CVE-2019-5166

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attack...

Stack overflow

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attack...

CVE-2019-5182

Affected software: WAGO PFC200 with iocheckd service “I/O-Check”. Vulnerability: stack-based buffer overflow in parsing the XML cache file used by iocheckCache.xml, triggered by crafted cache content (e.g., settings affecting hostname/name, etc.). Root cause: overlong input copied into a 1024-byt...

[SECURITY] [DLA 2137-1] sleuthkit security update

Package : sleuthkit Version : 4.1.3-4+deb8u2 CVE ID : CVE-2020-10232 In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c. For Debian 8 "Jessie", this problem has been fixed in...

CVE-2019-5166

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attack...

CVE-2019-5166

CVE-2019-5166 affects the WAGO PFC200 controller, specifically the iocheckd service’s IC/“I/O-Check” functionality. A stack-based buffer overflow occurs while parsing a DNS value embedded in the cached XML file /tmp/iocheckCache.xml, exploitable via a crafted DNS parameter during a BC_SaveParamet...

CVE-2020-10232

In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c...

UBUNTU-CVE-2020-10232

In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c...

WAGO PFC200 iocheckd service "I/O-Check" cache Multiple Code Execution Vulnerabilities

Summary An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service “I/O-Check” functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An...

CVE-2020-10232

In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c...

CVE-2020-10232

The Sleuth Kit (TSK) up to version 4.8.0 contains a stack buffer overflow in the YAFFS file timestamp parsing in yaffsfs_istat() (fs/yaffs.c). Affected component is the YAFFS timestamp parsing logic; impact is high (potential crash or exploitation as implied by CVSS). Remediation: upgrade to newe...

CVE-2020-10232

In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c...

Stack overflow

A stack-based buffer overflow exists in the initialization of the identification stage due to lack of check on the number of templates provided. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice...

CVE-2019-10569

Stack buffer overflow due to instance id is misplaced inside definition of hardware accelerated effects in makefile in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Mobile in APQ8053, APQ8098, MDM9607, MDM9640, MSM8998, QCS605, SC8180X, SDM439, SDM630, SDM636, SDM660,...

CVE-2019-10569

CVE-2019-10569 is a stack buffer overflow in Qualcomm Snapdragon components caused by a misplaced instance id inside the definition of hardware accelerated effects in a makefile. Affected family includes Snapdragon Auto, Compute, Consumer IoT, and Mobile platforms (APQ8053, APQ8098, MDM9607, MDM9...

gdal:gdal_filesystem_fuzzer: Stack-buffer-overflow in NITFDataset::ScanJPEGQLevel

Project: https://github.com/OSGeo/gdal.git Detailed Report: https://oss-fuzz.com/testcase?key=5070558930927616 Project: gdal Fuzzing Engine: honggfuzz Fuzz Target: gdalfilesystemfuzzer Job Type: honggfuzzasangdal Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address:...

imagemagick:crop_fuzzer: Stack-buffer-overflow in ReadICCProfile

Project: https://github.com/imagemagick/imagemagick.git Detailed Report: https://oss-fuzz.com/testcase?key=5741266359025664 Project: imagemagick Fuzzing Engine: honggfuzz Fuzz Target: cropfuzzer Job Type: honggfuzzasanimagemagick Platform Id: linux Crash Type: Stack-buffer-overflow READ 13 Crash...

karchive:karchive_fuzzer: Stack-buffer-overflow in KTar::KTarPrivate::readHeader

Project: git://anongit.kde.org/karchive Detailed Report: https://oss-fuzz.com/testcase?key=5632739014606848 Project: karchive Fuzzing Engine: honggfuzz Fuzz Target: karchivefuzzer Job Type: honggfuzzasankarchive Platform Id: linux Crash Type: Stack-buffer-overflow READ Crash Address: 0x7ffff7f75a...

The vulnerability of the i2c_ddc functions in the QEMU hardware emulation software allows a hacker to disclose protected information.

The vulnerability of the i2cddc function hw/i2c/i2c-ddc.c in the QEMU hardware emulation software is related to reading data beyond the buffer limit 128 bytes of stack memory. Exploiting this vulnerability can allow an attacker to disclose sensitive information that is protected by security...

ABB IDAL HTTP Server Stack Buffer Overflow (CVE-2019-7232)

A stack buffer overflow vulnerability exists in ABB IDAL HTTP Server. A remote unauthenticated attacker could exploit this vulnerability by sending a crafted request to the vulnerable server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on...