Total
1016 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-26986 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of JT files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12014) | |||||
| CVE-2020-26987 | 1 Siemens | 2 Jt2go, Teamcenter Visualization | 2021-02-22 | 6.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in JT2Go (All versions < V13.1.0), Teamcenter Visualization (All versions < V13.1.0). Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-12016, ZDI-CAN-12017) | |||||
| CVE-2020-17423 | 1 Foxitsoftware | 1 Foxit Studio Photo | 2021-02-10 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo 3.6.6.922. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ARW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-11196. | |||||
| CVE-2020-27297 | 1 Honeywell | 1 Opc Ua Tunneller | 2021-02-03 | 7.5 HIGH | 9.8 CRITICAL |
| The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller (versions prior to 6.3.0.8233). | |||||
| CVE-2020-27263 | 4 Ge, Ptc, Rockwellautomation and 1 more | 7 Industrial Gateway Server, Kepware Kepserverex, Opc-aggregator and 4 more | 2021-01-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| KEPServerEX: v6.0 to v6.9, ThingWorx Kepware Server: v6.8 and v6.9, ThingWorx Industrial Connectivity: All versions, OPC-Aggregator: All versions, Rockwell Automation KEPServer Enterprise, GE Digital Industrial Gateway Server: v7.68.804 and v7.66, Software Toolbox TOP Server: All 6.x versions, are vulnerable to a heap-based buffer overflow. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and potentially leak data. | |||||
| CVE-2020-25843 | 1 Panorama | 1 Nhiservisignadapter | 2021-01-04 | 7.5 HIGH | 9.8 CRITICAL |
| NHIServiSignAdapter fails to verify the length of digital credential files’ path which leads to a heap overflow loophole. Remote attackers can use the leak to execute code without privilege. | |||||
| CVE-2020-25712 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2020-12-16 | 4.6 MEDIUM | 7.8 HIGH |
| A flaw was found in xorg-x11-server before 1.20.10. A heap-buffer overflow in XkbSetDeviceInfo may lead to a privilege escalation vulnerability. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. | |||||
| CVE-2020-25199 | 1 We-con | 1 Levistudiou | 2020-12-16 | 6.8 MEDIUM | 7.8 HIGH |
| A heap-based buffer overflow vulnerability exists within the WECON LeviStudioU Release Build 2019-09-21 and prior when processing project files. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. | |||||
| CVE-2020-25187 | 1 Medtronic | 2 Mycarelink Smart Model 25000, Mycarelink Smart Model 25000 Firmware | 2020-12-15 | 10.0 HIGH | 9.8 CRITICAL |
| Medtronic MyCareLink Smart 25000 all versions are vulnerable when an attacker who gains auth runs a debug command, which is sent to the reader causing heap overflow in the MCL Smart Reader stack. A heap overflow allows attacker to remotely execute code on the MCL Smart Reader, could lead to control of device. | |||||
| CVE-2018-4833 | 1 Siemens | 18 Rfid 181-eip, Rfid 181-eip Firmware, Ruggedcom Wimax and 15 more | 2020-12-14 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability has been identified in RFID 181EIP (All versions), RUGGEDCOM Win (V4.4, V4.5, V5.0, and V5.1), SCALANCE X-200 switch family (incl. SIPLUS NET variants) (All versions < V5.2.3), SCALANCE X-200IRT switch family (incl. SIPLUS NET variants) (All versions < V5.4.1), SCALANCE X-200RNA switch family (All versions < V3.2.6), SCALANCE X-300 switch family (incl. SIPLUS NET variants) (All versions < V4.1.3), SCALANCE X408 (All versions < V4.1.3), SCALANCE X414 (All versions), SIMATIC RF182C (All versions). Unprivileged remote attackers located in the same local network segment (OSI Layer 2) could gain remote code execution on the affected products by sending a specially crafted DHCP response to a client's DHCP request. | |||||
| CVE-2019-15679 | 1 Tightvnc | 1 Tightvnc | 2020-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| TightVNC code version 1.3.10 contains heap buffer overflow in InitialiseRFBConnection function, which can potentially result code execution. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2019-15678 | 1 Tightvnc | 1 Tightvnc | 2020-12-09 | 7.5 HIGH | 9.8 CRITICAL |
| TightVNC code version 1.3.10 contains heap buffer overflow in rfbServerCutText handler, which can potentially result code execution.. This attack appear to be exploitable via network connectivity. | |||||
| CVE-2020-25181 | 1 We-con | 1 Plc Editor | 2020-12-02 | 6.8 MEDIUM | 8.8 HIGH |
| WECON PLC Editor Versions 1.3.8 and prior has a heap-based buffer overflow vulnerabilities have been identified that may allow arbitrary code execution. | |||||
| CVE-2020-27255 | 1 Rockwellautomation | 1 Factorytalk Linx | 2020-11-30 | 5.0 MEDIUM | 7.5 HIGH |
| A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious set attribute requests, which could result in the leaking of sensitive information. This information disclosure could lead to the bypass of address space layout randomization (ASLR). | |||||
| CVE-2020-27251 | 1 Rockwellautomation | 1 Factorytalk Linx | 2020-11-30 | 7.5 HIGH | 9.8 CRITICAL |
| A heap overflow vulnerability exists within FactoryTalk Linx Version 6.11 and prior. This vulnerability could allow a remote, unauthenticated attacker to send malicious port ranges, which could result in remote code execution. | |||||
| CVE-2019-8274 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2020-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. | |||||
| CVE-2019-8273 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2020-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. | |||||
| CVE-2018-8871 | 1 Deltaww | 1 Tpeditor | 2020-10-22 | 7.5 HIGH | 9.8 CRITICAL |
| In Delta Electronics Automation TPEditor version 1.89 or prior, parsing a malformed program file may cause heap-based buffer overflow vulnerability, which may allow remote code execution. | |||||
| CVE-2019-8271 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2020-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1211 has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1212. | |||||
| CVE-2019-8258 | 2 Siemens, Uvnc | 4 Sinumerik Access Mymachine\/p2p, Sinumerik Pcu Base Win10 Software\/ipc, Sinumerik Pcu Base Win7 Software\/ipc and 1 more | 2020-10-19 | 7.5 HIGH | 9.8 CRITICAL |
| UltraVNC revision 1198 has a heap buffer overflow vulnerability in VNC client code which results code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision 1199. | |||||