Stack overflow

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action setstaenrolleepinwifi1 or setstaenrolleepinwifi0 with a sufficiently long wpsstaenrolleep...

CVE-2020-14074

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action kickbanwifimacallow with a sufficiently long qcawifi.wifi0vap0.maclist key...

CVE-2020-14077

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action setstaenrolleepinwifi1 or setstaenrolleepinwifi0 with a sufficiently long wpsstaenrolleep...

CVE-2020-14078

CVE-2020-14078 affects TRENDnet TEW-827DRU devices with firmware 2.06B04 and earlier. A stack-based buffer overflow in the ssi binary permits an authenticated attacker to execute arbitrary code by POSTing to apply.cgi via the action wifi_captive_portal_login using a sufficiently long REMOTE_ADDR ...

CVE-2020-14079

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an authenticated user to execute arbitrary code by POSTing to apply.cgi via the action autoupfw or autouplp with a sufficiently long updatefilename key...

CVE-2020-14080

TRENDnet TEW-827DRU devices through 2.06B04 contain a stack-based buffer overflow in the ssi binary. The overflow allows an unauthenticated user to execute arbitrary code by POSTing to applysec.cgi via the action pingtest with a sufficiently long pingipaddr key...

(0Day) NETGEAR R6700 httpd strtblupgrade Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR R6700 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of string table file uploads. A crafted guiregion in a stri...

Stack overflow

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janussdpmerge in sdp.c has a stack-based buffer overflow...

CVE-2020-13901

An issue was discovered in janus-gateway aka Janus WebRTC Server through 0.10.0. janussdpmerge in sdp.c has a stack-based buffer overflow...

CVE-2020-13901

The CVE-2020-13901 entry concerns janus-gateway (Janus WebRTC Server) up to version 0.10.0, where the function janus_sdp_merge in sdp.c contains a stack-based buffer overflow. The connected documents provide concrete technical details on the affected component and root cause. They do not supply a...

CVE-2020-4433

CVE-2020-4433 concerns IBM Aspera applications vulnerable to a stack-based buffer overflow caused by improper bounds checking. The vulnerability could allow a remote attacker with knowledge of the system to execute arbitrary code with root privileges or cause the server to crash. The IBM security...

Oracle Linux 7 : Unbreakable Enterprise kernel (ELSA-2020-5715)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5715 advisory. - x86/speculation: Add SRBDS vulnerability and mitigation documentation Mark Gross Orabug: 31422209 CVE-2020-0543 - x86/speculation: Add Special Regist...

Siemens SIMATIC, SINAMICS (Update C)

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Siemens Equipment: SIMATIC, SINAMICS Vulnerabilities: Uncontrolled Search Path Element, Heap-based Buffer Overflow 2. UPDATE INFORMATION This updated advisory is a follow-up to the advisory update titled ICSA-20-161-05...

CVE-2020-13768

MiniShare before 1.4.2 is affected by a stack-based buffer overflow triggered by HTTP PUT requests, caused by improper boundary checks and enabling arbitrary code execution. Multiple sources in connected documents corroborate the vulnerability and indicate the product is discontinued. Affected so...

NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Vulnerability (NS-SA-2020-0025)

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sudo packages installed that are affected by a vulnerability: - In Sudo before 1.8.26, if pwfeedback is enabled in /etc/sudoers, users can trigger a stack-based buffer overflow in the privileged sudo process. pwfeedback is ...

Debian DLA-2215-1 : clamav security update

The following CVEs were found in src:clamav package. CVE-2020-3327 A vulnerability in the ARJ archive parsing module in Clam AntiVirus ClamAV could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer...

CVE-2020-13109

Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 aka the IF subcommand to top-level command 7 has a stack-based buffer overflow...

Stack overflow

Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 aka the IF subcommand to top-level command 7 has a stack-based buffer overflow...

CVE-2020-13109

Morita Shogi 64 through 2020-05-02 for Nintendo 64 devices allows remote attackers to execute arbitrary code via crafted packet data to the built-in modem because 0x800b3e94 aka the IF subcommand to top-level command 7 has a stack-based buffer overflow...

CVE-2020-13109

Morita Shogi 64 (Nintendo 64)