CVE-2021-42860

A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...

CVE-2021-42860

CVE-2021-42860 describes a stack-overflow in Mini-XML 3.2 when passing an unformed XML string to mxmlLoadString, triggering a stack-buffer-overflow in mxml_string_getc:2611. The vulnerability is documented across multiple sources (SUSE, OSV, NVD, etc.) with the same core flaw. The input’s legalit...

CVE-2021-42860

Removed by vendor...

CVE-2021-42860

A stack buffer overflow exists in Mini-XML v3.2. When inputting an unformed XML string to the mxmlLoadString API, it will cause a stack-buffer-overflow in mxmlstringgetc:2611. NOTE: it is unclear whether this input is allowed by the API specification...

CVE-2021-20314

A stack buffer overflow was found in libspf2 when processing certain SPF macros. This issue can lead to a denial of service and potentially code execution via malicious crafted SPF explanation messages. The highest threat from this vulnerability is to confidentiality, integrity, as well as system...

CVE-2020-36129

AOM v2.0.1 was discovered to contain a stack buffer overflow via the component src/aomimage.c...

CVE-2020-10232

In version 4.8.0 and earlier of The Sleuth Kit TSK, there is a stack buffer overflow vulnerability in the YAFFS file timestamp parsing logic in yaffsfsistat in fs/yaffs.c...

OSV-2022-421 Stack-buffer-overflow in cardos_list_files

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47512 Crash type: Stack-buffer-overflow READ 1 Crash state: cardoslistfiles sclistfiles fuzzcard.c...

ROS-20220518-03

A vulnerability in the pjproject multimedia communication library is related to an infinite loop when parsing a of a WAV file. Exploitation of the vulnerability could allow an attacker acting remotely to consume all available system resources and cause denial of service conditions A vulnerability...

Oracle Linux 8 : cairo / and / pixman (ELSA-2022-1961)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-1961 advisory. - Fix CVE-2020-35492 1908113 pixman Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has...

Oracle Linux 8 : virt:ol / and / virt-devel:ol (ELSA-2022-1759)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1759 advisory. - Limit recursion in ri-records CVE-2021-3622 resolves: rhbz1976194 - Fixes: CVE-2021-33285, CVE-2021-33286, CVE-2021-33287, CVE-2021-33289,...

Buffer Overflow

PJSIP is a free and open source multimedia communication library written in C language. In versions prior to and including 2.12 PJSIP there is a stack-buffer overflow vulnerability which only impacts PJSIP users who accept hashed digest credentials credentials with datatype PJSIPCREDDATADIGEST...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution Exploit

This Metasploit module exploits a stack buffer overflow in the Cisco RV series router's SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation...

AlmaLinux 8 : cairo and pixman (ALSA-2022:1961)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:1961 advisory. - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's...

Buffer overflow

Tenda AX1803 v1.0.0.12890 is vulnerable to Buffer Overflow. The vulnerability lies in rootfs In / goform / setsystimecfg of / bin / tdhttpd in ubif file system, attackers can access http://ip/goform/SetSysTimeCfg, and by setting the ntpserve parameter, the stack buffer overflow can be caused to...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

This module exploits a stack buffer overflow in the Cisco RV series routers SSL VPN functionality. The default SSL VPN configuration is exploitable, with no authentication required and works over the Internet! The stack is executable and no ASLR is in place, which makes exploitation easier...

Cisco RV340 SSL VPN Unauthenticated Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco RV340 SSL VPN Unauthenticated Remote Code Execution', 'Description' = %q This module exploits a stack buffer overflow in the Cisco RV serie...

Ubuntu 16.04 ESM : Cairo vulnerabilities (USN-5407-1)

The remote Ubuntu 16.04 ESM host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5407-1 advisory. Gustavo Grieco, Alberto Garcia, Francisco Oca, Suleman Ali, and others discovered that Cairo incorrectly handled certain files. An attacker could possibl...

Secomea SiteManager Stack Buffer Overflow Vulnerability

Secomea SiteManager is a Danish Secomea application that provides a remote maintenance function for industrial equipment. Secomea SiteManager is vulnerable to a stack buffer overflow vulnerability that can be exploited by attackers to cause arbitrary code execution...

CVE-2022-27784 Adobe After Effects Stack Buffer Overflow Could Lead To RCE

Adobe After Effects versions 22.2.1 and earlier and 18.4.5 and earlier are affected by a stack overflow vulnerability due to insecure handling of a crafted file, potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a...