24 matches found
CVE-2026-14355
The CVE-2026-14355 issue affects PHP 8.2.x before 8.2.32, 8.3.x before 8.3.32, 8.4.x before 8.4.23, and 8.5.x before 8.5.8. It is caused by a buffer allocation flaw in the AES-WRAP-PAD algorithm within the OpenSSL extension, where the output buffer for AES key-wrap-with-padding is sized from plai...
EUVD-2026-36151
An incorrect buffer size calculation in the epoch key generator in OpenVPN ovpn-dco-win version 2.0.0 through 2.8.3 allows a remote authenticated peer to trigger a heap-based buffer overflow and kernel memory corruption via a crafted data packet, resulting in a system crash denial of service...
The vulnerabilities of the i40e components of the Linux operating system allow attackers to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the i40e components of the Linux operating system’s kernel is related to incorrect calculation of buffer sizes. Exploiting this vulnerability can allow a remote attacker to access confidential data, compromise its integrity, and cause service failures...
The vulnerability of the snd_usb_endpoint_set_params() function in the sound/usb/endpoint.c module of Linux’s sound device support for USB audio devices allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the sndusbendpointsetparams function in the sound/usb/endpoint.c module, which is part of Linux’s sound device support for USB devices, is related to incorrect calculation of buffer size. Exploiting this vulnerability could allow an attacker to compromise the confidentiality,...
Incorrect Calculation of Buffer Size
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing software lies in its ability to copy buffers without checking the size of the input data. This allows attackers to execute arbitrary code.
The vulnerability of PDF-XChange Editor’s PDF document viewing and editing functionality lies in the copying of buffers without checking the size of the input data when processing GIF files. Exploiting this vulnerability can allow an attacker to execute arbitrary code...
The vulnerability of the HTTP POST Request Handler component of the /boafrm/formWirelessTbl file in the microprogramming software for routers A702R, A3002R, and A3002RU allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the HTTP POST Request Handler component of the /boafrm/formWirelessTbl file in the microprogramming software for routers A702R, A3002R, and A3002RU is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an...
CVE-2021-22392
There is an Incorrect Calculation of Buffer Size in Huawei Smartphone.Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses...
The vulnerability of SIMATIC PCS, SIMATIC WinCC Runtime Professional, and SIMATIC WinCC control systems lies in the copying of buffers without checking the size of the input data. This allows a malicious actor to trigger malfunctions during maintenance operations.
The vulnerability of SIMATIC PCS, SIMATIC WinCC Runtime Professional, and SIMATIC WinCC control systems lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability can allow attackers to cause malfunctions in the system’s operations...
The vulnerability of the NVIDIA Virtual GPU Manager driver, which allows a hacker to execute arbitrary code, increase their privileges, or disclose sensitive information.
The vulnerability of the NVIDIA Virtual GPU Manager driver relates to the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code, increase their privileges, or disclose sensitive information...
The vulnerability of the Kofax PowerPDF software, which is used for creating, converting, editing, and publishing PDF files, stems from the copying of buffers without checking the size of the input data. This allows an attacker to execute arbitrary code.
The vulnerability of the Kofax PowerPDF software for creating, converting, editing, and publishing PDF files lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code using a specially crafted PDF fi...
The vulnerability of the create_empty_lvol() function in the UBI driver (Unsorted block images) of the Linux operating system allows a hacker to cause a service failure.
The vulnerability of the createemptylvol function in the drivers/mtd/ubi/vtbl.c file of the UBI driver Unsorted block images in the Linux operating system is related to the lack of control over the size of the requested buffer. Exploiting this vulnerability could allow an attacker to cause a...
The vulnerability of the __vsyslog_internal function in the GNU C Library, related to incorrect calculation of buffer size, allows an attacker to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the vsysloginternal function in the GNU C Library is related to incorrect calculation of the buffer size. Exploiting this vulnerability may allow a remote attacker to compromise the confidentiality, integrity, and accessibility of the protected information...
The software for PLC programming by Delta Electronics WPLSoft has a vulnerability related to copying buffers without checking the size of the input data. This allows an intruder to execute arbitrary code.
The vulnerability of Delta Electronics WPLSoft PLC programming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code using a specially created DVP file...
CVE-2023-45040
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...
The vulnerability of HP LaserJet Pro printer’s microprogramming software lies in the copying of buffers without checking the size of the input data, allowing a hacker to execute arbitrary code.
The vulnerability of HP LaserJet Pro printer microprogramming software lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...
The vulnerability of the export-v2.php and ajax.render.php components of the iTop IT service management web tool allows a perpetrator to execute arbitrary code.
The vulnerability of the export-v2.php and ajax.render.php components of the iTop IT service management web tool is related to the copying of buffers without checking the size of the input data. Exploiting this vulnerability could allow an attacker to execute arbitrary code...
CVE-2023-32971
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...
The vulnerability of the rotateimage() function in the libtiff library, which allows a hacker to cause a service failure
The vulnerability of the rotateimage function in the libtiff library is related to incorrect calculation of the buffer size. Exploiting this vulnerability may allow a remote attacker to cause a service failure...
The vulnerability of the mwifiexcmd_802_11_ad_hoc_start() function in the Marvell Linux operating system allows a hacker to execute arbitrary code.
The vulnerability of the mwifiexcmd80211adhocstart function in the Marvell Linux operating system kernel lies in the copying of buffers without checking the size of the input data. Exploiting this vulnerability allows an attacker to execute arbitrary code using a long SSID value...