#buffer_overflow

Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.

About Elevation of Privilege – Windows Cloud Files Mini Filter Driver (CVE-2024-30085) vulnerability. cldflt.sys is a Windows Cloud Files Mini Filter driver responsible for representing cloud-stored files and folders as if they were located on the local machine. The vulnerability in this driver, fixed as part of the June 2024 Microsoft Patch Tuesday, allows an […]

Versions of the package bigint-buffer from 0.0.0 to 1.1.5 are vulnerable to Buffer Overflow in the toBigIntLE() function. Attackers can exploit this to crash the application.

Ivanti has disclosed details of a now-patched critical security vulnerability impacting its Connect Secure that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-22457 (CVSS score: 9.0), concerns a case of a stack-based buffer overflow that could be exploited to execute arbitrary code on affected systems. "A stack-based buffer overflow in Ivanti Connect

`PyString::from_object` took `&str` arguments and forwarded them directly to the Python C API without checking for terminating nul bytes. This could lead the Python interpreter to read beyond the end of the `&str` data and potentially leak contents of the out-of-bounds read (by raising a Python exception containing a copy of the data including the overflow). In PyO3 0.24.1 this function will now allocate a `CString` to guarantee a terminating nul bytes. PyO3 0.25 will likely offer an alternative API which takes `&CStr` arguments.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a Miniaudio and three Adobe vulnerabilities.   The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy.     For Snort coverage

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.5 ATTENTION: Exploitable remotely Vendor: Sungrow Equipment: iSolarCloud Android App, WiNet Firmware Vulnerabilities: Improper Certificate Validation, Use of a Broken or Risky Cryptographic Algorithm, Authorization Bypass Through User-Controlled Key, User of Hard-Coded Credentials, Stack-Based Buffer Overflow, Heap-Based Buffer Overflow 2. RISK EVALUATION Successful exploitation of these vulnerabilities could result in attackers being able to access and could modify sensitive information. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Sungrow software products are affected: iSolarCloud Android App: Version 2.1.6 and prior WiNet Firmware: All versions 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER CERTIFICATE VALIDATION CWE-295 The Android app for iSolarCloud explicitly ignores certificate errors and is vulnerable to adversary-in-the-middle attacks. This may allow an attacker to impersonate the iSolarCloud server and communicate with the And...

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global). View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SINEMA Remote Connect Client Vulnerabilities: Integer Overflow or Wraparound, Unprotected Alternate Channel, Improper Restriction of Communication Channel to Intended Endpoints, Stack-based Buffer Overflow, Unrestricted Upload of File with Dangerous Type, Missing Release of Resource after Effective Lifetime 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to overflow memory buffers, impersonate a legitimate user, maintain longer session times, gain elevated privileges, and execute code remotely. 3. TECHNICAL DETAILS 3.1...

Microsoft's March 2025 Patch Tuesday fixes six actively exploited zero-day vulnerabilities, including critical RCE and privilege escalation flaws. Learn how these vulnerabilities impact Windows systems and why immediate patching is essential.

Heap-based buffer overflow in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally.