CVE-2019-13165

Some Xerox printers such as the Phaser 3320 V53.006.16.000 were affected by a buffer overflow vulnerability in the request parser of the IPP service. This would allow an unauthenticated attacker to cause a Denial of Service DoS and potentially execute arbitrary code on the device...

EulerOS Virtualization for ARM 64 3.0.2.0 : ntp (EulerOS-SA-2020-1210)

According to the versions of the ntp packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating the 'received' timestamp, which allows remote...

EulerOS Virtualization for ARM 64 3.0.2.0 : gpgme (EulerOS-SA-2020-1254)

According to the version of the gpgme package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - Multiple heap-based buffer overflows in the statushandler function in 1 engine-gpgsm.c and 2 engine-uiserver.c in GPGME...

Mozilla Firefox Security Advisories (MFSA2020-08, MFSA2020-09) - Windows

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:firefox";...

CVE-2020-10188

utility.c in telnetd in netkit telnet through 0.17 allows remote attackers to execute arbitrary code via short writes or urgent data, because of a buffer overflow involving the netclear and nextitem functions...

Input validation

Multiple vulnerabilities in Cisco Webex Network Recording Player for Microsoft Windows and Cisco Webex Player for Microsoft Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements within a Webex...

Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2020-5541)

The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5541 advisory. - mwifiex: Fix heap overflow in mmwifiexprocesstdlsactionframe qize wang Orabug: 30819439 CVE-2019-14901 - media: b2c2-flexcop-usb: add sanity...

Ubuntu: Security Advisory (USN-4292-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Design/Logic Flaw

IBM Spectrum Protect Plus 10.1.0 and 10.1.5 could allow a remote attacker to execute arbitrary code on the system. By using a specially crafted HTTP command, an attacker could exploit this vulnerability to execute arbitrary command on the system. IBM X-Force ID: 175022...

KLA11679 Multiple vulnerabilities in Apache Tomcat

Multiple vulnerabilities were found in Apache Tomcat. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. HTTP request smuggling vulnerability can be exploited remotely to obtain sensitive...

Huawei EulerOS: Security Advisory for glusterfs (EulerOS-SA-2020-1103)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2020-8861

This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DAP-1330 1.10B01 BETA Wi-Fi range extenders. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of HNAP login requests. The iss...

CVE-2012-0828

Heap-based buffer overflow in Xchat-WDK before 1499-4 2012-01-18 xchat 2.8.6 on Maemo architecture could allow remote attackers to cause a denial of service xchat client crash or execute arbitrary code via a UTF-8 line from server containing characters outside of the Basic Multilingual Plane BMP...

CVE-2016-4606

Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks...

CVE-2016-4606

Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks...

CVE-2015-7747

CVE-2015-7747 affects the Audio File Library (audiofile/libaudiofile). The vulnerability is a buffer overflow in afReadFrames that can be triggered by a crafted audio file, potentially causing a denial of service or arbitrary code execution. The issue is corroborated across multiple feeds (includ...

CVE-2014-4967

Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as demonstrated by a fact with 1 a trailing " src=" clause, 2 a trailing " temp=" clause, or 3 a...

CVE-2020-8012

CA Unified Infrastructure Management Nimsoft/UIM 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot controller component. A remote attacker can execute arbitrary code...

Stack overflow

Stack-based buffer overflow in the WritePSDImage function in coders/psd.c in ImageMagick 6.5.4 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a large number of layers in a PSD image, involving the L%02ld string, a different...

CVE-2019-18915

A potential security vulnerability has been identified with certain versions of HP System Event Utility prior to version 1.4.33. This vulnerability may allow a local attacker to execute arbitrary code via an HP System Event Utility system service...