Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2021-43528: Security Vulnerabilities fixed in Thunderbird 91.4.0

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.

CVE
#vulnerability#dos#java#perl#buffer_overflow#dell#chrome
CVE-2021-42757

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

CVE-2020-36133

AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.

CVE-2020-36131

AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.

CVE-2021-38575: Invalid Bug ID

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.

CVE-2019-8921: SSD Advisory – Linux BlueZ Information Leak and Heap Overflow - SSD Secure Disclosure

An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same.

CVE-2021-21899: TALOS-2021-1350 || Cisco Talos Intelligence Group

A code execution vulnerability exists in the dwgCompressor::copyCompBytes21 functionality of LibreCad libdxfrw 2.2.0-rc2-19-ge02f3580. A specially-crafted .dwg file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability.

CVE-2021-39922: 2021/CVE-2021-39922.json · master · GitLab.org / cves · GitLab

Buffer overflow in the C12.22 dissector in Wireshark 3.4.0 to 3.4.9 and 3.2.0 to 3.2.17 allows denial of service via packet injection or crafted capture file