CVE-2023-38070

A vulnerability has been identified in JT2Go All versions V14.3.0.1, Teamcenter Visualization V13.3 All versions V13.3.0.12, Teamcenter Visualization V14.0 All versions, Teamcenter Visualization V14.1 All versions V14.1.0.11, Teamcenter Visualization V14.2 All versions V14.2.0.6, Teamcenter...

CVE-2023-38070

Summary: CVE-2023-38070 affects Siemens JT2Go and related Teamcenter Visualization/Tecnomatix components. A stack-based buffer overflow occurs when parsing specially crafted WRL files, allowing code execution in the current process context. Affected products/versions include JT2Go < 14.3.0.1, ...

CVE-2019-16470

CVE-2019-16470 affects Adobe Acrobat Reader up to version 2019.021.20056 (and earlier) and is caused by a stack-based buffer overflow in the product. This can lead to arbitrary code execution in the context of the current user, with exploitation requiring user interaction (victim to open a malici...

CVE-2019-16470 CoolType.dll crash - Tianfu Cup

Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2023-4685

Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code...

Stack overflow

Delta Electronics' CNCSoft-B version 1.0.0.4 and DOPSoft versions 4.0.0.82 and prior are vulnerable to stack-based buffer overflow, which could allow an attacker to execute arbitrary code...

Oracle Linux 7 : libsndfile (ELSA-2020-1185)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1185 advisory. 1.0.25-11 - fix CVE-2018-13139 - stack-based buffer overflow in sndfile-deinterleave utility 1598577 Tenable has extracted the preceding description block...

D-Link DAP-1325 SetHostIPv6StaticSettings StaticDNS1 Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issu...

D-Link DAP-1325 SetAPLanSettings Mode Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1325 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of XML data provided to the HNAP1 SOAP endpoint. The issu...

Oracle Linux 8 : sudo (ELSA-2020-0487)

The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-0487 advisory. 1.8.25p1-8.1 - RHEL 8.1.0.Z ERRATUM - CVE-2019-18634 Resolves: rhbz1798092 Tenable has extracted the preceding description block directly from the Oracle Linux...

Oracle Linux 7 : glibc (ELSA-2016-3638)

The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2016-3638 advisory. - CVE-2016-3075: Stack overflow in nssdnsgetnetbynamer 1321993 - Fix CVE-2015-7547: getaddrinfo stack-based buffer overflow 1296031. Tenable has extracted the...

Oracle Linux 8 : liblouis (ELSA-2020-1708)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1708 advisory. - Apply patch for CVE-2018-12085 1589942 - Fix CVE-2018-11577 1585906 - Fix CVE-2018-11684 1588632 - Fix CVE-2018-11685 1588637 Tenable has extracted t...

Oracle Linux 7 : glibc (ELSA-2018-3092)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2018-3092 advisory. - CVE-2017-16997: Correctly handle DTRPATH 1540480. - CVE-2018-11237: AVX-512 mempcpy for KNL buffer overflow 1579809 - CVE-2018-11236: Path length...

D-Link DIR-3040 prog.cgi SetWanSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

Oracle Linux 6 : ruby193-ruby (ELSA-2014-1913)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2014-1913 advisory. - Fix off-by-one stack-based buffer overflow in the encodes function CVE-2014-4975. Related: rhbz1164004 - Fix REXML billion laughs attack via paramete...

Oracle Linux 8 : curl (ELSA-2019-3701)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3701 advisory. - fix SMTP end-of-response out-of-bounds read CVE-2019-3823 - fix NTLMv2 type-3 header stack buffer overflow CVE-2019-3822 - fix NTLM type-2...

Oracle Linux 8 : libsndfile (ELSA-2020-1636)

The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2020-1636 advisory. - fix CVE-2018-19661 and CVE-2018-19662 - buffer over-read in the function i2alawarray in alaw 1673085 Tenable has extracted the preceding description...

Security Bulletin: Jettison component is vulnerable to CVE-2022-45685 and CVE-2022-45693 is used by IBM Maximo Application Suite

Summary IBM Maximo Application Suite uses Jettison package which is vulnerable to CVE-2022-45685 and CVE-2022-45693. Vulnerability Details CVEID:CVE-2022-45685 DESCRIPTION: Jettison is vulnerable to a denial of service, caused by a stack-based buffer overflow. By sending an overly long string usi...

Hitachi Energy RTU500 series Stack-Based Buffer Overflow (CVE-2022-2502)

A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature Advanced security' which must b...

CVE-2023-28538 Stack-based Buffer Overflow in WIN Product

Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region...