Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21815 | 1 Att | 1 Xmill | 2022-05-13 | 4.6 MEDIUM | 7.8 HIGH |
| A stack-based buffer overflow vulnerability exists in the command-line-parsing HandleFileArg functionality of AT&T Labs' Xmill 0.7. Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to strcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflow. An attacker can provide malicious input to trigger this vulnerability. | |||||
| CVE-2021-20038 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2022-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances firmware 10.2.0.8-37sv, 10.2.1.1-19sv, 10.2.1.2-24sv and earlier versions. | |||||
| CVE-2022-20737 | 1 Cisco | 1 Adaptive Security Appliance Software | 2022-05-12 | 7.0 HIGH | 7.1 HIGH |
| A vulnerability in the handler for HTTP authentication for resources accessed through the Clientless SSL VPN portal of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device or to obtain portions of process memory from an affected device. This vulnerability is due to insufficient bounds checking when parsing specific HTTP authentication messages. An attacker could exploit this vulnerability by sending malicious traffic to an affected device acting as a VPN Gateway. To send this malicious traffic, an attacker would need to control a web server that can be accessed through the Clientless SSL VPN portal. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition, or to retrieve bytes from the device process memory that may contain sensitive information. | |||||
| CVE-2019-5188 | 6 Canonical, Debian, E2fsprogs Project and 3 more | 8 Ubuntu Linux, Debian Linux, E2fsprogs and 5 more | 2022-05-12 | 4.4 MEDIUM | 6.7 MEDIUM |
| A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability. | |||||
| CVE-2020-15866 | 2 Debian, Mruby | 2 Debian Linux, Mruby | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| mruby through 2.1.2-rc has a heap-based buffer overflow in the mrb_yield_with_class function in vm.c because of incorrect VM stack handling. It can be triggered via the stack_copy function. | |||||
| CVE-2017-12166 | 2 Debian, Openvpn | 2 Debian Linux, Openvpn | 2022-05-12 | 6.8 MEDIUM | 9.8 CRITICAL |
| OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to a buffer overflow vulnerability when key-method 1 is used, possibly resulting in code execution. | |||||
| CVE-2021-21958 | 1 Hancom | 1 Hancom Office 2020 | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow vulnerability exists in the Hword HwordApp.dll functionality of Hancom Office 2020 11.0.0.2353. A specially-crafted malformed file can lead to memory corruption and potential arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2022-27470 | 2 Fedoraproject, Libsdl | 2 Fedora, Sdl Ttf | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| SDL_ttf v2.0.18 and below was discovered to contain an arbitrary memory write via the function TTF_RenderText_Solid(). This vulnerability is triggered via a crafted TTF file. | |||||
| CVE-2022-20699 | 1 Cisco | 8 Rv340, Rv340 Firmware, Rv340w and 5 more | 2022-05-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple vulnerabilities in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code Elevate privileges Execute arbitrary commands Bypass authentication and authorization protections Fetch and run unsigned software Cause denial of service (DoS) For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2022-22666 | 1 Apple | 4 Ipados, Iphone Os, Tvos and 1 more | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. | |||||
| CVE-2020-6152 | 1 Accusoft | 1 Imagegear | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| A code execution vulnerability exists in the DICOM parse_dicom_meta_info functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause an out-of-bounds write. An attacker can trigger this vulnerability by providing a victim with a malicious DICOM file. | |||||
| CVE-2020-6116 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | |||||
| CVE-2020-6108 | 1 F2fs-tools Project | 1 F2fs-tools | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable code execution vulnerability exists in the fsck_chk_orphan_node functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-6113 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated. Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution. A specially crafted document can be delivered to a victim in order to trigger this vulnerability. | |||||
| CVE-2020-6151 | 1 Accusoft | 1 Imagegear | 2022-05-12 | 7.5 HIGH | 9.8 CRITICAL |
| A memory corruption vulnerability exists in the TIFF handle_COMPRESSION_PACKBITS functionality of Accusoft ImageGear 19.7. A specially crafted malformed file can cause a memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-6146 | 1 Gonitro | 1 Nitro Pro | 2022-05-12 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | |||||
| CVE-2020-6089 | 1 Leadtools | 1 Leadtools | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools 20. A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2020-6098 | 1 Freediameter | 1 Freediameter | 2022-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| An exploitable denial of service vulnerability exists in the freeDiameter functionality of freeDiameter 1.3.2. A specially crafted Diameter request can trigger a memory corruption resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. | |||||
| CVE-2020-6094 | 1 Accusoft | 1 Imagegear | 2022-05-12 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the TIFF fillinraster function of the igcore19d.dll library of Accusoft ImageGear 19.4, 19.5 and 19.6. A specially crafted TIFF file can cause an out-of-bounds write, resulting in remote code execution. An attacker can provide a malicious file to trigger this vulnerability. | |||||
| CVE-2021-27035 | 1 Autodesk | 1 Design Review | 2022-05-12 | 6.8 MEDIUM | 7.8 HIGH |
| A maliciously crafted TIFF, TIF, PICT, TGA, or DWF files in Autodesk Design Review 2018, 2017, 2013, 2012, 2011 can be forced to read beyond allocated boundaries when parsing the TIFF, PICT, TGA or DWF files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. | |||||