| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. |
| An issue was discovered in Adobe Digital Editions 4.5.6 and earlier versions. An exploitable memory corruption vulnerability exists, which could lead to disclosure of memory addresses. |
| An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. |
| An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and earlier versions. An exploitable memory corruption vulnerability exists. Successful exploitation could lead to arbitrary code execution. |
| Buffer overflow in the SoftConsole client in Avaya IP Office before 10.1.1 allows remote servers to execute arbitrary code via a long response. |
| soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt before 0.2.8461-beta26 has a heap buffer overflow with the potential for arbitrary code execution via a crafted PSM File that triggers use of the same sample slot for two samples. |
| Heap buffer overflow in the yr_object_array_set_item() function in object.c in YARA 3.x allows a denial-of-service attack by scanning a crafted .NET file. |
| The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file. |
| There is a heap-based buffer overflow in the Image::printIFDStructure function of image.cpp in Exiv2 0.26. A Crafted input will lead to a remote denial of service attack. |
| There is a Segmentation fault in the XmpParser::terminate() function in Exiv2 0.26, related to an exit call. A Crafted input will lead to a remote denial of service attack. |
| Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to write shellcode at any address in the heap; this can be used to execute arbitrary code on the router by hosting a crafted device description XML document at a URL specified within a Location header in an SSDP response. |
| Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code on the router by hosting a crafted device description XML document (that includes a serviceType element) at a URL specified within a Location header in an SSDP response. |
| The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file. |
| In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ext/intl/msgformat/msgformat_parse.c does not restrict the locale length, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact within International Components for Unicode (ICU) for C/C++ via a long first argument to the msgfmt_parse_message function. |
| Stack-based buffer overflow in ASUS_Discovery.c in networkmap in Asuswrt-Merlin firmware for ASUS devices and ASUS firmware for ASUS RT-AC5300, RT_AC1900P, RT-AC68U, RT-AC68P, RT-AC88U, RT-AC66U, RT-AC66U_B1, RT-AC58U, RT-AC56U, RT-AC55U, RT-AC52U, RT-AC51U, RT-N18U, RT-N66U, RT-N56U, RT-AC3200, RT-AC3100, RT_AC1200GU, RT_AC1200G, RT-AC1200, RT-AC53, RT-N12HP, RT-N12HP_B1, RT-N12D1, RT-N12+, RT_N12+_PRO, RT-N16, and RT-N300 devices allows remote attackers to execute arbitrary code via long device information that is mishandled during a strcat to a device list. |
| The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows attackers to cause a denial of service (invalid write or read) or possibly have unspecified other impact via a crafted Ruby script, related to the parser_tokadd_utf8 function in parse.y. NOTE: this might have security relevance as a bypass of a $SAFE protection mechanism. |
| Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via malformed ASN.1 streams in V2C and similar input files. |
| Stack buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to execute arbitrary code via language packs containing filenames longer than 1024 characters. |
| Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all versions ranging from HASP SRM 2.10 to Sentinel LDK 7.50, allows remote attackers to shut down the remote process (a denial of service) via a language pack (ZIP file) with invalid HTML files. |
| Stack-based buffer overflow in GCoreServer.exe in the server in Geutebrueck Gcore 1.3.8.42 and 1.4.2.37 allows remote attackers to execute arbitrary code via a long URI in a GET request. |
