Security Bulletin: Vulnerability in XStream affects IBM Process Mining . CVE-2022-40151

Summary There is a vulnerability in XStream that could allow a remote authenticated attacker to cause a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-40151...

(Pwn2Own) Canon imageCLASS MF743Cdw IPP sides Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Internet Printing Protocol IPP service. The issue resul...

D-Link DAP-1360 webproc WEB_DisplayPage Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of requests to the /cgi-bin/webproc endpoint. When parsin...

D-Link DIR-2640 prog.cgi Request Handling Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default...

(Pwn2Own) Canon imageCLASS MF743Cdw IPP number-up Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Canon imageCLASS MF743Cdw printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Internet Printing Protocol IPP service. The issue resul...

D-Link DAP-1360 webproc var:menu Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-1360 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling requests to the /cgi-bin/webproc endpoint. When parsing t...

Security Bulletin: IBM ECM Content Management Interoperability Services (CMIS) woodstox/XStream security vulnerability CVE-2022-40152

Summary IBM ECM Content Management Interoperability Services CMIS woodstox/XStream security vulnerability CVE-2022-40152, affected, not vulnerable Vulnerability Details CVEID:CVE-2022-40152 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer overflow. By...

Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

NETGEAR RAX30 rex_cgi JSON Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of JSON data. The issue results from the lack of proper...

Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Delta Electronics DIAScreen DPA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DIAScreen. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2023-31470

SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the dnsencodedomain function in the dns.c file, via a crafted DNS request...

Out-of-bounds Write

connman is vulnerable to Out-of-bounds Write. This vulnerability allows a network-adjacent attacker to utilize 'client.c' within 'gdhcp' to carry out a stack based buffer overflow or denial of service which terminates the connman process...

CVE-2023-31470

SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the dnsencodedomain function in the dns.c file, via a crafted DNS request...

Adobe After Effects < 18.4.5 / 22.0 < 22.2.1 Arbitrary Code Execution (APSB22-17)

The version of Adobe After Effects installed on the remote host is prior to 18.4.5, or 22.x prior to 22.2.1. It is, therefore, affected by multiple stack-based buffer overflow flaws which could lead to arbitrary code execution in the context of the current user. Note that Nessus has not tested fo...

EulerOS Virtualization 2.9.1 : vim (EulerOS-SA-2023-1650)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. CVE-2022-3296 - Use After Free in GitHub repository...

Debian dla-3397 : connman - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3397 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3397-1 [email protected] https://www.debian.org/lts/security/...

CVE-2023-30373

In Tenda AC15 V15.03.05.19, the function "xianpppoeuser" contains a stack-based buffer overflow vulnerability...

CVE-2023-30378

In Tenda AC15 V15.03.05.19, the function "sub8EE8" contains a stack-based buffer overflow vulnerability...