CVE-2023-31272

A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability...

CVE-2023-31272

The CVE affects Yifan YF325, version v1.0_20221108, where the httpd do_wds endpoint copies URL_path into a fixed-size buffer using strcpy without length checks, causing a stack-based buffer overflow. This can be triggered by a specially crafted network request (no authentication required) and Tal...

Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1764 Yifan YF325 httpd gwcfg.cgi get stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34346 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.020221108. A...

Yifan YF325 httpd do_wds stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1765 Yifan YF325 httpd dowds stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-31272 SUMMARY A stack-based buffer overflow vulnerability exists in the httpd dowds functionality of Yifan YF325 v1.020221108. A specially crafted...

PT-2023-6330 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 19.1R3-S10 Junos OS versions 19.2 prior to 19.2R3-S7 Junos OS versions 19.3 prior to 19.3R3-S8 Junos OS versions 19.4 prior to 19.4R3-S12 Junos OS versions 20.2 prior to 20.2R3-S8 Junos OS versions 20.4 prior to...

Yifan YF325 httpd next_page buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1761 Yifan YF325 httpd nextpage buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-35055,CVE-2023-35056 SUMMARY A buffer overflow vulnerability exists in the httpd nextpage functionality of Yifan YF325 v1.020221108. A specially crafted network...

Juniper Junos OS Multiple Vulnerabilities (JSA73140)

The version of Junos OS installed on the remote host is affected by multiple vulnerabilities as referenced in the JSA73140 advisory. - A Stack-based Buffer Overflow vulnerability in the CLI command of Juniper Networks Junos OS allows a low privileged attacker to execute a specific CLI commands...

Yifan YF325 libutils.so nvram_restore stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2023-1763 Yifan YF325 libutils.so nvramrestore stack-based buffer overflow vulnerability October 11, 2023 CVE Number CVE-2023-34365 SUMMARY A stack-based buffer overflow vulnerability exists in the libutils.so nvramrestore functionality of Yifan YF325 v1.020221108...

Yifan YF325 gwcfg_cgi_set_manage_post_data stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1788 Yifan YF325 gwcfgcgisetmanagepostdata stack-based buffer overflow vulnerabilities October 11, 2023 CVE Number CVE-2023-35967,CVE-2023-35968 SUMMARY Two heap-based buffer overflow vulnerabilities exist in the gwcfgcgisetmanagepostdata functionality of Yif...

Siemens Xpedition Layout Browser

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

Security Bulletin: Vulnerability in iText affects IBM Process Mining . CVE-2022-24197

Summary There is a vulnerability in iText that could allow a remote attacker to execute a denial of service. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details CVEID:CVE-2022-24197 DESCRIPTION: iText is...

High-Severity Flaws in ConnectedIO's 3G/4G Routers Raise Concerns for IoT Security

Multiple high-severity security vulnerabilities have been disclosed in ConnectedIO's ER2000 edge routers and the cloud-based management platform that could be exploited by malicious actors to execute malicious code and access sensitive data. "An attacker could have leveraged these flaws to fully...

Denial Of Service (DoS)

libhdf5.so is vulnerable to Denial Of Service DoS. The vulnerability exists due to the stack-based buffer overflow in H5Eint.c, which allows an attacker to cause an application crash by providing a maliciously crafted input...

Fedora 37 : exim (2023-0a7690525f)

The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-0a7690525f advisory. This is an exim update fixing several security problems. Tenable has extracted the preceding description block directly from the Fedora security...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6420-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6420-1 advisory. It was discovered that Vim incorrectly handled memory when opening certain files. If an attacker could trick a user into opening ...

Debian dla-3611 : inetutils - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3611 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3611-1 [email protected]...

Security Bulletin: IBM Spectrum Control is vulnerable to weaknesse related to IBM WebSphere Application Server Liberty

Summary Vulnerability in IBM WebSphere Application Server Liberty such as denial of service, gaining elevated privileges may affect IBM Spectrum Control. Vulnerability Details CVEID:CVE-2023-28867 DESCRIPTION: GraphQL Java is vulnerable to a denial of service, caused by a stack-based buffer...

openSUSE 15 Security Update : exim (openSUSE-SU-2023:0293-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2023:0293-1 advisory. - NTLM Challenge Out-Of-Bounds Read Information Disclosure Vulnerability fedora-all CVE-2023-42114 - AUTH Out-Of-Bounds Write Remote Code Executi...

CVE-2023-4494 Easy Chat Server Stack-based buffer overflow vulnerability

Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine...

CVE-2023-30733

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution...