Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2022-34608: vuln/H3C/7 at main · Darry-lang1/vuln

H3C Magic R200 R200V200R004L02 was discovered to contain a stack overflow via the ajaxmsg parameter at /AJAX/ajaxget.

CVE
Open in Source
#vulnerability#web#windows#buffer_overflow#auth#firefox
CVE-2022-33967: U-Boot

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.

CVE-2022-32961: HiCOS 自然人憑證元件客戶端 - Stack Buffer Overflow-3

HICOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for token information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.

CVE-2022-32960: HiCOS 自然人憑證元件客戶端 - Stack Buffer Overflow-2

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for card number. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.

CVE-2022-32959: HiCOS 自然人憑證元件客戶端 - Stack Buffer Overflow-1

HiCOS’ client-side citizen digital certificate component has a stack-based buffer overflow vulnerability when reading IC card due to insufficient parameter length validation for OS information. An unauthenticated physical attacker can exploit this vulnerability to execute arbitrary code, manipulate system data or terminate service.

CVE-2022-1921: avidemux: heap buffer overwrite in gst_avi_demux_invert/swap_line (#1224) · Issues · GStreamer / gstreamer · GitLab

Integer overflow in avidemux element in gst_avi_demux_invert function which allows a heap overwrite while parsing avi files. Potential for arbitrary code execution through heap overwrite.

CVE-2021-32504: The SICK Product Security Incident Response Team (SICK PSIRT)

Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious attacker could use this sensitive information’s to launch further attacks on the system.

CVE-2022-34029: SEGV njs_scope.h:74:12 Out-of-bounds Read in njs_scope_value · Issue #506 · nginx/njs

Nginx NJS v0.7.4 was discovered to contain an out-of-bounds read via njs_scope_value at njs_scope.h.

CVE-2021-44170: Fortiguard

A stack-based buffer overflow vulnerability [CWE-121] in the command line interpreter of FortiOS before 7.0.4 and FortiProxy before 2.0.8 may allow an authenticated attacker to execute unauthorized code or commands via specially crafted command line arguments.

CVE-2022-32985: Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch series

libnx_apl.so on Nexans FTTO GigaSwitch before 6.02N and 7.x before 7.02 implements a Backdoor Account for SSH logins on port 50200 or 50201.