CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26727 – spx_restservice SubNet_handler_func Multiple Command Injections and Stack-Based Buffer Overflows
https://notcve.org/view.php?id=CVE-2021-26727
Multiple command injections and stack-based buffer overflows vulnerabilities in the SubNet_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. Múltiples inyecciones de comandos y los desbordamientos de búfer en la región stack de la memoria en la función SubNet_handler_func de spx_restservice permiten a un atacante ejecutar código arbitrario con los mismos privilegios que el usuario del servidor (root). Este problema afecta: Lanner Inc IAC-AST2500A versión de firmware estándar 1.10.0 • https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1 https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26727 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26729 – spx_restservice Login_handler_func Command Injection and Multiple Stack-Based Buffer Overflows
https://notcve.org/view.php?id=CVE-2021-26729
Command injection and multiple stack-based buffer overflows vulnerabilities in the Login_handler_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. Unas vulnerabilidades de inyección de comandos y múltiples desbordamientos de búfer en la región stack de la memoria en la función Login_handler_func de spx_restservice permiten a un atacante ejecutar código arbitrario con los mismos privilegios que el usuario del servidor (root). Este problema afecta: Lanner Inc IAC-AST2500A versión de firmware estándar 1.10.0 • https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1 https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26729 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2021-26728 – spx_restservice KillDupUsr_func Command Injection and Stack-Based Buffer Overflow
https://notcve.org/view.php?id=CVE-2021-26728
Command injection and stack-based buffer overflow vulnerabilities in the KillDupUsr_func function of spx_restservice allow an attacker to execute arbitrary code with the same privileges as the server user (root). This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. Unas vulnerabilidades de inyección de comandos y desbordamiento del búfer en la región stack de la memoria en la función KillDupUsr_func de spx_restservice permiten a un atacante ejecutar código arbitrario con los mismos privilegios que el usuario del servidor (root). Este problema afecta a: Lanner Inc IAC-AST2500A versión de firmware estándar 1.10.0 • https://www.nozominetworks.com/blog/vulnerabilities-in-bmc-firmware-affect-ot-iot-device-security-part-1 https://www.nozominetworks.com/labs/vulnerability-advisories/cve-2021-26728 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2022-38435 – Adobe Illustrator PCX File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2022-38435
Adobe Illustrator versions 26.4 (and earlier) and 25.4.7 (and earlier) are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. • https://helpx.adobe.com/security/products/illustrator/apsb22-56.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 1CVE-2022-41415
https://notcve.org/view.php?id=CVE-2022-41415
Acer Altos W2000h-W570h F4 R01.03.0018 was discovered to contain a stack overflow in the RevserveMem component. This vulnerability allows attackers to cause a Denial of Service (DoS) via injecting crafted shellcode into the NVRAM variable. Se ha detectado que Acer Altos W2000h-W570h F4 versión R01.03.0018, contiene un desbordamiento de pila en el componente RevserveMem. Esta vulnerabilidad permite a atacantes causar una Denegación de Servicio (DoS) por medio de una inyección de shellcode diseñado en la variable NVRAM • http://acer.com http://altos.com https://github.com/10TG/vulnerabilities/blob/main/Acer/CVE-2022-41415/CVE-2022-41415.md • CWE-787: Out-of-bounds Write •