CVE-2020-11528

The CVE-2020-11528 issue affects bit2spr (bitmap format converter). A stack-based buffer overflow occurs in conv_bitmap (bit2spr.c) from a long line in a bitmap file, enabling a 129-byte write overflow. Public sources describe potential arbitrary code execution or a crash. No vendor/product versi...

Updated dcraw packages fix security vulnerabilities

The updated packages fix security vulnerabilities: There is a floating point exception in the kodakradcloadraw function in dcrawcommon.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack. CVE-2017-13735 In LibRaw through 0.18.4, an out of bounds read flaw related to...

EulerOS Virtualization for ARM 64 3.0.6.0 : kernel (EulerOS-SA-2020-1342)

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A heap-based buffer overflow was discovered in the Linux kernel's Marvell WiFi chip driver. The flaw could occur when...

SUSE SLES12 Security Update : glibc (SUSE-SU-2020:0832-1)

This update for glibc fixes the following issues : CVE-2020-1752: Fixed a use after free in glob which could have allowed a local attacker to create a specially crafted path that, when processed by the glob function, could potentially have led to arbitrary code execution bsc1167631. CVE-2020-1751...

Arbitrary Code Execution

imagemagick is vulnerable to arbitrary code execution. A stack-based buffer overflow in coders/pnm.c in WritePNMImage due to an off-by-one error in strncpy allows an attacker to execute arbitrary code on the system...

Stack overflow

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially...

CVE-2020-5344

Dell EMC iDRAC7, iDRAC8 and iDRAC9 versions prior to 2.65.65.65, 2.70.70.70, 4.00.00.00 contain a stack-based buffer overflow vulnerability. An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially...

CVE-2020-10607

CVE-2020-10607 affects Advantech WebAccess (versions 8.4.2 and earlier). It is a stack-based buffer overflow caused by inadequate validation of the length of user-supplied data, enabling remote code execution. Public sources in the connected set confirm the affected product (WebAccess), the vulne...

CVE-2020-10828

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...

Stack overflow

A stack-based buffer overflow in /cgi-bin/activate.cgi through ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 2 of 3...

CVE-2020-10828

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request...

CVE-2020-10828

CVE-2020-10828 is a stack-based buffer overflow in the cvmd process on DrayTek Vigor3900, Vigor2960, and Vigor300B devices. Versions prior to 1.5.1 are affected and allow remote code execution via a crafted remote HTTP request. This is confirmed by multiple sources in connected documents (vendor ...

CVE-2020-10827

CVE-2020-10827 refers to a stack-based buffer overflow in the apmd service on Draytek Vigor3900, Vigor2960, and Vigor300B devices. The vulnerability, present in firmware prior to 1.5.1, allows remote code execution via a crafted HTTP request. Multiple connected sources corroborate the affected mo...

CVE-2020-10825

A stack-based buffer overflow in /cgi-bin/activate.cgi while base64 decoding ticket parameter on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request issue 3 of 3...

CVE-2020-10825

CVE-2020-10825 affects DrayTek Vigor3900, Vigor2960, and Vigor300B prior to firmware version 1.5.1. The issue is a stack-based buffer overflow in the /cgi-bin/activate.cgi endpoint during base64 decoding of the ticket parameter, which can enable remote code execution via a remote HTTP request. Th...

Moderate: Red Hat Security Advisory: rh-postgresql10-postgresql security update

An update for rh-postgresql10-postgresql is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Advantech WebAccess

1. EXECUTIVE SUMMARY CVSS v3 8.8 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Advantech Equipment: WebAccess Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability may allow remote code execution. 3. TECHNICAL DETAILS 3.1...

PT-2020-12350 · Draytek · Draytek Vigor2960 +2

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 versions prior to 1.5.1 Draytek Vigor2960 versions prior to 1.5.1 Draytek Vigor300B versions prior to 1.5.1 Description: A stack-based buffer overflow in the apmd service allows remote attackers to achieve code execution via...

CVE-2020-10828

A stack-based buffer overflow in cvmd on Draytek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1 allows remote attackers to achieve code execution via a remote HTTP request. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2020-10881

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 Firmware Ver: 190726 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS messa...