Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2021-40012: July

Vulnerability of pointers being incorrectly used during data transmission in the video framework. Successful exploitation of this vulnerability may affect confidentiality.

CVE
#vulnerability#android#buffer_overflow#huawei#auth
CVE-2021-39999: Security Advisory - Buffer Overflow Vulnerability in Some Huawei Products

There is a buffer overflow vulnerability in eSE620X vESS V100R001C10SPC200 and V100R001C20SPC200. An attacker can exploit this vulnerability by sending a specific message to the target device due to insufficient validation of packets. Successful exploit could cause a denial of service condition.

CVE-2021-41396: [Live-devel] A Heap-overflow in FD_ISSET

Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.

Schneider Electric Easergy P5 and P3 (Update A)

This updated advisory is a follow-up to the original advisory titled ICSA-22-055-03 Schneider Electric Easergy P5 and P3 that was published February 24, 2022, on the ICS webpage on cisa.gov/ics. This advisory contains mitigations for Use of Hard-coded Credentials, Classic Buffer Overflow, and Improper Input Validation vulnerabilities in Schneider Electric Easergy P5 and P3 medium voltage protection relays.

CVE-2022-32294: Zimbra Security Advisories - Zimbra :: Tech Center

Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created password (from the "zmprove ca" command). It is visible in cleartext on port UDP 514 (aka the syslog port).

CVE-2022-2343: Heap-based Buffer Overflow in function ins_compl_add in vim

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044.

CVE-2021-29281: Unrestricted File Upload | OWASP Foundation

File upload vulnerability in GFI Mail Archiver versions up to and including 15.1 via insecure implementation of Telerik Web UI plugin which is affected by CVE-2014-2217, and CVE-2017-11317.

Threat Source newsletter (July 7, 2022) — Teamwork makes the dream work

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  I’ve been thinking a lot recently about the pros and cons of the way we publicize our threat research. I had a few conversations at Cisco Live with people — who are more generally IT-focused than... [[ This is only the beginning! Please visit the blog for the complete entry ]]