Total
7966 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16140 | 2 Canonical, Fig2dev Project | 2 Ubuntu Linux, Fig2dev | 2020-01-21 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. | |||||
| CVE-2019-19555 | 1 Xfig Project | 1 Xfig | 2020-01-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. | |||||
| CVE-2019-13722 | 2 Google, Microsoft | 2 Chrome, Windows | 2020-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Inappropriate implementation in WebRTC in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | |||||
| CVE-2014-2072 | 1 3ds | 1 Catia | 2020-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks | |||||
| CVE-2013-3939 | 1 Xnview | 1 Xnview | 2020-01-15 | 6.8 MEDIUM | 7.8 HIGH |
| xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow. | |||||
| CVE-2013-3946 | 1 Extensis | 1 Mrsid | 2020-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header. | |||||
| CVE-2013-3944 | 1 Extensis | 1 Mrsid | 2020-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag. | |||||
| CVE-2014-0011 | 1 Tigervnc | 1 Tigervnc | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. | |||||
| CVE-2019-17015 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | |||||
| CVE-2020-6839 | 1 Mruby | 1 Mruby | 2020-01-13 | 7.5 HIGH | 9.8 CRITICAL |
| In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c. | |||||
| CVE-2013-3249 | 1 Solarwinds | 1 Dameware Remote Support | 2020-01-10 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2012-4024 | 1 Squashfs Project | 1 Squashfs | 2020-01-10 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the get_component function in unsquashfs.c in unsquashfs in Squashfs 4.2 and earlier allows remote attackers to execute arbitrary code via a crafted list file (aka a crafted file for the -ef option). NOTE: probably in most cases, the list file is a trusted file constructed by the program's user; however, there are some realistic situations in which a list file would be obtained from an untrusted remote source. | |||||
| CVE-2014-1598 | 1 Centurystar Project | 1 Centurystar | 2020-01-10 | 10.0 HIGH | 9.8 CRITICAL |
| centurystar 7.12 ActiveX Control has a Stack Buffer Overflow | |||||
| CVE-2019-9471 | 1 Google | 1 Android | 2020-01-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144168326 | |||||
| CVE-2019-9470 | 1 Google | 1 Android | 2020-01-09 | 4.6 MEDIUM | 6.7 MEDIUM |
| In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144167528 | |||||
| CVE-2013-5656 | 1 Fuzezip Project | 1 Fuzezip | 2020-01-08 | 4.6 MEDIUM | 7.8 HIGH |
| FuzeZip 1.0.0.131625 has a Local Buffer Overflow vulnerability | |||||
| CVE-2019-19847 | 1 Libspiro Project | 1 Libspiro | 2020-01-08 | 6.8 MEDIUM | 8.1 HIGH |
| Libspiro through 20190731 has a stack-based buffer overflow in the spiro_to_bpath0() function in spiro.c. | |||||
| CVE-2019-20016 | 1 Symonics | 1 Libmysofa | 2020-01-08 | 4.3 MEDIUM | 6.5 MEDIUM |
| libmysofa before 2019-11-24 does not properly restrict recursive function calls, as demonstrated by reports of stack consumption in readOHDRHeaderMessageDatatype in dataobject.c and directblockRead in fractalhead.c. NOTE: a download of v0.9 after 2019-12-06 should fully remediate this issue. | |||||
| CVE-2013-3941 | 1 Xnview | 1 Xnview | 2020-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| Xjp2.dll in XnView before 2.13 allows remote attackers to execute arbitrary code via (1) the Csiz parameter in a SIZ marker, which triggers an incorrect memory allocation, or (2) the lqcd field in a QCD marker in a crafted JPEG2000 file, which leads to a heap-based buffer overflow. | |||||
| CVE-2007-0158 | 1 Acme | 1 Thttpd | 2020-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| thttpd 2007 has buffer underflow. | |||||