33 matches found
CVE-2026-6643
ASUSTOR ADM VPN clients (ADM 4.1.0–4.3.3.RR42 and 5.0.0–5.1.2.REO1) are affected by CVE-2026-6643 due to a stack-based buffer overflow caused by unbounded sscanf() and passing user-controlled data to printf() in vpnupload.cgi (upload_wireguard). The vulnerability can lead to code execution as the...
PT-2026-33722
A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf and passing user-controlled data directly to printf. Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to...
EUVD-2026-10334
The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...
CVE-2026-3038
The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...
CVE-2026-3038 Local DoS and possible privilege escalation via routing sockets
The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not necessarily the case, and it's...
CVE-2026-3038
The CVE-2026-3038 issue is a FreeBSD routing socket bug in rtsock_msg_buffer() that can overflow a stack buffer on the stack, overwriting the canary and causing a kernel panic. It arises when a source sockaddr length is not validated, allowing unprivileged users to trigger a 127-byte overflow and...
FreeBSD Security Advisory - FreeBSD-SA-26:05.route
FreeBSD Security Advisory - The rtsockmsgbuffer function serializes routing information into a buffer. As a part of this, it copies sockaddr structures into a sockaddrstorage structure on the stack. It assumes that the source sockaddr length field had already been validated, but this is not...
EUVD-2025-206388
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote...
CVE-2025-68670 xrdp improperly checks bounds of domain string length, which leads to Stack-based Buffer Overflow
xrdp is an open source RDP server. xrdp before v0.10.5 contains an unauthenticated stack-based buffer overflow vulnerability. The issue stems from improper bounds checking when processing user domain information during the connection sequence. If exploited, the vulnerability could allow remote...
CVE-2025-68670
CVE-2025-68670 affects xrdp and related components (e.g., xorgxrdp). The bug is an unauthenticated, stack-based buffer overflow caused by improper bounds checking when processing user domain information during the connection sequence. Exploitation could lead to remote code execution with network ...
EUVD-2025-31893
Malicious code in bioql PyPI...
SUSE CVE-2023-53491
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
AZL-75104 CVE-2023-53491 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
CVE-2023-53491
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
UBUNTU-CVE-2023-53491
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
CVE-2023-53491 start_kernel: Add __no_stack_protector function attribute
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
CVE-2023-53491
CVE-2023-53491 affects the Linux kernel: start_kernel now uses the __no_stack_protector attribute to control per-function stack-protector omission. The issue arises because boot_init_stack_canary must be compiled with stack protector unless -fno-stack-protector is used; otherwise the canary in th...
CVE-2023-53491 start_kernel: Add __no_stack_protector function attribute
In the Linux kernel, the following vulnerability has been resolved: startkernel: Add nostackprotector function attribute Back during the discussion of commit a9a3ed1eff36 "x86: Fix early boot crash on gcc-10, third try" we discussed the need for a function attribute to control the omission of sta...
exploits
Exploit Techniques Collection; Author: coldt3ars A collectio...
CVE-2020-11199
HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice ...