Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

Two High-Risk Security Flaws Discovered in Curl Library - New Patches Released

Patches have been released for two security flaws impacting the Curl data transfer library, the most severe of which could potentially result in code execution. The list of vulnerabilities is as follows - CVE-2023-38545 (CVSS score: 7.5) - SOCKS5 heap-based buffer overflow vulnerability CVE-2023-38546 (CVSS score: 5.0) - Cookie injection with none file CVE-2023-38545 is the more severe of the

The Hacker News
Open in Source
#vulnerability#web#mac#dos#rce#buffer_overflow#The Hacker News
CVE-2023-5474

Heap buffer overflow in PDF in Google Chrome prior to 118.0.5993.70 allowed a remote attacker who convinced a user to engage in specific user interactions to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)

Curl Bug Hype Fizzles After Patching Reveal

Touted for days as potentially catastrophic, the curl flaws only impact a narrow set of deployments.

Debian Security Advisory 5523-1

Debian Linux Security Advisory 5523-1 - Two security issues were found in Curl, an easy-to-use client-side URL transfer library and command line tool.

Red Hat Security Advisory 2023-5610-01

Red Hat Security Advisory 2023-5610-01 - The GNU tar program can save multiple files in an archive and restore files from an archive. Issues addressed include a buffer overflow vulnerability.

CVE-2023-34346: TALOS-2023-1764 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the httpd gwcfg.cgi get functionality of Yifan YF325 v1.0_20221108. A specially crafted network packet can lead to command execution. An attacker can send a network request to trigger this vulnerability.

CVE-2023-31272: TALOS-2023-1765 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the httpd do_wds functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.

CVE-2023-35967: TALOS-2023-1788 || Cisco Talos Intelligence Group

Two heap-based buffer overflow vulnerabilities exist in the gwcfg_cgi_set_manage_post_data functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to a heap buffer overflow. An attacker can send a network request to trigger these vulnerabilities.This integer overflow result is used as argument for the malloc function.

CVE-2023-34426: TALOS-2023-1766 || Cisco Talos Intelligence Group

A stack-based buffer overflow vulnerability exists in the httpd manage_request functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to stack-based buffer overflow. An attacker can send a network request to trigger this vulnerability.

CVE-2023-35055: TALOS-2023-1761 || Cisco Talos Intelligence Group

A buffer overflow vulnerability exists in the httpd next_page functionality of Yifan YF325 v1.0_20221108. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger this vulnerability.This buffer overflow is in the next_page parameter in the gozila_cgi function.