CVE-2023-6322 Stack-based buffer overflow in message parser functionality

A stack-based buffer overflow vulnerability exists in the message parsing functionality of the Roku Indoor Camera SE version 3.0.2.4679 and Wyze Cam v3 version 4.36.11.5859. A specially crafted message can lead to stack-based buffer overflow. An attacker can make authenticated requests to trigger...

CVE-2023-6322

CVE-2023-6322 affects the Roku Indoor Camera SE (v3.0.2.4679) and Wyze Cam v3 (v4.36.11.5859). The root cause is a stack-based buffer overflow in the message parsing functionality . An attacker who can make authenticated requests can trigger the overflow, potentially leading to impact on confiden...

CVE-2023-46714

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...

CVE-2023-46714

A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 through 7.4.1 allows a privileged attacker over the administrative interface to execute arbitrary code or commands via crafted HTTP or HTTPs requests...

CVE-2024-34942

Tenda FH1206 V1.2.0.88155EN was discovered to contain a stack-based buffer overflow vulnerability via the funcpara1 parameter at ip/goform/exeCommand...

CVE-2024-34943

Tenda FH1206 V1.2.0.88155EN was discovered to contain a stack-based buffer overflow vulnerability via the page parameter at ip/goform/NatStaticSetting...

Advisory ROSA-SA-2024-2419

software: heimdal 7.8.0 WASP: ROSA-CHROME packageevrstring: heimdal-7.8.0-1 CVE-ID: CVE-2021-44758 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: heimdal allowed attackers to cause null pointer dereferencing in the SPNEGO receiver via the preferredmechtype GSSCNOOID and a non-zero initialresponse value f...

Fortinet Fortigate Buffer overflow in administrative interface (FG-IR-23-415)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-415 advisory. - A stack-based buffer overflow CWE-121 vulnerability in Fortinet FortiOS version 7.2.1 through 7.2.6 and version 7.4.0 throu...

Adobe Animate 23.x < 23.0.6 / 24.x < 24.0.3 Multiple Vulnerabilities (APSB24-36)

The version of Adobe Animate installed on the remote macOS or Mac OS X host is prior to 23.0.6 or 24.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-36 advisory. - Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write...

Adobe Animate 23.x < 23.0.6 / 24.x < 24.0.3 Multiple Vulnerabilities (APSB24-36)

The version of Adobe Animate installed on the remote Windows host is prior to 23.0.6 or 24.0.3. It is, therefore, affected by multiple vulnerabilities as referenced in the apsb24-36 advisory. - Animate versions 24.0.2, 23.0.5 and earlier are affected by an out-of-bounds write vulnerability that...

Siemens Teamcenter Visualization and JT2Go

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

RHEL 6 : cracklib (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - cracklib: Stack-based buffer overflow when parsing large GECOS field CVE-2016-6318 Note that Nessus has not tested...

RHEL 6 : speex (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - speex: stack-based buffer overflow in speexenc.c via a crafted WAV file CVE-2020-23904 - A Divide by Zero...

RHEL 7 : speex (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - speex: stack-based buffer overflow in speexenc.c via a crafted WAV file CVE-2020-23904 - A Divide by Zero...

RHEL 7 : pcre (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - pcre: stack-based buffer overflow write in pcre32copysubstring CVE-2017-7246 - In PCRE 8.41, the OPKETRMA...

RHEL 7 : dcraw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - dcraw: Stack-based buffer overflow in the findgreen function CVE-2018-19655 - dcraw: Buffer overflow caus...

RHEL 8 : libraw (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - LibRaw: Stack-based buffer overflow in quicktake100loadraw function in internal/dcrawcommon.cpp...

RHEL 5 : mutt (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - mutt: buffer overflow via base64 data CVE-2018-14359 - An issue was discovered in Mutt before 1.10.1 and...

RHEL 5 : quagga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - quagga: VPNv4 NLRI parser memcpys to stack on unchecked length CVE-2016-2342 - quagga: Double free...

RHEL 6 : cifs-utils (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - cifs-utils: stack-based buffer overflow mount.cifs may lead to local privilege escalation to root...