CVE-2022-27239

In cifs-utils through 6.14, a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument could lead to local attackers gaining root privileges...

PT-2022-3554 · Unknown +5 · Cifs-Utils +5

Name of the Vulnerable Software and Affected Versions: cifs-utils versions through 6.14 Description: The issue is related to a stack-based buffer overflow when parsing the mount.cifs ip= command-line argument, which could allow local attackers to gain root privileges. This is a result of a buffer...

Ubuntu 22.04 LTS : FriBidi vulnerabilities (USN-5366-2)

The remote Ubuntu 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5366-2 advisory. USN-5366-1 fixed several vulnerabilities in FriBidi. This update provides the corresponding updates for Ubuntu 22.04 LTS. Tenable has extracted the...

Buffer Over-read

Description Stack-based Buffer Overflow at index.c:991 Build git clone https://github.com/bfabiszewski/libmobi.git cd libmobi export CFLAGS="-g -O0 -lpthread -fsanitize=address" export CXXFLAGS="-g -O0 -lpthread -fsanitize=address" export LDFLAGS="-fsanitize=address" ./autogen.sh ./configure...

Netatalk < 3.1.13 Multiple Vulnerabilities

Netatalk is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:netatalk:netatalk"; ifdescription...

EulerOS 2.0 SP8 : vim (EulerOS-SA-2022-1591)

According to the versions of the vim packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - vim is vulnerable to Heap-based Buffer Overflow CVE-2022-0213 - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. CVE-2022-0261...

EulerOS 2.0 SP8 : openjpeg (EulerOS-SA-2022-1576)

According to the versions of the openjpeg package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the pgxtoimage function in jpwl/convert.c. The vulnerability causes an...

openSUSE: Security Advisory for nbd (SUSE-SU-2022:1276-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: App Connect Professional is affected by GNU C Library vulnerability

Summary App Connect Professional have addressed the following vulnerability reported in GNU C Library. Vulnerability Details CVEID: CVE-2022-23219 DESCRIPTION: GNU C Library aka glibc is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clntcreate function in...

CVE-2022-21228

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code...

CVE-2022-21228 ICSA-22-090-03 Fuji Electric Alpha5

The affected product is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code...

CVE-2022-21228

CVE-2022-21228 affects Fuji Electric Alpha5 (Server Operator module) via a stack-based buffer overflow in the parsing of C5P files. The root cause is improper validation of the length of user-supplied data copied into a stack buffer, enabling remote code execution. Exploitation requires user inte...

Siemens SCALANCE X-300 Switches

1. EXECUTIVE SUMMARY CVSS v3 9.6 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SCALANCE X-300 switch family devices Vulnerabilities: Improper Input Validation, Use of Insufficiently Random Values, Stack-based Buffer Overflow, Cross-site Request Forgery, Improper...

Bentley MicroStation CONNECT OBJ File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley MicroStation CONNECT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Denial Of Service (DoS)

Red Hat is vulnerable to denial of service. The deprecated compatibility function clntcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a...

Updated fribidi packages fix security vulnerability

Stack based buffer overflow. CVE-2022-25308 Heap-buffer-overflow in fribidicaprtltounicode. CVE-2022-25309 SEGV in fribidiremovebidimarks. CVE-2022-25310...

CVE-2022-23973 ASUS RT-AX56U - Stack overflew

ASUS RT-AX56U’s user profile configuration function is vulnerable to stack-based buffer overflow due to insufficient validation for parameter length. An unauthenticated LAN attacker can execute arbitrary code to perform arbitrary operations or disrupt service...

Bentley Systems MicroStation 代码注入漏洞

Bentley Systems MicroStation is a Cad software platform for 2D and 3D design and drafting from Bentley Systems, USA. A code injection vulnerability exists in Bentley MicroStation CONNECT version 10.16.02.34, which originates from a failure to properly validate the length of user-supplied data...

Amazon Linux AMI : vim (ALAS-2022-1579)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1579 advisory. A flaw was found in vim. The vulnerability occurs due to a crash when recording and using Select mode and leads to an out-of-bounds read. This flaw allows an attacker to input a specially crafted...

Omron CX-One CX-Position NCI File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Omron CX-One. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NCI...