PT-2023-7976 · Tp Link · Tp-Link Tl-Wr902Ac

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR902AC affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR902AC routers. Authentication is required to exploit this issue...

EulerOS Virtualization 3.0.6.6 : vim (EulerOS-SA-2023-2442)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. CVE-2022-1725 - Buffer Over-read in GitHub repository vim/v...

Advisory ROSA-SA-2023-2199

Software: aspell 0.60.6.1 OS: ROSA Virtualization 2.1 packageevrstring: aspell-0.60.6.1.1-21.rv3.1.src.rpm CVE-ID: CVE-2019-17544 BDU-ID: None CVE-Crit: CRITICAL CVE-DESC.: libaspell.a in GNU Aspell before 0.60.8 has a stack-based buffer that is reloaded in acommon::unescape in common/getdata.cpp...

CVE-2023-22363

A stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group. This issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 MR2...

CVE-2023-22363

CVE-2023-22363 describes a stack-based buffer overflow in Gallagher’s Command Centre Server . Affected versions are vEL8.80 prior to vEL8.80.1192 (MR2) . The vulnerability allows a denial of service by an attacker who assigns cardholders to an Access Group, due to a likely overflow in the server ...

CVE-2023-38632

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets...

CVE-2023-38632

async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets...

Amazon Linux AMI : ImageMagick (ALAS-2023-1781)

The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1.26. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2023-1781 advisory. stack overflow when parsing malicious tiff image CVE-2023-3195 The upstream bug report describes this issue as...

Amazon Linux 2 : fribidi (ALAS-2023-2116)

The version of fribidi installed on the remote host is prior to 1.0.2-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2116 advisory. A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a specially...

Amazon Linux 2 : squashfs-tools (ALAS-2023-2152)

The version of squashfs-tools installed on the remote host is prior to 4.3-0.21.gitaae0aff4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2152 advisory. Integer overflow in the readfragmenttable4 function in unsquash-4.c in Squashfs and sasquatch allows...

Heap overflow

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...

CVE-2023-3463 GE Digital CIMPLICITY Heap-based Buffer Overflow

All versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : ConnMan vulnerabilities (USN-6236-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6236-1 advisory. It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use thi...

CVE-2020-23910

CVE-2020-23910 affects the asn1c project up to version v0.9.28; the vulnerability is a stack-based buffer overflow in the function genhash_get within genhash.c. The connected documents do not provide exploitation details or remediation/patch information. NVD lists a HIGH availability impact with ...

CVE-2023-35012

Summary: CVE-2023-35012 affects IBM Db2 for Linux, UNIX and Windows (including Db2 Connect Server) 11.5 with a Federated configuration. The issue is a stack-based buffer overflow caused by improper bounds checking, enabling a local user with SYSADM privileges to overflow a buffer and execute arbi...

CVE-2023-35012 IBM Db2 code execution

IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-For...

Kofax Power PDF saveAs Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation...

Kofax Power PDF replacePages Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the implementation...

PT-2023-5822 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. The specific flaw exists within the prog.cgi binary, whi...

PT-2023-5823 · D Link · D-Link Dir-3040

Name of the Vulnerable Software and Affected Versions: D-Link DIR-3040 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. The specific flaw exists within the prog.cgi binary, whi...