Stack overflow

Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.30158 and earlier, 2015.006.30510 and earlier, and 2015.006.30510 and earlier have a stack-based buffer overflow vulnerability. Successful exploitation could lead to arbitrary code execution...

CVE-2020-3799

CVE-2020-3799 describes a stack-based buffer overflow affecting Adobe Acrobat and Reader. Affected versions include 2020.006.20034 and earlier, 2017.011.30158 and earlier, and 2015.006.30510 and earlier. Successful exploitation could lead to arbitrary code execution. Connected sources corroborate...

(Pwn2Own) TP-Link Archer A7 DNS Response Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of TP-Link Archer A7 AC1750 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of DNS responses. A crafted DNS message can trigger an...

VISAM Automation Base (VBASE) (Update B)

1. EXECUTIVE SUMMARY CVSS v3 9.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: VISAM Equipment: VBASE Vulnerabilities: Relative Path Traversal, Incorrect Default Permissions, Inadequate Encryption Strength, Insecure Storage of Sensitive Information, Stack-based Buffer Overflow...

Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1268)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Adobe Reader < 2015.006.30518 / 2017.011.30166 / 2020.006.20042 Multiple Vulnerabilities (APSB20-13) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 2015.006.30518, 2017.011.30166, or 2020.006.20042. It is, therefore, affected by multiple vulnerabilities. - Adobe Acrobat and Reader versions 2020.006.20034 and earlier, 2017.011.30158 and earlier, 2017.011.3015...

Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...

Adobe Discloses Dozens of Critical Photoshop, Acrobat Reader Flaws

Adobe has released out-of-band updates addressing critical vulnerabilities in its Photoshop and Acrobat Reader products, which if exploited could allow arbitrary code-execution. Overall, Adobe on Wednesday patched flaws tied to 41 CVEs across its products, 29 of which were critical in severity. T...

Foxit Studio Photo TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Studio Photo. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of...

Delta Industrial Automation CNCSoft ScreenEditor DPB File Parsing GifName Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Industrial Automation CNCSoft ScreenEditor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

Huawei EulerOS: Security Advisory for libarchive (EulerOS-SA-2020-1226)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization for ARM 64 3.0.2.0 : libarchive (EulerOS-SA-2020-1226)

According to the versions of the libarchive package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - readheader in archivereadsupportformatrar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names i...

CVE-2017-18350

bitcoind and Bitcoin-Qt prior to 0.15.1 have a stack-based buffer overflow if an attacker-controlled SOCKS proxy server is used. This results from an integer signedness error when the proxy server responds with an acknowledgement of an unexpected target domain name...

CVE-2017-18350

Affected software: bitcoind and Bitcoin-Qt prior to 0.15.1. Issue: a stack-based buffer overflow caused by a signedness error when a attacker-controlled SOCKS proxy responds with an acknowledgement to an unexpected domain name. Impact details are consistent with the CVE, including a partial avail...

CentOS: Security Advisory for sudo (CESA-2020:0726)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Oracle Linux 6 : sudo (ELSA-2020-0726)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-0726 advisory. - fixed CVE-2019-18634 Resolves: rhbz1799018 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that...

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...

Stack overflow

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...

CVE-2020-10214

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is a stack-based buffer overflow in the httpd binary. It allows an authenticated user to execute arbitrary code via a POST to ntpsync.cgi with a sufficiently long parameter ntpserver...

CVE-2020-10214

Affected product: D-Link DIR-825 Rev.B (firmware 2.10). Vulnerability: stack-based buffer overflow in the httpd binary that can be triggered by a POST to ntp_sync.cgi with a sufficiently long ntp_server parameter. Impact: allows an authenticated user to execute arbitrary code on the device. Root ...