Buffer overflow

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2...

UBUNTU-CVE-2023-32181

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2...

CVE-2023-32181 Stack buffer overflow in "econf_writeFile" function

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2...

CVE-2023-32181

CVE-2023-32181 is a buffer overflow vulnerability in openSUSE libeconf (affecting libeconf up to version 0.5.1). The issue is triggered by malformed configuration files that allow a DoS via improper input size handling in the library’s code path referenced as a stack-based overflow in econf_write...

CVE-2023-32181 Stack buffer overflow in "econf_writeFile" function

A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf allows for DoS via malformed configuration files This issue affects libeconf: before 0.5.2...

PT-2023-18604

Name of the Vulnerable Software and Affected Versions libeconf versions prior to 0.5.2 Description A Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in openSUSE libeconf leads to Denial of Service DoS via malformed config files. Recommendations For versions prio...

CVE-2023-2758 Contec CONPROSYS HMI System (CHS) v3.5.2 Denial of Service

A denial of service vulnerability exists in Contec CONPROSYS HMI System versions 3.5.2 and prior. When there is a time-zone mismatch in certain configuration files, a remote, unauthenticated attacker may deny logins for an extended period of time...

PT-2023-21222 · Contec · Contec Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: Contec CONPROSYS HMI System versions 3.5.2 and prior Description: A denial of service issue exists due to a time-zone mismatch in certain configuration files. This allows a remote, unauthenticated attacker to deny logins for an extended perio...

CVE-2022-39071

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission...

CVE-2023-32696 Excessive permissions for ckan user

CKAN is an open-source data management system for powering data hubs and data portals. Prior to versions 2.9.9 and 2.10.1, the ckan user equivalent to www-data owned code and configuration files in the docker container and the ckan user had the permissions to use sudo. These issues allowed for co...

CVE-2022-39071

There is an unauthorized access vulnerability in some ZTE mobile phones. If a malicious application is installed on the phone, it could overwrite some system configuration files and user installers without user permission...

Fedora: Security Advisory for python-vkbasalt-cli (FEDORA-2023-328397d034)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 37 Update: python-vkbasalt-cli-3.1.1.post1-1.fc37

vkbasalt-cli is a CLI utility and library in conjunction with vkBasalt. This makes generating configuration files or running vkBasalt with games easier. This is mainly convenient in environments where integrating vkBasalt is wishful, for example a GUI application. Integrating vkbasalt-cli allows ...

[SECURITY] Fedora 38 Update: python-vkbasalt-cli-3.1.1.post1-1.fc38

vkbasalt-cli is a CLI utility and library in conjunction with vkBasalt. This makes generating configuration files or running vkBasalt with games easier. This is mainly convenient in environments where integrating vkBasalt is wishful, for example a GUI application. Integrating vkbasalt-cli allows ...

git: arbitrary configuration injection when renaming or deleting a section from a configuration file

A vulnerability was found in Git. This security flaw occurs when renaming or deleting a section from a configuration file, where certain malicious configuration values may be misinterpreted as the beginning of a new configuration section. This flaw leads to arbitrary configuration injection...

TOTOLINK N200RE Information Disclosure Vulnerability

The TOTOLINK N200RE is a router from China's Gion Electronics TOTOLINK. An information disclosure vulnerability exists in the TOTOLINK N200RE v9.3.5u.6255B20211224, which stems from insufficient protection of sensitive information in the squashfs-root/etcro/custom.conf in the Telnet service...

Cisco DNA Center Information Disclosure (cisco-sa-dnac-infodisc-pe7zAbdR)

The version of Cisco DNA Center installed on the remote host is prior to 2.3.3.7 or is 2.3.5.0. It may, therefore, be affected by an information disclosure vulnerability if configured for PnP operation and to push configuration files to other Cisco external devices on the network. Due to improper...

(Pwn2Own) Lexmark MC3224i snmpUTIL Improper Input Validation Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Lexmark MC3224i printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the snmpUTIL binary. The issue results from the lack of proper...

CVE-2023-2632 API keys stored and displayed in plain text by Code Dx Plugin

Jenkins Code Dx Plugin 3.1.0 and earlier stores Code Dx server API keys unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system...

CVE-2023-32982

CVE-2023-32982 affects the Jenkins Ansible Plugin (versions including 204.v8191fd551eb_f and earlier). The underlying issue is that extra variables passed to Ansible were stored unencrypted in job config.xml on the Jenkins controller, allowing visibility to users with Item/Extended Read permissio...