Acer Extensa Series 安全漏洞

Acer Extensa Series is a line of laptops from Acer, a Chinese company. The Acer Extensa Series suffers from a security vulnerability that stems from its HQSwSmiDxe DXE driver that allows an attacker with elevated privileges to modify the UEFI Secure Boot settings by modifying the NVRAM variable...

Security Bulletin: A vulnerability in IBM Java Runtime affects IBM ILOG CPLEX Optimization Studio (CVE-2022-3676)

Summary There is a vulnerability in IBM® Runtime Environment Java™ Version 8 used by IBM CPLEX Optimization Studio. IBM CPLEX Optimization Studio has addressed the applicable CVE. Vulnerability Details CVEID:CVE-2022-3676 DESCRIPTION: Eclipse Openj9 could allow a remote attacker to bypass securit...

Debian dla-3204 : vim - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3204 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3204-1 [email protected]...

SUSE SLES12 Security Update : openvswitch (SUSE-SU-2022:4050-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4050-1 advisory. - In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of minimasks function could...

Debian dla-3182 : vim - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3182 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3182-1 [email protected]...

Integer overflow

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a...

CVE-2022-39343

Azure RTOS FileX (FAT file system in Azure RTOS ThreadX) prior to version 6.2.0 is affected by an integer underflow/overflow in the Fault Tolerant feature, enabling a potential buffer overflow and memory modification when processing fault-tolerant logs. Specifically, a log entry with FX_FAULT_TOL...

Azure RTOS FileX 数字错误漏洞

Azure RTOS FileX is an open source FAT-compatible file system for Azure RTOS. A security vulnerability exists in Azure RTOS FileX versions prior to 6.2.0, which stems from fault-tolerance features including integer underflow and overflow, and can be exploited to implement a buffer overflow and...

CVE-2022-39343 Azure RTOS FileX vulnerable to Buffer Offerflow

Azure RTOS FileX is a FAT-compatible file system that’s fully integrated with Azure RTOS ThreadX. In versions before 6.2.0, the Fault Tolerant feature of Azure RTOS FileX includes integer under and overflows which may be exploited to achieve buffer overflow and modify memory contents. When a vali...

CVE-2022-3676

In Eclipse Openj9 before version 0.35.0, interface calls can be inlined without a runtime type check. Malicious bytecode could make use of this inlining to access or modify memory via an incompatible type...

CVE-2022-32166

A flaw was found in OpenVSwitch. Versions 0.90.0 through 2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and remote...

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

CVE-2022-32166 ovs - buffer over-read

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

CVE-2022-32166 ovs - buffer over-read

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

CVE-2022-32166

In ovs versions v0.90.0 through v2.5.0 are vulnerable to heap buffer over-read in flow.c. An unsafe comparison of “minimasks” function could lead access to an unmapped region of memory. This vulnerability is capable of crashing the software, memory modification, and possible remote execution...

CVE-2022-32166

Open vSwitch (Openvswitch) is affected by CVE-2022-32166 for versions v0.90.0 through v2.5.0, due to a heap/buffer over-read in flow.c caused by an unsafe minimasks comparison. The vulnerability can crash the software, enable memory modification, and may allow remote execution. Public documents i...

EulerOS Virtualization 2.9.1 : vim (EulerOS-SA-2022-2369)

According to the versions of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4428. CVE-2022-0696 - Use after free in utfptr2char in GitHub...

Double Free

radare2 is vulnerable to double free. The vulnerability exists in radare2 in cmdinfo.c:cmdinfo which could lead to modification of unexpected memory locations and potentially causing a crash...

CVE-2020-27794

A double free issue was discovered in radare2 in cmdinfo.c:cmdinfo. Successful exploitation could lead to modification of unexpected memory locations and potentially causing a crash...