CVE-2021-34587

Summary: CVE-2021-34587 affects Bender ebee Charge Controllers (CC612, CC613, ICC15xx/ICC16xx) with versions prior to 5.11.2, 5.12.5, 5.13.2, or 5.20.2. A long URL used as input to sprintf into a stack variable can crash the webserver. CNNVD notes this could allow bypassing credential checks and ...

CVE-2021-21798

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the...

CVE-2021-21798

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the...

Design/Logic Flaw

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the...

CVE-2021-21798

CVE-2021-21798 affects Nitro Pro PDF through its JavaScript engine (np_java_script.dll/js32u.dll). A stack variable address return in the Document JavaScript bindings (notably Document.flattenPages) can cause a use-after-free on a JSStackFrame when an exception is raised, allowing code execution ...

CVE-2021-21798

An exploitable return of stack variable address vulnerability exists in the JavaScript implementation of Nitro Pro PDF. A specially crafted document can cause a stack variable to go out of scope, resulting in the application dereferencing a stale pointer. This can lead to code execution under the...

CVE-2021-31756

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get...

EulerOS 2.0 SP8 : kernel (EulerOS-SA-2019-2283)

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A memory leak in the af9005identifystate function in drivers/media/usb/dvb-usb/af9005.c in the Linux kernel through 5.3.9 allows attackers to...

DEBIAN-CVE-2019-17075

An issue was discovered in writetptentry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dmamapsingle a DMA function from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used ...

Apple macOS 10.14.5 iOS 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized

Apple macOS 10.14.5 iOS 12.3 JavaScriptCore - Loop-Invariant Code Motion LICM in DFG JIT Leaves Stack Variable Uninitialized While fuzzing JavaScriptCore, I encountered the following modified and commented JavaScript program which crashes jsc from current HEAD and release: // Run with...

macOS < 10.14.5 / iOS < 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT

macOS 13.37; stackspray = ; for let v15 = 0; v15 100; v15++ function v19v23 // This weird loop form might be required to prevent loop unrolling... for let v30 = 0; v30 3; v30 = v30 + "asdf" // Generates the specific CFG necessary to trigger the bug. const v33 = Error != Error; if v33 else // Forc...

Apple macOS &lt; 10.14.5 / iOS &lt; 12.3 JavaScriptCore - Loop-Invariant Code Motion (LICM) in DFG JIT Leaves Stack Variable Uninitialized

While fuzzing JavaScriptCore, I encountered the following modified and commented JavaScript program which crashes jsc from current HEAD and release: // Run with --useConcurrentJIT=false // Fill the stack with the return value of the provided function. function stacksprayf // This function will...

Windows WMI Recieve Notification Exploit

This Metasploit module exploits an uninitialized stack variable in the WMI subsystem of ntoskrnl. This Metasploit module has been tested on vulnerable builds of Windows 7 SP0 x64 and Windows 7 SP1 x64. This module requires Metasploit: http://metasploit.com/download Current source:...

Microsoft Windows WMI - Recieve Notification Exploit (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/post/windows/reflectivedllinjection' class MetasploitModule 'Windows WMI Recieve Notification Exploit', 'Description' = %q This module exploits an...

CVE-2018-6947

An uninitialised stack variable in the nxfuse component that is part of the Open Source DokanFS library shipped with NoMachine 6.0.662 and earlier allows a local low privileged user to gain elevation of privileges on Windows 7 32 and 64bit, and denial of service for Windows 8 and 10...

CVE-2018-6947

CVE-2018-6947 is an uninitialised stack variable vulnerability in the nxfuse component of the Open Source DokanFS library shipped with NoMachine 6.0.66_2 and earlier. It enables local, low-privilege users to gain elevation of privileges on Windows 7 (32/64-bit) and can cause a denial of service o...

NoMachine nxfuse Privilege Escalation

from ctypes import from ctypes.wintypes import import struct import sys import os MEMCOMMIT = 0x00001000 MEMRESERVE = 0x00002000 PAGEEXECUTEREADWRITE = 0x00000040 GENERICREAD = 0x80000000 GENERICWRITE = 0x40000000 OPENEXISTING = 0x3 STATUSINVALIDHANDLE = 0xC0000008 shellcodelen = 90 s = aa s +=...

MiniUPnP <= 2.0 DoS Vulnerability (CVE-2017-1000494)

Uninitialized stack variable vulnerability in NameValueParserEndElt upnpreplyparse.c in miniupnpd allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact. Copyright C 2018 Greenbone Networks GmbH Some text descriptions might...

Memory corruption

Uninitialized stack variable vulnerability in NameValueParserEndElt upnpreplyparse.c in miniupnpd 2.0 allows an attacker to cause Denial of Service Segmentation fault and Memory Corruption or possibly have unspecified other impact...

CVE-2017-1000494

CVE-2017-1000494 affects MiniUPnPd (miniupnpd) versions prior to 2.0, due to an uninitialized stack variable in NameValueParserEndElt (upnpreplyparse.c). This leads to Denial of Service (segmentation fault/memory corruption) and may have other impacts. Public advisories confirm remediation by upg...