Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2022-44158

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function via set_device_name.

CVE
Open in Source
#buffer_overflow
CVE-2022-44163

Tenda AC21 V16.03.08.15 is vulnerable to Buffer Overflow via function formSetMacFilterCfg.

CVE-2022-44169: IoT_vuln/Tenda/AC15/formSetVirtualSer at main · RobinWang825/IoT_vuln

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function formSetVirtualSer.

CVE-2022-44168: IoT_vuln/Tenda/AC15/fromSetRouteStatic at main · RobinWang825/IoT_vuln

Tenda AC15 V15.03.05.18 is vulnerable to Buffer Overflow via function fromSetRouteStatic..

CVE-2022-44167

Tenda AC15 V15.03.05.18 is avulnerable to Buffer Overflow via function formSetPPTPServer.

ZTE ZXHN-H108NS Stack Buffer Overflow / Denial Of Service

ZTE ZXHN-H108NS router with firmware version H108NSV1.0.7u_ZRD_GR2_A68 remote stack buffer overflow exploit that causes a denial of service condition.

CVE-2022-34667: Security Bulletin: NVIDIA CUDA Toolkit - October 2022

NVIDIA CUDA Toolkit SDK contains a stack-based buffer overflow vulnerability in cuobjdump, where an unprivileged remote attacker could exploit this buffer overflow condition by persuading a local user to download a specially crafted corrupted file and execute cuobjdump against it locally, which may lead to a limited denial of service and some loss of data integrity for the local user.

CVE-2022-41894: Fix a potential buffer overflow issue in reference kernel of the CONV… · tensorflow/tensorflow@72c0bdc

TensorFlow is an open source platform for machine learning. The reference kernel of the `CONV_3D_TRANSPOSE` TensorFlow Lite operator wrongly increments the data_ptr when adding the bias to the result. Instead of `data_ptr += num_channels;` it should be `data_ptr += output_num_channels;` as if the number of input channels is different than the number of output channels, the wrong result will be returned and a buffer overflow will occur if num_channels > output_num_channels. An attacker can craft a model with a specific number of input channels. It is then possible to write specific values through the bias of the layer outside the bounds of the buffer. This attack only works if the reference kernel resolver is used in the interpreter. We have patched the issue in GitHub commit 72c0bdcb25305b0b36842d746cc61d72658d2941. The fix will be included in TensorFlow 2.11. We will also cherrypick this commit on TensorFlow 2.10.1, 2.9.3, and TensorFlow 2.8.4, as these are also affected and still in ...

Debian Security Advisory 5285-1

Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.

Analysts Welcome NSA's Advice for Developers to Adopt Memory-Safe Languages

Languages such as C and C++ rely too heavily on the programmer not making simple memory-related security errors.