153 matches found
edk2: Buffer overflow in the DHCPv6 client via a long Server ID option
A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. This particular weakness enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted DHCPv6 message...
The vulnerability of the __vsyslog_internal function in the glibc library, which allows a hacker to cause a service failure
The vulnerability of the vsysloginternal function in the glibc library is related to buffer overflow in dynamic memory. Exploiting this vulnerability can allow a remote attacker to cause a service failure...
GHSA-M24X-R6Q3-2VP9 Uncaught Exception processing HTTP Headers in SurrealDB
The ID, DB and NS headers accepted by the SurrealDB HTTP REST API would fail to parse when containing some special characters. This would cause a panic which would crash the SurrealDB server, leading to denial of service. This issue only affects the SurrealDB binary; it does not affect the...
Hex Workshop Buffer Error Vulnerability
Hex Workshop is a suite of hexadecimal development tools for Microsoft Windows that combines advanced binary editing with the ease of use and flexibility of a word processor. A buffer error vulnerability exists in Hex Workshop version 6.7, which stems from the presence of a denial of service DOS...
PT-2024-12364 · Unknown · Modem Ims Stack
Name of the Vulnerable Software and Affected Versions: Modem IMS Stack affected versions not specified Description: In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User...
The vulnerability of the stb_image.h component in the C/C++ Libstb library allows a hacker to cause a service failure.
The vulnerability of the stbimage.h component in the C/C++ Libstb library relates to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failure by using a specially created HDR file...
The vulnerability of the coffgen.c component in the GNU Binutils development environment allows a hacker to gain access to confidential data, compromise its integrity, and cause service failures.
The vulnerability of the coffgen.c component in the GNU Binutils development environment is related to integer overflow. Exploiting this vulnerability allows an attacker to gain access to confidential data, compromise its integrity, and cause service failures using a specially created PE file...
OpenJDK: certificate path validation issue during client authentication (8309966)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalVM for JDK: 17.0.8, 21; Oracle GraalVM Enterprise...
The vulnerability of the library for serializing and deserializing YAML documents in SnakeYAML, related to buffer overflow in the stack, allows attackers to cause a service failure.
The vulnerability of the YAML serialization and deserialization library SnakeYAML lies in buffer overflows in the stack. Exploiting this vulnerability can allow an attacker to cause a service failure...
The vulnerability of the image.cpp component in the Exiv2 media metadata management library allows a attacker to cause a service failure.
The vulnerability of the image.cpp component in the Exiv2 metadata management library involves reading data beyond the buffer boundaries in memory. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the _TIFFmemcpy function in the libtiff library, which allows a hacker to cause a service failure
The vulnerability of the TIFFmemcpy function in the libtiff library is related to writing beyond the buffer boundaries into memory. Exploiting this vulnerability could allow a malicious actor to cause a service failure remotely...
The vulnerability of the function cxgb4_cleanup_tc_flower() in the driver drivers/net/ethernet/chelsio/cxgb4/cxgb4_tc_flower.c of the Chelsio cxgb4 driver for the Linux operating system, which allows a hacker to cause a service failure.
The vulnerability of the cxgb4cleanuptcflower function in the drivers/net/ethernet/chelsio/cxgb4/cxgb4tcflower.c file of the Chelsio cxgb4 driver for Linux operating systems is related to the reutilization of previously freed memory. Exploiting this vulnerability could allow an attacker to cause ...
The vulnerability of the MP4SdpAtom::Read() function in the atom_sdp.cpp component of the library for creating, modifying, and reading MP4 files, mp4v2, allows a malicious actor to cause a service failure.
The vulnerability of the MP4SdpAtom::Read function in the atomsdp.cpp component of the library for creating, modifying, and reading MP4 files in mp4v2 is related to a memory leak. Exploiting this vulnerability could allow an attacker to cause a service failure...
PT-2023-6652 · Juniper Networks · Junos Evolved +1
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions 21.4 through 21.4R3-S3 Juniper Networks Junos OS versions 22.1 through 22.1R3-S3 Juniper Networks Junos OS versions 22.2 through 22.2R2-S1, 22.2R3 Juniper Networks Junos OS versions 22.3 through 22.3R2 Junip...
PT-2023-12611 · Huawei · Emui +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns incomplete read and write permission verification in the GPU module. Successful exploitation may affect service confidentiality,...
CVE-2023-34162
Version update determination vulnerability in the user profile module.Successful exploitation of this vulnerability may cause repeated HMS Core updates and cause services to fail...
Huawei HarmonyOS 访问控制错误漏洞
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A security vulnerability exists in Huawei HarmonyOS, which stems from a broadcast receive unauthenticated type vulnerability in the background proxy alert...
The vulnerability of the Radare2 reverse-engineering framework lies in its memory management mechanism after objects are freed. This allows attackers to execute arbitrary code or cause service interruptions.
The vulnerability of the reverse-engineering framework Radare2 relates to the use of memory after it is freed. Exploiting this vulnerability allows a remote attacker to execute arbitrary code or cause a service failure...
The vulnerability of the HTTP-based client profiling function in Cisco IOS XE allows a hacker to trigger a service failure.
The vulnerability of the HTTP-based client profiling function in Cisco IOS XE exists due to insufficient validation of input data. Exploiting this vulnerability can allow a malicious actor to cause service failures remotely...
The vulnerability of the _hss_attval_style function in the HTML-StripScripts module, which is used to delete scripts from HTML documents, allows a hacker to trigger a service failure.
The vulnerability of the hssattvalstyle function in the HTML-StripScripts module, which is used to delete scripts from HTML documents, is related to the use of a regular expression with inefficient computational complexity. Exploiting this vulnerability could allow an attacker to cause service...