1406 matches found
The vulnerability of the functions ov511_mode_init regs and ov518_mode_init regs in the Linux kernel allows a hacker to trigger a service failure.
The vulnerability of the functions ov511modeinit regs and ov518modeinit regs drivers/media/usb/gspca/ov519.c in the Linux kernel is related to pointer arithmetic errors. Exploiting this vulnerability can allow an attacker to cause a service failure...
EulerOS Virtualization for ARM 64 3.0.2.0 : libgcrypt (EulerOS-SA-2020-1571)
According to the versions of the libgcrypt package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - DISPUTED The GNU Multiple Precision Arithmetic Library GMP interfaces for PHP through 7.1.4 allow attackers to cause...
EulerOS Virtualization for ARM 64 3.0.2.0 : zlib (EulerOS-SA-2020-1556)
According to the version of the zlib packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer...
The vulnerability of the treeRead component in the libmysofa library allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the treeRead component in the libmysofa library exists due to insufficient checking of multiplication and addition operations. Exploiting this vulnerability can allow a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information...
The vulnerability of the SeekPercent function in the VideoLAN VLC media player’s demux/asf.c file allows a hacker to cause a service failure.
The vulnerability of the SeekPercent function in the VideoLAN VLC media player’s demux/asf.c file is related to pointer arithmetic errors. Exploiting this vulnerability could allow a malicious actor to cause service failure remotely...
CVE-2017-17854
kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local users to cause a denial of service integer overflow and memory corruption or possibly have unspecified other impact by leveraging unrestricted integer values for pointer arithmetic...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
Linux: Read /etc/ntp.conf (KB)
The ntpd program is an operating system daemon which sets and maintains the system time of day in synchronism with Internet standard time servers. It is a complete implementation of the Network Time Protocol NTP version 4, but also retains compatibility with version 3, as defined by RFC-1305, and...
Design/Logic Flaw
The size of a buffer is determined by addition and multiplications operations that have the potential to overflow due to lack of bound check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networkin...
USN-4292-1 rsync vulnerabilities
It was discovered that rsync incorrectly handled pointer arithmetic in zlib. An attacker could use this issue to cause rsync to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-9840, CVE-2016-9841 It was discovered that rsync incorrectly handled vectors...
Ubuntu: Security Advisory (USN-4292-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
ksh security update
20120801-38 - Do not evaluate arithmetic expressions from environment variables at startup Resolves: 1790542...
Fedora 30 : 1:ksh (2020-a0f0eb8500)
Do not evaluate arithmetic expressions from environment variables at startup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
USN-4246-1: zlib vulnerabilities | Cloud Foundry
Severity Low Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 16.04 Description It was discovered that zlib incorrectly handled pointer arithmetic. An attacker could use this issue to cause zlib to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2016-984...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
Debian DLA-2085-1 : zlib security update
Several issues have been found in zlib, a compression library. They are basically about improper big-endian CRC calculation, improper left shift of negative integers and improper pointer arithmetic. For Debian 8 'Jessie', these problems have been fixed in version 1:1.2.8.dfsg-2+deb8u1. We recomme...