Total
7966 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2022-46562 | 1 Dlink | 2 Dir-882 A1, Dir-882 A1 Firmware | 2023-03-03 | N/A | 7.2 HIGH |
D-Link DIR-882 DIR882A1_FW130B06, DIR-878 DIR_878_FW1.30B08 was discovered to contain a stack overflow via the PSK parameter in the SetQuickVPNSettings module. | |||||
CVE-2018-20177 | 3 Debian, Opensuse, Rdesktop | 4 Debian Linux, Backports, Leap and 1 more | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
rdesktop versions up to and including v1.8.3 contain an Integer Overflow that leads to a Heap-Based Buffer Overflow in the function rdp_in_unistr() and results in memory corruption and possibly even a remote code execution. | |||||
CVE-2019-12083 | 3 Fedoraproject, Opensuse, Rust-lang | 3 Fedora, Leap, Rust | 2023-03-03 | 6.8 MEDIUM | 8.1 HIGH |
The Rust Programming Language Standard Library 1.34.x before 1.34.2 contains a stabilized method which, if overridden, can violate Rust's safety guarantees and cause memory unsafety. If the `Error::type_id` method is overridden then any type can be safely cast to any other type, causing memory safety vulnerabilities in safe code (e.g., out-of-bounds write or read). Code that does not manually implement Error::type_id is unaffected. | |||||
CVE-2019-14524 | 2 Opensuse, Schismtracker | 3 Backports, Leap, Schism Tracker | 2023-03-03 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in Schism Tracker through 20190722. There is a heap-based buffer overflow via a large number of song patterns in fmt_mtm_load_song in fmt/mtm.c, a different vulnerability than CVE-2019-14465. | |||||
CVE-2019-14697 | 1 Musl-libc | 1 Musl | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
musl libc through 1.1.23 has an x87 floating-point stack adjustment imbalance, related to the math/i386/ directory. In some cases, use of this library could introduce out-of-bounds writes that are not present in an application's source code. | |||||
CVE-2019-13106 | 2 Denx, Opensuse | 2 U-boot, Leap | 2023-03-03 | 8.3 HIGH | 7.8 HIGH |
Das U-Boot versions 2016.09 through 2019.07-rc4 can memset() too much data while reading a crafted ext4 filesystem, which results in a stack buffer overflow and likely code execution. | |||||
CVE-2019-10961 | 1 Advantech | 1 Webaccess Hmi Designer | 2023-03-03 | 6.8 MEDIUM | 8.8 HIGH |
In Advantech WebAccess HMI Designer Version 2.1.9.23 and prior, processing specially crafted MCR files lacking proper validation of user supplied data may cause the system to write outside the intended buffer area, allowing remote code execution. | |||||
CVE-2019-14495 | 1 3proxy | 1 3proxy | 2023-03-03 | 7.5 HIGH | 9.8 CRITICAL |
webadmin.c in 3proxy before 0.8.13 has an out-of-bounds write in the admin interface. | |||||
CVE-2022-3219 | 1 Gnupg | 1 Gnupg | 2023-03-03 | N/A | 5.5 MEDIUM |
GnuPG can be made to spin on a relatively small input by (for example) crafting a public key with thousands of signatures attached, compressed down to just a few KB. | |||||
CVE-2019-18676 | 4 Canonical, Debian, Fedoraproject and 1 more | 4 Ubuntu Linux, Debian Linux, Fedora and 1 more | 2023-03-03 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in Squid 3.x and 4.x through 4.8. Due to incorrect input validation, there is a heap-based buffer overflow that can result in Denial of Service to all clients using the proxy. Severity is high due to this vulnerability occurring before normal security checks; any remote client that can reach the proxy port can trivially perform the attack via a crafted URI scheme. | |||||
CVE-2019-14431 | 1 Matrixssl | 1 Matrixssl | 2023-03-02 | 7.5 HIGH | 9.8 CRITICAL |
In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseSSLHandshake in sslDecode.c. During processing of a crafted packet, the server mishandles the fragment length value provided in the DTLS message. | |||||
CVE-2020-13428 | 2 Debian, Videolan | 2 Debian Linux, Vlc Media Player | 2023-03-02 | 6.8 MEDIUM | 7.8 HIGH |
A heap-based buffer overflow in the hxxx_AnnexB_to_xVC function in modules/packetizer/hxxx_nal.c in VideoLAN VLC media player before 3.0.11 for macOS/iOS allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted H.264 Annex-B video (.avi for example) file. | |||||
CVE-2020-0213 | 1 Google | 1 Android | 2023-03-02 | 4.3 MEDIUM | 6.5 MEDIUM |
In hevcd_fmt_conv_420sp_to_420sp_av8 of ihevcd_fmt_conv_420sp_to_420sp.s, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-10 Android-11 Android ID: A-143464314 | |||||
CVE-2022-36280 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2023-03-02 | N/A | 5.5 MEDIUM |
An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). | |||||
CVE-2019-14934 | 3 Debian, Fedoraproject, Pdfresurrect Project | 3 Debian Linux, Fedora, Pdfresurrect | 2023-03-02 | 6.8 MEDIUM | 7.8 HIGH |
An issue was discovered in PDFResurrect before 0.18. pdf_load_pages_kids in pdf.c doesn't validate a certain size value, which leads to a malloc failure and out-of-bounds write. | |||||
CVE-2023-22236 | 3 Adobe, Apple, Microsoft | 3 Animate, Macos, Windows | 2023-03-02 | N/A | 7.8 HIGH |
Adobe Animate versions 22.0.8 (and earlier) and 23.0.0 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2023-22234 | 2 Adobe, Microsoft | 2 Premiere Rush, Windows | 2023-03-02 | N/A | 7.8 HIGH |
Adobe Premiere Rush version 2.6 (and earlier) is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
CVE-2022-44079 | 1 Pycdc Project | 1 Pycdc | 2023-03-02 | N/A | 5.5 MEDIUM |
pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. | |||||
CVE-2022-48281 | 2 Debian, Libtiff | 2 Debian Linux, Libtiff | 2023-03-02 | N/A | 5.5 MEDIUM |
processCropSelections in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based buffer overflow (e.g., "WRITE of size 307203") via a crafted TIFF image. | |||||
CVE-2023-25139 | 1 Gnu | 1 Glibc | 2023-03-02 | N/A | 9.8 CRITICAL |
sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. |