Security
Headlines
HeadlinesLatestCVEs

Tag

#buffer_overflow

CVE-2023-39747: iotvul/tp-link/17/TP-Link WR841N wireless router WlanSecurityRpm Stack Overflow vulnerability.md at main · a101e-IoTvul/iotvul

TP-Link WR841N V8, TP-Link TL-WR940N V2, and TL-WR941ND V5 were discovered to contain a buffer overflow via the radiusSecret parameter at /userRpm/WlanSecurityRpm.

CVE
Open in Source
#vulnerability#git#buffer_overflow
CVE-2023-39745: iotvul/tp-link/16/TP-Link WR940N WR941ND WR841N wireless router userRpmAccessCtrlAccessRulesRpm buffer read out-of-bounds vulnerability.md at main · a101e-IoTvul/iotvul

TP-Link TL-WR940N V2, TP-Link TL-WR941ND V5 and TP-Link TL-WR841N V8 were discovered to contain a buffer overflow via the component /userRpm/AccessCtrlAccessRulesRpm. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted GET request.

CVE-2023-39751: iotvul/tp-link/20/WR941ND_userRpm_PingIframeRpm_buffer_write_out-of-bounds_vulnerability.md at main · a101e-IoTvul/iotvul

TP-Link TL-WR941ND V6 were discovered to contain a buffer overflow via the pSize parameter at /userRpm/PingIframeRpm.

CVE-2023-40072: Multiple vulnerabilities in ELECOM and LOGITEC network devices

OS command injection vulnerability in WAB-S600-PS all versions, and WAB-S300 all versions allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request.

CVE-2023-39672: Bug-Report/Tenda/WH450 buffer overflow.md at main · Davidteeri/Bug-Report

Tenda WH450 v1.0.0.18 was discovered to contain a buffer overflow via the function fgets.

CVE-2023-39670: Bug-Report/Tenda/AC6 buffer overflow.md at main · Davidteeri/Bug-Report

Tenda AC6 _US_AC6V1.0BR_V15.03.05.16 was discovered to contain a buffer overflow via the function fgets.

CVE-2023-39673: Bug-Report/Tenda/AC15 Impoper Input Validation.md at main · Davidteeri/Bug-Report

Tenda AC15 V1.0BR_V15.03.05.18_multi_TD01 was discovered to contain a buffer overflow via the function FUN_00010e34().

​ICONICS and Mitsubishi Electric Products

1. EXECUTIVE SUMMARY ​CVSS v3 5.9 ​ATTENTION: Exploitable remotely ​Vendor: ICONICS, Mitsubishi Electric ​Equipment: ICONICS Product Suite ​Vulnerabilities: Buffer Overflow, Out-of-Bounds Read, Observable Timing Discrepancy, Double Free, and NULL Pointer Dereference 2. RISK EVALUATION ​Successful exploitation of these vulnerabilities could result in information disclosure, denial-of-service, or remote code execution. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS ​ICONICS reports these vulnerabilities affect the following products using OpenSSL: ​ICONICS Suite including GENESIS64, Hyper Historian, AnalytiX, and MobileHMI: Version 10.97.2 3.2 VULNERABILITY OVERVIEW 3.2.1 ​CLASSIC BUFFER OVERFLOW CWE-120 ​A denial of service and potential crash vulnerability due to a buffer overrun condition exists in the OpenSSL library used in the ICONICS Suite. This vulnerability is in the X.509 certificate name constraint checking. ​CVE-2022-3602 has been assigned to this vulnerability. A CVSS v3 base s...

CVE-2023-29182: Fortiguard

A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiOS before 7.0.3 allows a privileged attacker to execute arbitrary code via specially crafted CLI commands, provided the attacker were able to evade FortiOS stack protections.

Critical Security Flaws Affect Ivanti Avalanche, Threatening 30,000 Organizations

Multiple critical security flaws have been reported in Ivanti Avalanche, an enterprise mobile device management solution that’s used by 30,000 organizations. The vulnerabilities, collectively tracked as CVE-2023-32560 (CVSS score: 9.8), are stack-based buffer overflows in Ivanti Avalanche WLAvanacheServer.exe v6.4.0.0. Cybersecurity company Tenable said the shortcomings are the result of buffer