36 matches found
CVE-2026-6643
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
CVE-2026-6643
ASUSTOR ADM VPN clients (ADM 4.1.0–4.3.3.RR42 and 5.0.0–5.1.2.REO1) are affected by CVE-2026-6643 due to a stack-based buffer overflow caused by unbounded sscanf() and passing user-controlled data to printf() in vpnupload.cgi (upload_wireguard). The vulnerability can lead to code execution as the...
PT-2026-33722
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
EUVD-2026-10334
The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...
CVE-2026-3038
The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...
CVE-2026-3038 Local DoS and possible privilege escalation via routing sockets
The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...
CVE-2026-3038
The CVE-2026-3038 issue is a FreeBSD routing socket bug in rtsock_msg_buffer() that can overflow a stack buffer on the stack, overwriting the canary and causing a kernel panic. It arises when a source sockaddr length is not validated, allowing unprivileged users to trigger a 127-byte overflow and...
FreeBSD Security Advisory - FreeBSD-SA-26:05.route
FreeBSD Security Advisory - The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not...
EUVD-2025-206388
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote...
CVE-2025-68670 xrdp improperly checks bounds of domain string length, which leads to Stack-based Buffer Overflow
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote...
CVE-2025-68670
CVE-2025-68670 affects xrdp and related components (e.g., xorgxrdp). The bug is an unauthenticated, stack-based buffer overflow caused by improper bounds checking when processing user domain information during the connection sequence. Exploitation could lead to remote code execution with network ...
EUVD-2025-31893
Malicious code in bioql PyPI...
SUSE CVE-2023-53491
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
CVE-2023-53491
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
AZL-75104 CVE-2023-53491 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
UBUNTU-CVE-2023-53491
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
CVE-2023-53491 start_kernel: Add __no_stack_protector function attribute
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
CVE-2023-53491
CVE-2023-53491 affects the Linux kernel: start_kernel now uses the __no_stack_protector attribute to control per-function stack-protector omission. The issue arises because boot_init_stack_canary must be compiled with stack protector unless -fno-stack-protector is used; otherwise the canary in th...
CVE-2023-53491 start_kernel: Add __no_stack_protector function attribute
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
exploits
Exploit Techniques Collection; Author: coldt3ars A collectio...