Apple macOS SMB server TREE_CONNECT stack buffer overflow vulnerability

Summary A remote code execution vulnerability exists in the SMB Server Apple macOS 10.15.7. A specially crafted SMB packet can trigger a stack-based buffer overflow, which can lead to arbitrary code execution and denial of service. This vulnerability can be triggered by sending a malicious packet...

CVE-2021-29665

The CVE-2021-29665 issue affects IBM Application Gateway. The connected sources confirm a stack-based buffer overflow caused by improper bounds checking, enabling local attackers to execute arbitrary code with elevated privileges. Affected product: IBM Application Gateway (reported as 1.0 in IBM’...

Stack-based Buffer Overflow in falconchristmas/fpp

✍️ Description Hi, there is a stack based buffer overflow in https://github.com/FalconChristmas/fpp/blob/f4a1621c8be15a41305269830b700a2b5443aa0f/src/command.cL131 : When ./fpp is running it can send commands to ./fppd, a daemon that runs a main loop and listen for incoming socket connections : In...

CentOS 8 : python38:3.8 (CESA-2021:1879)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1879 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python-lxml: mXSS due to the use of improper parser...

Siemens JT2Go and Teamcenter Visualization

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: JT2Go and Teamcenter Visualization Vulnerabilities: Untrusted Pointer Dereference, Out-of-bounds Read, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could...

CVE-2021-30472

CVE-2021-30472 affects PoDoFo 0.9.7. A stack-based buffer overflow is possible in PdfEncryptMD5Base::ComputeOwnerKey (PdfEncrypt.cpp) due to an improper check of the keyLength value. Documented across multiple feeds (NVD entry, CNVD/OSV entries, OSV Ubuntu/Debian, Alpine Linux, Nessus plugin) wit...

CVE-2020-10064

Improper Input Frame Validation in ieee802154 Processing. Zephyr versions = v1.14.2, = v2.2.0 contain Stack-based Buffer Overflow CWE-121, Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7...

Stack overflow

IBM Host firmware for LC-class Systems is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A remote privileged attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 190037...

CVE-2021-30189

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow...

Stack overflow

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow...

Stack overflow

CODESYS V2 Web-Server before 1.1.9.20 has a Stack-based Buffer Overflow...

CVE-2021-30188

CVE-2021-30188 affects the CODESYS V2 runtime system SPs prior to 2.4.7.55. A stack-based buffer overflow in the affected runtime (stack-based CWE-121) can lead to denial of service and, in some cases, remote code execution. Public sources consistently identify the vulnerable component as the COD...

CVE-2021-30188

CODESYS V2 runtime system SP before 2.4.7.55 has a Stack-based Buffer Overflow...

Datakit Libraries bundled in Luxion KeyShot

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Datakit Equipment: Software libraries embedded in Luxion KeyShot software Vulnerabilities: Out-of-bounds Write, Exposure of Sensitive Information to an Unauthorized Actor, Stack-Based buffer Overflow, Untrusted Pointer...

CVE-2020-13598 FS: Buffer Overflow when enabling Long File Names in FAT_FS and calling fs_stat

FS: Buffer Overflow when enabling Long File Names in FATFS and calling fsstat. Zephyr versions = v1.14.2, = v2.3.0 contain Stack-based Buffer Overflow CWE-121. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7fhv-rgxr-x56h...

CVE-2020-10064 Improper Input Frame Validation in ieee802154 Processing

Improper Input Frame Validation in ieee802154 Processing. Zephyr versions = v1.14.2, = v2.2.0 contain Stack-based Buffer Overflow CWE-121, Heap-based Buffer Overflow CWE-122. For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-3gvq-h42f-v3c7...

Trend Micro Inc. Home Network Security tdts.ko chrdev_ioctl_handle privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the tdts.ko chrdevioctlhandle functionality of Trend Micro, Inc. Home Network Security 6.1.567. A specially crafted ioctl can lead to code execution. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Trend Micro,...

Trend Micro, Inc. Home Network Security tdts.ko chrdev_ioctl_handle privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the tdts.ko chrdevioctlhandle functionality of Trend Micro, Inc. Home Network Security 6.1.567. A specially crafted ioctl can lead to increased privileges. An attacker can issue an ioctl to trigger this vulnerability. Tested Versions Trend...

CentOS 8 : python3 (CESA-2021:1633)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:1633 advisory. - python: CRLF injection via HTTP request method in httplib/http.client CVE-2020-26116 - python: Unsafe use of eval on data retrieved via HTTP in the...

RHEL 8 : python27:2.7 (RHSA-2021:1761)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1761 advisory. Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic...