Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

Multiple Flaws in CyberPower and Dataprobe Products Put Data Centers at Risk

Multiple security vulnerabilities impacting CyberPower's PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe's iBoot Power Distribution Unit (PDU) could be potentially exploited to gain unauthenticated access to these systems and inflict catastrophic damage in target environments. The nine vulnerabilities, from CVE-2023-3259 through CVE-2023-3267, carry

The Hacker News
Open in Source
#vulnerability#ddos#dos#backdoor#rce#perl#buffer_overflow#hard_coded_credentials#auth#The Hacker News
CVE-2021-28427: XnView 2.49.4 - XnView Software

Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.

CVE-2021-28835: The Best Windows Photo Viewer, Image Resizer and Batch Converter · XnView

Buffer Overflow vulnerability in XNView before 2.50, allows local attackers to execute arbitrary code via crafted GEM bitmap file.

CVE-2020-24222: ffjpeg "jfif_decode" function segment fault · Issue #31 · rockcarry/ffjpeg

Buffer Overflow vulnerability in jfif_decode() function in rockcarry ffjpeg through version 1.0.0, allows local attackers to execute arbitrary code due to an issue with ALIGN.

CVE-2020-28840: heap-buffer-overflow on process_COM in jpgfile.c:51

Buffer Overflow vulnerability in jpgfile.c in Matthias-Wandel jhead version 3.04, allows local attackers to execute arbitrary code and cause a denial of service (DoS).

CVE-2020-35990: PDF Software & Tools Tailored to Your Business | Foxit

Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.

CVE-2023-3824: Buffer overflow and overread in phar_dir_read()

In PHP version 8.0.* before 8.0.30,  8.1.* before 8.1.22, and 8.2.* before 8.2.8, when loading phar file, while reading PHAR directory entries, insufficient length checking may lead to a stack buffer overflow, leading potentially to memory corruption or RCE. 

15 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks

A set of 15 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked from CVE-2022-47379 through CVE-2022-47393 and dubbed CoDe16, carry a CVSS score of 8.8 with the exception of

CVE-2023-28736

Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.

CVE-2023-40225

HAProxy through 2.0.32, 2.1.x and 2.2.x through 2.2.30, 2.3.x and 2.4.x through 2.4.23, 2.5.x and 2.6.x before 2.6.15, 2.7.x before 2.7.10, and 2.8.x before 2.8.2 forwards empty Content-Length headers, violating RFC 9110 section 8.6. In uncommon cases, an HTTP/1 server behind HAProxy may interpret the payload as an extra request.