CVE-2019-16470

CVE-2019-16470 affects Adobe Acrobat Reader up to version 2019.021.20056 (and earlier) and is caused by a stack-based buffer overflow in the product. This can lead to arbitrary code execution in the context of the current user, with exploitation requiring user interaction (victim to open a malici...

Delta Electronics CNCSoft-B DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics CNCSoft-B. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Amazon Linux 2023 : file, file-devel, file-libs (ALAS2023-2023-333)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-333 advisory. File before 5.43 has an stack-based buffer over-read in filecopystr in funcs.c. NOTE: File is the name of an Open Source project. CVE-2022-48554 Tenable has extracted the preceding description block...

CVE-2023-4685

Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code...

Stack overflow

Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code...

D-Link DAP-1325 SetTriggerAPValidate Key Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issu...

D-Link DIR-3040 prog.cgi SetWan3Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

D-Link DIR-3040 prog.cgi SetIPv6PppoeSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

Oracle Linux 7 : glibc (ELSA-2018-3092)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3092 advisory. - CVE-2017-16997: Correctly handle DTRPATH 1540480. - CVE-2018-11237: AVX-512 mempcpy for KNL buffer overflow 1579809 - CVE-2018-11236: Path length...

D-Link DAP-1325 SetAPLanSettings Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issu...

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issu...

Oracle Linux 8 : libsndfile (ELSA-2020-1636)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1636 advisory. - fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function i2alawarray in alaw 1673085 Tenable has extracted the preceding description...

Oracle Linux 7 : php (ELSA-2020-1112)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1112 advisory. - fix underflow in envpathinfo in fpmmain.c CVE-2019-11043 - fix stack-buffer-overflow while parsing HTTP response CVE-2018-7584 - fix out-of-bounds re...

Oracle Linux 8 : tcpdump (ELSA-2020-1604)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-1604 advisory. 14:4.9.2-6 - Resolves: 1715423 - tcpdump pre creates user and groups unconditionally - Resolves: 1655622 - CVE-2018-19519 Stack-based buffer over-read in...

Oracle Linux 8 : liblouis (ELSA-2020-1708)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1708 advisory. - Apply patch for CVE-2018-12085 1589942 - Fix CVE-2018-11577 1585906 - Fix CVE-2018-11684 1588632 - Fix CVE-2018-11685 1588637 Tenable has extracted t...

Oracle Linux 6 : ruby193-ruby (ELSA-2014-1913)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1913 advisory. - Fix off-by-one stack-based buffer overflow in the encodes function CVE-2014-4975. Related: rhbz1164004 - Fix REXML billion laughs attack via paramete...

Oracle Linux 8 : sudo (ELSA-2020-0487)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-0487 advisory. 1.8.25p1-8.1 - RHEL 8.1.0.Z ERRATUM - CVE-2019-18634 Resolves: rhbz1798092 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 7 : libsndfile (ELSA-2020-1185)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1185 advisory. 1.0.25-11 - fix CVE-2018-13139 - stack-based buffer overflow in sndfile-deinterleave utility 1598577 Tenable has extracted the preceding description block...

Oracle Linux 8 : curl (ELSA-2019-3701)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3701 advisory. - fix SMTP end-of-response out-of-bounds read CVE-2019-3823 - fix NTLMv2 type-3 header stack buffer overflow CVE-2019-3822 - fix NTLM type-2...