20 matches found
CVE-2026-3257 UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library
UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow...
CVE-2025-62291
In the eap-mschapv2 plugin client-side in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow...
TencentOS Server 4: gimp (TSSA-2025:0601)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0601 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
EUVD-2019-5650
Malware in sbrugna...
UltraVNC < 1.2.2.4 Multiple Vulnerabilities
The version of UltraVNC Service installed on the remote Windows host is prior to 1.2.2.4. It is, therefore, affected by multiple vulnerabilities: - UltraVNC revision 1203 has out-of-bounds access vulnerability in VNC client inside RAW decoder, which can potentially result code execution. This...
User-defined implementations of the safe trait scratchpad::Tracking can cause heap buffer overflows
The get and set methods of the public trait scratchpad::Tracking interact with unsafe code regions in the crate, and they influence the computation of addresses returned as raw pointers. However, the trait itself is not marked as unsafe, meaning users may provide custom implementations under the...
Linux Distros Unpatched Vulnerability : CVE-2024-6505
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the virtio-net device in QEMU. When enabling the RSS feature on the virtio-net network card, the indirectionstable data within RSS becomes...
Azure Linux 3.0 Security Update: cloud-hypervisor-cvm / crash / teckit / zlib (CVE-2022-37434)
The version of cloud-hypervisor-cvm / crash / teckit / zlib installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-37434 advisory. - zlib through 1.2.12 has a heap-based buffer over-read or buffer overfl...
CVE-2020-12819
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode i...
EulerOS 2.0 SP9 : curl (EulerOS-SA-2024-2825)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field,...
PT-2024-20432 · Eclipse · Eclipse Threadx Netx Duo
Name of the Vulnerable Software and Affected Versions: Eclipse ThreadX NetX Duo versions prior to 6.4.0 Description: The issue arises when an attacker can control parameters of the portable aligned alloc function, potentially causing an integer wrap-around and an allocation smaller than expected...
xorg-x11-server: heap buffer overflow in XISendDeviceHierarchyEvent
A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remo...
PT-2024-1121
Name of the Vulnerable Software and Affected Versions X.Org Server affected versions not specified Description A flaw was found in the X.Org server, specifically in the DeviceFocusEvent and XIQueryPointer functions, which can lead to a heap overflow. This issue is caused by the server allocating...
PT-2023-6770 · Open Design Alliance · Open Design Alliance Drawings Sdk
Name of the Vulnerable Software and Affected Versions: Open Design Alliance Drawings SDK versions prior to 2023.6 Description: The issue is related to a heap-based buffer overflow in the DXF file reading procedure. This occurs due to the lack of proper validation of the length of user-supplied...
CVE-2021-30295
CVE-2021-30295 describes a heap overflow in Qualcomm Snapdragon devices (Snapdragon Auto, Compute, Connectivity, Consumer IOT, Industrial IOT, Mobile, Wearables) caused by improper validation of local task information stored locally. This is a local issue with high impact to confidentiality, inte...
Tencent WeChat Buffer Error Vulnerability
Tencent WeChat 微信 is an online social networking application from the Chinese company Tencent. The program supports sending voice messages, videos, images, and text. A buffer error vulnerability exists in Tencent WeChat that originates when a network system or product performs an operation in...
PT-2020-14272 · Google · Tensorflow
Name of the Vulnerable Software and Affected Versions: TensorFlow versions prior to 2.3.1 Description: The RaggedCountSparseOutput implementation does not validate that the input arguments form a valid ragged tensor, specifically that the values in the splits tensor generate a valid partitioning ...
PT-2020-8507 · Adns +2 · Adns +2
Name of the Vulnerable Software and Affected Versions: adns versions prior to 1.5.2 Description: An issue was discovered in adns where it fails to ignore apparent answers before the first RR that was found the first time. This can cause adns to be confused by interleaving answers for the CNAME...
Libspiro 'spiro_to_bpath0()' function buffer overflow vulnerability
Libspiro is a curve plotting library. A buffer overflow vulnerability exists in the 'spirotobpath0' function in the spiro.c file in Libspiro 20190731 and prior versions. The vulnerability stems from a networked system or product performing operations in memory without properly validating data...
CVE-2014-9834
Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file...