Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2021-45918: 健保卡網路服務元件 - Heap-based Buffer Overflow

NHI’s health insurance web service component has insufficient validation for input string length, which can result in heap-based buffer overflow attack. A remote attacker can exploit this vulnerability to flood the memory space reserved for the program, in order to terminate service without authentication, which requires a system restart to recover service.

CVE
#vulnerability#web#mac#windows#ubuntu#linux#buffer_overflow#auth
Red Hat Security Advisory 2022-5002-01

Red Hat Security Advisory 2022-5002-01 - The Advanced Virtualization module provides the user-space component for running virtual machines that use KVM in environments managed by Red Hat products. Issues addressed include buffer overflow, integer overflow, and memory leak vulnerabilities.

Kitty 0.76.0.8 Stack Buffer Overflow

Kitty version 0.76.0.8 suffers from a buffer overflow vulnerability.

Infiray IRAY-A8Z3 1.0.957 Code Execution / Overflow / Hardcoded Credentials

Infiray IRAY-A8Z3 thermal camera version 1.0.957 suffers from hardcoded web credential, authenticated remote code execution, buffer overflow, lack of password for root, and outdated software component vulnerabilities.

Zyxel Buffer Overflow / Format String / Command Injection

Zyxel firewalls, AP controllers, and APs suffer from buffer overflow, format string, and command injection vulnerabilities.

CVE-2022-2125

Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.

CVE-2021-46822: libjpeg-turbo rdppm.c denial of service Vulnerability Report

The PPM reader in libjpeg-turbo through 2.0.90 mishandles use of tjLoadImage for loading a 16-bit binary PPM file into a grayscale buffer and loading a 16-bit binary PGM file into an RGB buffer. This is related to a heap-based buffer overflow in the get_word_rgb_row function in rdppm.c.

CVE-2022-29496: TALOS-2022-1524 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the BlynkConsole.h runCommand functionality of Blynk -Library v1.0.1. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE-2022-33756: Support Content Notification - Support Portal - Broadcom support portal

CA Automic Automation 12.2 and 12.3 contain an entropy weakness vulnerability in the Automic AutomationEngine that could allow a remote attacker to potentially access sensitive data.

CVE-2022-30650: Adobe Security Bulletin

Adobe InCopy versions 17.2 (and earlier) and 16.4.1 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.