CVE-2023-37457 Asterisk's PJSIP_HEADER dialplan function can overwrite memory/cause crash when using 'update'

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...

kernel: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perfoutputbegin parameter is incorrectly invoked in perfeventbpfoutput syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dumpstack+0x9c/0xd3...

CVE-2023-43886

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory...

CVE-2023-43886

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory...

CVE-2023-43886

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory...

Buffer overflow

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory...

CVE-2023-43886

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory...

CVE-2023-43886

A buffer overflow in the HTTP server component of Tenda RX9 Pro v22.03.02.20 might allow an authenticated attacker to overwrite memory...

CVE-2023-43886

The CVE-2023-43886 issue affects the Tenda RX9 Pro router (v22.03.02.20). A buffer overflow in the HTTP server component (due to improper validation of incoming data length/size) could allow an authenticated attacker to overwrite memory (potentially enabling arbitrary code execution or DoS as des...

Rocky Linux 8 : nginx:1.20 (RLSA-2022:0323)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:0323 advisory. - A security issue in nginx resolver was identified, which might allow an attacker who is able to forge UDP packets from the DNS server to cause 1-byte memory...

Buffer Overflows

qemu is vulnerable to Buffer Overflows. A guest I/O address overflow vulnerability allows an attacker to overwrite arbitrary memory on the host system by exploiting a flaw in the way that QEMU handles guest I/O operations...

Format string

A software vulnerability has been identified in the U-Boot Secondary Program Loader SPL before 2023.07 on select NXP i.MX 8M family processors. Under certain conditions, a crafted Flattened Image Tree FIT format structure can be used to overwrite SPL memory, allowing unauthenticated software to...

PT-2023-27894 · Huawei · Emui +1

Name of the Vulnerable Software and Affected Versions: Security module affected versions not specified Description: The issue is related to a memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability. Recommendations: At the...

PT-2023-5881 · Omron · Omron Fins Protocol

Name of the Vulnerable Software and Affected Versions: Omron FINS protocol affected versions not specified Description: The issue concerns the Omron FINS protocol's authenticated feature, which is intended to prevent access to memory regions. However, this authentication is susceptible to brute...

Amazon Linux 2 : php (ALASPHP8.0-2023-007)

The version of php installed on the remote host is prior to 8.0.16-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2PHP8.0-2023-007 advisory. A flaw was found in PHP. The vulnerability occurs due to the malformed phpfilterfloat function and leads to a use-after-free...

"rights" stored in memory is overwriting the memory block storing "from"

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. Expected code should keccak over packed encoding of rights,from,to but as 'rights' values are overwriting 'from' values. So values available for encoding is not as expected. Proof of Concept Provide...

CVE-2020-24165

A use-after-free vulnerability was found in the Tiny Code Generator TCG Accelerator in QEMU, where the TCG generated code can be in the same memory as the TB data structure. This flaw allows attackers to overwrite the UAF pointer with code produced from TCG and rewrite key pointer values, possibl...

Denial Of Service (DoS)

imagemagick is vulnerable to Denial of Service DoS attacks. This vulnerability occurs when ImageMagick parses a specially crafted image file. If the file is valid, ImageMagick could be tricked into overwriting memory in a heap buffer which could lead to a crash...

MOXA NPort 5110 Out-of-Bounds Write (CVE-2022-2044)

MOXA NPort 5110: Firmware Versions 2.10 is vulnerable to an out-of- bounds write that may allow an attacker to overwrite values in memory, causing a denial-of-service condition or potentially bricking the device. This plugin only works with Tenable.ot. Please visit...

PT-2024-14779

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a memory overwrite when capturing 1600x900, which could cause the system to crash when system memory usage is tight. The size of the macro block captured is 8x8,...