#buffer_overflow

An update for libeconf is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-22652: A flaw was found in the libeconf library. This issue occurs when parsing a specially crafted configuration file, causing a stack-based buffer overflow, resulting in a denial of service.

169 bytes small Windows/x64 PIC NULL-free calc.exec shellcode.

Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)

By Deeba Ahmed The new discovery could have far-reaching implications for Physical Access Control Systems and sensitive facilities. This is a post from HackRead.com Read the original post: AXIS A1001 System Flaws Expose Secure Facilities to Unauthorized Access

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: CNC Series devices Vulnerability: Classic Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious remote attacker to cause a denial-of-service condition and execute malicious code on the product by sending specially crafted packets. System reset is required for recovery. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Mitsubishi Electric CNC series products are affected: M8V Series  M800VW (BND-2051W000-**): All versions M800VS (BND-2052W000-**): All versions M80V (BND-2053W000-**): All versions M80VW (BND-2054W000-**): All Versions M8 Series  M800W (BND-2005W000-**): All versions M800S (BND-2006W000-**): All versions M80 (BND-2007W000-**): All versions M80W (BND-2008W000-**): All versions E80 (BND-2009W000-**): All versions C80 C80 C80 (BND-2036W000-**): All Versions M7V Series M700VW (BND-1012W000-...

A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file.

A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.

Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.

Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.