SUSE SLES12 Security Update : u-boot (SUSE-SU-2022:2666-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2666-1 advisory. - In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the i2c md command enables the...

SUSE SLES15 Security Update : u-boot (SUSE-SU-2022:2654-1)

The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:2654-1 advisory. - In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the i2c md command enables the...

CVE-2022-35222

CVE-2022-35222 affects the HiCOS Citizen verification component and is a stack-based buffer overflow caused by insufficient parameter length validation. An unauthenticated physical attacker could exploit this to execute arbitrary code, manipulate system commands, or disrupt service. CVSS v3.1 bas...

CVE-2022-35219

The CVE-2022-35219 entry describes a stack-based buffer overflow in the NHI card’s web service component caused by insufficient validation of the network packet key parameter. A local-area-network attacker with general user privileges can disrupt service. The issue affects the NHI card’s web serv...

D-Link DSL-3782 Buffer Overflow Vulnerability (CNVD-2022-56666)

The D-Link DSL-3782 is a wireless router from AUO D-Link of Taiwan, China. The D-Link DSL-3782 suffers from a buffer overflow vulnerability that stems from a stack-based buffer overflow in the getAttrValue method. No detailed vulnerability details are provided at this time...

CVE-2022-27255

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data...

CVE-2022-27255

In Realtek eCos RSDK 1.5.7p1 and MSDK 4.9.4p1, the SIP ALG function that rewrites SDP data has a stack-based buffer overflow. This allows an attacker to remotely execute code without authentication via a crafted SIP packet that contains malicious SDP data...

TCL LinkHub Mesh Wifi confsrv set_mf_rule stack-based buffer overflow vulnerability

Talos Vulnerability Report TALOS-2022-1455 TCL LinkHub Mesh Wifi confsrv setmfrule stack-based buffer overflow vulnerability August 1, 2022 CVE Number CVE-2022-23919,CVE-2022-23918 SUMMARY A stack-based buffer overflow vulnerability exists in the confsrv setmfrule functionality of TCL LinkHub Mes...

EulerOS 2.0 SP10 : cifs-utils (EulerOS-SA-2022-2152)

According to the versions of the cifs-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers...

EulerOS 2.0 SP10 : cifs-utils (EulerOS-SA-2022-2127)

According to the versions of the cifs-utils package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers...

EulerOS Virtualization 2.9.1 : vim (EulerOS-SA-2022-2193)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - Out-of-bounds Read in vim/vim prior to 8.2. CVE-2022-0319 - Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to...

CVE-2022-36998

An issue was discovered in Veritas NetBackup 8.1.x through 8.1.2, 8.2, 8.3.x through 8.3.0.2, 9.x through 9.0.0.1, and 9.1.x through 9.1.0.1 and related NetBackup products. An attacker with authenticated access to a NetBackup Client could remotely trigger a stack-based buffer overflow on the...

Security Bulletin: IBM QRadar SIEM Application Framework Base Image is vulnerable to using components with Known Vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. IBM QRadar SIEM has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-23218 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based...

CVE-2022-32961

CVE-2022-32961 concerns HICOS’ client-side citizen digital certificate component, which has a stack-based buffer overflow when reading an IC card due to insufficient validation of token information parameter length. The vulnerability can be exploited by an unauthenticated, physical attacker to ex...

CVE-2022-32959

The CVE-2022-32959 entry concerns HiCOS’ client-side citizen digital certificate component, which is vulnerable to a stack-based buffer overflow when reading IC card data due to insufficient validation of OS information parameter length. The impact described in the sources is arbitrary code execu...

Denial Of Service (DoS)

vim is vulnerable to denial of service. The vulnerabilty is in spelldumpcompl fucntion in spell.c' where an attacker can crash the application through the stack-based buffer overflow...

CVE-2021-44170

A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...

CVE-2021-44170

A stack-based buffer overflow vulnerability CWE-121 in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments...

Stack overflow

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...

UBUNTU-CVE-2022-31212

An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied...