Total
2385 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-9629 | 1 Videolan | 1 Vlc Media Player | 2020-01-29 | 6.8 MEDIUM | 7.8 HIGH |
| Integer overflow in the Encode function in modules/codec/schroedinger.c in VideoLAN VLC media player before 2.1.6 and 2.2.x before 2.2.1 allows remote attackers to conduct buffer overflow attacks and execute arbitrary code via a crafted length value. | |||||
| CVE-2019-19494 | 4 Compal, Netgear, Sagemcom and 1 more | 14 7284e, 7284e Firmware, 7486e and 11 more | 2020-01-28 | 9.3 HIGH | 8.8 HIGH |
| Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim's browser. Examples of affected products include Sagemcom F@st 3890 prior to 50.10.21_T4, Sagemcom F@st 3890 prior to 05.76.6.3f, Sagemcom F@st 3686 3.428.0, Sagemcom F@st 3686 4.83.0, NETGEAR CG3700EMR 2.01.05, NETGEAR CG3700EMR 2.01.03, NETGEAR C6250EMR 2.01.05, NETGEAR C6250EMR 2.01.03, Technicolor TC7230 STEB 01.25, COMPAL 7284E 5.510.5.11, and COMPAL 7486E 5.510.5.11. | |||||
| CVE-2019-20423 | 1 Lustre | 1 Lustre | 2020-01-28 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error. | |||||
| CVE-2013-1595 | 1 Vivotek | 2 Pt7135, Pt7135 Firmware | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| A Buffer Overflow vulnerability exists in Vivotek PT7135 IP Camera 0300a and 0400a via a specially crafted packet in the Authorization header field sent to the RTSP service, which could let a remote malicious user execute arbitrary code or cause a Denial of Service. | |||||
| CVE-2019-10606 | 1 Qualcomm | 16 Mdm9607, Mdm9607 Firmware, Msm8909w and 13 more | 2020-01-24 | 7.2 HIGH | 7.8 HIGH |
| Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9607, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, QCS605, SDX24 | |||||
| CVE-2019-14013 | 1 Qualcomm | 94 Apq8009, Apq8009 Firmware, Apq8017 and 91 more | 2020-01-23 | 10.0 HIGH | 9.8 CRITICAL |
| While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130 | |||||
| CVE-2019-14014 | 1 Qualcomm | 16 Nicobar, Nicobar Firmware, Sdm670 and 13 more | 2020-01-23 | 10.0 HIGH | 9.8 CRITICAL |
| Possible buffer overflow when byte array receives incorrect input from reading source as array is not null terminated in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Nicobar, SDM670, SDM710, SDM845, SM6150, SM8150, SM8250, SXR2130 | |||||
| CVE-2019-14005 | 1 Qualcomm | 86 Apq8009, Apq8009 Firmware, Apq8017 and 83 more | 2020-01-23 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130 | |||||
| CVE-2015-7874 | 1 Portapps | 1 Kitty Portable | 2020-01-23 | 10.0 HIGH | 9.8 CRITICAL |
| Buffer overflow in the chat server in KiTTY Portable 0.65.0.2p and earlier allows remote attackers to execute arbitrary code via a long nickname. | |||||
| CVE-2020-5204 | 1 Troglobit | 1 Uftpd | 2020-01-18 | 6.5 MEDIUM | 8.8 HIGH |
| In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11 | |||||
| CVE-2018-0721 | 1 Qnap | 1 Qts | 2020-01-16 | 10.0 HIGH | 7.7 HIGH |
| Buffer Overflow vulnerability in NAS devices. QTS allows attackers to run arbitrary code. This issue affects: QNAP Systems Inc. QTS version 4.2.6 and prior versions on build 20180711; version 4.3.3 and prior versions on build 20180725; version 4.3.4 and prior versions on build 20180710. | |||||
| CVE-2019-17147 | 1 Tp-link | 2 Tl-wr841n, Tl-wr841n Firmware | 2020-01-14 | 9.3 HIGH | 8.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-LINK TL-WR841N routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 80 by default. When parsing the Host request header, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length static buffer. An attacker can leverage this vulnerability to execute code in the context of the admin user. Was ZDI-CAN-8457. | |||||
| CVE-2013-4357 | 5 Canonical, Debian, Eglibc and 2 more | 5 Ubuntu Linux, Debian Linux, Eglibc and 2 more | 2020-01-14 | 5.0 MEDIUM | 7.5 HIGH |
| The eglibc package before 2.14 incorrectly handled the getaddrinfo() function. An attacker could use this issue to cause a denial of service. | |||||
| CVE-2019-5304 | 1 Huawei | 52 Ar120-s, Ar120-s Firmware, Ar1200 and 49 more | 2020-01-09 | 7.8 HIGH | 7.5 HIGH |
| Some Huawei products have a buffer error vulnerability. An unauthenticated, remote attacker could send specific MPLS Echo Request messages to the target products. Due to insufficient input validation of some parameters in the messages, successful exploit may cause the device to reset. | |||||
| CVE-2019-13566 | 1 Ros | 1 Ros-comm | 2020-01-08 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered in the ROS communications-related packages (aka ros_comm or ros-melodic-ros-comm) through 1.14.3. A buffer overflow allows attackers to cause a denial of service and possibly execute arbitrary code via an IP address with a long hostname. | |||||
| CVE-2013-4743 | 1 Static Http Server Project | 1 Static Http Server | 2020-01-07 | 7.5 HIGH | 9.8 CRITICAL |
| Static HTTP Server 1.0 has a Local Overflow | |||||
| CVE-2019-10013 | 1 Axtls Project | 1 Axtls | 2019-12-31 | 7.8 HIGH | 7.5 HIGH |
| The asn1_signature function in asn1.c in Cameron Hamilton-Rich axTLS through 2.1.5 has a Buffer Overflow that allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted certificate in the TLS certificate handshake message, because the result of get_asn1_length() is not checked for a minimum or maximum size. | |||||
| CVE-2019-7485 | 1 Sonicwall | 2 Sma 100, Sma 100 Firmware | 2019-12-31 | 6.5 MEDIUM | 8.8 HIGH |
| Buffer overflow in SonicWall SMA100 allows an authenticated user to execute arbitrary code in DEARegister CGI script. This vulnerability impacted SMA100 version 9.0.0.3 and earlier. | |||||
| CVE-2019-8511 | 1 Apple | 3 Iphone Os, Mac Os X, Watchos | 2019-12-31 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, macOS Mojave 10.14.4, watchOS 5.2. A malicious application may be able to elevate privileges. | |||||
| CVE-2019-5273 | 1 Huawei | 2 Usg9500, Usg9500 Firmware | 2019-12-31 | 5.0 MEDIUM | 7.5 HIGH |
| USG9500 with versions of V500R001C30;V500R001C60 have a denial of service vulnerability. Due to a flaw in the X.509 implementation in the affected products which can result in a large heap buffer overrun error, an attacker may exploit the vulnerability by a malicious certificate, resulting a denial of service on the affected products. | |||||