Total
1402 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-1355 | 5 Debian, Fedoraproject, Libtiff and 2 more | 5 Debian Linux, Fedora, Libtiff and 2 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| A stack buffer overflow flaw was found in Libtiffs' tiffcp.c in main() function. This flaw allows an attacker to pass a crafted TIFF file to the tiffcp tool, triggering a stack buffer overflow issue, possibly corrupting the memory, and causing a crash that leads to a denial of service. | |||||
| CVE-2022-0629 | 4 Apple, Debian, Fedoraproject and 1 more | 4 Macos, Debian Linux, Fedora and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2022-0408 | 3 Debian, Fedoraproject, Vim | 3 Debian Linux, Fedora, Vim | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Stack-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | |||||
| CVE-2021-46643 | 1 Bentley | 2 Microstation, View | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15515. | |||||
| CVE-2021-46638 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DGN files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15510. | |||||
| CVE-2021-46565 | 1 Bentley | 3 Microstation, Microstation Connect, View | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT 10.16.0.80. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JT files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15024. | |||||
| CVE-2021-44432 | 1 Siemens | 2 Jt Open Toolkit, Jt Utilities | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been identified in JT Utilities (All versions < V13.1.1.0), JTTK (All versions < V11.1.1.0). JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-14845) | |||||
| CVE-2021-44165 | 1 Siemens | 8 7kg9501-0aa01-0aa1, 7kg9501-0aa01-0aa1 Firmware, 7kg9501-0aa01-2aa1 and 5 more | 2024-11-21 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41), POWER METER SICAM Q100 (All versions < V2.41). The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution. | |||||
| CVE-2021-43982 | 1 Deltaww | 1 Cncsoft | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| Delta Electronics CNCSoft Versions 1.01.30 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-43301 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | |||||
| CVE-2021-43300 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | |||||
| CVE-2021-43299 | 2 Debian, Teluu | 2 Debian Linux, Pjsip | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. | |||||
| CVE-2021-42705 | 1 We-con | 1 Plc Editor | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| PLC Editor Versions 1.3.8 and prior is vulnerable to a stack-based buffer overflow while processing project files, which may allow an attacker to execute arbitrary code. | |||||
| CVE-2021-42532 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
| CVE-2021-42531 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
| CVE-2021-42530 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
| CVE-2021-42529 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
| CVE-2021-39847 | 2 Adobe, Debian | 2 Xmp Toolkit Software Development Kit, Debian Linux | 2024-11-21 | 9.3 HIGH | 7.8 HIGH |
| XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | |||||
| CVE-2021-39845 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2024-11-21 | 5.8 MEDIUM | 6.1 MEDIUM |
| Acrobat Reader DC versions 2021.005.20060 (and earlier), 2020.004.30006 (and earlier) and 2017.011.30199 (and earlier) are affected by a stack overflow vulnerability due to insecure handling of a crafted PDF file, potentially resulting in memory corruption in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. | |||||
| CVE-2021-38432 | 1 Fatek | 2 Communication Server, Communication Server Firmware | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| FATEK Automation Communication Server Versions 1.13 and prior lacks proper validation of user-supplied data, which could result in a stack-based buffer overflow condition and allow an attacker to remotely execute code. | |||||