Total
1588 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21555 | 1 Dell | 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more | 2024-11-21 | 7.2 HIGH | 6.1 MEDIUM |
| Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and T640 Server BIOS contain a heap-based buffer overflow vulnerability in systems with NVDIMM-N installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. | |||||
| CVE-2021-21554 | 1 Dell | 18 Poweredge Mx740c, Poweredge Mx740c Firmware, Poweredge Mx840c and 15 more | 2024-11-21 | 7.2 HIGH | 6.1 MEDIUM |
| Dell PowerEdge R640, R740, R740XD, R840, R940, R940xa, MX740c, MX840c, and, Dell Precision 7920 Rack Workstation BIOS contain a stack-based buffer overflow vulnerability in systems with Intel Optane DC Persistent Memory installed. A local malicious user with high privileges may potentially exploit this vulnerability, leading to a denial of Service, arbitrary code execution, or information disclosure in UEFI or BIOS Preboot Environment. | |||||
| CVE-2021-21077 | 2 Adobe, Microsoft | 2 Animate, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Adobe Animate version 21.0.3 (and earlier) is affected by a Heap-based Buffer Overflow vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-21006 | 3 Adobe, Apple, Microsoft | 3 Photoshop, Macos, Windows | 2024-11-21 | 6.8 MEDIUM | 8.6 HIGH |
| Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code execution. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||||
| CVE-2021-20043 | 1 Sonicwall | 10 Sma 200, Sma 200 Firmware, Sma 210 and 7 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| A Heap-based buffer overflow vulnerability in SonicWall SMA100 getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. | |||||
| CVE-2020-8899 | 1 Google | 1 Android | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution (RCE) without any user interaction. The Samsung ID is SVE-2020-16747. | |||||
| CVE-2020-7852 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy has a Heap-based overflow vulnerability, triggered when the user opens a malformed ex.j2c format file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7829 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7828 | 2 Hmtalk, Microsoft | 2 Daviewindy, Windows | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| DaviewIndy 8.98.4 and earlier version contain Heap-based overflow vulnerability, triggered when the user opens a malformed specific file that is mishandled by Daview.exe. Attackers could exploit this and arbitrary code execution. | |||||
| CVE-2020-7586 | 1 Siemens | 4 Simatic Pcs 7, Simatic Process Device Manager, Simatic Step 7 and 1 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3), SIMATIC PDM (All versions < V9.2), SIMATIC STEP 7 V5.X (All versions < V5.6 SP2 HF3), SINAMICS STARTER (containing STEP 7 OEM version) (All versions < V5.4 HF2). A buffer overflow vulnerability could allow a local attacker to cause a Denial-of-Service situation. The security vulnerability could be exploited by an attacker with local access to the affected systems. Successful exploitation requires user privileges but no user interaction. The vulnerability could allow an attacker to compromise the availability of the system as well as to have access to confidential information. | |||||
| CVE-2020-6970 | 1 Emerson | 1 Openenterprise Scada Server | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| A Heap-based Buffer Overflow was found in Emerson OpenEnterprise SCADA Server 2.83 (if Modbus or ROC Interfaces have been installed and are in use) and all versions of OpenEnterprise 3.1 through 3.3.3, where a specially crafted script could execute code on the OpenEnterprise Server. | |||||
| CVE-2020-6156 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance USDC file format path element token index. | |||||
| CVE-2020-6155 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 while parsing compressed value rep arrays in binary USD files. A specially crafted malformed file can trigger a heap overflow, which can result in remote code execution. To trigger this vulnerability, the victim needs to access an attacker-provided malformed file. | |||||
| CVE-2020-6150 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software USDC file format SPECS section decompression heap overflow. | |||||
| CVE-2020-6149 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. To trigger this vulnerability, the victim needs to open an attacker-provided malformed file in an instance in USDC file format PATHS section. | |||||
| CVE-2020-6148 | 1 Pixar | 1 Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. An instance exists in USDC file format FIELDSETS section decompression heap overflow. | |||||
| CVE-2020-6147 | 2 Apple, Pixar | 3 Ipados, Iphone Os, Openusd | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. This instance exists in the USDC file format FIELDS section decompression heap overflow. | |||||
| CVE-2020-6146 | 1 Gonitro | 1 Nitro Pro | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. When drawing the contents of a page and selecting the stroke color from an 'ICCBased' colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object. Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. | |||||
| CVE-2020-6007 | 1 Philips | 2 Hue Bridge V2, Hue Bridge V2 Firmware | 2024-11-21 | 4.3 MEDIUM | 7.9 HIGH |
| Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution. | |||||
| CVE-2020-5138 | 1 Sonicwall | 2 Sonicos, Sonicosv | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A Heap Overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service (DoS) on the firewall SSLVPN service and leads to SonicOS crash. This vulnerability affected SonicOS Gen 5 version 5.9.1.7, 5.9.1.13, Gen 6 version 6.5.4.7, 6.5.1.12, 6.0.5.3, SonicOSv 6.5.4.v and Gen 7 version SonicOS 7.0.0.0. | |||||