openSUSE 15 Security Update : libspf2 (openSUSE-SU-2021:1187-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1187-1 advisory. - Stack buffer overflow in libspf2 versions below 1.2.11 when processing certain SPF macros can lead to Denial of service and potentially code...

CVE-2020-18734

A stack buffer overflow in /ddsi/qbitset.h of Eclipse IOT Cyclone DDS Project v0.1.0 causes the DDS subscriber server to crash...

D-Link DAP-2020 Stack Buffer Overflow Vulnerability

The D-Link DAP-2020 is a wireless N access point. A stack buffer overflow vulnerability exists in the D-Link DAP-2020, which is caused by incorrect boundary checking of the var:page parameter in the webproc endpoint. An attacker could exploit the vulnerability to cause a buffer overflow and execu...

D-Link DAP-2020 Stack Buffer Overflow Vulnerability (CNVD-2021-67523)

The D-Link DAP-2020 is a wireless N access point. The D-Link DAP-2020 is vulnerable to a stack buffer overflow vulnerability caused by incorrect boundary checking of the var:menu parameter in the webproc endpoint, which could be exploited by an attacker to cause a buffer overflow and execute...

D-Link DAP-2020 Stack Buffer Overflow Vulnerability (CNVD-2021-67522)

The D-Link DAP-2020 is a wireless N access point. A stack buffer overflow vulnerability exists in the D-Link DAP-2020, which is caused by a failure to properly boundary check in the webproc endpoint. An attacker could exploit the vulnerability to cause a buffer overflow and execute arbitrary code...

D-Link DAP-2020 安全漏洞

The D-Link DAP-2020 is a wireless N access point. A stack buffer overflow vulnerability exists in the D-Link DAP-2020, which is caused by incorrect boundary checking of the var:page parameter in the webproc endpoint. An attacker could exploit the vulnerability to cause a buffer overflow and execu...

OPENSUSE-SU-2021:2764-1 Security update for libsndfile

This update for libsndfile fixes the following issues: - CVE-2018-13139: Fixed a stack-based buffer overflow in psfmemset in common.c in libsndfile 1.0.28allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact. bsc1100167 - CVE-2018-19432:...

Multiple Flaws Affecting Realtek Wi-Fi SDKs Impact Nearly a Million IoT Devices

Taiwanese chip designer Realtek is warning of four security vulnerabilities in three software development kits SDKs accompanying its WiFi modules, which are used in almost 200 IoT devices made by at least 65 vendors. The flaws, which affect Realtek SDK v2.x, Realtek "Jungle" SDK...

Arbitrary Code Execution

binutils is vulnerable to arbitrary code execution. An attacker who successfully tricks a user into using readelf to read a malicious file can exploit a stack buffer overflow and out-of-bounds write of malicious data supplied by the attacker and execute arbitrary code on the host OS...

CVE-2021-35393

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due ...

CVE-2021-35395

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affect...

Stack overflow

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affect...

Stack overflow

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due ...

CVE-2021-35393

Concrete details exist for Realtek Jungle SDK vulnerabilities (CVE-2021-35392, -35393, -35394, -35395). Realtek Jungle SDK v2.x–v3.4.14B runs a WiFi Simple Config/UPnP/SSDP server (named wscd or mini_upnpd) and separate management interfaces. Root causes include unsafe handling of submitted param...

CVE-2021-35393

Realtek Jungle SDK version v2.x up to v3.4.14B provides a 'WiFi Simple Config' server that implements both UPnP and SSDP protocols. The binary is usually named wscd or miniupnpd and is the successor to miniigd. The server is vulnerable to a stack buffer overflow vulnerability that is present due ...

CVE-2021-35395

Realtek Jungle SDK (Realtek AP-Router/IoT SDK) CVE-2021-35395 enables multiple stack-buffer overflows and command-injection flaws in the HTTP web server management interface (Go-Ahead webs and Boa-based). Affected forms include reboot, WSC/auth, WLANMultiAP, SiteSurvey, StaticDHCP, and peerPin-ba...

CVE-2021-35395

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affect...

CVE-2021-35395

Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access point. Two versions of this management interface exists: one based on Go-Ahead named webs and another based on Boa named boa. Both of them are affect...

Xmill Stack Buffer Overflow Vulnerability (CNVD-2021-94931)

Xmill is an efficient compressor of XML data. a stack buffer overflow vulnerability exists in the command line parsing HandleFileArg function in Xmill version 0.7. An attacker could exploit the vulnerability by providing malicious input via the filepattern parameter to cause a denial of service...

CVE-2021-21813

Within the function HandleFileArg the argument filepattern is under control of the user who passes it in from the command line. filepattern is passed directly to memcpy copying the path provided by the user into a staticly sized buffer without any length checks resulting in a stack-buffer overflo...