Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2024-7533: Chromium: CVE-2024-7534 Heap buffer overflow in Layout

**What is the version information for this release?** Microsoft Edge Channel Microsoft Edge Version Based on Chromium Version Date Released Stable 127.0.2651.98 127.0.6533.99/.100 8/8/2024

Microsoft Security Response Center
#microsoft#buffer_overflow#chrome#Microsoft Edge (Chromium-based)#Security Vulnerability
Apple libresolve Heap Buffer Overflow

libresolv's DNS packet handler suffered from heap out-of-bounds write to infinite-loop denial of service vulnerabilities. This is a proof of concept exploit from Google.

Gentoo Linux Security Advisory 202408-08

Gentoo Linux Security Advisory 202408-8 - A vulnerability has been discovered in json-c, which can lead to a stack buffer overflow. Versions greater than or equal to 0.16 are affected.

Delta Electronics DIAScreen

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a stack-based buffer overflow, resulting in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAScreen visualization software are affected: DIAScreen: Versions prior to 1.4.2 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. CVE-2024-7502 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-7502. A base score of 8.5 has been calculated; the...

Vonets WiFi Bridges

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Vonets Equipment: VAR1200-H, VAR1200-L, VAR600-H, VAP11AC, VAP11G-500S, VBG1200, VAP11S-5G, VAP11S, VAR11N-300, VAP11G-300, VAP11N-300, VAP11G, VAP11G-500, VBG1200, VAP11AC, VGA-1000 Vulnerabilities: Use of Hard-coded Credentials, Improper Access Control, Path Traversal, Command Injection, Improper Check or Handling of Exceptional Conditions, Stack Based Buffer Overflow, Direct Request 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to disclose sensitive information, cause a denial-of-service condition, or execute arbitrary code on the affected device. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS At least the following Vonets products are affected: VAR1200-H: Versions 3.3.23.6.9 and prior VAR1200-L: Versions 3.3.23.6.9 and prior VAR600-H: Versions 3.3.23.6.9 and prior VAP11AC: Versions 3.3.23.6.9 and prior VAP11G-500S: Versions 3.3.23.6.9 a...

Ubuntu Security Notice USN-6932-1

Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6931-1

Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6930-1

Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6929-1

Ubuntu Security Notice 6929-1 - It was discovered that the Hotspot component of OpenJDK 8 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered that the Hotspot component of OpenJDK 8 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6920-1

Ubuntu Security Notice 6920-1 - It was discovered that EDK II was not properly performing bounds checks in Tianocompress, which could lead to a buffer overflow. An authenticated user could use this issue to potentially escalate their privileges via local access. It was discovered that EDK II had an insufficient memory write check in the SMM service, which could lead to a page fault occurring. An authenticated user could use this issue to potentially escalate their privileges, disclose information and/or create a denial of service via local access.