Amazon Linux 2 : vim (ALAS-2023-1975)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-1975 advisory. A heap buffer overflow vulnerability was found in vim's inscomplinfercasegettext function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completi...

Denial Of Service (DoS)

fig2dev is vulnerable to Denial Of Service DoS. The vulnerability exists due to the stack-based buffer overflow in the readtextobject function of read.c, allowing an attacker to cause an application crash by passing incorrect sscanf...

Denial Of Service (DoS)

fig2dev is vulnerable to Denial Of Service DoS. The vulnerability exists due to the stack-based buffer overflow in the calcarrow function of bound.c, allowing an attacker to cause an application crash...

Important: vim

Issue Overview: A heap buffer overflow vulnerability was found in vim's inscomplinfercasegettext function of the src/insexpand.c file. This flaw occurs when vim tries to access uninitialized memory when completing a long line. This flaw allows an attacker to trick a user into opening a specially...

Important: cifs-utils

Issue Overview: A stack-based buffer overflow issue was found in pifs-utils. Parsing the mount.cifs ip command-line argument can lead to local attackers gaining root privileges. CVE-2022-27239 Affected Packages: cifs-utils Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository...

USN-5920-1: Linux kernel vulnerabilities

It was discovered that the Upper Level Protocol ULP subsystem in the Linux kernel did not properly handle sockets entering the LISTEN state in certain protocols, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service system crash or possibly execut...

CVE-2023-0656

CVE-2023-0656 is a stack-based buffer overflow in the SonicOS web management interface of SonicWall firewalls. The vulnerability can be exploited remotely by an unauthenticated attacker via crafted HTTP requests to overflow a stack buffer, potentially causing a Denial of Service (DoS) and a crash...

CVE-2023-0656

A Stack-based buffer overflow vulnerability in the SonicOS allows a remote unauthenticated attacker to cause Denial of Service DoS, which could cause an impacted firewall to crash...

CVE-2023-22751

There are stack-based buffer overflow vulnerabilities that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba Networks access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities result in the...

Ubuntu 20.04 LTS / 22.04 LTS : lighttpd vulnerabilities (USN-5903-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5903-1 advisory. It was discovered that lighttpd incorrectly handled certain inputs, which could result in a stack buffer overflow. A remote attacker could...

CVE-2023-22751

CVE-2023-22751 describes an unauthenticated, stack-based buffer overflow in Aruba Networks’ PAPI protocol (UDP port 8211) that could allow remote code execution with privileges on the underlying OS. Several connected sources confirm this as a critical, network-exposed vulnerability affecting Arub...

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in LibTIFF

Summary IBM Watson Discovery Cartridge for IBM Cloud Pak for Data contains a vulnerable version of LibTIFF. Vulnerability Details CVEID:CVE-2022-1355 DESCRIPTION: libtiff is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the tiffcp.c in main function in the...

Siemens Solid Edge Viewer STL File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Siemens Solid Edge Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Fortinet FortiWeb Stack based buffer overflow in SAML management (FG-IR-22-151)

The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-151 advisory. - A stack-based buffer overflow vulnerability CWE-121 in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.19 an...

USN-5883-1: Linux kernel (HWE) vulnerabilities

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code. CVE-2022-4378 It was discovered that an out-of-bounds write vulnerability existed i...

K21336065: GD Graphics Library vulnerability CVE-2016-8670

Security Advisory Description Integer signedness error in the dynamicGetbuf function in gdiodp.c in the GD Graphics Library aka libgd through 2.2.3, as used in PHP before 5.6.28 and 7.x before 7.0.13, allows remote attackers to cause a denial of service stack-based buffer overflow or possibly hav...

K16489: Linux kernel security vulnerabilities CVE-2010-3848, CVE-2010-3849, and CVE-2010-3850

Security Advisory Description CVE-2010-3848 Stack-based buffer overflow in the econetsendmsg function in net/econet/afeconet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures...

K16859: SUSE coreutils vulnerabilities CVE-2013-0221, CVE-2013-0222, and CVE-2013-0223

Security Advisory Description CVE-2013-0221 The SUSE coreutils-i18n.patch for GNU coreutils allows context-dependent attackers to cause a denial of service segmentation fault and crash via a long string to the sort command, when using the 1 -d or 2 -M switch, which triggers a stack-based buffer...

K15640: GNU C Library (glibc) vulnerabilities CVE-2014-0475, CVE-2014-5119, CVE-2013-4458

Security Advisory Description CVE-2014-0475 Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other...

K15903: Multiple PHP vulnerabilities

Security Advisory Description Description CVE-2012-3365 The SQLite functionality in PHP before 5.3.15 allows remote attackers to bypass the openbasedir protection mechanism via unspecified vectors. CVE-2012-2329 Buffer overflow in the apacherequestheaders function in sapi/cgi/cgimain.c in PHP 5.4...