Experimental News Clipping Site

Tag: Buffer Overflow

  • Hacker News: Researchers have identified a total of 6 vulnerabilities in rsync

    by

    Kurt Seifried
    in

    Source URL: https://www.openwall.com/lists/oss-security/2025/01/14/3 Source: Hacker News Title: Researchers have identified a total of 6 vulnerabilities in rsync Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses multiple vulnerabilities identified in the rsync software, including a critical heap buffer overflow that allows arbitrary code execution with minimal access rights. This communication is especially…

  • Cisco Talos Blog: Slew of WavLink vulnerabilities

    by

    Kurt Seifried
    in

    Source URL: https://blog.talosintelligence.com/slew-of-wavlink-vulnerabilities/ Source: Cisco Talos Blog Title: Slew of WavLink vulnerabilities Feedly Summary: Lilith >_> of Cisco Talos discovered these vulnerabilities. Forty-four vulnerabilities and sixty-three CVEs were discovered across ten .cgi and three .sh files, as well as the static login page, of the Wavlink AC3000 wireless router web application.  The Wavlink AC3000 wireless router is…

  • Alerts: CISA Adds Four Known Exploited Vulnerabilities to Catalog

    by

    Kurt Seifried
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-adds-four-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Four Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55591 Fortinet FortiOS Authorization Bypass Vulnerability CVE-2025-21333 Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability CVE-2025-21334 Microsoft Windows Hyper-V NT…

  • The Register: Zero-day exploits plague Ivanti Connect Secure appliances for second year running

    by

    Kurt Seifried
    in

    Source URL: https://www.theregister.com/2025/01/09/zeroday_exploits_ivanti/ Source: The Register Title: Zero-day exploits plague Ivanti Connect Secure appliances for second year running Feedly Summary: Factory resets and apply patches is the advice amid fortnight delay for other appliances The cybersecurity industry is urging those in charge of defending their orgs to take mitigation efforts “seriously" as Ivanti battles two…

  • Alerts: CISA Adds One Known Exploited Vulnerability to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/12/10/cisa-adds-one-known-exploited-vulnerability-catalog Source: Alerts Title: CISA Adds One Known Exploited Vulnerability to Catalog Feedly Summary: CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability These types of vulnerabilities are frequent attack vectors for…

  • Hacker News: Buffer Overflow Risk in Curl_inet_ntop and Inet_ntop4

    by

    system automation
    in

    Source URL: https://hackerone.com/reports/2887487 Source: Hacker News Title: Buffer Overflow Risk in Curl_inet_ntop and Inet_ntop4 Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text addresses vulnerabilities in the Curl and inet_ntop functions relating to buffer overflow risks due to inadequate buffer size validation. This discussion is particularly relevant for professionals involved in software security,…

  • Slashdot: D-Link Tells Users To Trash Old VPN Routers Over Bug Too Dangerous To Identify

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/20/189224/d-link-tells-users-to-trash-old-vpn-routers-over-bug-too-dangerous-to-identify?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: D-Link Tells Users To Trash Old VPN Routers Over Bug Too Dangerous To Identify Feedly Summary: AI Summary and Description: Yes Summary: D-Link has advised users of older VPN routers to replace their devices due to a serious remote code execution vulnerability. This issue exemplifies the critical security risks…

  • Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38812 VMware vCenter Server Heap-Based Buffer Overflow Vulnerability CVE-2024-38813 VMware vCenter Server Privilege Escalation Vulnerability These types of vulnerabilities are frequent attack vectors…

  • The Register: D-Link tells users to trash old VPN routers over bug too dangerous to identify

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/20/dlink_rip_replace_router/ Source: The Register Title: D-Link tells users to trash old VPN routers over bug too dangerous to identify Feedly Summary: Vendor offers 20% discount on new model, but not patches Owners of older models of D-Link VPN routers are being told to retire and replace their devices following the disclosure of a…