Huawei EulerOS: Security Advisory for cifs-utils (EulerOS-SA-2022-2602)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Stack overflow

Advantech R-SeeNet Versions 2.4.17 and prior are vulnerable to a stack-based buffer overflow. An unauthorized attacker can use an outsized filename to overflow the stack buffer and enable remote code execution...

EulerOS 2.0 SP3 : cifs-utils (EulerOS-SA-2022-2602)

According to the versions of the cifs-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers...

Denial Of Service (DoS)

libcurl.so is vulnerable to denial of service. The vulnerability exists due to stack-based buffer overflow when curl is instructed to parse a .netrc file for credentials which allows an attacker to crash the application via malicious input...

CVE-2022-33184

A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account...

CVE-2022-32454

Abode Systems, Inc. iota All-In-One Security Kit (versions 6.9X and 6.9Z) is affected by CVE-2022-32454 due to a stack-based buffer overflow in the XCMD setIPCam handler. The root cause is an unsafe strcpy into a 32-byte ipcam_1.name field when processing a crafted XML payload, enabling attacker-...

CVE-2022-33184

A vulnerability in fabseg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account...

(0Day) Corel CorelDRAW Graphics Suite CGM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Corel CorelDRAW Graphics Suite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Stack overflow

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserbfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

Stack overflow

A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2021-26728 spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow

Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsrfunc function of spxrestservice allow an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

CVE-2021-26731 spx_restservice modifyUserb_func Command Injection and Multiple Stack-Based Buffer Overflows

Command injection and multiple stack-based buffer overflows vulnerabilities in the modifyUserbfunc function of spxrestservice allow an authenticated attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware...

CVE-2021-26727

CVE-2021-26727 affects Lanner Inc IAC-AST2500A standard firmware (version 1.10.0). The vulnerabilities are in the spx_restservice SubNet_handler_func, enabling multiple command injections and stack/heap-based buffer overflows that can permit remote code execution with root privileges over the net...

CVE-2022-40984

CVE-2022-40984 targets Yokogawa WTViewerE and WTViewerEfree: a stack-based buffer overflow (CWE-121) that can crash the product when processing a long file name. Affected: WTViewerE 761941 up to 1.61 and WTViewerEfree 1.01 up to 1.52. Root cause: stack-based buffer overflow in handling long filen...

CVE-2021-26730 spx_restservice Login_handler_func Subfunction Stack-Based Buffer Overflow

A stack-based buffer overflow vulnerability in a subfunction of the Loginhandlerfunc function of spxrestservice allows an attacker to execute arbitrary code with the same privileges as the server user root. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0...

Advantech R-SeeNet show_code Endpoint Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Advantech R-SeeNet. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of POST requests sent to the showcode.php endpoint. When processing th...

Amazon Linux 2 : vim (ALAS-2022-1868)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1868 advisory. A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msgouttransspecial function. This flaw allows a specially crafted file to crash software or execute code when opened i...

Amazon Linux AMI : vim (ALAS-2022-1639)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1639 advisory. A flaw was found in vim, which is vulnerable to an out-of-bounds read in the msgouttransspecial function. This flaw allows a specially crafted file to crash software or execute code when opened in...

Advantech R-SeeNet

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: R-SeeNet Vulnerabilities: Path Traversal, Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in an unauthorized attacker...

CVE-2022-38450

Adobe Acrobat Reader versions 22.002.20212 and earlier and 20.005.30381 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim...