CVE-2020-21676

A stack-based buffer overflow in the genpstrxtext component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pstricks format...

Stack overflow

A stack-based buffer overflow in the genptktext component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into ptk format...

CVE-2020-21680

A stack-based buffer overflow in the putarrow component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pict2e format...

CVE-2020-21676

A stack-based buffer overflow in the genpstrxtext component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pstricks format...

CVE-2020-21675

CVE-2020-21675 affects fig2dev 3.2.7b, caused by a stack-based buffer overflow in the genptk_text component (genptk.c), which can lead to denial of service when converting XFig to ptk. Affected product: fig2dev (Xfig suite). Root cause: stack overflow in genptk_text. Impact: DoS via crafted input...

CVE-2020-21680

CVE-2020-21680 is a vulnerability in fig2dev (Xfig) where a stack-based buffer overflow in the put_arrow() function in genpict2e.c of fig2dev 3.2.7b allows an attacker to cause a denial of service when converting a xfig file to pict2e format. Affected software is fig2dev 3.2.7b (and related 3.2.x...

CVE-2020-21680

A stack-based buffer overflow in the putarrow component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service DOS via converting a xfig file into pict2e format...

CVE-2021-32943

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code on the WebAccess/SCADA WebAccess/SCADA versions prior to 8.4.5, WebAccess/SCADA versions prior to 9.0.1...

CVE-2021-32943

The CVE-2021-32943 issue affects Advantech WebAccess/SCADA before 8.4.5 and before 9.0.1, caused by a stack-based buffer overflow that could allow remote code execution. Multiple connected sources (NVD, Red Hat, Red Team/RH CVE entry, and ICS advisory) confirm the vulnerability in the WebAccess/S...

CVE-2020-21676

CVE-2020-21676 is a stack-based buffer overflow in genpstrx_text() of fig2dev 3.2.7b, allowing denial of service when converting a xfig file to pstricks. Public advisories (Debian/Ubuntu) indicate fixes in later fig2dev releases (e.g., Debian 1:3.2.7a-5+deb10u5; Ubuntu USN-5864-1). Remediation: u...

(0Day) Delta Industrial Automation DOPSoft DPS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation DOPSoft. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists withi...

Apple macOS libType1Scaler PFB Font Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the libType1Scaler library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the...

Advantech WebAccess SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerabilities: Cross-site Scripting XSS, Relative Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities...

UDP Technology IP Camera firmware vulnerabilities allow for attacker to achieve root

Researchers at RandoriSec have found serious vulnerabilities in the firmware provided by UDP Technology to Geutebrück and many other IP camera vendors. According to the researchers the firmware supplier UDP Technology fails to respond to their reports despite numerous mails and LinkedIn messages...

Geutebrück G-Cam E2 and G-Code

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: Geutebrück Equipment: G-Cam E2 and G-Code Vulnerabilities: Missing Authentication for Critical Function, Command Injection, Stack-based Buffer Overflow 2. RISK EVALUATION...

Security Bulletin: GRUB2 as used by IBM QRadar SIEM is vulnerable to arbitrary code execution

Summary GRUB2 as used by IBM QRadar SIEM is vulnerable to arbitrary code execution Vulnerability Details CVEID: CVE-2021-20225 DESCRIPTION: GNU GRUB2 could allow a local authenticated attacker to execute arbitrary code on the system, caused by a heap out-of-bounds write flaw in the short form...

openSUSE 15 Security Update : transfig (openSUSE-SU-2021:2454-1)

The remote SUSE Linux SUSE15 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:2454-1 advisory. - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calcarrow function in bound.c. CVE-2019-14275 - readtextobject in read.c in...

SUSE SLED15 / SLES15 Security Update : transfig (SUSE-SU-2021:2454-1)

The remote SUSE Linux SLED15 / SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:2454-1 advisory. - Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calcarrow function in bound.c. CVE-2019-14275 - readtextobject in read....

Stack overflow

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager vGPU plugin that could allow an attacker to cause stack-based buffer overflow and put a customized ROP gadget on the stack. Such an attack may lead to information disclosure, data tampering, or denial of service. This affect...

RHEL 7 : glibc (RHSA-2021:2813)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:2813 advisory. The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache...