnerability affects Thunderbird < 68.5, Firefox < 73, and Firefox < ESR68.5. | |||||
CVE-2019-19847 | 1 Libspiro Project | 1 Libspiro | 2023-12-10 | 6.8 MEDIUM | 8.1 HIGH |
Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c. | |||||
CVE-2019-5180 | 1 Wago | 2 Pfc200, Pfc200 Firmware | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is overflowed with the call to sprintf() for any ip values that are greater than 1024-len(‘/etc/config-tools/config_interfaces interface=X1 state=enabled ip-address=‘) in length. A ip value of length 0x3da will cause the service to crash. | |||||
CVE-2019-10882 | 1 Netskope | 1 Netskope | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system. | |||||
CVE-2019-5093 | 1 Leadtools | 1 Leadtools | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
An exploitable code execution vulnerability exists in the DICOM network response functionality of LEADTOOLS libltdic.so version 20.0.2019.3.15. A specially crafted packet can cause an integer overflow, resulting in heap corruption. An attacker can send a packet to trigger this vulnerability. | |||||
CVE-2020-0033 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 7.8 HIGH |
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to stale pointer. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-144351324 | |||||
CVE-2019-11740 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Firefox Esr and 2 more | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
Mozilla developers and community members reported memory safety bugs present in Firefox 68, Firefox ESR 68, and Firefox 60.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code. This vulnerability affects Firefox < 69, Thunderbird < 68.1, Thunderbird < 60.9, Firefox ESR < 60.9, and Firefox ESR < 68.1. | |||||
CVE-2019-9956 | 2 Debian, Imagemagick | 2 Debian Linux, Imagemagick | 2023-12-10 | 6.8 MEDIUM | 8.8 HIGH |
In ImageMagick 7.0.8-35 Q16, there is a stack-based buffer overflow in the function PopHexPixel of coders/ps.c, which allows an attacker to cause a denial of service or code execution via a crafted image file. | |||||
CVE-2019-12221 | 5 Canonical, Debian, Fedoraproject and 2 more | 7 Ubuntu Linux, Debian Linux, Fedora and 4 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a SEGV in the SDL function SDL_free_REAL at stdlib/SDL_malloc.c. |