14 matches found
EUVD-2021-9074
Malicious code in bioql PyPI...
CVE-2021-21906
Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...
CVE-2021-21901
A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...
CVE-2021-21901
A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...
CVE-2021-21903
A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this...
Authentication flaw
An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this...
Directory traversal
A directory traversal vulnerability exists in the CMA CLI getenv command functionality of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted command line argument can lead to local file inclusion. An attacker can provide malicious input to trigger this vulnerability...
Stack overflow
Stack-based buffer overflow vulnerability exists in how the CMA readfile function of Garrett Metal Detectors iC Module CMA Version 5.0 is used at various locations. The Garrett iC Module exposes an authenticated CLI over TCP port 6877. This interface is used by a secondary GUI client, called “CMA...
Directory traversal
A directory traversal vulnerability exists in the CMA CLI setenv command of Garrett Metal Detectors’ iC Module CMA Version 5.0. An attacker can provide malicious input to trigger this vulnerability...
CVE-2021-21903
CVE-2021-21903 is a stack-based buffer overflow in Garrett Metal Detectors’ iC Module CMA Version 5.0. The vulnerability occurs in the CMA check_udp_crc path where a UDP-CRC field is copied with strcpy into an 8-byte buffer (input_crc_str) without bounds checking, enabling remote attackers to ove...
CVE-2021-21903
A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to strcpy. An attacker can send a malicious packet to trigger this...
CVE-2021-21902
An authentication bypass vulnerability exists in the CMA runserver6877 functionality of Garrett Metal Detectors iC Module CMA Version 5.0. A properly-timed network connection can lead to authentication bypass via session hijacking. An attacker can send a sequence of requests to trigger this...
CVE-2021-21902
The TALOS advisory documents an authentication bypass in Garrett Metal Detectors iC Module CMA Version 5.0, specifically in the CMA run_server_6877 function. A race condition allows an attacker with no password to hijack an authenticated session by copying the attacker’s socket over the legitimat...
CVE-2021-21901
A stack-based buffer overflow vulnerability exists in the CMA checkudpcrc function of Garrett Metal Detectors’ iC Module CMA Version 5.0. A specially-crafted packet can lead to a stack-based buffer overflow during a call to memcpy. An attacker can send a malicious packet to trigger this...