Total
10481 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-0242 | 3 Debian, Microsoft, Postgresql | 3 Debian Linux, Windows, Postgresql | 2020-01-31 | 6.5 MEDIUM | 8.8 HIGH |
| Stack-based buffer overflow in the *printf function implementations in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1, when running on a Windows system, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a floating point number with a large precision, as demonstrated by using the to_char function. | |||||
| CVE-2013-5659 | 1 Info-zip | 1 Wiz | 2020-01-31 | 5.0 MEDIUM | 7.5 HIGH |
| Wiz 5.0.3 has a user mode write access violation | |||||
| CVE-2013-3492 | 1 Xnview | 1 Xnview | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| XnView 2.03 has a stack-based buffer overflow vulnerability | |||||
| CVE-2015-5334 | 2 Openbsd, Opensuse | 2 Libressl, Opensuse | 2020-01-30 | 7.5 HIGH | 9.8 CRITICAL |
| Off-by-one error in the OBJ_obj2txt function in LibreSSL before 2.3.1 allows remote attackers to cause a denial of service (program crash) or possible execute arbitrary code via a crafted X.509 certificate, which triggers a stack-based buffer overflow. Note: this vulnerability exists because of an incorrect fix for CVE-2014-3508. | |||||
| CVE-2019-20425 | 1 Lustre | 1 Lustre | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. In the function lustre_msg_string, there is no validation of a certain length value derived from lustre_msg_buflen_v2. | |||||
| CVE-2019-20431 | 1 Lustre | 1 Lustre | 2020-01-29 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the ptlrpc module has an osd_map_remote_to_local out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. osd_bufs_get in the osd_ldiskfs module does not validate a certain length value. | |||||
| CVE-2012-5867 | 1 Ht Editor Project | 1 Ht Editor | 2020-01-28 | 7.5 HIGH | 9.8 CRITICAL |
| HT Editor 2.0.20 has a Remote Stack Buffer Overflow Vulnerability | |||||
| CVE-2019-20432 | 1 Lustre | 1 Lustre | 2020-01-28 | 7.8 HIGH | 7.5 HIGH |
| In the Lustre file system before 2.12.3, the mdt module has an out-of-bounds access and panic due to the lack of validation for specific fields of packets sent by a client. mdt_file_secctx_unpack does not validate the value of name_size derived from req_capsule_get_size. | |||||
| CVE-2012-4900 | 1 Corel | 1 Wordperfect Office X6 | 2020-01-27 | 4.3 MEDIUM | 5.5 MEDIUM |
| Corel WordPerfect Office X6 16.0.0.388 has a DoS Vulnerability via untrusted pointer dereference | |||||
| CVE-2019-19840 | 1 Ruckuswireless | 17 C110, E510, H320 and 14 more | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
| A stack-based buffer overflow in zap_parse_args in zap.c in zap in Ruckus Unleashed through 200.7.10.102.64 allows remote code execution via an unauthenticated HTTP request. | |||||
| CVE-2020-7054 | 1 Mz-automation | 1 Libiec61850 | 2020-01-24 | 6.8 MEDIUM | 8.8 HIGH |
| MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type. | |||||
| CVE-2019-5082 | 1 Wago | 4 Pfc100, Pfc100 Firmware, Pfc200 and 1 more | 2020-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| An exploitable heap buffer overflow vulnerability exists in the iocheckd service I/O-Check functionality of WAGO PFC200 Firmware version 03.01.07(13), WAGO PFC200 Firmware version 03.00.39(12), and WAGO PFC100 Firmware version 03.00.39(12). A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. | |||||
| CVE-2019-19555 | 1 Xfig Project | 1 Xfig | 2020-01-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| read_textobject in read.c in Xfig fig2dev 3.2.7b has a stack-based buffer overflow because of an incorrect sscanf. | |||||
| CVE-2018-16140 | 2 Canonical, Fig2dev Project | 2 Ubuntu Linux, Fig2dev | 2020-01-22 | 6.8 MEDIUM | 7.8 HIGH |
| A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file. | |||||
| CVE-2014-2072 | 1 3ds | 1 Catia | 2020-01-17 | 7.5 HIGH | 9.8 CRITICAL |
| Dassault Systemes Catia V5-6R2013: Stack Buffer Overflow due to inadequate boundary checks | |||||
| CVE-2013-3939 | 1 Xnview | 1 Xnview | 2020-01-15 | 6.8 MEDIUM | 7.8 HIGH |
| xnview.exe in XnView before 2.13 does not properly handle RLE strip lengths during processing of RGB files, which allows remote attackers to execute arbitrary code via the RLE strip size field in a RGB file, which leads to an unexpected sign extension error and a heap-based buffer overflow. | |||||
| CVE-2013-3946 | 1 Extensis | 1 Mrsid | 2020-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| Heap-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via a levels header. | |||||
| CVE-2013-3944 | 1 Extensis | 1 Mrsid | 2020-01-14 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based buffer overflow in the MrSID plugin (MrSID.dll) before 4.37 for IrfanView allows remote attackers to execute arbitrary code via an IMAGE tag. | |||||
| CVE-2014-0011 | 1 Tigervnc | 1 Tigervnc | 2020-01-14 | 7.5 HIGH | 9.8 CRITICAL |
| Multiple heap-based buffer overflows in the ZRLE_DECODE function in common/rfb/zrleDecode.h in TigerVNC before 1.3.1, when NDEBUG is enabled, allow remote VNC servers to cause a denial of service (vncviewer crash) and possibly execute arbitrary code via vectors related to screen image rendering. | |||||
| CVE-2019-17015 | 2 Microsoft, Mozilla | 3 Windows, Firefox, Firefox Esr | 2020-01-13 | 6.8 MEDIUM | 8.8 HIGH |
| During the initialization of a new content process, a pointer offset can be manipulated leading to memory corruption and a potentially exploitable crash in the parent process. *Note: this issue only occurs on Windows. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR < 68.4 and Firefox < 72. | |||||