CVE-2023-21375

In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21375

In Sysproxy, there is a possible out of bounds write due to an integer underflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21375

CVE-2023-21375 affects Sysproxy with an out-of-bounds write caused by an integer underflow. The vulnerability enables local privilege escalation without extra execution privileges and does not require user interaction. Public documentation reports this issue but provides no concrete exploit detai...

PT-2023-18150 · Sysproxy · Sysproxy

Name of the Vulnerable Software and Affected Versions: Sysproxy affected versions not specified Description: The issue is related to an integer underflow that leads to a possible out of bounds write. This could result in local escalation of privilege without requiring additional execution...

Oracle Linux 7 : grub2 (ELSA-2023-12952)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-12952 advisory. - Add CVE-2022-28736 to the list JIRA: OLDIS-16371 - Fix: CVE-2021-3695, CVE-2021-3696, CVE-2021-3697, CVE-2022-28733, CVE-2022-28734, CVE-2022-28735...

Ubuntu 16.04 LTS / 18.04 LTS : NTFS-3G vulnerability (USN-3914-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3914-1 advisory. A heap buffer overflow was discovered in NTFS-3G when executing it with a relative mount point path that is too long. A local attacker could potential...

CVE-2023-22308

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-22308

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability...

Integer overflow

An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-22308

CVE-2023-22308 affects SoftEther VPN vpnserver OpenVPN support. Talos reports an integer underflow in OvsProcessData handling for TCP OpenVPN data, enabling a crafted TCP packet to crash the server (denial of service). OpenVPN traffic is identified by the first two bytes 0x00 0x0E in TCP mode; UD...

SoftEther VPN vpnserver OvsProcessData denial of service vulnerability

Talos Vulnerability Report TALOS-2023-1737 SoftEther VPN vpnserver OvsProcessData denial of service vulnerability October 12, 2023 CVE Number CVE-2023-22308 SUMMARY An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A...

Fedora 37 : libspf2 (2023-ae340c92ea)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ae340c92ea advisory. Patch CVE-2023-42118, plus some other fixes. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

Amazon Linux 2 : freerdp (ALAS-2023-2269)

The version of freerdp installed on the remote host is prior to 2.11.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2269 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP, released under the Apache license. This issue affect...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : FreeRDP vulnerabilities (USN-6401-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6401-1 advisory. It was discovered that FreeRDP did not properly manage certain inputs. A malicious server could use this issue to cause...

FreeBSD : libspf2 -- Integer Underflow Remote Code Execution (915855ad-283d-4597-b01e-e0bf611db78b)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 915855ad-283d-4597-b01e-e0bf611db78b advisory. - Trendmicro ZDI reports: Integer Underflow Remote Code Execution Vulnerability The specific flaw exist...

CVE-2023-42118

An integer underflow flaw was discovered in libspf2 library which exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly validate user-supplied data, which can result in an integer underflow before writing to memory. This vulnerability allows...

SUSE CVE-2023-42118

Exim libspf2 Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing o...

Apple Safari TypedArray copyWithin Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple Safari. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation of...

Kernel: netfilter: potential slab-out-of-bound access due to integer underflow

...

(0Day) Exim libspf2 Integer Underflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Exim libspf2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parsing of SPF macros. When parsing SPF macros, the process does not properly...