CVE-2022-24673

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Canon imageCLASS MF644Cdw 10.02 printers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the SLP protocol. The issue results from...

CVE-2023-26337

CVE-2023-26337 is a stack-based buffer overflow in Adobe Dimension ≤ 3.4.7 that allows arbitrary code execution in the context of the current user. Exploitation requires a user to open a crafted file (social/interaction). Public sources confirm the flaw affects Dimension 3.4.7 and earlier. Adobe ...

CVE-2023-26337 ZDI-CAN-20285: Adobe Dimension USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2022-23125

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate...

CVE-2022-0650

This CVE affects TP-Link TL-WR940N routers (v3.20.1 Build 200316 Rel.34392n). The root cause is a lack of proper validation of the length of user-supplied data in the httpd service, copying into a fixed-length stack-based buffer. The vulnerability allows network-adjacent attackers to execute arbi...

CVE-2022-0650

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link TL-WR940N 3.20.1 Build 200316 Rel.34392n 5553 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the httpd service, which listens on...

CBL Mariner 2.0 Security Update: fribidi (CVE-2022-25308)

The version of fribidi installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-25308 advisory. - A stack-based buffer overflow flaw was found in the Fribidi package. This flaw allows an attacker to pass a...

CVE-2022-45460

CVE-2022-45460 affects XiongMai NVRs (e.g., MBD6304T and NBD6808T-PL) and is caused by a stack-based buffer overflow triggered by a long URI in a sprintf call on the web server. An unauthenticated, remote attacker can crash the web server and reboot the device, with potential arbitrary code execu...

CVE-2022-45460

Multiple Xiongmai NVR devices, including MBD6304T V4.02.R11.00000117.10001.131900.00000 and NBD6808T-PL V4.02.R11.C7431119.12001.130000.00000, allow an unauthenticated and remote user to exploit a stack-based buffer overflow and crash the web server, resulting in a system reboot. An unauthenticat...

CVE-2022-24973

CVE-2022-24973 affects TP-Link TL-WR940N routers (httpd on port 80). The flaw is a stack-based buffer overflow caused by improper validation of user-supplied data length in the httpd service, allowing network-adjacent attackers to execute code with root privileges. Exploitation was described in Z...

CVE-2023-1646

CVE-2023-1646 affects IObit Malware Fighter 9.4.0.776. The issue resides in the IOCTL Handler’s IMFCameraProtect.sys, manipulation of functions 0x8018E000/0x8018E004 causes a stack-based buffer overflow. Local exploitation is required; the exploit has been publicly disclosed. PT-2023-2360 notes a...

Security Bulletin: Multiple vulnerabilities in IBM Content Navigator may affect IBM Business Automation Workflow

Summary IBM Business Automation Workflow embeds a version of IBM Content Navigator that is vulnerable to denial of service attacks and missing authorization. Vulnerability Details CVEID:CVE-2022-40151 DESCRIPTION: XStream is vulnerable to a denial of service, caused by a stack-based buffer...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-117)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-117 advisory. Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. CVE-2022-3234 Use After Free in GitHub repository vim/vim prior to 9.0.0490. CVE-2022-3235 Use After Free in GitHub...

Amazon Linux 2023 : dbus-broker (ALAS2023-2023-080)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-080 advisory. An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec lin...

Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2023-098)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-098 advisory. 2024-02-15: CVE-2022-3591 was added to this advisory. 2024-02-15: CVE-2022-3520 was added to this advisory. A flaw was found in vim. A possible heap-based buffer overflow could allow an attacke...

Delta DOPSoft <= 4.00.16.22 Multiple Vulnerabilities

The version of Delta DOPSoft installed on the remote host is prior to or equal to 4.00.16.22. It is, therefore, affected by multiple vulnerabilities as referenced in the CISA ICSA-23-031-01 advisory. - Delta Electronics DOPSoft versions 4.00.16.22 and prior are vulnerable to a stack-based buffer...

CBL Mariner 2.0 Security Update: libjpeg-turbo (CVE-2020-17541)

The version of libjpeg-turbo installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-17541 advisory. - Libjpeg-turbo all version have a stack-based buffer overflow in the transform component. A remote...

Adobe Dimension USDA File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Dimension. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of USD...

Adobe Dimension < 3.4.8 Multiple Vulnerabilities (APSB23-20) (macOS)

The version of Adobe Dimension installed on the remote macOS host is prior to 3.4.8. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB23-20 advisory. - Adobe Dimension versions 3.4.7 and earlier is affected by a Stack-based Buffer Overflow vulnerability that could...

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 ESM / 22.04 ESM : abcm2ps vulnerabilities (USN-5961-1)

The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 ESM / 22.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5961-1 advisory. It was discovered that abcm2ps incorrectly handled memory when parsing specially crafted ABC files. An attacker could...