#buffer_overflow

Apple Security Advisory 03-07-2024-5 - watchOS 10.4 addresses buffer overflow, bypass, and code execution vulnerabilities.

Apple Security Advisory 03-07-2024-4 - macOS Monterey 12.7.4 addresses buffer overflow, bypass, code execution, and out of bounds write vulnerabilities.

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Vulnerabilities: Improper Restriction of Operations within the Bounds of a Memory Buffer, Improper Input Validation, Missing Encryption of Sensitive Data, Incorrect Permission Assignment for Critical Resource, Expected Behavior Violation, Improper Authentication, Out-of-bounds Write, Use After Free, Inadequate Encryption Strength, Use of Insufficiently Random Values, Incorrect Authorization, Improper Locking, Improper Restriction of Rendered UI Layers or Frames, Improper Privilege Management, Missing Authorization, Cleartext Storage of Sensitive ...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 Vulnerabilities: Heap-based Buffer Overflow, External Control of File Name or Path, Improper Privilege Management, Uncontrolled Resource Consumption, Improper Certificate Validation, Out-of-bounds Write, Use of Externally-Controlled Format String 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute elevated actions, cause a denial-of-service, or execute arbitrary commands or code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Siemens RUGGEDCOM APE1808, an applicati...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).  View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: RUGGEDCOM APE1808 devices Vulnerabilities: Improper Certificate Validation, Cleartext Transmission of Sensitive Information, Path Traversal, Exposure of Sensitive Information to an Unauthorized Actor, Cross-site Scripting, Permissive List of Allowed Inputs, Relative Path Traversal, Improper Restriction of Excessive Authentication Attempts, Use of Externally-Controlled Format String, Access of Uninitialized Pointer, Out-of-bounds Write, Open Redirect, Improper Input Validation, Insertion of Sensitive Information into Log File, Heap-based Buffer Overflow, ...

Red Hat Security Advisory 2024-1305-03 - An update for edk2 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a buffer overflow vulnerability.

There exists a buffer overflow vulnerability in the TP-Link TL-WR740 router that can allow an attacker to crash the web server running on the router by sending a crafted request.

Debian Linux Security Advisory 5637-1 - Several security vulnerabilities have been discovered in Squid, a full featured web proxy cache. Due to programming errors in Squid's HTTP request parsing, remote attackers may be able to execute a denial of service attack by sending large X-Forwarded-For header or trigger a stack buffer overflow while performing HTTP Digest authentication. Other issues facilitate request smuggling past a firewall or a denial of service against Squid's Helper process management.

## Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3qx3-6hxr-j2ch. This link is maintained to preserve external references. ## Original Description Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components.

RT-Thread RTOS versions 5.0.2 and below suffer from multiple buffer overflows, a weak random source in rt_random driver, and various other vulnerabilities.