Schneider Electric VAMPSET Software Buffer Overflow Vulnerability | CISA.CPAI – Check Point Software

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Search CVE List. Update a CVE Record. ORG is underway and will last up to one year. Affected devices improperly handle partial HTTP requests which makes them vulnerable to slowloris attacks. This could allow a remote attacker to create a denial of service condition that persists until the attack ends. A vulnerability has been identified in Parasolid V This could allow an attacker to execute code in the context of the current process. An attacker could leverage this vulnerability to execute code in the context of the current process.

An attacker could leverage this vulnerability to leak information in the context of the current process. Poppler prior to and including This is similar to the vulnerability described by CVE in Xpdf. The default installation sets insecure file permissions that could allow a local attacker to escalate privileges to local administrator. It can be triggered by sending a crafted PDF file to for example the pdfimages продолжение здесь. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

Xpdf prior vulnrrability version 4. Affected versions of the module insufficiently protect from packet capture replay. This could allow unauthorized remote attackers to bypass authentication and get access to the application.

Since the affected product starts another program with an unquoted file path, a malicious file may be executed with the privilege crel the Windows service if it is placed in a certain path. Affected devices do not properly corel pdf fusion xps stack buffer overflow vulnerability free download data introduced by an user when rendering the web interface. This could allow an authenticated remote attacker with administrative privileges to inject code and lead to a DOM-based XSS.

This could allow an unauthenticated remote attacker to bypass the TCP brute force prevention and lead to a denial of service condition for the duration of the attack.

Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell. BigTree CMS 4. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader User interaction is required to exploit this vulnerability in that the vulnerahility must visit a malicious page or open a malicious file.

The specific flaw exists within the handling of ADBC objects. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.

The specific flaw exists within the handling of Doc objects. The specific flaw exists within the handling of Annotation objects.

By corel pdf fusion xps stack buffer overflow vulnerability free download code to specific configuration options for OpenVPN, an attacker could execute byffer code with elevated privileges. The application does not correctly escape some user provided fields during the authentication process. This could allow an attacker to inject custom commands and execute arbitrary code with elevated privileges.

The application lacks proper validation of user-supplied data buffrr parsing specific messages. This could result in a heap-based buffer overflow. An attacker could leverage this vulnerability to execute code in the context of device.

Affected devices are vulnerable to a web-based code injection attack via the console. An attacker could exploit this vulnerability to inject code into the web server and cause malicious behavior in legitimate users accessing certain web resources on the affected device.

A vulnerability has been identified in Teamcenter V File Server Cache service in Teamcenter is vulnerable to denial of service by entering infinite loops and using up CPU cycles. This could allow an attacker to cause denial of service condition. File Server Cache service in Teamcenter consist of a functionality that is vulnerable to command injection. This could potentially allow an attacker to perform remote code execution.

Affected applications expose user, host and display name of users, when https://replace.me/7734.txt public license server is used. This could allow an attacker to retrieve this information. QPDF v8. An attacker may use this to compromise the availability of the affected component.

An expression injection vulnerability was discovered in the Workflow subsystem of Mendix Runtime, that can affect the running applications. The vulnerability could allow a malicious user to leak sensitive information in a certain configuration. The affected application contains an out of bounds read corel pdf fusion xps stack buffer overflow vulnerability free download the end of an allocated structure while parsing specially corel pdf fusion xps stack buffer overflow vulnerability free download NEU files.

Affected software uses an improperly protected file to import SSH keys. The affected application contains a stack corruption vulnerability while parsing PCB files. The affected application contains an out of bounds write past the end vulnerbility an allocated structure while parsing specially crafted PCB files. The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing PCB files.

Sps vulnerability has been identified in Opcenter Quality V The affected applications do not properly validate login information during authentication.

This could lead to denial of service condition for existing users or allow unauthenticated remote attackers to successfully login without credentials. Affected applications use client-side only authentication, when neither server-side authentication SSA nor Kerberos authentication is enabled.

In this configuration, attackers could impersonate other users or exploit the client-server protocol without being authenticated. Affected devices do not perform authentication for several web API endpoints. This could ovverflow an unauthenticated remote attacker to read and download data from the device.

The web session downlkad of affected devices does not invalidate session ids in certain logout scenarios. This could allow an authenticated remote attacker to hijack other users\’ sessions. This could allow an attacker to execute malicious code by tricking users into accessing a malicious link.

This may allow an attacker https://replace.me/6652.txt disclose confidential data under certain circumstances. The affected application contains a file upload server that привожу ссылку vulnerable to command injection. An attacker could use this to achieve arbitrary code execution.

The affected application contains a misconfiguration in the APT update. This could allow an attacker to add insecure packages to the application. An attacker could use these temporary credentials for authentication bypass in certain scenarios. The system images for installation or update of the affected application contain unit test scripts with sensitive information. An attacker could gain information about testing architecture and also tamper with test configuration.

The affected application contains an older feature that allows to import device corel pdf fusion xps stack buffer overflow vulnerability free download via a specific endpoint. An attacker could use this vulnerability for information disclosure. The affected corel pdf fusion xps stack buffer overflow vulnerability free download consists of a web service that lacks proper access fuson for some of the endpoints.

This could lead to low privileged users accessing privileged information. This could lead to unauthorized access to limited information. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker. Due to improper input validation, the OpenSSL downloav password could be printed to a file reachable by an attacker.

The application does not perform по ссылке integrity check of the update packages. Without validation, an admin user might be tricked to install a malicious package, granting cc adobe 2015 32 free download download bit audition privileges to an attacker.

There is a missing authentication verification for a resource used to change the roles and permissions of a user. This could allow an attacker to change the permissions of any user and gain the privileges of an administrative user. When a user opens manipulated Portable Document Format. A vulnerability has been identified in Teamcenter Active Workspace V5.

A reflected cross-site scripting XSS vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious code by tricking users into accessing a malicious link.

Access to the application allows a user to perform a series of actions that could potentially lead to bufffr code execution with elevated permissions. The affected application assigns improper access rights to the service executable. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.

This could allow to set weak passwords. In versions prior to 8. This is corel pdf fusion xps stack buffer overflow vulnerability free download a default configuration of LAM. This issue has been fixed in version 8. There are no known workarounds for this issue. Open Forms is an application for creating and publishing smart forms. Open Forms supports file uploads as one of the form field types. These fields can be configured to allow only certain file extensions to be uploaded by end users e.

The input validation of uploaded vunlerability is insufficient in versions prior corek 1.

 
 

Corel PDF Fusion Stack Buffer Overflow ≈ Packet Storm.CVE – Search Results

 

Please see TSB for more information. Successful exploitation would use up all the available memory on the server, resulting in a denial of service condition on the target. This signature detects attempts to exploit a known vulnerability against Adobe Tiff file. A successful attack can lead to arbitrary code execution. A successful attack can lead to unauthorized source code disclosure.

This signature detects an attempt to download exploits from malicious exploit kits that may compromise a computer through various vendor vulnerabilities. Exploit kits are very specific type of toolkits which are being used by cybercriminals to deliver other pieces of malware.

This signature detects attempts to exploit a known vulnerability against multiple vendors using Apache Axis. A successful attack can result in a denial-of-service condition.

A denial of service vulnerability has been reported in PHP. Successful exploitation of this vulnerability could lead to denial of service. This signature detects attempts to exploit a known vulnerability against Aerospike Database Server.

A successful attack can lead to remote code execution. Successful exploitation of these vulnerabilities could lead to arbitrary code execution.

A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the application. A remote code execution vulnerability exists in a component of the Microsoft Windows Graphics component. A remote, unauthenticated attacker could exploit this vulnerability by enticing a user to open a specially crafted web page or document. Successful exploitation could result in arbitrary code execution under the security context of the application. This signature detects attempts to exploit a known vulnerability against Microsoft Windows Remote Desktop.

This signature detects attempts to exploit a known vulnerability against Microsoft Internet Explorer. This signature detects attempts to exploit a known vulnerability against Microsoft.

NET Framework. It is due to memory corruption when handling method calls that take structures with misaligned fields as parameters. NET application to a vulnerable server. Successful exploitation could result in execution of arbitrary code within the security context of the currently logged on user. An unsuccessful exploit attempt may terminate the PresentationHost. NET component. This signature detects attempts from WireLurker malware to upload the serial number of an infected client system.

This signature detects an attempt to exploit an out-of-bounds read Vulnerability in Microsoft Internet Explorer. Successful exploitation could allow an attacker to execute arbitrary code into the application\’s context.

This signature detects attempts to exploit a known vulnerability against Visual Basic ActiveX controls. An attacker can create a malicious Web site containing dangerous ActiveX elements, which if accessed by a victim, allows the attacker to take control of the victim\’s client browser and execute arbitrary code. This signature detects attempts to use unsafe ActiveX controls in Internet Explorer.

An attacker can create a malicious Web site containing Web pages with dangerous ActiveX controls, which if accessed by a victim, allows the attacker to gain control of the victim\’s client browser. This signature detects Web pages with Web folders pointing to a client-side folder using the shell URI scheme. Attackers can use a malicious Web page containing a client-side Web folder to install arbitrary files in sensitive locations on the client filesystem, such as the startup folder. However, a specially crafted Web site could be using a client-side Web folder legitimately.

This signature detects attempts to exploit a known vulnerability in the OpenSSL. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the OpenSSL. A heap overflow vulnerability exists in Google Chrome Blink. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted HTML file.

Successful exploitation of the vulnerability can possibly lead to remote code execution. Known weaknesses in the MD5 algorithm allow for certificates signed with it to be spoofed by attackers. The certificate detected by this signature could potentially be illegitimate. All certificates in the signing chain are checked.

This signature detects attempts to exploit a known vulnerability in OpenSSH. Successful exploitation of this vulnerability could lead to excessive memory consumption causing denial of service. Successful exploitation allows the attacker to execute arbitrary commands under the security context of the web server.

This signature detects attempts to exploit a known vulnerability against Adobe Reader. This signature detects attempts to exploit a known vulnerability against Microsoft Office. A type confusion vulnerability exists in Microsoft Internet Explorer and Edge. This vulnerability is due to improper objects access in memory. Successful exploitation could lead to arbitrary code execution in the security context of the target user.

A heap-based buffer overflow vulnerability exists in Autodesk Design Review. A remote attacker could exploit these vulnerabilities by enticing the user to visit a maliciously crafted web-page or open a maliciously crafted file. Successful exploitation would allow the attacker to execute arbitrary code in the context of the user. This signature detects attempts to exploit a known vulnerability against Adobe Flash Player. A successful attack can lead to the injection of arbitrary SQL code into the server.

Update Details. Security Intelligence Center. Supported On: isg Supported On: vsrx Supported On: srx-branch Site Map. Privacy Policy. Legal Notices. My Account. Log Out.

 

Corel pdf fusion xps stack buffer overflow vulnerability free download.You are viewing this page in an unauthorized frame window.

 

If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function\’s return address. Softing Industrial Automation all versions prior to the latest build of version 4. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code.

These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution. A vulnerability in the MIME message handling of the Notes client versions 9 and 10 could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client.

A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system. A vulnerability in the MIME message handling of the Domino server versions 9 and 10 could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.

This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server. A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user.

A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow.

A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user.

There is a buffer overflow in librsa. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution.

An overflow in a global variable sBuffer leads to a Write-What-Where outcome. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer. The attacker can gain control of the instruction pointer. A stack buffer overflow in webs in Ruckus Wireless Unleashed through Code execution can occur via a custom AT command handler buffer overflow. In MiniShare before 1. NOTE: this product is discontinued.

A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory.

This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation.

Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory. These types of memory corruptions can allow for code execution under the context of the application. An issue was discovered on Tenda AC6 V1. There is a buffer overflow vulnerability in the router\’s web server — httpd. An attacker can construct a payload to carry out arbitrary code execution attacks. Morita Shogi 64 through for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0xb3e94 aka the IF subcommand to top-level command 7 has a stack-based buffer overflow.

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5.

This may result in remote code execution or denial of service. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code.

SecureCRT before 8. WebAccess Node Version 8. Advantech WebAccess Node, Version 8. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

The Zscaler Client Connector for Windows prior to 2. An adversary would potentially have been able to execute arbitrary code with system privileges. An attacker can leverage this vulnerability to execute code in the context of the admin user. An attacker can leverage this vulnerability to execute code in the context of the root user. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution. A stack-based buffer overflow in cvmd on Draytek Vigor, Vigor, and VigorB devices before 1.

A stack-based buffer overflow in apmd on Draytek Vigor, Vigor, and VigorB devices before 1. A buffer overflow vulnerability in Code::Blocks A flaw was found in grub2, prior to version 2. This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access.

With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB. This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

In Advantech WebAccess, Versions 8. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution. The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. There is a stack-based buffer overflow in the httpd binary. The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution.

A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network.

The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel.

In ImageMagick 7. GStreamer before 1. An integer underflow issue exists in ntfs-3g The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions.

After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution. Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares.

Dahua has released versions of the affected products to fix the vulnerability. The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

More typically, this vulnerability will result in denial-of-service conditions. The Broadcom brcmfmac WiFi driver prior to commit 1b5ebe8bceddeff is vulnerable to a heap buffer overflow. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE, can be used remotely. In libstagefright, there is a possible out of bounds write due to a heap buffer overflow.

Architectural Information System 1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code issue 1 of 2. On Netis WF with firmware 2.

This can cause denial of service device restart or remote code execution. Processing a maliciously crafted text file may lead to arbitrary code execution. This issue is fixed in macOS Mojave Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.

TightVNC code version 1. This attack appear to be exploitable via network connectivity. Kaspersky Lab Antivirus Engine version before UltraVNC revision has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision UltraVNC revision has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution.

UltraVNC revision has a heap buffer overflow vulnerability in VNC server code inside file transfer handler, which can potentially result code execution. UltraVNC revision has multiple heap buffer overflow vulnerabilities in VNC client code inside Ultra decoder, which results in code execution.

These vulnerabilities have been fixed in revision Adobe Acrobat and Reader versions , This vulnerability impacted SMA version 9. Stack-based buffer overflow in SonicWall SMA allows an unauthenticated user to execute arbitrary code in function libSys.

An unauthenticated attacker can submit a Host header value of bytes or more to overflow the buffer and overwrite the SEH address, which can then be leveraged to execute attacker-controlled code on the server.

By sending specially crafted ICMP echo request packets, a remote authenticated attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges.

This is related to the CcspCommonLibrary module. Multiple stack-based buffer overflow vulnerabilities, caused by a lack of proper validation of the length of user-supplied data, may allow remote code execution. The process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage these vulnerabilities to execute code under the context of the current process. The memory layout allows the attacker to inject OS commands into a data structure located immediately after the problematic buffer i.

Each call writes a piece of heap data, and multiple calls overwrite the data in the heap. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.

Buffer overflow in GNU Wget 1. An integer overflow leading to an incorrect capacity of a buffer in JavaScript in Google Chrome prior to An attacker tricks the user to install a malicious application, successful exploit could cause malicious code execution.

A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attacker can send a specially crafted packet to trigger the parsing of this cache file.

A subnetmask value of length 0x3d9 will cause the service to crash. A specially crafted J2K image file can cause an out of bounds write of a null byte in a heap buffer, potentially resulting in code execution. An attack can specially craft a J2K image to trigger this vulnerability. A specially crafted J2K image file can cause an out of bounds write of a heap buffer, potentially resulting in code execution.

A specially crafted set of packets can cause a heap buffer overflow, potentially resulting in code execution. An attacker can send unauthenticated packets to trigger this vulnerability. A specially crafted set of packets can cause a stack buffer overflow, resulting in code execution.

An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV, before version 4. A specially crafted JSON file can cause a buffer overflow, resulting in multiple heap corruptions and potentially code execution. An attacker can provide a specially crafted file to trigger this vulnerability. An exploitable heap buffer overflow vulnerability exists in the data structure persistence functionality of OpenCV 4.

A specially crafted XML file can cause a buffer overflow, resulting in multiple heap corruptions and potential code execution. A specially crafted XPM image can cause an integer overflow in the colorhash function, allocating too small of a buffer. This buffer can then be written out of bounds, resulting in a heap overflow, ultimately ending in code execution.

An attacker can display a specially crafted image to trigger this vulnerability. A specially crafted XPM image can cause an integer overflow, allocating too small of a buffer. This buffer can then be written out of bounds resulting in a heap overflow, ultimately ending in code execution. A specially crafted file can cause an integer overflow, resulting in too little memory being allocated, which can lead to a buffer overflow and potential code execution.

An attacker can provide a specially crafted image file to trigger this vulnerability. A missing error handler can lead to a buffer overflow and potential code execution. Words library, version A specially crafted doc file can cause a stack-based buffer overflow, resulting in remote code execution. An attacker needs to provide a malformed file to the victim to trigger this vulnerability. An exploitable command execution vulnerability exists in the ASN1 certificate writing functionality of Openweave-core version 4.

A specially crafted weave certificate can trigger a heap-based buffer overflow, resulting in code execution. An attacker can craft a weave certificate to trigger this vulnerability. An exploitable command execution vulnerability exists in the print-tlv command of Weave tool.

A specially crafted weave TLV can trigger a stack-based buffer overflow, resulting in code execution. An attacker can trigger this vulnerability by convincing the user to open a specially crafted Weave command. While parsing a document text info container, the TxMasterStyleAtom::parse function is incorrectly checking the bounds corresponding to the number of style levels, causing a vtable pointer to be overwritten, which leads to code execution.

This could allow execution of arbitrary code on the local system or the application to crash. By sending an overly long request, a remote attacker could overflow a buffer and execute arbitrary code on the system with instance id privileges or cause the server or storage agent to crash. Advantech WebAccess before 8. The Crestron AM firmware 1.

A remote, unauthenticated attacker can use this vulnerability to execute arbitrary code as root via a crafted request to the return.

An attacker can leverage this vulnerability to potentially execute arbitrary code. An unauthenticated attacker may potentially exploit this vulnerability to execute arbitrary code on the system with privileges of the FTP client by sending specially crafted input data to the affected system. The FTP code that contained the vulnerability has been removed. An unauthenticated remote attacker may potentially exploit this vulnerability to crash the webserver or execute arbitrary code on the system with privileges of the webserver by sending specially crafted input data to the affected system.

The issue affects WhatsApp for Android prior to v2. This can be utilized to conduct arbitrary code execution on a victim\’s machine.

The HAL service has a buffer overflow that leads to arbitrary code execution. In the Lustre file system before 2. Product: Android. Versions: Android Android ID: A In radare2 through 4. This integer overflow will result in a Use-After-Free for the buffer tokens, which can be filled with arbitrary malicious data after the free.

This allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via crafted input. By sending a specially crafted hostname, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash. Broadcom based cable modems across multiple vendors are vulnerable to a buffer overflow, which allows a remote attacker to execute arbitrary code at the kernel level via JavaScript run in a victim\’s browser.

Examples of affected products include Sagemcom F st prior to In all versions of libyang before 1. An application that uses libyang to parse untrusted YANG files may be vulnerable to this flaw, which would allow an attacker to cause a denial of service or possibly gain code execution. Multiple vulnerabilities in the web management interface of Cisco Small Business Series Smart Switches could allow an unauthenticated, remote attacker to overflow a buffer, which then allows the execution of arbitrary code with root privileges on the underlying operating system.

The vulnerabilities are due to insufficient validation of user-supplied input and improper boundary checks when reading data into an internal buffer. An attacker could exploit these vulnerabilities by sending malicious requests to the web management interface of an affected device. An attacker could exploit this vulnerability by sending a crafted LLDP packet to the targeted device. A successful exploit may lead to a buffer overflow condition that could either cause a DoS condition or allow the attacker to execute arbitrary code with root privileges.

Note: This vulnerability cannot be exploited by transit traffic through the device; the crafted packet must be targeted to a directly connected interface. There is no size verification logic in one of functions in libscheddl. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code with the privileges of the user running DiagAnywhere Server.

In Fuji Electric V-Server 4. An attacker could use a specially crafted project file to exploit and execute code under the privileges of the application. In MiniShare 1. That leads attacker to execute arbitrary code by sending a crafted filename. Exim 4. File Sharing Wizard 1. Integard Pro 2. A vulnerability in the vContainer of the Cisco SD-WAN Solution could allow an authenticated, remote attacker to cause a denial of service DoS condition and execute arbitrary code as the root user.

The vulnerability is due to improper bounds checking by the vContainer. An attacker could exploit this vulnerability by sending a malicious file to an affected vContainer instance. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected vContainer, which could result in a DoS condition that the attacker could use to execute arbitrary code as the root user. A successful exploit could allow the attacker to cause a buffer overflow and execute arbitrary code as root.

Nexus Series Switches are affected in versions prior to 7. Nexus Platform Switches are affected in versions prior to 6. Nexus Platform Switches are affected in versions prior to 7.

Nexus , , , and Series Switches are affected in versions prior to 7. Nexus and Series Switches are affected in versions prior to 7. Texas Instruments CCx and WL18xx dual-mode Bluetooth controller devices, when LE scan mode is used, allow remote attackers to trigger a buffer overflow via a malformed Bluetooth Low Energy advertising packet, to cause a denial of service or potentially execute arbitrary code.

TigerVNC version prior to 1. This vulnerability occurs due to insufficient sanitization of PixelFormat. Since remote attacker can choose offset from start of the buffer to start writing his values, exploitation of this vulnerability could potentially result into remote code execution.

Vulnerability occurs due to the signdness error in processing MemOutStream. Exploitation of this vulnerability could potentially result into remote code execution. Vulnerability could be triggered from CopyRectDecoder due to incorrect value checks. TurboVNC server code contains stack buffer overflow vulnerability in commit prior to ceaee0dbfae. This could possibly result into remote code execution, since stack frame is not protected with stack canary.

To exploit this vulnerability authorization on server is required. This could allow an attacker to cause a race condition that leads to a crash of the entire device. Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.

A logic error in the Hints::Hints function of Poppler v A vulnerability has been identified in OpenV2G V0. Thus, an attacker could introduce a buffer overflow that leads to memory corruption. Applications built with an affected system publicly expose the internal project structure. This could allow an unauthenticated remote attacker to read confidential information. Affected application is missing general HTTP security headers in the web server configured on port This could aid attackers by making the servers more prone to clickjacking, channel downgrade attacks and other similar client-based attack vectors.

A remote attacker could exploit this vulnerability to cause a Denial-of-Service condition. The affected devices must be restarted manually. An attacker can exploit this bug to cause a Denial of Service Segmentation fault or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. Span is used for oState of Collab.

This could allow an unauthenticated remote attacker to crash affected devices. The webserver of affected devices calculates session ids and nonces in an insecure manner. This could allow an unauthenticated remote attacker to brute-force session ids and hijack existing sessions. An unauthenticated attacker could log into the component Shared HIS used in Spectrum Power systems by using an account with default credentials. A successful exploitation could allow the attacker to access the component Shared HIS with administrative privileges.

Affected devices do not properly validate if a certain SNMP key exists. An attacker could use this to trigger a reboot of an affected device by requesting specific SNMP information from the device. When returning the result of a completed Microflow execution call the affected framework does not correctly verify, if the request was initially made by the user requesting the result. Together with predictable identifiers for Microflow execution calls, this could allow a malicious attacker to retrieve information about arbitrary Microflow execution calls made by users within the affected system.

Initial passwords are generated in an insecure manner. This could allow an unauthenticated remote attacker to efficiently brute force passwords in specific situations. In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts.

When a user opens a manipulated Portable Document Format. SAP Financial Consolidation – version A successful exploitation could expose information and in worst case manipulate data before the start screen is executed, resulting in limited impact on confidentiality and integrity of the application.

Fiori launchpad – versions , , , does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability.

The vulnerability exists because the application fails to handle a crafted PDFTron file, which causes an unhandled exception. An attacker can leverage this vulnerability to execute arbitrary code. The integrated web server could allow Cross-Site Scripting XSS attacks if unsuspecting users are tricked into accessing a malicious link. This can be used by an attacker to trigger a malicious request on the affected device. The webserver of an affected device is missing specific security headers.

This could allow an remote attacker to extract confidential session information under certain circumstances. The integrated web server of the affected device could allow remote attackers to perform actions with the permissions of a victim user, provided the victim user has an active session and is induced to trigger the malicious request. The handling of arguments such as IP addresses in the CLI of affected devices is prone to buffer overflows. This could allow an authenticated remote attacker to execute arbitrary code on the device.

Affected devices do not properly validate the HTTP headers of incoming requests. When querying the database, it is possible to sort the results using a protected field. With this an authenticated attacker could extract information about the contents of a protected field. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. This could allow an attacker to create a denial of service condition for TCP services on affected devices by sending specially crafted TCP segments.

The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.

System reset of the product is required for recovery. The specific flaw exists within the parsing of JPEG images. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated structure.

A system reset of the products is required for recovery. In versions prior to 1. Users unable to upgrade should validate and PDFs prior to iterating over their content stream. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS payloads in the profiles, which gets triggered when any other user try to access the edit profile page. The pdf editor tool has an edit pdf profile functionality, the logoFile parameter in it is not properly sanitized and an user can enter relative paths like..

Later when a pdf is exported using the edited profile the pdf icon has the image on that path if image is present. Both issues require an attacker to be able to login to LAM admin interface. The issue is fixed in version 7.

The attacker must hijack or obtain privileged user access to the Parameters page in order to exploit this issue. The uploaded file is stored within the database and copied to the sync web folder if the attacker visits a certain. SCE files.

The sc SUID binary on affected devices provides several commands that are used to execute system commands or modify system files. A specific set of operations using sc could allow local attackers to escalate their privileges to root.

Under certain conditions SAP Business Objects Business Intelligence Platform – versions , , allows an authenticated attacker to access information which would otherwise be restricted. This reflected cross-site scripting attack can be used to non-permanently deface or modify displayed content of portal Website. The Simple Diagnostics Agent – versions 1. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader Foxit reader The specific flaw exists within the handling of XFA forms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. The specific flaw exists within the parsing of JP2 images. Crafted data in a JP2 image can trigger a write past the end of an allocated buffer.

The specific flaw exists within the handling of AcroForms. The specific flaw exists within the parsing of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated structure. By performing actions in JavaScript, an attacker can trigger a read past the end of an allocated buffer. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader Foxit reader The specific flaw exists within the OnMouseExit method.

If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data. The tcserver. An authenticated attacker could escape the WinCC Kiosk Mode by opening the printer dialog in the affected application in case no printer is installed.

Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges. A privileged authenticated attacker could execute arbitrary commands in the local database by sending specially crafted requests to the webserver of the affected application.

An attacker could then be able to sniff the network and capture sensitive information. The login functionality of the application does not employ any countermeasures against Password Spraying attacks or Credential Stuffing attacks.

An attacker could obtain a list of valid usernames on the device by exploiting the issue and then perform a precise Password Spraying or Credential Stuffing attack in order to obtain access to at least one account. The login functionality of the application fails to normalize the response times of login attempts performed with wrong usernames with the ones executed with correct usernames.

A remote unauthenticated attacker could exploit this side-channel information to perform a username enumeration attack and identify valid usernames. The web application returns an AuthToken that does not expire at the defined auto logoff delay timeout. An attacker could be able to capture this token and re-use old session credentials or session IDs for authorization.

An attacker with user profile access privilege can retrieve the stored password hashes of other accounts and then successfully perform an offline cracking attack and recover the plaintext passwords of other users.

The web application fails to enforce an upper bound to the cost factor of the PBKDF2 derived key during the creation or update of an account. An attacker with the user profile access privilege could cause a denial of service DoS condition through CPU consumption by setting a PBKDF2 derived key with a remarkably high cost effort and then attempting a login to the so-modified account.

The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. Affected applications improperly assign permissions to critical directories and files used by the application processes.

If an attacker manages to trick a valid user into loading a malicious DLL, the attacker may be able to achieve code execution in Honeywell SoftMaster version 4. A local unprivileged attacker may escalate to administrator privileges in Honeywell SoftMaster version 4.

The integrated web application \”Online Help\” in affected product contains a Cross-Site Scripting XSS vulnerability that could be exploited if unsuspecting users are tricked into accessing a malicious link. Affected products contain an open redirect vulnerability.

An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.

Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. Simple Diagnostics Agent – versions 1. This allows information gathering which could be used exploit future open-source security exploits. A feature was introduced in version 3. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data.

A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability.

Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled. Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.

It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack.

The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: – TLS clients consuming server certificates – TLS servers consuming client certificates – Hosting providers taking certificates or private keys from customers – Certificate authorities parsing certification requests from subscribers – Anything else which parses ASN.

In the OpenSSL 1. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature.

This issue affects OpenSSL versions 1. It was addressed in the releases of 1. Fixed in OpenSSL 3. Fixed in OpenSSL 1. Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files.

The specific flaw exists within the parsing of PDF files. Crafted data in a PDF file can trigger a read past the end of an allocated buffer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. The component allows to activate a web server module which provides unauthenticated access to its web pages.

This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files.

A vulnerability has been identified in Simcenter Femap V Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. Affected application contains a memory corruption vulnerability while parsing NEU files.

Affected application contains a type confusion vulnerability while parsing NEU files. In the IPv4 implementation in the Linux kernel before 5.

In the IPv6 implementation in the Linux kernel before 5. A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process. Attackers might achieve persistence on the system \”backdoors\” or cause a denial of service. Affected applications use a circumventable access control within a database service.

This could allow an attacker to access the database. Apache Log4j2 versions 2. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted.

This issue was fixed in Log4j 2. Log4j 2. The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user. An unauthenticated attacker could access the files by knowing the corresponding download links. An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device.

Acrobat Reader DC version Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click \’allow\’ on the warning message of a malicious file.

A vulnerability has been identified in SiPass integrated V2. Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. Affected applications insufficiently limit the access to the internal activity feed database. This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries.

Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.

JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files.

JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files.

JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files. JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files.

JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files. JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files.

Apache Log4j2 2. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2. From version 2. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects. The underlying MQTT service of affected systems does not perform authentication in the default configuration.

This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system. The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system.

The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution. The plmxmlAdapterSE The Image.

The Jt The DLpdfl. This could allow an attacker to cause a denial-of-service condition. An attacker with valid administrative credentials could exploit this vulnerability by submitting a malicious Lua script. When this file is processed, an exploitable buffer overflow condition could occur. A successful exploit could allow the attacker to execute arbitrary code with root privileges on the underlying Linux OS of the affected device. The vulnerability exists because of insufficiently validated Cisco Discovery Protocol packet headers.

An attacker could exploit this vulnerability by sending a crafted Cisco Discovery Protocol packet to a Layer 2-adjacent affected device. A successful exploit could allow the attacker to cause a buffer overflow that could allow the attacker to execute arbitrary code as root or cause a DoS condition on the affected device.

Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device Layer 2 adjacent.

A buffer overflow in the web server of Flexense DupScout Enterprise A buffer overflow in the web interface allows attackers to achieve pre-authentication remote code execution. A stack-based buffer overflow vulnerability in FortiWeb 6. A specially crafted STL file can lead to code execution.

A stack-based buffer overflow vulnerability exists in the Objparser::objparse functionality of Prusa Research PrusaSlicer 2. A specially crafted obj file can lead to code execution. A heap-based buffer overflow vulnerability exists in the configuration server functionality of the Cosori Smart 5. A specially crafted JSON object can lead to remote code execution. A heap-based buffer overflow privilege escalation vulnerability in Trend Micro ServerProtect for Linux 3.

An attacker must first obtain the ability to execute high-privileged code on the target in order to exploit this vulnerability. Affected applications lack proper validation of user-supplied data when parsing PAR files. This could lead to a stack based buffer overflow. This affects Rv2 V1. An issue was discovered on Samsung mobile devices with Q Exim 4 before 4. A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files.

An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application. The affected product is vulnerable to a heap-based buffer overflow, which may allow an attacker to manipulate memory with controlled values and remotely execute code on the OPC UA Tunneller versions prior to 6. Opening a specifically crafted OPC UA message could allow an attacker to crash the server and remotely execute code.

Affected applications lack proper validation of user-supplied data when parsing of PCX files. Affected applications lack proper validation of user-supplied data when parsing CGM files. This could lead to a stack based buffer overflow while trying to copy to a buffer in the font index handling function. This could lead to a stack based buffer overflow while trying to copy to a buffer during font string handling.

Affected applications lack proper validation of user-supplied data when parsing of TGA files. This could lead to a heap-based buffer overflow. Affected applications lack proper validation of user-supplied data when parsing of JT files. This has been fixed in version: ICW v3. Successful exploitation leads to arbitrary code execution. The impact is: execute arbitrary code remote.

The attack vector is: a specific DNS response packet. An attacker can impersonate an Access Point and attack a vulnerable Wi-Fi client, by injecting a crafted packet into the WPA2 handshake. The attacker needs to know the network\’s PSK in order to exploit this. A flaw was found in dnsmasq before version 2. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc The highest threat from this vulnerability is to system availability.

A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. A flaw was found in dnsmasq before 2. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine.

The flaw is in the rfc The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

An issue was discovered on Samsung mobile devices with O 8. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. Opening a specially crafted project file could allow an attacker to exploit and execute code under the privileges of the application. The affected product is vulnerable to three stack-based buffer overflows, which may allow an unauthenticated attacker to remotely execute arbitrary code on the IP firmware versions 5.

The affected product is vulnerable to five post-authentication buffer overflows, which may allow a logged in user to remotely execute arbitrary code on the IP firmware versions 5. This allows remote takeover of a Furbo Dog Camera, for example. Buffer overflow in Yz1 0. Buffer Overflow vulnerability in FFMpeg 4. An issue was discovered in retdec v3. Buffer overflow vulnerability in function NumberToPrecisionCmd in jsish before 3.

Buffer Overflow vulnerability in FFmpeg 4. A stack-based buffer overflow in the httpd server on Tenda AC9 V A buffer overflow vulnerability in the PAN-OS management web interface allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.

A buffer overflow vulnerability in PAN-OS allows an unauthenticated attacker to disrupt system processes and potentially execute arbitrary code with root privileges by sending a malicious request to the Captive Portal or Multi-Factor Authentication interface.

An unauthenticated stack-based buffer overflow vulnerability in common. A buffer overflow vulnerability in the authd component of the PAN-OS management server allows authenticated administrators to disrupt system processes and potentially execute arbitrary code with root privileges.

A buffer overflow vulnerability in the PAN-OS management server allows authenticated users to crash system processes or potentially execute arbitrary code with root privileges. A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges.

A stack-based buffer overflow vulnerability in the management server component of PAN-OS allows an authenticated user to upload a corrupted PAN-OS configuration and potentially execute code with root privileges. Buffer overflow in pdf2json 0. E products with versions of The program copies an input buffer to an output buffer without verification.

An attacker in the adjacent network could send a crafted message, successful exploit could lead to stack buffer overflow which may cause malicious code execution. Libjpeg-turbo all version have a stack-based buffer overflow in the \”transform\” component. A remote attacker can send a malformed jpeg file to the service and cause arbitrary code execution or denial of service of the target service.

An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the kernel. A heap-based buffer overflow was found in QEMU through 5. A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

A stack buffer overflow vulnerability in the device control daemon DCD on Juniper Networks Junos OS allows a low privilege local user to create a Denial of Service DoS against the daemon or execute arbitrary code in the system with root privilege. Versions of Junos OS prior to Multiple buffer overflow vulnerabilities exist when LeviStudioU Version and prior processes project files. A heap-based buffer overflow may be exploited by processing a specially crafted project file.

A stack-based buffer overflow may be exploited by processing a specially crafted project file. This occurs during packet transmission and affects the highbank and midway emulated machines.

A guest user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service or potential privileged code execution. This was fixed in commit ab43ecac60be This issue affects: Victure PC firmware version 1. These could be triggered by an extremely large number of arguments to the initrd command on bit architectures, or a crafted filesystem with very large files on any architecture.

This issue affects GRUB2 version 2. This issue will occur only when untrusted communication is initiated with server. In cloud, Agent will always connect with trusted communication. Multiple buffer overflow vulnerabilities exist in CGI scripts, leading to remote code execution with root privileges. The set of affected scripts is similar to CVE The driver\’s IOCTL request handler attempts to copy the input buffer onto the stack without checking its size and can cause a buffer overflow.

This could lead to arbitrary Ring-0 code execution and escalation of privileges. This affects DirectIo The specific flaw exists within the handling of string table file uploads. An attacker can leverage this vulnerability to execute code in the context of the web server.

In libIEC before version 1. This can cause an application crash or on some platforms even the execution of remote code. If your application is used in open networks or there are untrusted nodes in the network it is highly recommend to apply the patch. This was patched with commit ab5b. Users of version 1. As a workaround changes of commit ab5b can be applied to older versions.

Sophos XG Firewall Hotfix HF Buffer overflows were discovered in Contiki-NG 4. The function parsing the received SNMP request does not verify the input message\’s requested variables against the capacity of the internal SNMP engine buffer. This makes it possible to overwrite stack regions beyond the allocated buffer, including the return address from the function.

As a result, the code execution path may be redirected to an address provided in the SNMP bulk get payload. If the target architecture uses common addressing space for program and data memory, it may also be possible to supply code in the SNMP request payload, and redirect the execution path to the remotely injected code, by modifying the function\’s return address.

Softing Industrial Automation all versions prior to the latest build of version 4. The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to remotely execute arbitrary code. These flaws allow a malicious client or server to send specially crafted messages that, when processed by the QUIC image compression algorithm, result in a process crash or potential code execution.

A vulnerability in the MIME message handling of the Notes client versions 9 and 10 could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the client or inject code into the system which would execute with the privileges of the client. A successful exploit could enable an attacker to crash Domino or execute attacker-controlled code on the server system.

A vulnerability in the MIME message handling of the Domino server versions 9 and 10 could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow. This could allow a remote attacker to crash the server or inject code into the system which would execute with the privileges of the server. A vulnerability in the input parameter handling of HCL Notes v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow.

This could allow the attacker to crash the program or inject code into the system which would execute with the privileges of the currently logged in user. A vulnerability in the input parameter handling of HCL Client Application Access v9 could potentially be exploited by an authenticated attacker resulting in a stack buffer overflow. A vulnerability in the MIME message handling of the HCL Notes v9 client could potentially be exploited by an unauthenticated attacker resulting in a stack buffer overflow.

This could allow a remote attacker to crash the Notes application or inject code into the system which would execute with the privileges of the currently logged-in user. There is a buffer overflow in librsa.

The overflow allows an authenticated user to execute arbitrary code by POSTing to apply. Air Force Sensor Data Management System extract75 has a buffer overflow that leads to code execution.

An overflow in a global variable sBuffer leads to a Write-What-Where outcome. By controlling that pointer, one achieves an arbitrary write when its fields are assigned. The data written is from a potentially untrusted NITF file in the form of an integer.

The attacker can gain control of the instruction pointer. A stack buffer overflow in webs in Ruckus Wireless Unleashed through Code execution can occur via a custom AT command handler buffer overflow.

In MiniShare before 1. NOTE: this product is discontinued. A specially crafted document can cause the document parser to explicitly trust a length from a particular record type and use it to write a bit null relative to a buffer allocated on the stack. Due to a lack of bounds-checking on this value, this can allow an attacker to write to memory outside of the buffer and controllably corrupt memory.

This can allow an attacker to earn code execution under the context of the application. An attacker can entice the victim to open a document to trigger this vulnerability. A specially crafted document can cause the document parser perform arithmetic that may overflow which can result in an undersized heap allocation. Later when copying data from the file into this allocation, a heap-based buffer overflow will occur which can corrupt memory.

These types of memory corruptions can allow for code execution under the context of the application. An issue was discovered on Tenda AC6 V1. There is a buffer overflow vulnerability in the router\’s web server — httpd. An attacker can construct a payload to carry out arbitrary code execution attacks. Morita Shogi 64 through for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0xb3e94 aka the IF subcommand to top-level command 7 has a stack-based buffer overflow.

Addressed multiple stack buffer overflow vulnerabilities that could allow an attacker to carry out escalation of privileges through unauthorized remote code execution in Western Digital My Cloud devices before 5. This may result in remote code execution or denial of service. Attackers can bypass the Secure Bootloader protection mechanism via a heap-based buffer overflow to execute arbitrary code.

SecureCRT before 8. WebAccess Node Version 8. Advantech WebAccess Node, Version 8. Multiple stack-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution. The Zscaler Client Connector for Windows prior to 2.

An adversary would potentially have been able to execute arbitrary code with system privileges. An attacker can leverage this vulnerability to execute code in the context of the admin user.

An attacker can leverage this vulnerability to execute code in the context of the root user. The secure bootloade has a buffer overflow of the USB buffer, leading to arbitrary code execution.

A stack-based buffer overflow in cvmd on Draytek Vigor, Vigor, and VigorB devices before 1. A stack-based buffer overflow in apmd on Draytek Vigor, Vigor, and VigorB devices before 1. A buffer overflow vulnerability in Code::Blocks A flaw was found in grub2, prior to version 2.

This flaw also allows the bypass of Secure Boot protections. In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access. With this access, an attacker could then craft a string to cause a buffer overflow by injecting a malicious payload that leads to arbitrary code execution within GRUB.

This condition can be potentially exploited into a Remote Code Execution vector on the authenticating endpoint. Multiple heap-based buffer overflow vulnerabilities exist caused by a lack of proper validation of the length of user-supplied data, which may allow remote code execution.

In Advantech WebAccess, Versions 8. A stack-based buffer overflow vulnerability caused by a lack of proper validation of the length of user-supplied data may allow remote code execution.

The effect may range from heap corruption to stack corruption depending on the structure of the underlying Kerberos library, with unknown effects but possibly including code execution. There is a stack-based buffer overflow in the httpd binary. The Zephyr MQTT parsing code performs insufficient checking of the length field on publish messages, allowing a buffer overflow and potentially remote code execution.

A buffer overflow in various positions of the web application might enable an attacker with access to the web application to execute arbitrary code over the network. The shell subsystem contains a buffer overflow, whereby an adversary with physical access to the device is able to cause a memory corruption, resulting in denial of service or possibly code execution within the Zephyr kernel.

In ImageMagick 7. GStreamer before 1. An integer underflow issue exists in ntfs-3g The vulnerability exits in the function of redirection display for serial port printing information, which can not be used by product basic functions. After an attacker logs in locally, this vulnerability can be exploited to cause device restart or arbitrary code execution.

Dahua has identified the corresponding security problems in the static code auditing process, so it has gradually deleted this function, which is no longer available in the newer devices and softwares. Dahua has released versions of the affected products to fix the vulnerability. The Broadcom wl WiFi driver is vulnerable to a heap buffer overflow. In the worst case scenario, by sending specially-crafted WiFi packets, a remote, unauthenticated attacker may be able to execute arbitrary code on a vulnerable system.

More typically, this vulnerability will result in denial-of-service conditions. The Broadcom brcmfmac WiFi driver prior to commit 1b5ebe8bceddeff is vulnerable to a heap buffer overflow. This vulnerability can be exploited with compromised chipsets to compromise the host, or when used in combination with CVE, can be used remotely.

In libstagefright, there is a possible out of bounds write due to a heap buffer overflow. Architectural Information System 1. A Buffer overflow in the built-in web server allows remote attackers to initiate DoS, and probably to execute arbitrary code issue 1 of 2. On Netis WF with firmware 2. This can cause denial of service device restart or remote code execution. Processing a maliciously crafted text file may lead to arbitrary code execution. This issue is fixed in macOS Mojave Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.

TightVNC code version 1. This attack appear to be exploitable via network connectivity. Kaspersky Lab Antivirus Engine version before UltraVNC revision has a heap buffer overflow vulnerability in VNC server code inside file transfer offer handler, which can potentially in result code execution. This attack appears to be exploitable via network connectivity. This vulnerability has been fixed in revision UltraVNC revision has a heap buffer overflow vulnerability in VNC server code inside file transfer request handler, which can potentially result in code execution.

Axis IP Camera authentication bypass and command injection. Liferay Portal Apache Felix command injection. HP Intelligent Management Center uam. Atlassian Crowd pdkinstall arbitrary plugin installation.

Serv-U Web Client session cookie handling buffer overflow. HP Photo Creations audio. ReGet Deluxe. Microsoft IIS 5. Internet Explorer inline content filename extension vulnerability. Microsoft IIS. Microsoft SQL Server resolution service buffer overflow. Linux kernel ptrace privilege elevation vulnerability.

FrontPage fp30reg. MDaemon WorldClient form2raw. Windows compressed folders buffer overflow. Microsoft WINS replication service pointer corruption. SHOUTcast filename format string vulnerability. Solaris loadable kernel module directory traversal. Internet Explorer Content Advisor memory corruption. Computer Associates License Service invalid command buffer overflow.

Microsoft Color Management Module profile tag buffer overflow. Internet Explorer COM object instantiation vulnerability. ViRobot Server web interface addschup buffer overflow. RealPlayer invalid chunk header heap overflow. Oracle Security Component sys. Citrix Program Neighborhood name buffer overflow. Mercury Mail Transport System Phonebook service buffer overflow. Dataspace ActiveX control vulnerability.

Mozilla Firefox QueryInterface method memory corruption. Safari archive metadata command execution. Internet Explorer isComponentInstalled buffer overflow. Microsoft Visual Studio. Internet Explorer createTextRange memory corruption. SpamAssassin spamd vpopmail user vulnerability.

Cyrus IMAP pop3d popsubfolders buffer overflow. Symantec real-time scan service buffer overflow. Microsoft Step-by-Step Interactive Training bookmark buffer overflow. Mozilla Firefox JavaScript Navigator object vulnerability.

Microsoft PowerPoint malformed data record vulnerability. Microsoft Client Service for NetWare tree name buffer overflow. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing attacks. The specific exploit requires the application to run on Tomcat as a WAR deployment.

If the application is deployed as a Spring Boot executable jar, i. However, the nature of the vulnerability is more general, and there may be other ways to exploit it. A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 8.

Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution. Simple Diagnostics Agent – versions 1. This allows information gathering which could be used exploit future open-source security exploits. A feature was introduced in version 3. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data.

A specially-crafted PDF document can trigger an exception which is improperly handled, leaving the engine in an invalid state, which can lead to memory corruption and arbitrary code execution.

An attacker needs to trick the user to open the malicious file to trigger this vulnerability. Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.

It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack.

The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. Thus vulnerable situations include: – TLS clients consuming server certificates – TLS servers consuming client certificates – Hosting providers taking certificates or private keys from customers – Certificate authorities parsing certification requests from subscribers – Anything else which parses ASN.

In the OpenSSL 1. However any operation which requires the public key from the certificate will trigger the infinite loop. In particular the attacker can use a self-signed certificate to trigger the loop during verification of the certificate signature. This issue affects OpenSSL versions 1. It was addressed in the releases of 1.

Fixed in OpenSSL 3. Fixed in OpenSSL 1. Affected application contains a stack based buffer overflow vulnerability while parsing specially crafted BDF files. The specific flaw exists within the parsing of PDF files.

Crafted data in a PDF file can trigger a read past the end of an allocated buffer. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. The component allows to activate a web server module which provides unauthenticated access to its web pages. This could allow an attacker to retrieve debug-level information from the component such as internal network topology or connected systems. Affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted NEU files.

A vulnerability has been identified in Simcenter Femap V Affected application contains a stack based buffer overflow vulnerability while parsing NEU files. Affected application contains a memory corruption vulnerability while parsing NEU files. Affected application contains a type confusion vulnerability while parsing NEU files.

In the IPv4 implementation in the Linux kernel before 5. In the IPv6 implementation in the Linux kernel before 5. A service is started by an unquoted registry entry. As there are spaces in this path, attackers with write privilege to those directories might be able to plant executables that will run in place of the legitimate process.

Attackers might achieve persistence on the system \”backdoors\” or cause a denial of service. Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. Apache Log4j2 versions 2. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2. Log4j 2. The web server of the affected system allows access to logfiles and diagnostic data generated by a privileged user.

An unauthenticated attacker could access the files by knowing the corresponding download links. An undocumented debug port uses hard-coded default credentials.

If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. Acrobat Reader DC version Acrobat Reader DC displays a warning message when a user clicks on a PDF file, which could be used by an attacker to mislead the user. In affected versions, this warning message does not include custom protocols when used by the sender. User interaction is required to abuse this vulnerability as they would need to click \’allow\’ on the warning message of a malicious file.

A vulnerability has been identified in SiPass integrated V2. Affected applications insufficiently limit the access to the internal user authentication service. This could allow an unauthenticated remote attacker to trigger several actions on behalf of valid user accounts. Affected applications insufficiently limit the access to the internal activity feed database.

This could allow an unauthenticated remote attacker to read, modify or delete activity feed entries. Affected applications insufficiently limit the access to the internal message broker system. This could allow an unauthenticated remote attacker to subscribe to arbitrary message queues. A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges.

JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. JTTK library in affected products contains an out of bounds write past the end of an allocated structure while parsing specially crafted JT files.

JTTK library in affected products contains a use-after-free vulnerability that could be triggered while parsing specially crafted JT files. JTTK library in affected products contains an out of bounds write past the fixed-length heap-based buffer while parsing specially crafted JT files.

JTTK library in affected products is vulnerable to an out of bounds read past the end of an allocated buffer when parsing specially crafted JT files.

JTTK library in affected products is vulnerable to memory corruption condition while parsing specially crafted JT files. JTTK library in affected products is vulnerable to an out of bounds write past the end of an allocated structure while parsing specially crafted JT files. JTTK library in affected products is vulnerable to stack based buffer overflow while parsing specially crafted JT files.

JTTK library in affected products contains a use after free vulnerability that could be triggered while parsing specially crafted JT files. Apache Log4j2 2. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2. From version 2. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

The underlying MQTT service of affected systems does not perform authentication in the default configuration. This could allow an unauthenticated remote attacker to send arbitrary messages to the service and thereby issue arbitrary requests in the affected system.

The affected systems do not properly validate input that is sent to the underlying message passing framework. This could allow an remote attacker to trigger a denial of service of the affected system.

The affected firmware contains a buffer overflow vulnerability in the web application that could allow a remote attacker with engineer or admin priviliges to potentially perform remote code execution. The plmxmlAdapterSE The Image. The Jt The DLpdfl. This could allow an attacker to cause a denial-of-service condition. In Mahara before Additional, in Mahara before An attacker could achieve privilege escalation on the web server of certain devices due to improper access control vulnerability in the engineering system software.

The attacker needs to have direct access to the impacted web server. Applications built with affected versions of Mendix Studio Pro do not properly control read access for certain client actions. This could allow authenticated attackers to retrieve the changedDate attribute of arbitrary objects, even when they don\’t have read access to them.

Applications built with affected versions of Mendix Studio Pro do not properly control write access for certain client actions. This could allow authenticated attackers to manipulate the content of System. FileDocument objects in some cases, regardless whether they have write access to it. This could result in an out of bounds write past the end of an allocated structure. The RSA white-box implementation in affected applications insufficiently protects the built-in private keys that are required to decrypt electronic intellectual property IP data in accordance with the IEEE recommended practice.

This could allow a sophisticated attacker to discover the keys, bypassing the protection intended by the IEEE recommended practice. When downloading files, the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read unexpected critical files.

The affected file download function is disabled by default. An unauthenticated remote attacker could exploit this issue to access sensitive information for subsequent attacks. The third-party component, in its TFTP functionality fails to check for null terminations in file names. If an attacker were to exploit this, it could result in data corruption, and possibly a hard-fault of the application. Within a third-party component, the process to allocate partition size fails to check memory boundaries.

Therefore, if a large amount is requested by an attacker, due to an integer-wrap around, it could result in a small size being allocated instead. Within a third-party component, whenever memory allocation is requested, the out of bound size is not checked. Therefore, if size exceeding the expected allocation is assigned, it could allocate a smaller buffer instead. If an attacker were to exploit this, they could cause a heap overflow. If an attacker were to exploit this, they could act as a man-in-the-middle and eavesdrop on encrypted communications.

A timing attack, in a third-party component, could make the retrieval of the private key possible, used for encryption of sensitive data. If a threat actor were to exploit this, the data integrity and security could be compromised. Applications built with affected versions of Mendix Studio Pro do not prevent file documents from being cached when files are opened or downloaded using a browser.

This could allow a local attacker to read those documents by exploring the browser cache. An improper input validation vulnerability in the web server could allow an unauthenticated user to access device information. A vulnerability has been identified in Teamcenter Active Workspace V4. The application contains an unsafe unzipping pattern that could lead to a zip path traversal attack. This could allow and attacker to execute a remote shell with admin rights. Affected devices write crashdumps without checking if enough space is available on the filesystem.

Once the crashdump fills the entire root filesystem, affected devices fail to boot successfully. An attacker can leverage this vulnerability to cause a permanent Denial-of-Service. The handling of log files in the web application of affected devices contains an information disclosure vulnerability which could allow logged in users to access sensitive files.

The affected application contains a use-after-free vulnerability while parsing OBJ files. The affected application is vulnerable to information disclosure by unexpected access to an uninitialized pointer while parsing user-supplied OBJ files.

The affected application is vulnerable to an out of bounds read past the end of an allocated buffer when parsing JT files. An attacker could leverage this vulnerability to leak information in the context of the current process ZDI-CAN Adobe Acrobat Reader DC version An attacker could leverage this vulnerability to bypass mitigations such as ASLR.

A specially-crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. This could allow an attacker to create a Denial-of-Service condition.

A restart is needed to restore normal operations. The web server of affected devices transmits data without TLS encryption. This could allow an unauthenticated remote attacker in a man-in-the-middle position to read sensitive data, such as administrator credentials, or modify data in transit.

The affected systems store sensitive information in log files. An attacker with access to the log files could publicly expose the information or reuse it to develop further attacks on the system. The affected component stores the credentials of a local system account in a potentially publicly accessible project file using an outdated cipher algorithm. An attacker may use this to brute force the credentials and take over the system. The password hash of a local user account in the remote server could be granted via public API to a user on the affected system.

An authenticated attacker could brute force the password hash and use it to login to the server. Legitimate file operations on the web server of the affected systems do not properly neutralize special elements within the pathname. An attacker could then cause the pathname to resolve to a location outside of the restricted directory on the server and read, write or delete unexpected critical files. A path traversal vulnerability in the application could allow an attacker to bypass certain restrictions such as direct access to other services within the host.

The affected application contains Insecure Direct Object Reference IDOR vulnerability that allows an attacker to use user-supplied input to access objects directly. The \”surrogate\” functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover.

An attacker can write to an arbitrary file, and display controlled contents, during signature verification. PDFTron prior to 9. This vulnerability can be exploited to execute arbitrary code. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.

Exploitation requires user interaction in that a victim must open a crafted PDF file in Acrobat Reader. Adobe Framemaker versions Update 8 and earlier and Release Update 2 and earlier are affected by a use-after-free vulnerability in the processing of a malformed PDF file that could result in disclosure of sensitive memory.

Adobe Framemaker versions Update 8 and earlier and Release Update 2 and earlier are affected by a memory corruption vulnerability due to insecure handling of a malicious PDF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.

Adobe Framemaker versions Update 8 and earlier and Release Update 2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user.

It allows memory corruption during conversion of a PDF document to a different document format. It allows stack consumption during recursive processing of embedded XML nodes.

It allows writing to arbitrary files via submitForm. It allows an out-of-bounds read via util. Corel PDF Fusion 2. PDF Labs pdftk-java v3. Any authenticated user can create scheduled reports containing PDF screenshots of any view in the NagiosXI application.

Due to lack of input sanitisation, the target page can be replaced with an SSRF payload to access internal resources or disclose local system files. The SSH server on affected devices is configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data passed over the connection between legitimate clients and the affected device.

Improper neutralization of special characters on the web server configuration page could allow an attacker, in a privileged position, to retrieve sensitive information via cross-site scripting. The affected application assigns improper access rights to a specific folder containing configuration files. Received webpackets are not properly processed. An unauthenticated remote attacker with access to any of the Ethernet interfaces could send specially crafted packets to force a restart of the target device.

A restart of the affected device is needed to restore normal operations. The plmxmlAdapterIFC. This could allow an attacker to cause a denial-of-service condition or read sensitive information from memory locations. The IFC adapter in affected application contains a use-after-free vulnerability that could be triggered while parsing user-supplied IFC files. This could allow an attacker to manipulate the SINEC NMS configuration by tricking an unsuspecting user with administrative privileges to click on a malicious link.

An attacker with access to the webserver of an affected system could download arbitrary files from the underlying filesystem by sending a specially crafted HTTP request. An attacker could exploit this vulnerability to perform cross-site request forgery attacks. This could allow an attacker to execute arbitrary SQL statements. This could allow an attacker to inject malicious code that is executed when loading the attachment.

This could allow an attacker to store malicious files. An unauthenticated attacker in the same network of the affected system could manipulate certain parameters and set a valid user of the affected software as invalid or vice-versa. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve a list of network devices a known user can manage.

An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software. The affected software has an information disclosure vulnerability that could allow an attacker to retrieve VPN connection for a known user.

An adjacent attacker with network access to the LAN interface could interfere with traffic, spoof the connection and gain access to sensitive information. An unauthenticated attacker could change the the password of any user in the system under certain circumstances. With this an attacker could impersonate any valid user on an affected system.

The affected software allows sending send-to-sleep notifications to the managed devices. An unauthenticated attacker in the same network of the affected system can abuse these notifications to cause a Denial-of-Service condition in the managed devices.

An unauthenticated remote attacker could exploit this vulnerability to cause interruptions in the network by sending specially crafted OSPF packets. Successful exploitation requires OSPF to be enabled on an affected device.