Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2023-39751: iotvul/tp-link/20/WR941ND_userRpm_PingIframeRpm_buffer_write_out-of-bounds_vulnerability.md at main · a101e-IoTvul/iotvul

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.

CVE
Open in Source
#vulnerability#git#buffer_overflow
CVE-2023-40072: Multiple vulnerabilities in ELECOM and LOGITEC network devices

OS command injection vulnerability in WAB-S600-PS all versions, and WAB-S300 all versions allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.

CVE-2023-39672: Bug-Report/Tenda/WH450 buffer overflow.md at main · Davidteeri/Bug-Report

Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets.

CVE-2023-39670: Bug-Report/Tenda/AC6 buffer overflow.md at main · Davidteeri/Bug-Report

Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets.

CVE-2023-39673: Bug-Report/Tenda/AC15 Impoper Input Validation.md at main · Davidteeri/Bug-Report

Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().

​ICONICS and Mitsubishi Electric Products

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: ICONICS, Mitsubishi Electric ​Equipment: ICONICS Product Suite ​Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer Dereference 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could result in information disclosure, denial-of-service, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​ICONICS reports these vulnerabilities affect the following products using OpenSSL: ​ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.2 3.2 VULNERABILITY OVERVIEW 3.2.1 ​CLASSIC BUFFER OVERFLOW CWE-120 ​A denial of service and potential crash vulnerability due to a buffer overrun condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the X.509 certificate name constraint checking. ​CVE-2022-3602 has been assigned to this vulnerability. A CVSS v3 base s...

CVE-2023-29182: Fortiguard

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.

Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations

Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that’s used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. Cybersecurity company Tenable said the shortcomings are the result of buffer

CVE-2023-38858: A SEGV vulnerability found in faad2 · Issue #173 · knik0/faad2

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.

CVE-2023-38857: A heap-buffer-overflow vulnerability found in mp4read.c:449:63 · Issue #171 · knik0/faad2

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.