Total
11965 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-11767 | 1 Microsoft | 1 Chakracore | 2019-10-03 | 10.0 HIGH | 9.8 CRITICAL |
| ChakraCore allows an attacker to gain the same user rights as the current user, due to the way that the ChakraCore scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". | |||||
| CVE-2017-11299 | 1 Adobe | 1 Digital Editions | 2019-10-03 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. | |||||
| CVE-2017-0715 | 1 Google | 1 Android | 2019-10-03 | 9.3 HIGH | 7.8 HIGH |
| A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36998372. | |||||
| CVE-2019-1913 | 1 Cisco | 22 Sf-220-24, Sf-220-24 Firmware, Sf220-24p and 19 more | 2019-10-01 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system. The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. Depending on the configuration of the affected switch, the malicious requests must be sent via HTTP or HTTPS. | |||||
| CVE-2015-1098 | 1 Apple | 2 Iphone Os, Mac Os X | 2019-09-27 | 6.8 MEDIUM | 7.3 HIGH |
| iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted iWork file. | |||||
| CVE-2012-1516 | 1 Vmware | 2 Esx, Esxi | 2019-09-27 | 9.0 HIGH | 9.9 CRITICAL |
| The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 does not properly handle RPC commands, which allows guest OS users to cause a denial of service (memory overwrite and process crash) or possibly execute arbitrary code on the host OS via vectors involving data pointers. | |||||
| CVE-2009-0658 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2019-09-27 | 9.3 HIGH | 7.8 HIGH |
| Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E. | |||||
| CVE-2018-1000804 | 1 Contiki-ng | 1 Contiki-ng | 2019-09-27 | 10.0 HIGH | 9.8 CRITICAL |
| contiki-ng version 4 contains a Buffer Overflow vulnerability in AQL (Antelope Query Language) database engine that can result in Attacker can perform Remote Code Execution on device using Contiki-NG operating system. This attack appear to be exploitable via Attacker must be able to run malicious AQL code (e.g. via SQL-like Injection attack). | |||||
| CVE-2017-8325 | 1 Entropymine | 1 Imageworsener | 2019-09-16 | 6.8 MEDIUM | 8.8 HIGH |
| The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image. | |||||
| CVE-2018-20182 | 2 Debian, Rdesktop | 2 Debian Linux, Rdesktop | 2019-09-15 | 7.5 HIGH | 9.8 CRITICAL |
| rdesktop versions up to and including v1.8.3 contain a Buffer Overflow over the global variables in the function seamless_process_line() that results in memory corruption and probably even a remote code execution. | |||||
| CVE-2019-14305 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for Wi-Fi, mDNS, POP3, SMTP, and notification alerts, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-14300 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing HTTP cookie headers, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-14308 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing LPD packets, which allow an attacker to cause a denial of service or code execution via crafted requests to the LPD service. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-14307 | 1 Ricoh | 8 Sp C250dn, Sp C250dn Firmware, Sp C250sf and 5 more | 2019-09-13 | 7.5 HIGH | 9.8 CRITICAL |
| Several Ricoh printers have multiple buffer overflows parsing HTTP parameter settings for SNMP, which allow an attacker to cause a denial of service or code execution via crafted requests to the web server. Affected firmware versions depend on the printer models. One affected configuration is cpe:2.3:o:ricoh:sp_c250dn_firmware:-:*:*:*:*:*:*:* up to (including) 1.06 running on cpe:2.3:o:ricoh:sp_c250dn:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252dn:-:*:*:*:*:*:*:*. Another affected configuration is cpe:2.3:o:ricoh:sp_c250sf_firmware:-:*:*:*:*:*:*:* up to (including) 1.12 running on cpe:2.3:o:ricoh:sp_c250sf:-:*:*:*:*:*:*:*, cpe:2.3:o:ricoh:sp_c252sf:-:*:*:*:*:*:*:*. | |||||
| CVE-2019-16058 | 1 Opensc Project | 1 Opensc | 2019-09-12 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the pam_p11 component 0.2.0 and 0.3.0 for OpenSC. If a smart card creates a signature with a length longer than 256 bytes, this triggers a buffer overflow. This may be the case for RSA keys with 4096 bits depending on the signature scheme. | |||||
| CVE-2013-6933 | 1 Live555 | 1 Streaming Media | 2019-09-12 | 7.5 HIGH | N/A |
| The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. | |||||
| CVE-2019-15786 | 1 Robotis | 1 Dynamixel Sdk | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| ROBOTIS Dynamixel SDK through 3.7.11 has a buffer overflow via a large rxpacket. | |||||
| CVE-2019-15783 | 1 Lute-tab Project | 1 Lute-tab | 2019-09-03 | 7.5 HIGH | 9.8 CRITICAL |
| Lute-Tab before 2019-08-23 has a buffer overflow in pdf_print.cc. | |||||
| CVE-2012-6442 | 1 Rockwellautomation | 22 1100, 1400, 1756-enbt and 19 more | 2019-09-03 | 7.8 HIGH | N/A |
| Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that specifies a reset. | |||||
| CVE-2019-9933 | 1 Lexmark | 142 6500e, 6500e Firmware, C734 and 139 more | 2019-09-03 | 10.0 HIGH | 9.8 CRITICAL |
| Various Lexmark products have a Buffer Overflow (issue 3 of 3). | |||||