#buffer_overflow

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

2 years ago

#vulnerability #web #intel #rce #buffer_overflow #auth #The Hacker News

CVE-2022-4141

The target's backtrace indicates that libc has detected a heap error or that the target was executing a heap function when it stopped. This could be due to heap corruption, passing a bad pointer to a heap function such as free(), etc. Since heap errors might include buffer overflows, use-after-free situations, etc. they are generally considered exploitable.

2 years ago

CVE

Open in Source

#buffer_overflow

Update Chrome Browser Now to Patch New Actively Exploited Zero-Day Flaw

Google on Thursday released software updates to address yet another zero-day flaw in its Chrome web browser. Tracked as CVE-2022-4135, the high-severity vulnerability has been described as a heap buffer overflow in the GPU component. Clement Lecigne of Google's Threat Analysis Group (TAG) has been credited with reporting the flaw on November 22, 2022. Heap-based buffer overflow bugs can be

2 years ago

The Hacker News

Open in Source

#vulnerability #web #mac #windows #google #microsoft #linux #buffer_overflow #zero_day #chrome #The Hacker News

CVE-2022-40282: security-assurance

The web server of Hirschmann BAT-C2 before 09.13.01.00R04 allows authenticated command injection. This allows an authenticated attacker to pass commands to the shell of the system because the dir parameter of the FsCreateDir Ajax function is not sufficiently sanitized. The vendor's ID is BSECV-2022-21.

2 years ago

CVE

Open in Source

#vulnerability #web #ios #dos #java #rce #buffer_overflow #auth #ssh #ssl

GHSA-995f-9x5r-2rcj: Heap buffer overflow in GPU

Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

2 years ago

ghsa

Open in Source

#google #git #buffer_overflow #chrome

CVE-2022-4135: Stable Channel Update for Desktop

2 years ago

CVE

Open in Source

#google #buffer_overflow #chrome

CVE-2022-44260

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter sPort/ePort in the setIpPortFilterRules function.

2 years ago

CVE

Open in Source

#buffer_overflow #auth

CVE-2022-44259

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter week, sTime, and eTime in the setParentalRules function.

2 years ago

CVE

Open in Source

#buffer_overflow #auth

CVE-2022-44258

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a post-authentication buffer overflow via parameter command in the setTracerouteCfg function.

2 years ago

CVE

Open in Source

#buffer_overflow #acer #auth

CVE-2022-44255

TOTOLINK LR350 V9.3.5u.6369_B20220309 contains a pre-authentication buffer overflow in the main function via long post data.