Lucene search
+L

227 matches found

NVD
NVD
added 2021/09/17 7:15 p.m.37 views

CVE-2021-38402

Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to...

7.8CVSS0.07694EPSS
Exploits0References1
Prion
Prion
added 2021/09/17 7:15 p.m.20 views

Stack overflow

Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to...

6.8CVSS7.8AI score0.07694EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/09/17 6:54 p.m.75 views

CVE-2021-38402

Delta Electronics DOPSoft 2 (version ≤ 2.00.07) is affected by CVE-2021-38402 due to improper validation of user-supplied data when parsing certain project files, causing a stack-based buffer overflow in font string handling. This can allow arbitrary code execution in the current process. Public ...

7.8CVSS7.8AI score0.07694EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/09/17 6:54 p.m.39 views

CVE-2021-38402 Delta Electronics DOPSoft 2 Stack-Based Buffer Overflow

Delta Electronic DOPSoft 2 Version 2.00.07 and prior lacks proper validation of user-supplied data when parsing specific project files. This could lead to a stack-based buffer overflow while trying to copy to a buffer during font string handling. An attacker could leverage this vulnerability to...

7.8CVSS8AI score0.07694EPSS
Exploits0References1
OSV
OSV
added 2021/08/24 3:26 p.m.12 views

USN-5051-1 openssl vulnerabilities

John Ouyang discovered that OpenSSL incorrectly handled decrypting SM2 data. A remote attacker could use this issue to cause applications using OpenSSL to crash, resulting in a denial of service, or possibly change application behaviour. CVE-2021-3711 Ingo Schwarze discovered that OpenSSL...

9.8CVSS6.8AI score0.87816EPSS
Exploits1References3
UbuntuCve
UbuntuCve
added 2021/08/24 12:0 a.m.61 views

CVE-2021-3712

ASN.1 strings are represented internally within OpenSSL as an ASN1STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL 0 byte...

7.4CVSS6.9AI score0.50445EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/08/08 12:0 a.m.8 views

Rust 安全漏洞

Rust is a general-purpose, compiled programming language from the Mozilla Foundation. A security vulnerability exists in Rust. Allows an attacker to execute arbitrary code via a pattern designed with interest, because because string.c dsfgetstr dsfgetstr would write out-of-bounds...

9.8CVSS8.8AI score0.0123EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2021/08/04 11:8 a.m.146 views

USN-5030-1: Perl DBI module vulnerabilities

It was discovered that the Perl DBI module incorrectly opened files outside of the folder specified in the data source name. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2014-10402 It was discovered that the Perl DBI module incorrectly handled certain long...

7.1CVSS7AI score0.00602EPSS
Exploits1
OSV
OSV
added 2021/06/12 11:2 a.m.2 views

OESA-2021-1219 ImageMagick security update

Use ImageMagick to create, edit, compose, or convert bitmap images. It can read and write images in a variety of formats over 200 including PNG, JPEG, GIF, HEIC, TIFF, DPX, EXR, WebP, Postscript, PDF, and SVG. Use ImageMagick to resize, flip, mirror, rotate, distort, shear and transform images,...

5.5CVSS6.8AI score0.01095EPSS
Exploits3References4
OSV
OSV
added 2021/03/01 4:15 p.m.25 views

CVE-2021-25831

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...

9.8CVSS7.7AI score0.11503EPSS
Exploits1References6
OSV
OSV
added 2021/03/01 4:15 p.m.9 views

CVE-2021-25830

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...

9.8CVSS7.8AI score0.11763EPSS
Exploits1References6
Prion
Prion
added 2021/03/01 4:15 p.m.15 views

Design/Logic Flaw

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.0.0-9-v5.6.3. An attacker must request the conversion of the crafted file from PPTT into PPTX format. Using the chain of two other bugs related to improper string handling, a remote attacker can obtain remote...

7.5CVSS9.6AI score0.11503EPSS
Exploits1References6Affected Software1
Prion
Prion
added 2021/03/01 4:15 p.m.16 views

Design/Logic Flaw

A file extension handling issue was found in core module of ONLYOFFICE DocumentServer v4.2.0.236-v5.6.4.13. An attacker must request the conversion of the crafted file from DOCT into DOCX format. Using the chain of two other bugs related to improper string handling, an attacker can achieve remote...

7.5CVSS9.7AI score0.11763EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2021/01/12 9:15 p.m.16 views

CVE-2020-26992

A vulnerability has been identified in JT2Go All versions V13.1.0, Teamcenter Visualization All versions V13.1.0. Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during fon...

7.8CVSS8.1AI score0.01581EPSS
Exploits0References1
Prion
Prion
added 2021/01/12 9:15 p.m.27 views

Stack overflow

A vulnerability has been identified in JT2Go All versions V13.1.0, Teamcenter Visualization All versions V13.1.0. Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer during fon...

6.8CVSS8.1AI score0.01581EPSS
Exploits0References1Affected Software2
CNVD
CNVD
added 2020/12/15 12:0 a.m.11 views

ImageMagick code issue vulnerability (CNVD-2021-25965)

Imagemagick Studio ImageMagick is a suite of open source image processing software from ImageMagick Studio Imagemagick Studio, an American company. The software can read, convert or write images in many formats. A security vulnerability exists in ImageMagick versions prior to 7.0.9-0, which stems...

5.5CVSS6.5AI score0.01095EPSS
Exploits1References1
Prion
Prion
added 2020/12/08 9:15 p.m.19 views

Design/Logic Flaw

TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...

4.3CVSS5AI score0.01095EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2020/12/08 8:57 p.m.24 views

CVE-2020-25667

TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...

5.2AI score0.01095EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2020/12/08 8:57 p.m.43 views

CVE-2020-25667

TIFFGetProfiles in /coders/tiff.c calls strstr which causes a large out-of-bounds read when it searches for "dc:format="image/dng" within profile due to improper string handling, when a crafted input file is provided to ImageMagick. The patch uses a StringInfo type instead of a raw C string to...

5.5CVSS5.8AI score0.01095EPSS
Exploits1
Cent OS
Cent OS
added 2020/10/20 6:51 p.m.184 views

qt5 security update

CentOS Errata and Security Advisory CESA-2020:4025 An update for qt5-qtbase is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severi...

7.3CVSS7.1AI score0.00568EPSS
Exploits1References7
Rows per page
Query Builder