CVE-2024-32017 – Buffer overflows in RIOT
https://notcve.org/view.php?id=CVE-2024-32017
If the input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerabilities could range from denial of service to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/May/7 http://www.openwall.com/lists/oss-security/2024/05/07/3 https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/dns.c#L319-L325 https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/gcoap/forward_proxy.c#L352 https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-v97j-w9m6-c4h3 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-31225 – Lack of size check and buffer overflow in RIOT
https://notcve.org/view.php?id=CVE-2024-31225
If the unchecked input above is attacker-controlled and crosses a security boundary, the impact of the buffer overflow vulnerability could range from denial of service to arbitrary code execution. • http://seclists.org/fulldisclosure/2024/May/7 http://www.openwall.com/lists/oss-security/2024/05/07/3 https://github.com/RIOT-OS/RIOT/blob/master/sys/net/application_layer/cord/lc/cord_lc.c#L218 https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-2572-7q7c-3965 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2024-22830
https://notcve.org/view.php?id=CVE-2024-22830
Anti-Cheat Expert's Windows kernel module "ACE-BASE.sys" version 1.0.2202.6217 does not perform proper access control when handling system resources. ... El módulo del kernel de Windows de Anti-Cheat Expert "ACE-BASE.sys" versión 1.0.2202.6217 no realiza un control de acceso adecuado cuando maneja los recursos del sistema. • http://anti-cheat.com https://intl.anticheatexpert.com/#/tool-center https://www.defencetech.it/wp-content/uploads/2024/04/Report-CVE-2024-22830.pdf • CWE-284: Improper Access Control •
CVE-2024-33430
https://notcve.org/view.php?id=CVE-2024-33430
An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. Un problema en phiola/src/afilter/pcm_convert.h:513 de phiola v2.0-rc22 permite a un atacante remoto ejecutar código arbitrario a través de un archivo .wav manipulado. • https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/poc/I2ZFI3~5 https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/segmentFault-1.assets/image-20240420011601263.png https://github.com/Helson-S/FuzzyTesting/blob/master/phiola/segmentFault-1/segmentFault-1.md https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/segmentFault-1 https://github.com/Helson-S/FuzzyTesting/tree/master/phiola/segmentFault-1/poc https://github.com/stsaz/phiola https:/& • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-482: Comparing instead of Assigning •
CVE-2023-26322 – GetApps application has code execution vulnerability
https://notcve.org/view.php?id=CVE-2023-26322
A code execution vulnerability exists in the XiaomiGetApps application product. This vulnerability is caused by the verification logic being bypassed, and an attacker can exploit this vulnerability to execute malicious code. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the isUrlMatchLevel method. The issue results from a permissive list of allowed inputs. • https://trust.mi.com/misrc/bulletins/advisory?cveId=542 • CWE-94: Improper Control of Generation of Code ('Code Injection') •