CVE-2022-40990

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40998

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40991

CVE-2022-40991 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) via the DetranCLI command parsing stack-based buffer overflow in the command template for firmwall domain WORD description (WORD|null) . A crafted network packet sequence can trigger a overflow leading to arbitrary command execut...

CVE-2022-40994

CVE-2022-40994 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020). Talos-2022-1613 documents stack-based buffer overflow vulnerabilities in the DetranCLI command parsing, specifically in templates like no firmwall keyword WORD description (WORD|null). The issues arise from unsafe use of formatt...

CVE-2022-40993

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40996

The TALOS-2022-1613 report details CVE-2022-40996 affecting Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. The vulnerability is a stack-based buffer overflow in the DetranCLI command parsing framework, specifically within a command template such as no firmwall srcmac/srcip/dstip/protocol/srcport/dst...

CVE-2022-40996

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40993

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

CVE-2022-40985

The connected Talos advisories confirm CVE-2022-40985 affects Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) with stack-based/remote command execution paths, including an arbitrary command execution sequence linked to the M2M/web features. Affected component: QUARTZ-GOLD firmware and its CLI/HTTP/M...

CVE-2022-40988

Siretta QUARTZ-GOLD (G5.0.1.5-210720-141020) has stack-based buffer overflow vulnerabilities in the DetranCLI command parsing, specifically the ipv6 static dns WORD WORD WORD template. TALOS details show a vulnerable use of sprintf without proper bounds checking, enabling arbitrary command execut...

CVE-2022-40988

Several stack-based buffer overflow vulnerabilities exist in the DetranCLI command parsing functionality of Siretta QUARTZ-GOLD G5.0.1.5-210720-141020. A specially-crafted network packet can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger these...

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of multiple D-Link routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the lighttpd service, which listens on TCP port 80 by default. The iss...

Stack overflow

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected D-Link DIR-2150 4.0.1 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the anweb service, which listens on TCP ports 80 and 443 by default. The issue...

PT-2023-13925 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: The issue is related to stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary comma...

CVE-2022-40717

The CVE-2022-40717 entry concerns D-Link DIR-2150 routers (v4.0.1) with a stack-based buffer overflow in the anweb service (listening on TCP ports 80/443) that allows unauthenticated, network-adjacent attackers to execute code as root. The root cause is improper validation of the length of user-s...

Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson AGX Orin Series - January 2023

NVIDIA has released a software update for NVIDIA® Jetson AGX Xavier™ series, Jetson Xavier™ NX, and Jetson AGX Orin series in the NVIDIA JetPack™ software development kit SDK. The update addresses security issues that may lead to escalation of privileges, compromised data integrity and...

Siemens Web Server of SCALANCE X200 Stack-Based Buffer Overflow (CVE-2021-25669)

A vulnerability has been identified in SCALANCE X200-4P IRT All versions 5.5.1, SCALANCE X201-3P IRT All versions 5.5.1, SCALANCE X201-3P IRT PRO All versions 5.5.1, SCALANCE X202-2 IRT All versions 5.5.1, SCALANCE X202-2P IRT incl. SIPLUS NET variant All versions 5.5.1, SCALANCE X202-2P IRT PRO...

Fedora 33 : atasm (2021-8e96009030)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-8e96009030 advisory. - ATasm 1.06 has a stack-based buffer overflow in the tocomma function in asm.c via a crafted .m65 file. CVE-2019-19785 - ATasm 1.06 has a stack-bas...

Solaris 10 dtprintinfo / libXm / libXpm Security Issues Vulnerability

Multiple vulnerabilities have been discovered across Common Desktop Environment version 1.6, Motif version 2.1, and X.Org libXpm versions prior to 3.5.15 on Oracle Solaris 10 that can be chained together to achieve root. Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm...

Solaris 10 dtprintinfo / libXm / libXpm Security Issues

-- HNS-2022-01 - HN Security Advisory - https://security.humanativaspa.it/ Title: Multiple vulnerabilities in Solaris dtprintinfo and libXm/libXpm Products: Common Desktop Environment 1.6, Motif 2.1, X.Org libXpm Date: 2023-01-18 Oracle vulnerability tracking numbers: S1597707 - Arbitrary printer...