Total
11736 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-1906 | 1 Whatsapp | 2 Whatsapp, Whatsapp Business | 2020-10-13 | 4.6 MEDIUM | 7.8 HIGH |
| A buffer overflow in WhatsApp for Android prior to v2.20.130 and WhatsApp Business for Android prior to v2.20.46 could have allowed an out-of-bounds write when processing malformed local videos with E-AC-3 audio streams. | |||||
| CVE-2020-5981 | 1 Nvidia | 1 Virtual Gpu Manager | 2020-10-09 | 4.6 MEDIUM | 7.8 HIGH |
| NVIDIA Windows GPU Display Driver, all versions, contains a vulnerability in the DirectX11 user mode driver (nvwgf2um/x.dll), in which a specially crafted shader can cause an out of bounds access, which may lead to denial of service or code execution. | |||||
| CVE-2004-0398 | 2 Debian, Webdav | 3 Debian Linux, Cadaver, Neon | 2020-10-09 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client. | |||||
| CVE-2019-17135 | 1 Foxitsoftware | 1 Phantompdf | 2020-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.5.0.20723. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-8775. | |||||
| CVE-2020-17382 | 1 Msi | 2 Ambientlink Mslo64, Ambientlink Mslo64 Firmware | 2020-10-09 | 7.2 HIGH | 7.8 HIGH |
| The MSI AmbientLink MsIo64 driver 1.0.0.8 has a Buffer Overflow (0x80102040, 0x80102044, 0x80102050,and 0x80102054). | |||||
| CVE-2019-13541 | 1 Hornerautomation | 1 Cscape | 2020-10-09 | 6.8 MEDIUM | 7.8 HIGH |
| In Horner Automation Cscape 9.90 and prior, an improper input validation vulnerability has been identified that may be exploited by processing files lacking user input validation. This may allow an attacker to access information and remotely execute arbitrary code. | |||||
| CVE-2020-4799 | 1 Ibm | 1 Informix Dynamic Server | 2020-10-08 | 4.6 MEDIUM | 7.8 HIGH |
| IBM Informix spatial 14.10 could allow a local user to execute commands as a privileged user due to an out of bounds write vulnerability. IBM X-Force ID: 189460. | |||||
| CVE-2019-13156 | 1 Naver | 1 Cloud Explorer | 2020-10-08 | 5.0 MEDIUM | 7.5 HIGH |
| NDrive(1.2.2).sys in Naver Cloud Explorer has a stack-based buffer overflow, which allows attackers to cause a denial of service when reading data from IOCTL handle. | |||||
| CVE-2019-6740 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2020-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472. | |||||
| CVE-2019-12807 | 2 Estsoft, Microsoft | 2 Alzip, Windows | 2020-10-06 | 6.8 MEDIUM | 7.8 HIGH |
| Alzip 10.83 and earlier version contains a stack-based buffer overflow vulnerability, caused by improper bounds checking during the parsing of crafted ISO archive file format. By persuading a victim to open a specially-crafted ISO archive file, an attacker could execution arbitrary code. | |||||
| CVE-2019-12806 | 2 Crosscert, Microsoft | 2 Unisign, Windows | 2020-10-06 | 6.8 MEDIUM | 8.8 HIGH |
| UniSign 2.0.4.0 and earlier version contains a stack-based buffer overflow vulnerability which can overwrite the stack with arbitrary data, due to a buffer overflow in a library. That leads remote attacker to execute arbitrary code via crafted https packets. | |||||
| CVE-2019-6550 | 1 Advantech | 1 Webaccess | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| Advantech WebAccess/SCADA, Versions 8.3.5 and prior. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. | |||||
| CVE-2019-6553 | 1 Rockwellautomation | 1 Rslinx | 2020-10-06 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Rockwell Automation RSLinx Classic versions 4.10.00 and prior. An input validation issue in a .dll file of RSLinx Classic where the data in a Forward Open service request is passed to a fixed size buffer, allowing an attacker to exploit a stack-based buffer overflow condition. | |||||
| CVE-2019-1663 | 1 Cisco | 6 Rv110w, Rv110w Firmware, Rv130w and 3 more | 2020-10-05 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user. RV110W Wireless-N VPN Firewall versions prior to 1.2.2.1 are affected. RV130W Wireless-N Multifunction VPN Router versions prior to 1.0.3.45 are affected. RV215W Wireless-N VPN Router versions prior to 1.3.1.1 are affected. | |||||
| CVE-2019-6541 | 1 We-con | 1 Levistudiou | 2020-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption vulnerability has been identified in WECON LeviStudioU version 1.8.56 and prior, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC. | |||||
| CVE-2019-6539 | 1 We-con | 1 Levistudiou | 2020-10-05 | 9.3 HIGH | 7.8 HIGH |
| Several heap-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior have been identified, which may allow arbitrary code execution. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC. | |||||
| CVE-2019-6537 | 1 We-con | 1 Levistudiou | 2020-10-05 | 6.8 MEDIUM | 7.8 HIGH |
| Multiple stack-based buffer overflow vulnerabilities in WECON LeviStudioU version 1.8.56 and prior may be exploited when parsing strings within project files. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. Mat Powell, Ziad Badawi, and Natnael Samson working with Trend Micro's Zero Day Initiative, reported these vulnerabilities to NCCIC. | |||||
| CVE-2020-26537 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1. In a certain Shading calculation, the number of outputs is unequal to the number of color components in a color space. This causes an out-of-bounds write. | |||||
| CVE-2020-26535 | 1 Foxitsoftware | 2 Foxit Reader, Phantompdf | 2020-10-05 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in Foxit Reader and PhantomPDF before 10.1. If TslAlloc attempts to allocate thread local storage but obtains an unacceptable index value, V8 throws an exception that leads to a write access violation (and read access violation). | |||||
| CVE-2018-7513 | 1 Omron | 1 Cx-supervisor | 2020-10-02 | 4.6 MEDIUM | 5.3 MEDIUM |
| In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed project files may cause a stack-based buffer overflow. | |||||