Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2020-13585: TALOS-2020-1196 || Cisco Talos Intelligence Group

An out-of-bounds write vulnerability exists in the PSD Header processing functionality of Accusoft ImageGear 19.8. A specially crafted malformed file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.

CVE
Open in Source
#vulnerability#mac#windows#microsoft#cisco#intel#pdf#buffer_overflow
CVE-2020-13576: TALOS-2020-1187 || Cisco Talos Intelligence Group

A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.

CVE-2020-36244: Comparing v2.18.5...v2.18.6 · COVESA/dlt-daemon

The daemon in GENIVI diagnostic log and trace (DLT), is vulnerable to a heap-based buffer overflow that could allow an attacker to remotely execute arbitrary code on the DLT-Daemon (versions prior to 2.18.6).

CVE-2021-26675: security - Remote code execution in connman

A stack-based buffer overflow in dnsproxy in ConnMan before 1.39 could be used by network adjacent attackers to execute code.

CVE-2021-21143: Stable Channel Update for Desktop

Heap buffer overflow in Extensions in Google Chrome prior to 88.0.4324.146 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension.

CVE-2020-36242: Fernet fails to encrypt/decrypt large data · Issue #5615 · pyca/cryptography

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

CVE-2020-36242: Fernet fails to encrypt/decrypt large data · Issue #5615 · pyca/cryptography

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

CVE-2020-6088: TALOS-2020-1008 || Cisco Talos Intelligence Group

An exploitable denial of service vulnerability exists in the ENIP Request Path Network Segment functionality of Allen-Bradley Flex IO 1794-AENT/B 4.003. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

CVE-2020-27247: TALOS-2020-1210 || Cisco Talos Intelligence Group

A specially crafted document can cause the document parser to copy data from a particular record type into a static-sized buffer within an object that is smaller than the size used for the copy, which will cause a heap-based buffer overflow. In version/Instance 0x0002, an attacker can entice the victim to open a document to trigger this vulnerability. This affects SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014).

CVE-2020-13586: TALOS-2020-1197 || Cisco Talos Intelligence Group

A memory corruption vulnerability exists in the Excel Document SST Record 0x00fc functionality of SoftMaker Software GmbH SoftMaker Office PlanMaker 2021 (Revision 1014). A specially crafted malformed file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.