CVE-2024-4224

2024-07-15 2:34:24 PM CDT

CVE-2024-4224: TP-Link TL-SG1016DE XSS

AHA! has discovered an issue with the TL-SG1016DE from TP-Link, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on July 15, 2024. CVE-2024-4224 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Authenticated stored cross-site scripting (XSS) exists in the TP-Link TL-SG1016DE affecting version TL-SG1016DE(UN) V7.6_1.0.0 Build 20230616, which could allow an adversary to run JavaScript in an administrator’s browser. CVE-2024-4224 is an instance of CWE-79.

CVE-2023-5841

2024-01-31 1:37:24 PM CDT

CVE-2023-5841: Academy Software Foundation OpenEXR Heap Overflow in Scanline Deep Data Parsing

AHA! has discovered an issue with OpenEXR from The Academy Software Foundation, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on Wednesday, Jan 31, 2023. CVE-2023-5841 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to a failure in validating the number of scanline samples of a OpenEXR file containing deep scanline data, Academy Software Foundation OpenEXR image parsing library version 3.2.1 and prior is susceptible to a heap-based buffer overflow vulnerability. CVE-2023-5841 appears to be an instance of CWE-122.

CVE-2023-4504

2023-09-21 1:37:23 PM CDT

CVE-2023-4504: OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow

AHA! has discovered an issue with CUPS and libppd from OpenPrinting, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on Thursday, September 21, 2023. CVE-2023-4504 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to failure in validating the length provided by an attacker-crafted CUPS PPD file, CUPS version v2.5b1 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution. CVE-2023-4504 appears to be an instance of CWE-122, a heap-based buffer overflow.

CVE-2023-2906

2023-08-24 1:37:23 PM CDT

CVE-2023-2906: Wireshark CP2179 Parsing Divide By Zero DoS

AHA! has discovered a deinal-of-service issue with [Wireshark] from The Wireshark Foundation, and is issuing this disclosure in accordance with AHA!’s standard disclosure policy today, on Thursday, August 24, 2023. CVE-2023-2906 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack. CVE-2023-2906 appears to be an instance of CWE-369. Note that, according to the patch notes, this effect can only be achieved when a user triggers the vulnerable code patch with the “Decode As…” functionality of Wireshark (or the -d option for tshark), so this vulnerability is unlikely to be triggerable in an automated way.

CVE-2023-2905

2023-08-08 1:37:23 PM CDT

CVE-2023-2905: Cesanta Mongoose MQTT Message Parsing Heap Overflow

AHA! has discovered an issue with Mongoose from Cesanta, and is publishing this disclosure in accordance with AHA!’s standard disclosure policy today, on Tuesday, August 8, 2023. CVE-2023-2905 has been assigned to this issue.

Any questions about this disclosure should be directed to [email protected].

Executive Summary

Due to a failure in validating the length of a provided MQTT_CMD_PUBLISH parsed message with a variable length header, the dual-licensed Cesanta Mongoose embeddable web server version 7.10 is susceptible to a heap-based buffer overflow vulnerability in the default configuration. CVE-2023-2905 appears to be an instance of CWE-122. Version 7.9 and prior does not appear to be vulnerable.

← Newer posts Older posts →