Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2023-29468

The Texas Instruments (TI) WiLink WL18xx MCP driver does not limit the number of information elements (IEs) of type XCC_EXT_1_IE_ID or XCC_EXT_2_IE_ID that can be parsed in a management frame. Using a specially crafted frame, a buffer overflow can be triggered that can potentially lead to remote code execution. This affects WILINK8-WIFI-MCP8 version 8.5_SP3 and earlier.

CVE
Open in Source
#rce#pdf#buffer_overflow#wifi
CVE-2023-40359: XTERM - Change Log

xterm before 380 supports ReGIS reporting for character-set names even if they have unexpected characters (i.e., neither alphanumeric nor underscore), aka a pointer/overflow issue.

CVE-2023-4322: Fix 1byte heap oobread in the brainfuck disassembler · radareorg/radare2@ba919ad

Heap-based Buffer Overflow in GitHub repository radareorg/radare2 prior to 5.9.0.

Data center flaws spurred disruptions, espionage and malware attacks

By Waqas Trellix's researchers uncovered a series of vulnerabilities in two prominent data center equipment vendors: CyberPower and Dataprobe. This is a post from HackRead.com Read the original post: Data center flaws spurred disruptions, espionage and malware attacks

CVE-2023-40305: Index of /gnu/indent

GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.

CVE-2023-40295: Heap Overflows in Libboron v2.0.8 · Issue #3 · 0branch/boron

libboron in Boron 2.0.8 has a heap-based buffer overflow in ur_strInitUtf8 at string.c.

CVE-2023-40296: Stack Buffer Overflow in static void ReceiveFrom(UDPSocket* udpSocket) at udpsocket.hpp · Issue #32 · eminfedar/async-sockets-cpp

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in ReceiveFrom and Receive in udpsocket.hpp when processing malformed UDP packets.

CVE-2023-3262: The Threat Lurking in Data Centers – Hack Power Management Systems, Take All the Power

The Dataprobe iBoot PDU running firmware version 1.43.03312023 or earlier uses hard-coded credentials for all interactions with the internal Postgres database.A malicious agent with the ability to execute operating system commands on the device can leverage this vulnerability to read, modify, or delete arbitrary database records.

CVE-2023-4265: Two potential buffer overflow vulnerabilities in Zephyr USB code

Potential buffer overflow vulnerabilities in the following locations: https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/drivers/usb/device/usb_dc_native_posix.c#L359 https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis... https://github.com/zephyrproject-rtos/zephyr/blob/main/subsys/usb/device/class/netusb/function_rndis.c#L841

Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk

Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe's iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry