| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Protection Against Voltage and Clock Glitches in FPGA devices, could allow an attacker with physical access to undervolt the platform resulting in a loss of confidentiality. |
| ChaosPro 2.0 contains a buffer overflow vulnerability in the configuration file path handling that allows attackers to execute arbitrary code by overwriting the Structured Exception Handler. Attackers can craft a malicious configuration file with carefully constructed payload to overwrite memory and gain remote code execution on vulnerable Windows XP systems. |
| A vulnerability was identified in H3C Magic B3 up to 100R002. This affects the function AddMacList/EditMacList of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. |
| A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release. |
| A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release. |
| There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701.
Likelihood: High – Given the prevalence of these buffer overflows, and the clear error message of the web server, an attacker is very likely to be able to find these vulnerabilities.
Impact: Low – Usually, overflowing one of these buffers just causes a segmentation fault of the CGI binary, which causes the web server to return a 502 Bad Gateway error. However the webserver itself is not affected, and no DoS can be achieved. Abusing these buffer overflows in a meaningful way requires highly technical knowledge, especially since ASLR also seems to be enabled on the charging station. However, a skilled attacker might be able to use one of these buffer overflows to obtain remote code execution.
CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack has a small impact on the availability of the device (VC:N/VI:N/VA:L). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect this vulnerability to have a safety impact. The attack can be automated (AU:Y). |
| A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange. |
| NVIDIA nvJPEG contains a vulnerability in jpeg encoding where a user may cause an out-of-bounds read by providing a maliciously crafted input image with dimensions that cause integer overflows in array index calculations. A successful exploit of this vulnerability may lead to denial of service. |
| NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker might cause an improper index validation by issuing a call with crafted parameters. A successful exploit of this vulnerability might lead to data tampering or denial of service. |
| Prime95 version 29.8 build 6 contains a buffer overflow vulnerability in the user ID input field that allows remote attackers to execute arbitrary code. Attackers can craft a malicious payload and paste it into the PrimeNet user ID and proxy host fields to trigger a bind shell on port 3110. |
| Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. |
| XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application crash. |
| A buffer overflow in the GuitarPro1::read function of MuseScore Studio v4.3.2 allows attackers to to execute arbitrary code or cause a Denial of Service (DoS) via opening a crafted GuitarPro file. |
| A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not properly validate the structure of TCP packets in several methods. This could allow an attacker to cause buffer overflows, get control over the instruction counter and run custom code. |
| Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. |
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause a stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering. |
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. |
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. |
| Inclusion of undocumented features issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. A remote attacker may disable the LAN-side firewall function of the affected products, and open specific ports. |
| Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big height dimension. |