In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to an off-by-one heap-based buffer overflow during the cleaning of crafted syslog msgs (received from authenticated remote agents and delivered to the analysisd processing queue by ossec-remoted).
Max CVSS
9.8
EPSS Score
18.21%
Published
2020-01-30
Updated
2022-04-26
In OSSEC-HIDS 2.7 through 3.5.0, the server component responsible for log analysis (ossec-analysisd) is vulnerable to a heap-based buffer overflow in the rootcheck decoder component via an authenticated client.
Max CVSS
8.8
EPSS Score
1.50%
Published
2020-01-30
Updated
2022-09-12
opj_t1_clbl_decode_processor in openjp2/t1.c in OpenJPEG 2.3.1 through 2020-01-28 has a heap-based buffer overflow in the qmfbid==1 case, a different issue than CVE-2020-6851.
Max CVSS
8.8
EPSS Score
1.28%
Published
2020-01-28
Updated
2021-04-02
MmsValue_decodeMmsData in mms/iso_mms/server/mms_access_result.c in libIEC61850 through 1.4.0 has a heap-based buffer overflow when parsing the MMS_BIT_STRING data type.
Max CVSS
8.8
EPSS Score
0.23%
Published
2020-01-14
Updated
2020-01-24
tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.
Max CVSS
6.8
EPSS Score
0.36%
Published
2020-01-16
Updated
2021-02-14
libmysofa 0.9.1 has a stack-based buffer overflow in readDataVar in hdf/dataobject.c during the reading of a header message attribute.
Max CVSS
8.8
EPSS Score
0.37%
Published
2020-01-13
Updated
2022-02-20
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c because of lack of opj_j2k_update_image_dimensions validation.
Max CVSS
7.5
EPSS Score
1.24%
Published
2020-01-13
Updated
2022-04-29
In mruby 2.1.0, there is a stack-based buffer overflow in mrb_str_len_to_dbl in string.c.
Max CVSS
9.8
EPSS Score
0.47%
Published
2020-01-11
Updated
2020-01-13
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
Max CVSS
7.9
EPSS Score
0.15%
Published
2020-01-23
Updated
2023-03-01
FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.
Max CVSS
8.8
EPSS Score
0.50%
Published
2020-01-03
Updated
2024-03-08
libImaging/FliDecode.c in Pillow before 6.2.2 has an FLI buffer overflow.
Max CVSS
7.1
EPSS Score
0.19%
Published
2020-01-03
Updated
2023-01-24
libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX P mode buffer overflow.
Max CVSS
9.8
EPSS Score
0.98%
Published
2020-01-03
Updated
2020-08-18
libImaging/SgiRleDecode.c in Pillow before 6.2.2 has an SGI buffer overflow.
Max CVSS
9.8
EPSS Score
0.83%
Published
2020-01-03
Updated
2020-08-18
libImaging/TiffDecode.c in Pillow before 6.2.2 has a TIFF decoding integer overflow, related to realloc.
Max CVSS
8.8
EPSS Score
0.28%
Published
2020-01-03
Updated
2023-01-24
In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Max CVSS
9.8
EPSS Score
1.20%
Published
2020-01-28
Updated
2020-02-07
In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Max CVSS
9.8
EPSS Score
1.20%
Published
2020-01-28
Updated
2020-02-07
In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Max CVSS
9.8
EPSS Score
1.20%
Published
2020-01-28
Updated
2020-02-07
In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.
Max CVSS
9.8
EPSS Score
1.20%
Published
2020-01-28
Updated
2020-02-07
In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
Max CVSS
7.8
EPSS Score
0.22%
Published
2020-01-28
Updated
2020-02-03
In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.
Max CVSS
7.8
EPSS Score
0.22%
Published
2020-01-28
Updated
2020-02-03
In uftpd before 2.11, there is a buffer overflow vulnerability in handle_PORT in ftpcmd.c that is caused by a buffer that is 16 bytes large being filled via sprintf() with user input based on the format specifier string %d.%d.%d.%d. The 16 byte size is correct for valid IPv4 addresses (len('255.255.255.255') == 16), but the format specifier %d allows more than 3 digits. This has been fixed in version 2.11
Max CVSS
8.8
EPSS Score
16.62%
Published
2020-01-06
Updated
2020-01-18
IBM Watson IoT Message Gateway 2.0.0.x, 5.0.0.0, 5.0.0.1, and 5.0.0.2 is vulnerable to a buffer overflow, caused by improper bounds checking when handling a failed HTTP request with specific content in the headers. By sending a specially crafted HTTP request, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause a denial of service. IBM X-Force ID: 174972.
Max CVSS
9.8
EPSS Score
0.75%
Published
2020-01-28
Updated
2020-02-03
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic, and possibly remote code execution, due to the lack of validation for specific fields of packets sent by a client. Interaction between req_capsule_get_size and tgt_brw_write leads to a tgt_shortio2pages integer signedness error.
Max CVSS
9.8
EPSS Score
1.63%
Published
2020-01-27
Updated
2020-01-29
In the Lustre file system before 2.12.3, the ptlrpc module has a buffer overflow and panic due to the lack of validation for specific fields of packets sent by a client. The function target_handle_connect() mishandles a certain size value when a client connects to a server, because of an integer signedness error.
Max CVSS
7.8
EPSS Score
0.48%
Published
2020-01-27
Updated
2020-01-28
A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.
Max CVSS
6.5
EPSS Score
0.29%
Published
2020-01-22
Updated
2023-09-19
103 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!