The vulnerability of the ServiceAgent component of the wireless access point software for Moxa AWK-3131A industrial systems allows a intruder to trigger a service failure.

The vulnerability of the ServiceAgent component in the wireless access point software for Moxa AWK-3131A industrial systems is related to a numerical overflow that causes an overflow of the stack-based buffer. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

Debian DLA-2137-1 : sleuthkit security update

In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c. For Debian 8 'Jessie', this problem has been fixed in version 4.1.3-4+deb8u2. We recommend that you upgrade your sleuthkit...

CVE-2019-5181

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in co...

CVE-2019-5181

CVE-2019-5181 affects WAGO PFC200 with the iocheckd service “I/O-Check.” A crafted cache file at /tmp/iocheckCache.xml is parsed by iocheckd, triggering stack-based buffer overflows via sscanf/sprintf usage in multiple config nodes (e.g., hostname, subnetmask, gateway, etc.). The root cause is un...

CVE-2019-5180

CVE-2019-5180 affects WAGO PFC200 via the iocheckd service (I/O-Check). Talos details show a stack-based buffer overflow while parsing the XML cache file (/tmp/iocheckCache.xml) used by iocheckd, with multiple vulnerable parameters (e.g., hostname, ip, gateway, domainname, ntp, subnet-mask, etc.)...

CVE-2019-5180

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...

CVE-2019-5179

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file...

CVE-2019-5179

The CVE-2019-5179 entry concerns the WAGO PFC200 controller with firmware 03.02.02(14). The iocheckd service’s I/O-Check cache parsing (via the file /tmp/iocheckCache.xml) is vulnerable to a stack-based overflow triggered by crafted XML content, enabling code execution. Talos documents multiple c...

CVE-2019-5178

CVE-2019-5178 affects WAGO PFC200 controllers (iocheckd) with a stack buffer overflow in the I/O-Check cache parsing workflow. The iocheckCache.xml hostname parameter can overflow a 1024-byte destination buffer via sprintf(), when hostname length exceeds a threshold (example provided 0x3fd). The ...

CVE-2019-5178

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...

CVE-2019-5177

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. The destination buffer sp+0x440 is overflowed with the call to sprintf for any domainname values that are greater than...

CVE-2019-5176

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x40 is...

CVE-2019-5176

CVE-2019-5176 affects WAGO PFC200, specifically the iocheckd service (I/O-Check) firmware 03.02.02(14). The issue is a stack buffer overflow when parsing a cache file (iocheckCache.xml) used by the iocheckd configuration protocol. Attackers can craft an XML cache file or gateway/hostname/domainna...

CVE-2019-5182

An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file.The destination buffer sp+0x440 is...

CVE-2019-5166

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attack...

Stack overflow

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attack...

CVE-2019-5182

Affected software: WAGO PFC200 with iocheckd service “I/O-Check”. Vulnerability: stack-based buffer overflow in parsing the XML cache file used by iocheckCache.xml, triggered by crafted cache content (e.g., settings affecting hostname/name, etc.). Root cause: overlong input copied into a 1024-byt...

[SECURITY] [DLA 2137-1] sleuthkit security update

Package : sleuthkit Version : 4.1.3-4+deb8u2 CVE ID : CVE-2020-10232 In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c. For Debian 8 "Jessie", this problem has been fixed in...

CVE-2019-5166

An exploitable stack buffer overflow vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can cause a stack buffer overflow, resulting in code execution. An attack...

CVE-2019-5166

CVE-2019-5166 affects the WAGO PFC200 controller, specifically the iocheckd service’s IC/“I/O-Check” functionality. A stack-based buffer overflow occurs while parsing a DNS value embedded in the cached XML file /tmp/iocheckCache.xml, exploitable via a crafted DNS parameter during a BC_SaveParamet...