OSV-2022-1022 Stack-buffer-overflow in check_content_type_and_change_protocol

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=52160 Crash type: Stack-buffer-overflow READ Crash state: checkcontenttypeandchangeprotocol ndpisearchhttptcp checkndpidetectionfunc...

PT-2022-36668 · Git +1 · Ndpi

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a stack-buffer-overflow read crash. Technical details about the crash include the check content type and change protocol, ndpi...

mIPC camera firmware buffer overflow vulnerability

mIPC camera firmware is a camera from mIPC. mIPC camera firmware version 5.3.1.2003161406 is vulnerable to an input validation error, which stems from unrestricted user input when setting up a zone file and can be exploited by an attacker to trigger a stack buffer overflow...

CVE-2022-40784

CVE-2022-40784 affects mIPC camera firmware version 5.3.1.2003161406. The issue is an unlimited strcpy on user input when setting a locale file, which leads to a stack buffer overflow. CVSS v3.1 metrics indicate a high severity (8.8) with network attack vector, low attack complexity and low privi...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2022-2388)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for libtiff (EulerOS-SA-2022-2352)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Forms Viewer stack buffer overflow identified (CVE-2013-5447)

Abstract A stack buffer overflow issue has been identified in the Forms Viewer that could allow remote code execution to occur. Content A stack buffer overflow issue has been identified in the Forms Viewer that could allow remote code execution to occur VULNERABILITY DETAILS: CVEID : CVE-2013-544...

OSV-2022-953 Dynamic-stack-buffer-overflow in rx_icmp

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51757 Crash type: Dynamic-stack-buffer-overflow WRITE Crash state: rxicmp rxip miprx...

Stack overflow

There is a stack buffer overflow vulnerability, which could lead to arbitrary code execution in UEFI DXE driver on some Acer products. An attack could exploit this vulnerability to escalate privilege from ring 3 to ring 0, and hijack control flow during UEFI DXE execution. This affects Altos T110...

OSV-2022-932 Stack-buffer-overflow in ntlm_phase_3

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51653 Crash type: Stack-buffer-overflow WRITE 1 Crash state: ntlmphase3 establishhttpproxypassthru fuzzproxy.c...

EulerOS Virtualization 2.9.1 : libtiff (EulerOS-SA-2022-2352)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped function. This flaw allows an attacker to...

EulerOS Virtualization 2.9.0 : libtiff (EulerOS-SA-2022-2388)

According to the versions of the libtiff package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A heap buffer overflow flaw was found in Libtiffs' tiffinfo.c in TIFFReadRawDataStriped function. This flaw allows an attacker to...

CVE-2022-30426

CVE-2022-30426 describes a stack buffer overflow in the UEFI DXE driver affecting a wide range of Acer products (Altos T110 F3, AP130 F2, Aspire series, Veriton, etc.). Root cause: overflow in the DXE driver enabling arbitrary code execution and privilege escalation from ring 3 to ring 0 during U...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with Asset and Service Management (CVE-2015-4947)

Summary IBM WebSphere Application Server is shipped as a component of Maximo Asset Management, Maximo Asset Management Essentials, Maximo Industry Solutions including Maximo for Aviation, Maximo for Energy Optimization, Maximo for Government, Maximo for Nuclear Power, Maximo for Transportation,...

PT-2022-7298 · Acer · Acer Veriton E430 +18

Name of the Vulnerable Software and Affected Versions: Acer Altos T110 F3 firmware version = P13 Acer AP130 F2 firmware version = P04 Acer Aspire 1600X firmware version = P11.A3L Acer Aspire 1602M firmware version = P11.A3L Acer Aspire 7600U firmware version = P11.A4 Acer Aspire MC605 firmware...

多款Acer产品缓冲区错误漏洞

Acer Aspire Series is a line of servers from Acer China. The security vulnerability in Acer products stems from the presence of a stack buffer overflow vulnerability, which could lead to the execution of arbitrary code in the UEFI DXE driver on certain Acer products. An attacker could elevate...

CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

CVE-2022-26873 The stack buffer overflow vulnerability in PlatformInitAdvancedPreMem leads to arbitrary code execution during PEI phase.

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

Mozilla Firefox < 105.0

The version of Firefox installed on the remote Windows host is prior to 105.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2022-40 advisory. - Mozilla developers Nika Layzell, Timothy Nikkel, Sebastian Hengst, Andreas Pehrson, and the Mozilla Fuzzing Team...

KLA19256 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. Memory safety vulnerability can be exploited to execute...