CVE-2023-22363

CVE-2023-22363 describes a stack-based buffer overflow in Gallagher’s Command Centre Server . Affected versions are vEL8.80 prior to vEL8.80.1192 (MR2) . The vulnerability allows a denial of service by an attacker who assigns cardholders to an Access Group, due to a likely overflow in the server ...

CVE-2023-38632

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets...

Amazon Linux AMI : ImageMagick (ALAS-2023-1781)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1.26. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1781 advisory. stack overflow when parsing malicious tiff image CVE-2023-3195 The upstream bug report describes this issue as...

Amazon Linux 2 : squashfs-tools (ALAS-2023-2152)

The version of squashfs-tools installed on the remote host is prior to 4.3-0.21.gitaae0aff4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2152 advisory. Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows...

Amazon Linux 2 : fribidi (ALAS-2023-2116)

The version of fribidi installed on the remote host is prior to 1.0.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2116 advisory. A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially...

Heap overflow

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : ConnMan vulnerabilities (USN-6236-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6236-1 advisory. It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use thi...

CVE-2020-23910

CVE-2020-23910 affects the asn1c project up to version v0.9.28; the vulnerability is a stack-based buffer overflow in the function genhash_get within genhash.c. The connected documents do not provide exploitation details or remediation/patch information. NVD lists a HIGH availability impact with ...

CVE-2023-35012

Summary: CVE-2023-35012 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) 11.5 with a Federated configuration. The issue is a stack-based buffer overflow caused by improper bounds checking, enabling a local user with SYSADM privileges to overflow a buffer and execute arbi...

CVE-2023-35012 IBM Db2 code execution

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-For...

PT-2023-5823 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. The specific flaw exists within the prog.cgi binary, whi...

CVE-2023-37375

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0008, Tecnomatix Plant Simulation V2302 All versions V2302.0002. The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacke...

CVE-2023-37374

Summary of CVE-2023-37374 (Tecnomatix Plant Simulation): A stack-based buffer overflow occurs when parsing specially crafted STP files in Tecnomatix Plant Simulation. Affected products/versions are Tecnomatix Plant Simulation V2201 (all versions < V2201.0008) and V2302 (all versions

Panasonic Control FPWin Pro7

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Panasonic Equipment: Control FPWIN Pro7 Vulnerabilities: Type Confusion, Stack-based Buffer Overflow, Improper Restriction of Operations within the Bounds of a Memory Buffer 2. RISK EVALUATION Successful exploitation of...

Fortinet Fortigate Proxy mode with deep inspection - Stack-based buffer overflow (FG-IR-23-183)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-183 advisory. - A stack-based overflow vulnerability CWE-124 in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

Stack overflow

A stack-based buffer overflow vulnerability exists in the urvpnclient httpconnectionreadcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability...

CVE-2023-24018

A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability...

CVE-2023-24019

CVE-2023-24019 affects Milesight UR32L. A pre-authentication, network-accessible, stack-based buffer overflow exists in the UR32L HTTP server (urvpn_client http_connection_readcb), allowing remote code execution or a crash when processing crafted packets. Connected documents cite TALOS advisories...

Milesight UR32L libzebra.so security_decrypt_password buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1715 Milesight UR32L libzebra.so securitydecryptpassword buffer overflow vulnerability July 6, 2023 CVE Number CVE-2023-24018 SUMMARY A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 securitydecryptpassword functionality of Milesigh...