Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2021-43518: Fuzzing game map parsers, part 1

Teeworlds up to and including 0.7.5 is vulnerable to Buffer Overflow. A map parser does not validate m_Channels value coming from a map file, leading to a buffer overflow. A malicious server may offer a specially crafted map that will overwrite client's stack causing denial of service or code execution.

CVE
#ubuntu#linux#dos#git#c++#buffer_overflow
CVE-2021-39048: IBM Spectrum Protect buffer overflow CVE-2021-39048 Vulnerability Report

IBM Spectrum Protect Client 7.1 and 8.1 is vulnerable to a stack based buffer overflow, caused by improper bounds checking. A local attacker could exploit this vulnerability and cause a denial of service. IBM X-Force ID: 214438.

CVE-2021-43542: Security Vulnerabilities fixed in Firefox 95

Using XMLHttpRequest, an attacker could have identified installed applications by probing error messages for loading external protocols. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.

CVE-2021-43528: Security Vulnerabilities fixed in Thunderbird 91.4.0

Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution context was limited to this area and did not receive chrome-level privileges, but could be used as a stepping stone to further an attack with other vulnerabilities. This vulnerability affects Thunderbird < 91.4.0.

CVE-2021-42757

A buffer overflow [CWE-121] in the TFTP client library of FortiOS before 6.4.7 and FortiOS 7.0.0 through 7.0.2, may allow an authenticated local attacker to achieve arbitrary code execution via specially crafted command line arguments.

CVE-2020-36133

AOM v2.0.1 was discovered to contain a global buffer overflow via the component av1/encoder/partition_search.h.

CVE-2020-36131

AOM v2.0.1 was discovered to contain a stack buffer overflow via the component stats/rate_hist.c.

CVE-2021-38575: Invalid Bug ID

NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.