CVE-2023-26383 ZDI-CAN-20287: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Stager version 2.0.1 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-26383 ZDI-CAN-20287: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Stager version 2.0.1 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-26390 ZDI-CAN-20255: Adobe Substance 3D Stager USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Substance 3D Stager version 2.0.1 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-28488

client.c in gdhcp in ConnMan through 1.41 could be used by network-adjacent attackers operating a crafted DHCP server to cause a stack-based buffer overflow and denial of service, terminating the connman process...

Amazon Linux AMI : vim (ALAS-2023-1716)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1716 advisory. A heap buffer overflow vulnerability was found in vim's inscomplinfercasegettext function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completin...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-5995-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5995-1 advisory. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening ...

Security Bulletin: IBM UrbanCode Deploy (UCD) is vulnerable to denial of service due to Jettison-json (CVE-2022-45693, CVE-2022-45685)

Summary Jettison-json is used by IBM UrbanCode Deploy UCD for parsing JSON data. A remote authenticated user may cause high memory usage by sending a request containing specially crafted JSON data. CVE-2022-45693, CVE-2022-45685 Vulnerability Details CVEID:CVE-2022-45693 DESCRIPTION: Jettison is...

CVE-2023-28504

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user...

Stack overflow

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow that can lead to remote code execution as the root user...

CVE-2023-28506 Stack buffer overflow in UniRPC service

Rocket Software UniData versions prior to 8.2.4 build 3003 and UniVerse versions prior to 11.3.5 build 1001 or 12.2.1 build 2002 suffer from a stack-based buffer overflow, where a string is copied into a buffer using a memcpy-like function and a user-provided length. This requires a valid login t...

CVE-2023-28504

CVE-2023-28504 describes a pre-authentication stack-buffer overflow in Rocket Software UniData/UniVerse components (libunidata.so) via the UniRPC server and related services. The issue, tied to U_rep_rpc_server_submain() and related code paths, can allow remote code execution as root without auth...

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700v3 1.0.4.12010.0.91 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists...

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of http requests to the web management portal. When...

PT-2023-21766 · Rocket · Unidata +1

Name of the Vulnerable Software and Affected Versions: Rocket Software UniData versions prior to 8.2.4 build 3003 Rocket Software UniVerse versions prior to 11.3.5 build 1001 Rocket Software UniVerse versions prior to 12.2.1 build 2002 Description: The issue is a stack-based buffer overflow that...

CVE-2022-24973

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...

CVE-2022-45460

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticat...

CVE-2023-26337 ZDI-CAN-20285: Adobe Dimension USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-26337

CVE-2023-26337 is a stack-based buffer overflow in Adobe Dimension ≤ 3.4.7 that allows arbitrary code execution in the context of the current user. Exploitation requires a user to open a crafted file (social/interaction). Public sources confirm the flaw affects Dimension 3.4.7 and earlier. Adobe ...

CVE-2022-0650

This CVE affects TP-Link TL-WR940N routers (v3.20.1 Build 200316 Rel.34392n). The root cause is a lack of proper validation of the length of user-supplied data in the httpd service, copying into a fixed-length stack-based buffer. The vulnerability allows network-adjacent attackers to execute arbi...

CVE-2022-0650

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...