Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2023-39670: Bug-Report/Tenda/AC6 buffer overflow.md at main · Davidteeri/Bug-Report

Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets.

CVE
Open in Source
#vulnerability#git#buffer_overflow
CVE-2023-39673: Bug-Report/Tenda/AC15 Impoper Input Validation.md at main · Davidteeri/Bug-Report

Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().

​ICONICS and Mitsubishi Electric Products

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: ICONICS, Mitsubishi Electric ​Equipment: ICONICS Product Suite ​Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer Dereference 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could result in information disclosure, denial-of-service, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​ICONICS reports these vulnerabilities affect the following products using OpenSSL: ​ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.2 3.2 VULNERABILITY OVERVIEW 3.2.1 ​CLASSIC BUFFER OVERFLOW CWE-120 ​A denial of service and potential crash vulnerability due to a buffer overrun condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the X.509 certificate name constraint checking. ​CVE-2022-3602 has been assigned to this vulnerability. A CVSS v3 base s...

CVE-2023-29182: Fortiguard

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.

Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations

Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that’s used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. Cybersecurity company Tenable said the shortcomings are the result of buffer

CVE-2023-38852: There are multiple heap-buffer-overflow vulnerability found in libxls · Issue #124 · libxls/libxls

Buffer Overflow vulnerability in libxlsv.1.6.2 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted XLS file to the unicode_decode_wcstombs function in xlstool.c:266.

CVE-2023-38850: AddressSanitizer: heap-buffer-overflow · Issue #15 · michaelrsweet/codedoc

Buffer Overflow vulnerability in Michaelrsweet codedoc v.3.7 allows an attacker to cause a denial of service via the codedoc.c:1742 comppnent.

CVE-2023-38858: A SEGV vulnerability found in faad2 · Issue #173 · knik0/faad2

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the mp4info function in mp4read.c:1039.

CVE-2023-38857: A heap-buffer-overflow vulnerability found in mp4read.c:449:63 · Issue #171 · knik0/faad2

Buffer Overflow vulnerability infaad2 v.2.10.1 allows a remote attacker to execute arbitrary code and cause a denial of service via the stcoin function in mp4read.c.

Ford says it’s safe to drive its cars with a WiFi vulnerability

Categories: Exploits and vulnerabilities Categories: News Tags: Ford Tags: Lincoln Tags: SYNC 3 Tags: CVE-2023-29468 Tags: TI WLink Tags: MCP driver A vulnerability in the SYNC 3 infotainment will not have a negative effect on driving safety, says Ford. (Read more...) The post Ford says it’s safe to drive its cars with a WiFi vulnerability appeared first on Malwarebytes Labs.