Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

Delta Electronics CNCSoft-B DOPSoft

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: CNCSoft-B DOPSoft Vulnerabilities: Stack-based Buffer Overflow, Heap-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to exploit a buffer overflow condition and remotely execute arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of CNCSoft-B DOPSoft, a human machine interface (HMI), are affected: CNCSoft-B DOPSoft: versions 1.0.0.4 and prior 3.2 VULNERABILITY OVERVIEW 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 Delta Electronics' CNCSoft-B DOPSoft versions 1.0.0.4 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code. CVE-2023-25177 has been assigned to this vulnerability. A CVSS v3 base score of 7.8 has been assigned; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). 3.2.2 HEAP-BASED BUFFER OVERFLOW CWE-122 Delta Elect...

us-cert
Open in Source
#vulnerability#web#mac#buffer_overflow#zero_day
Zyxel Firewalls Under Attack! Urgent Patching Required

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday placed two recently disclosed flaws in Zyxel firewalls to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities, tracked as CVE-2023-33009 and CVE-2023-33010, are buffer overflow vulnerabilities that could enable an unauthenticated attacker to cause a

CVE-2022-48188: Multi-vendor BIOS Security Vulnerabilities (May 2023) - Lenovo Support US

A buffer overflow vulnerability in the SecureBootDXE BIOS driver of some Lenovo Desktop and ThinkStation models could allow an attacker with local access to elevate their privileges to execute arbitrary code.

CVE-2023-33693

A buffer overflow in EasyPlayerPro-Win v3.2.19.0106 to v3.6.19.0823 allows attackers to cause a Denial of Service (DoS) via a crafted XML file.

CVE-2023-27989

A buffer overflow vulnerability in the CGI program of the Zyxel NR7101 firmware versions prior to V1.00(ABUV.8)C0 could allow a remote authenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.

CVE-2023-22862: Security Bulletin: IBM Aspera Connect and IBM Aspera Cargo has addressed multiple vulnerabilities (CVE-2023-22862, CVE-2023-27285)

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 transmits authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval. IBM X-Force ID: 244107.

CVE-2023-27285: IBM Aspera buffer overflow CVE-2023-27285 Vulnerability Report

IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625.

CVE-2023-33670: Tenda-CVE/README.md at main · DDizzzy79/Tenda-CVE

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the time parameter in the sub_4a79ec function.

CVE-2023-33669: Tenda-CVE/README.md at main · DDizzzy79/Tenda-CVE

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the timeZone parameter in the sub_44db3c function.

CVE-2023-33673: Tenda-CVE/README.md at main · DDizzzy79/Tenda-CVE

Tenda AC8V4.0-V16.03.34.06 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function.