CVE-2020-36129

AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aomimage.c...

CVE-2020-10232

In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c...

OSV-2022-421 Stack-buffer-overflow in cardos_list_files

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47512 Crash type: Stack-buffer-overflow READ 1 Crash state: cardoslistfiles sclistfiles fuzzcard.c...

Oracle Linux 8 : cairo / and / pixman (ELSA-2022-1961)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1961 advisory. - Fix CVE-2020-35492 1908113 pixman Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

ROS-20220518-03

A vulnerability in the pjproject multimedia communication library is related to an infinite loop when parsing a of a WAV file. Exploitation of the vulnerability could allow an attacker acting remotely to consume all available system resources and cause denial of service conditions A vulnerability...

Oracle Linux 8 : virt:ol / and / virt-devel:ol (ELSA-2022-1759)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1759 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289,...

Buffer Overflow

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation...

AlmaLinux 8 : cairo and pixman (ALSA-2022:1961)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1961 advisory. - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's...

Buffer overflow

Tenda AX1803 v1.0.0.12890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

This module exploits a stack buffer overflow in the Cisco RV series routers SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV340 SSL VPN Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a stack buffer overflow in the Cisco RV serie...

Ubuntu 16.04 ESM : Cairo vulnerabilities (USN-5407-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5407-1 advisory. Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others discovered that Cairo incorrectly handled certain files. An attacker could possibl...

Secomea SiteManager Stack Buffer Overflow Vulnerability

Secomea SiteManager is a Danish Secomea application that provides a remote maintenance function for industrial equipment. Secomea SiteManager is vulnerable to a stack buffer overflow vulnerability that can be exploited by attackers to cause arbitrary code execution...

CVE-2022-27784 Adobe After Effects Stack Buffer Overflow Could Lead To RCE

Adobe After Effects versions 22.2.1 and earlier and 18.4.5 and earlier are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a...

CVE-2022-27784 Adobe After Effects Stack Buffer Overflow Could Lead To RCE

Adobe After Effects versions 22.2.1 and earlier and 18.4.5 and earlier are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a...

CVE-2022-27783 Adobe After Effects Stack Buffer Overflow Could Lead To RCE

Adobe After Effects versions 22.2.1 and earlier and 18.4.5 and earlier are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a...

Stack buffer overflow in RTSP packet parsing

Description A malicious RTSP server can trigger a stack buffer overflow via an RTSP packet with an excessively long content-length due to no bounds check when copying into a fixed sized buffer. Proof of Concept poc.py is available here terminal 1 python3 poc.py 31337 terminal 2 ./configure...

OSV-2022-380 Stack-buffer-overflow in sc_asn1_read_tag

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47035 Crash type: Stack-buffer-overflow READ 1 Crash state: scasn1readtag scasn1findtag cardoslistfiles...

The vulnerability of Adobe After Effects’ video and dynamic image editing software lies in buffer overflows in the stack, allowing attackers to execute arbitrary code.

The vulnerability of Adobe After Effects video and dynamic image editing software relates to buffer overflow in the stack. Exploiting this vulnerability allows an attacker to execute arbitrary code on the target system using a specially crafted file...