685 matches found
tigervnc: Stack buffer overflow in CMsgReader::readSetCursor
TigerVNC version prior to 1.10.1 is vulnerable to stack buffer overflow, which could be triggered from CMsgReader::readSetCursor. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values...
CVE-2020-16147
The login page in Telmat AccessLog = 6.0 TAL20180415 allows an attacker to get root shell access via Unauthenticated code injection over the network...
eos buffer error vulnerability
eos is an open source smart contract platform. A stack overflow vulnerability exists in the 'abiserializer' function in versions after eos commit f1545dd0ae2b77580c2236fdb70ae7138d2c7168. An attacker can exploit this vulnerability by sending a network request to attack an eos network node...
CVE-2020-14577
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 7u261, 8u251, 11.0.7 and 14.0.1; Java SE Embedded: 8u251. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to...
FreeRDP Buffer Overflow Vulnerability (CNVD-2020-28987)
FreeRDP is an open source implementation of the Remote Desktop Protocol RDP from the FreeRDP team. FreeRDP suffers from a buffer overflow vulnerability. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resultin...
FFmpeg Buffer Overflow Vulnerability (CNVD-2020-32372)
FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A buffer overflow vulnerability exists in the cbsjpegsplitfragment file in libavcodec/cbsjpeg.c in FFmpeg version 4.2.2. The vulnerability stems from a networked system or product performin...
OpenJDK: Incorrect handling of references to uninitialized class descriptors during deserialization (Serialization, 8224541)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
CVE-2020-2815
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite component: Profile. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks requi...
CVE-2020-2778
Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.6 and 14. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this vulnerability...
UBUNTU-CVE-2020-2757
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Serialization. Supported versions that are affected are Java SE: 7u251, 8u241, 11.0.6 and 14; Java SE Embedded: 8u241. Difficult to exploit vulnerability allows unauthenticated attacker with network access via...
MariaDB 10.2.0 < 10.2.31
The version of MariaDB installed on the remote host is prior to 10.2.31. It is, therefore, affected by a vulnerability as referenced in the 10.2.31 advisory. - Vulnerability in the MySQL Client product of Oracle MySQL component: C API. Supported versions that are affected are 5.6.46 and prior,...
Qualcomm MDM9206 and MDM9607 Input Validation Error Vulnerability
The Qualcomm MDM9206 and MDM9607 are both central processing unit CPU products from Qualcomm Incorporated. An input validation error vulnerability exists in the Kernel in the Qualcomm MDM9206 and MDM9607. The vulnerability arises from a networked system or product that does not properly validate...
CVE-2020-2655
Vulnerability in the Java SE product of Oracle Java SE component: JSSE. Supported versions that are affected are Java SE: 11.0.5 and 13.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Java SE. Successful attacks of this...
Buffer overflow
Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...
Fast8690-exploit
Sagemcom Fast 3890 exploit This exploit uses the Cable Haunt...
OpenJDK: Incorrect handling of nested jar: URLs in Jar URL handler (Networking, 8223892)
Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multip...
CVE-2019-11758
A flaw was found in the 360 Total Security code in Firefox and Thunderbird. Memory corruption is possible in the accessibility engine that could lead to an exploit to run arbitrary code. This vulnerability could be exploited over a network connection and would affect confidentiality and integrity...
UBUNTU-CVE-2019-15691
TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding routine would throw an exception, ZRLEDecoder may try to access stack variable, which has been already freed during the process of stack...
UBUNTU-CVE-2019-15694
TigerVNC version prior to 1.10.1 is vulnerable to heap buffer overflow, which could be triggered from DecodeManager::decodeRect. Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. This...
Siemens SPPA-T3000 Heap Buffer Overflow Vulnerability (CNVD-2019-44776)
The SPPA-T3000 is a distributed control system mainly used in thermal power plants and large renewable energy power plants. A heap buffer overflow vulnerability exists in the Siemens SPPA-T3000. This allows an attacker with network access to the MS3000 server to cause a denial of service conditio...